djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,067 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

156 Commits

Author SHA1 Message Date
Andrew Keesler cae0023234
Merge remote-tracking branch 'upstream/main' into secret-generation 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-14 11:44:01 -05:00
Andrew Keesler 2f28d2a96b
Synchronize the OIDCProvider secrets cache 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-14 11:32:33 -05:00
Andrew Keesler b043dae149
Finish first implementation of generic secret generator controller 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-14 10:36:45 -05:00
Ryan Richard 7cda6628a6
Merge branch 'main' into fosite-settings 2020-12-11 18:19:37 -08:00
Ryan Richard 020fbcf190 Adjust some expectations about the state and nonce lengths 2020-12-11 17:39:58 -08:00
Margo Crawford 2a19dd0d2e Pass prompt through to upstream login request 
Signed-off-by: Ryan Richard <rrichard@vmware.com>
 2020-12-11 17:13:27 -08:00
Margo Crawford ded28dff15 Update the fosite settings 
- AudienceMatchingStrategy: we want to use the default matcher from
  fosite, so remove that line
- AllowedPromptValues: We can use the default if we add a small
  change to the auth_handler.go to account for it (in a future commit)
- MinParameterEntropy: Use the fosite default to make it more likely
  that off the shelf OIDC clients can work with the supervisor

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-11 16:15:50 -08:00
Andrew Keesler e2aad48852
internal/oidc/dynamiccodec: loosen test to reduce flakes 
When we try to decode with the wrong decryption key, we could get any number of
error messages, depending on what failure mode we are in (couldn't authenticate
plaintext after decryption, couldn't deserialize, etc.). This change makes the
test weaker, but at least we know we will get an error message in the case where
the decryption key is wrong.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-11 11:49:27 -05:00
Andrew Keesler e17bc31b29
Pass CSRF cookie signing key from controller to cache 
This also sets the CSRF cookie Secret's OwnerReference to the Pod's grandparent
Deployment so that when the Deployment is cleaned up, then the Secret is as
well.

Obviously this controller implementation has a lot of issues, but it will at
least get us started.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-11 11:49:27 -05:00
Andrew Keesler 0246e57d7f
Set lifespans on state and CSRF cooking encoding 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-11 11:49:22 -05:00
Andrew Keesler 9460b08873
Use just-in-time HMAC signing key fetching in our Fosite config 
This pattern is similar to what we did in
58237d0e7d.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-11 11:16:46 -05:00
aram price a3285fc187 Fix variable / package name collision 2020-12-10 17:32:55 -08:00
aram price e1173eb5eb manager.Manager is initialized with secret.Cache 
- hard-coded secret.Cache is passed in from pinniped-supervisor/main
 2020-12-10 17:32:55 -08:00
aram price 72bc458c8e Manager uses secret.Cach with hardcoded values 2020-12-10 17:32:55 -08:00
aram price 2f87be3f94 Manager uses dynamiccodec.Codec for cookie encoding 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-10 17:32:55 -08:00
Andrew Keesler 1291380611 dynamiccodec.Codec uses securecookie.JSONEncoder 
Signed-off-by: aram price <pricear@vmware.com>
 2020-12-10 17:32:55 -08:00
Andrew Keesler d8212d1337 Whitespace 
Signed-off-by: aram price <pricear@vmware.com>
 2020-12-10 17:32:55 -08:00
aram price 030edaf72d KeyFunc no longer uses multi-value return 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-10 17:32:55 -08:00
Andrew Keesler 3e112fb1ac internal/oidc/dynamiccodec: first draft 
Note that we don't cache the securecookie.SecureCookie that we use in our
implementation. This was purely because of laziness. We should think about
caching this value in the future.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-10 17:32:55 -08:00
Ryan Richard afd216308b KubeStorage annotates every Secret with garbage-collect-after timestamp 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-10 14:47:58 -08:00
Margo Crawford b0c354637d WIP passing lifetime through to storage, unit tests are failing 
Signed-off-by: Ryan Richard <rrichard@vmware.com>
 2020-12-10 12:15:40 -08:00
Margo Crawford 6f40dcb471 Increase the RefreshTokenSessionStorageLifetime 
- Make it more likely that the end user will get the more specific error
  message saying that their refresh token has expired the first time
  that they try to use an expired refresh token

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-10 10:44:27 -08:00
Ryan Richard a561fd21d9 Consolidate the supervisor's timeout settings into a single struct 
- This struct represents the configuration of all timeouts. These
  timeouts are all interrelated to declare them all in one place.
  This should also make it easier to allow the user to override
  our defaults if we would like to implement such a feature in the
  future.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-10 10:14:54 -08:00
aram price 86c75b7a80 CSRF cookie is no longer encrypted 2020-12-09 17:34:02 -08:00
aram price f1f8ffa456 Distinct `Encoder`'s use distinct keys 2020-12-09 17:34:02 -08:00
aram price 4a5f8e30a8 Use distinct `Encoder` for state and csrf data 2020-12-09 17:34:02 -08:00
aram price e111ca02da Use the narrowest possible interface 2020-12-09 17:34:02 -08:00
aram price 6ec3589112 Use recorder `Cookies()` helper 
- replaces hand-parsing of cookie strings
 2020-12-09 17:34:02 -08:00
Ryan Richard 5b7c510577 Fixed error handling for token exchange when openid scope missing 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 15:15:50 -08:00
Ryan Richard 0abadddb1a token_handler_test.go: modify a test about refresh request scopes param 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 15:03:52 -08:00
Margo Crawford 5f6e7de785 Merge branch 'token-refresh' into token-exchange-endpoint 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-09 14:56:41 -08:00
Ryan Richard 64631d5780 token_handler_test.go: add even more test cases for refresh grant 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 14:53:39 -08:00
Ryan Richard 0386658d26 token_handler_test.go: add more test cases for refresh grant 2020-12-09 14:12:00 -08:00
Matt Moyer 3e6ebab389
Clean up TestTokenExchange a bit. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 14:49:44 -06:00
Matt Moyer f90b5d48de
Merge branch 'token-refresh' of github.com:vmware-tanzu/pinniped into token-exchange-endpoint 2020-12-09 14:46:57 -06:00
Matt Moyer 016b0e9a8e
Satisfy the pedantic linter config 🙃. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 14:41:27 -06:00
Ryan Richard 51c828382f Supervisor token endpoint supports refresh grant type 
- This commit does not include the sad path tests for the refresh
  grant type, which will come in a future commit.
 2020-12-09 12:12:59 -08:00
Matt Moyer 02d96d731f
Finish TestTokenExchange unit tests and add missing scope check. 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-09 13:56:53 -06:00
Matt Moyer b04db6ad2b
Fix some false positive gosec warnings. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 10:42:37 -06:00
Matt Moyer 1db2ae3a45
Add more parameter validations and refactor internal/oidc/token_exchange.go. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 10:04:58 -06:00
Matt Moyer 644cb687b9
Grant the Pinniped STS scope in authorize/callback handlers. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 09:36:45 -06:00
Matt Moyer 5f1bd5ec31
Update TestNullStorage_GetClient with adjusted pinniped-cli scopes. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-09 09:12:32 -06:00
Ryan Richard 6420caca94 Bring back the test that was skipped by the previous commit 
- This test is still a work in progress. Some TODO comments
  have been added to give hints for next steps.
 2020-12-08 18:25:01 -08:00
Ryan Richard f84dda937b Merge branch 'token-refresh' into token-exchange-endpoint 2020-12-08 18:12:12 -08:00
Ryan Richard ef4ef583dc token_handler_test.go: Refactor how we specify the expected results 
- This is to make it easier for the token exchange branch to also edit
  this test without causing a lot of merge conflicts with the
  refresh token branch, to enable parallel development of closely
  related stories.
 2020-12-08 18:10:55 -08:00
Margo Crawford f103c02408 Add check for grant type in tokenexchangehandler, 
- also started writing a test for the tokenexchangehandler, skipping for
now

Signed-off-by: Ryan Richard <rrichard@vmware.com>
 2020-12-08 17:33:08 -08:00
Margo Crawford ef3f837800 Merge remote-tracking branch 'origin/token-refresh' into token-exchange-endpoint 2020-12-08 16:58:35 -08:00
Ryan Richard 170982a688 refactor token_handler_test.go: easier to make more requests after initial authcode exchange 
- This refactor will allow us to add new test tables for the
  refresh and token exchange requests, which both must come after
  an initial successful authcode exchange has already happened

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-08 16:54:58 -08:00
Margo Crawford a852baac75 Merge remote-tracking branch 'origin/token-refresh' into token-exchange-endpoint 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-08 12:55:44 -08:00
Ryan Richard 18d90a727e token_handler_test.go: refresh token gets deleted when authcode reused 2020-12-08 12:12:55 -08:00