Commit Graph

2297 Commits

Author SHA1 Message Date
Monis Khan
8b4ed86071
certs_expirer: be specific about what secret to delete
This change fixes a race that can occur because we have multiple
writers with no leader election lock.

1. TestAPIServingCertificateAutoCreationAndRotation/automatic
   expires the current serving certificate
2. CertsExpirerController 1 deletes expired serving certificate
3. CertsExpirerController 2 starts deletion of expired serving
   certificate but has not done so yet
4. CertsManagerController 1 creates new serving certificate
5. TestAPIServingCertificateAutoCreationAndRotation/automatic
   records the new serving certificate
6. CertsExpirerController 2 finishes deletion, and thus deletes the
   newly created serving certificate instead of the old one
7. CertsManagerController 2 creates new serving certificate
8. TestAPIServingCertificateAutoCreationAndRotation/automatic keeps
   running and eventually times out because it is expecting the
   serving certificate created by CertsManagerController 2 to match
   the value it recorded from CertsManagerController 1 (which will
   never happen since that certificate was incorrectly deleted).

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-28 09:56:05 -04:00
Mo Khan
8b74dd824b
Merge pull request #748 from mattmoyer/fix-css-text-wrapping
Fix form_post CSS styling in Firefox and Safari.
2021-07-28 09:55:39 -04:00
Matt Moyer
727035a2dc
Fix form_post CSS styling in Firefox and Safari.
This functioned fine, but did not have the intended visual appearance when it came to how the text of the auth code wrapped inside the copy button in the manual flow.

The new styling behaves correctly on at least Chrome, Firefox, and Safari on macOS.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-28 08:09:20 -05:00
dependabot[bot]
fc82fde585
Bump github.com/tdewolff/minify/v2 from 2.9.19 to 2.9.20
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.9.19 to 2.9.20.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.9.19...v2.9.20)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-28 00:03:48 +00:00
dependabot[bot]
f352db8072
Bump github.com/creack/pty from 1.1.13 to 1.1.14
Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.13 to 1.1.14.
- [Release notes](https://github.com/creack/pty/releases)
- [Commits](https://github.com/creack/pty/compare/v1.1.13...v1.1.14)

---
updated-dependencies:
- dependency-name: github.com/creack/pty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-28 00:03:39 +00:00
Matt Moyer
22a66c1192
Merge pull request #746 from mattmoyer/fix-windows-build
Fix CLI compilation on Windows.
2021-07-27 16:15:01 -06:00
Matt Moyer
8e8af51955
Fix CLI compilation on Windows.
It turns out that `syscall.Stdin` is of type `int` on Linux and macOS, but not on Windows (it's `syscall.Handle`). This should now be portable and do all the require type casting on every platform.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-27 16:10:05 -05:00
Ryan Richard
d5759c9951
Merge pull request #739 from vmware-tanzu/merge_impersonator_service_annotations
Carefully merge desired annotations into impersonation proxy Service
2021-07-27 12:40:31 -07:00
Ryan Richard
bf99348faf
Merge branch 'main' into merge_impersonator_service_annotations 2021-07-27 12:40:02 -07:00
Mo Khan
2789af79f6
Merge pull request #742 from enj/enj/i/bump_1.21.3
Bump to Go 1.16.6 and Kube v0.21.3
2021-07-27 15:34:37 -04:00
Ryan Richard
71cae75758
Merge branch 'main' into merge_impersonator_service_annotations 2021-07-27 11:57:16 -07:00
Ryan Richard
90db3ad51b
Merge pull request #730 from vmware-tanzu/cli_username_password_env_vars
LDAP logins via CLI read from `PINNIPED_USERNAME` and `PINNIPED_PASSWORD` env vars
2021-07-27 11:56:40 -07:00
Monis Khan
32c9aa5087
Bump to Go 1.16.6 and Kube v0.21.3
Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-27 14:18:08 -04:00
Ryan Richard
f17f7c0c6a Small refactors in impersonator_config.go suggested by @mattmoyer 2021-07-26 17:46:06 -07:00
Ryan Richard
54c5bcc9a1 Merge branch 'main' into merge_impersonator_service_annotations 2021-07-26 17:25:52 -07:00
Ryan Richard
58ab57201f Suppress lint errors 2021-07-26 17:20:49 -07:00
Ryan Richard
f4829178b3 Use sentence case for headers in docs
Following some common developer style guides such as
Google
https://developers.google.com/style/capitalization#capitalization-in-titles-and-headings
and Microsoft
https://docs.microsoft.com/en-us/style-guide/scannable-content/headings#formatting-headings
2021-07-26 17:18:44 -07:00
Ryan Richard
295f013580 Merge branch 'main' into cli_username_password_env_vars 2021-07-26 17:04:46 -07:00
Ryan Richard
d8e1521457
Merge pull request #741 from vmware-tanzu/dockerignore
dockerignore gets same contents as gitignore
2021-07-26 12:47:26 -07:00
Ryan Richard
e150111b27 dockerignore gets same contents as gitignore 2021-07-26 11:28:25 -07:00
Ryan Richard
9e27c28b39 Fix TestImpersonationProxy integration test changes from previous commit
Forgot to account for our new booking annotation on the impersonator's
Service.
2021-07-23 14:23:24 -07:00
Ryan Richard
ac4bc02817 Enhance integration test for CredentialIssuer spec annotations 2021-07-23 09:46:40 -07:00
Ryan Richard
708164b878 Carefully merge desired annotations into impersonation proxy Service
Don't overwrite annotations that might have come from a human user or
from some other non-Pinniped controller.
2021-07-22 17:09:50 -07:00
Ryan Richard
e30cf6e51a
Merge branch 'main' into cli_username_password_env_vars 2021-07-22 09:29:03 -07:00
Matt Moyer
ee30b78117
Update ROADMAP.md
Bump "Wider Concierge cluster support" to August.
2021-07-22 10:30:45 -05:00
Ryan Richard
64aba7e703 Add new howto guide login.md 2021-07-21 12:10:47 -07:00
Matt Moyer
c6c3a80a86
Merge pull request #733 from mattmoyer/switch-tools-images
Switch to GHCR tools images for local tests, with `imagePullPolicy: IfNotPresent`.
2021-07-21 11:47:37 -06:00
Margo Crawford
a7af63ca3a
Merge pull request #729 from rdimitrov/dimitrovr/add-dex-docs
Add documentation for configuring Supervisor with Dex and Github
2021-07-21 08:48:49 -07:00
Matt Moyer
ae72d30cec
Switch to GHCR tools images for local tests, with imagePullPolicy: IfNotPresent.
This is more consistent with our CI environment.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-07-21 09:21:05 -05:00
Nanci Lancaster
fec59eb1bf
Merge pull request #731 from microwavables/main
Removed Andrew Keesler, Pablo Schumaker from site, moved them to emeritus status on maintainers file,
2021-07-20 15:37:04 -07:00
Radoslav Dimitrov
f6273b0604 Update the Prerequisites section and add a note about the groups scope
Add Dex to the prerequisites and add a note that to query for the groups
scope the user must set the organizations Dex should search against.
Otherwise the groups claim would be empty. This is because of the format
group claims are represented, i.e. "org:team".

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
2021-07-20 13:49:45 +03:00
Ryan Richard
deb699a84a e2e test: PINNIPED_USERNAME/PINNIPED_PASSWORD env vars during LDAP login 2021-07-19 17:08:52 -07:00
Ryan Richard
cac45fd999 LDAP logins read from PINNIPED_USERNAME and PINNIPED_PASSWORD env vars
For CLI-based auth, such as with LDAP upstream identity providers, the
user may use these environment variables to avoid getting interactively
prompted for username and password.
2021-07-19 16:20:59 -07:00
Radoslav Dimitrov
0bdd1bc68f Add documentation for configuring Supervisor with Dex and Github
The following guide describes the process of configuring Supervisor
with Dex and identify users through their Github account. Issue #415

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
2021-07-19 16:00:43 +03:00
Mo Khan
4605846499
Merge pull request #724 from vmware-tanzu/fix_git_sha_in_version_info
Copy .git dir during Docker build; used to bake git sha into binary
2021-07-16 14:34:33 -04:00
Ryan Richard
4670890a82 Add .git dir to Docker; used to bake git sha into binary 2021-07-16 09:51:46 -07:00
Margo Crawford
d204b46c18
Merge pull request #721 from vmware-tanzu/resolve-load-balancer-dns
wait for lb dns to resolve in the impersonation proxy integration test
2021-07-15 17:02:08 -07:00
Ryan Richard
b3208f0ca6 wait for lb dns to resolve in the impersonation proxy integration test
this will hopefully fix some flakes where aws provisioned a host for the
load balancer but the tests weren't able to resolve it.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-07-15 16:39:15 -07:00
Ryan Richard
be7bf9c193
Merge pull request #718 from vmware-tanzu/workaround_for_flaky_unit_test
TestAgentController unit test is flaky, try to add workaround
2021-07-15 14:17:11 -07:00
Ryan Richard
2bba39d723 TestAgentController unit test is flaky, try to add workaround
TestAgentController really runs the controller and evaluates multiple
calls to the controller's Sync with real informers caching updates.
There is a large amount of non-determinism in this unit test, and it
does not always behave the same way. Because it makes assertions about
the specific errors that should be returned by Sync, it was not
accounting for some errors that are only returned by Sync once in a
while depending on the exact (unpredictable) order of operations.

This commit doesn't fix the non-determinism in the test, but rather
tries to work around it by also allowing other (undesired but
inevitable) error messages to appear in the list of actual error
messages returned by the calls to the Sync function.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-07-15 13:41:31 -07:00
anjalitelang
dc567d0d1f
Update ROADMAP.md
Added https://github.com/vmware-tanzu/pinniped/issues/577 to Roadmap
2021-07-15 12:29:51 -04:00
Ryan Richard
143837c136
Merge pull request #714 from vmware-tanzu/ytt_install_doc_fix
ytt install docs suggest that you checkout the release tag
2021-07-14 12:52:23 -07:00
Ryan Richard
11eb18d348 ytt install docs suggest that you checkout the release tag
Previously, the ytt install docs suggested that you use ytt templates
from the HEAD of main with the container image from the latest public
release, which could result in a mismatch.
2021-07-14 10:59:51 -07:00
Ryan Richard
d5cf5b91d6
Merge pull request #711 from vmware-tanzu/e2e_test_clear_cookies
Clear the browser cookies between each TestE2EFullIntegration subtest
2021-07-13 16:43:57 -07:00
Ryan Richard
48b58e2fad Clear the browser cookies between each TestE2EFullIntegration test
It seems like page.ClearCookies() only clears cookies for the current
domain, so there doesn't seem to be a function to clear all browser
cookies. Instead, we'll just start a whole new browser each test.
They start fast enough that it shouldn't be a problem.
2021-07-13 16:20:02 -07:00
Ryan Richard
7ef3d42e01
Merge pull request #704 from mattmoyer/deflake-serving-certificate-rotation-test
Make TestAPIServingCertificateAutoCreationAndRotation less flaky.
2021-07-13 14:58:54 -07:00
Ryan Richard
33461ddc14
Merge branch 'main' into deflake-serving-certificate-rotation-test 2021-07-13 14:04:34 -07:00
Mo Khan
238c9e6743
Merge pull request #709 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.19
Bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19
2021-07-12 14:48:16 -04:00
dependabot[bot]
25cda4f3e6
Bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.9.18 to 2.9.19.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.9.18...v2.9.19)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-12 01:20:59 +00:00
Matt Moyer
c71703e4db
Merge pull request #707 from mattmoyer/fix-okta-cli-integration-test
Fix TestCLILoginOIDC when running against Okta, and lower CLI server shutdown timeout.
2021-07-09 14:30:19 -07:00