djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,867 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

2867 Commits

Author SHA1 Message Date
Ryan Richard 69e5169fc5 Implement post_login_handler.go to accept form post and auth to LDAP/AD 
Also extract some helpers from auth_handler.go so they can be shared
with the new handler.
 2022-04-29 16:02:00 -07:00
Margo Crawford 646c6ec9ed Show error message on login page 
Also add autocomplete attribute and title element

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-29 10:36:13 -07:00
Margo Crawford 453c69af7d Fix some errors and pass state as form element 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-28 12:07:04 -07:00
Margo Crawford 07b2306254 Add basic outline of login get handler 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-28 11:51:36 -07:00
Margo Crawford 77f016fb64 Allow browser_authcode flow for pinniped login command 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-27 08:53:53 -07:00
Margo Crawford ae60d4356b Some refactoring of shared code between OIDC and LDAP browser flows 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-27 08:51:37 -07:00
Margo Crawford 379a803509 when password header but not username is sent to password grant, error 
also add more unit tests

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-26 16:46:58 -07:00
Ryan Richard 65eed7e742 Implement login_handler.go to defer to other handlers 
The other handlers for GET and POST requests are not yet implemented in
this commit. The shared handler code in login_handler.go takes care of
things checking the method, checking the CSRF cookie, decoding the state
param, and adding security headers on behalf of both the GET and POST
handlers.

Some code has been extracted from callback_handler.go to be shared.
 2022-04-26 15:37:30 -07:00
Margo Crawford eb1d3812ec Update authorization endpoint to redirect to new login page 
Also fix some test failures on the callback handler, register the
new login handler in manager.go and add a (half baked) integration test

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-26 12:51:56 -07:00
Margo Crawford 8832362b94 WIP: Add login handler for LDAP/AD web login 
Also change state param to include IDP type
 2022-04-25 16:41:55 -07:00
Margo Crawford 694e4d6df6 Advertise browser_authcode flow in ldap idp discovery 
To keep this backwards compatible, this PR changes how
the cli deals with ambiguous flows. Previously, if there
was more than one flow advertised, the cli would require users
to set the flag --upstream-identity-provider-flow. Now it
chooses the first one in the list.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-25 14:54:21 -07:00
Ryan Richard 24b0ddf600
Merge pull request #1140 from vmware-tanzu/bump_kube_deps_v0.23.6 
bump kube deps from v0.23.5 to v0.23.6
 2022-04-21 10:18:43 -07:00
Ryan Richard cab9ac8368 bump kube deps from v0.23.5 to v0.23.6 2022-04-21 09:17:24 -07:00
Ryan Richard 793b8b9260
Merge pull request #1121 from anjaltelang/main 
v0.16.0 Blog
 2022-04-20 11:54:20 -07:00
Pinny 4071b48f01 Updated versions in docs for v0.16.0 release 2022-04-20 18:52:59 +00:00
Ryan Richard 46e61bdea9
Update 2022-04-15-fips-and-more.md 
Update release date
 2022-04-20 10:56:21 -07:00
Ryan Richard 52341f4e49
Merge pull request #1083 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.60.1 
Bump k8s.io/klog/v2 from 2.40.1 to 2.60.1
 2022-04-19 15:22:08 -07:00
dependabot[bot] cd982655a2
Bump k8s.io/klog/v2 from 2.40.1 to 2.60.1 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.40.1 to 2.60.1.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.40.1...v2.60.1)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-19 20:33:38 +00:00
Margo Crawford 311bb05993
Merge pull request #1130 from vmware-tanzu/kube-versions-april-22 
Update kube versions to latest patch
 2022-04-19 13:30:40 -07:00
Ryan Richard 0ec5e57114
Merge pull request #1131 from vmware-tanzu/bump_some_deps 
Bump some deps
 2022-04-19 13:29:28 -07:00
Margo Crawford 63779ddac2
Merge pull request #1129 from vmware-tanzu/jwt-authenticator-client-field 
JWTAuthenticator distributed claims resolution honors tls config
 2022-04-19 13:28:43 -07:00
Ryan Richard 4de8004094 Empty commit to trigger CI 2022-04-19 12:12:45 -07:00
Margo Crawford 0b72f7084c JWTAuthenticator distributed claims resolution honors tls config 
Kube 1.23 introduced a new field on the OIDC Authenticator which
allows us to pass in a client with our own TLS config. See
https://github.com/kubernetes/kubernetes/pull/106141.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-19 11:36:46 -07:00
Ryan Richard 132d2aac72 add a code comment 2022-04-19 11:35:46 -07:00
Ryan Richard 2d4f4e4efd Merge branch 'main' into bump_some_deps 2022-04-19 11:32:53 -07:00
Margo Crawford c40bca5e65
Merge pull request #1127 from hectorj2f/add_code_challenge_method_support 
oidc: add code challenge supported methods to the discovery doc
 2022-04-19 11:23:57 -07:00
Margo Crawford 019750a292 Update kube versions to latest patch 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-19 11:19:24 -07:00
Anjali Telang 9e5d4ae51c Blog for v0.16.0 
Signed-off-by: Anjali Telang <atelang@vmware.com>
 2022-04-19 14:16:45 -04:00
Ryan Richard 5b9831d319 bump the kube direct deps 2022-04-19 11:13:52 -07:00
Ryan Richard fb8083d024 bump some direct deps 2022-04-19 11:09:24 -07:00
hectorj2f a3f7afaec4 oidc: add code challenge supported methods 
Signed-off-by: hectorj2f <hectorf@vmware.com>
 2022-04-19 01:21:39 +02:00
Margo Crawford f5cf3276d5
Merge pull request #1123 from vmware-tanzu/macos-untrusted-certificate-errors 2022-04-14 20:15:31 -07:00
Margo Crawford d5337c9c19 Error format of untrusted certificate errors should depend on OS 
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-14 17:37:36 -07:00
Mo Khan c624846eaa
Merge pull request #1122 from vmware-tanzu/impersonator-only-http2 
the http2RoundTripper should only use http2
 2022-04-14 16:55:50 -04:00
Margo Crawford 03f19da21c the http2RoundTripper should only use http2 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-14 10:51:25 -07:00
Mo Khan 8fe635e7ce
Merge pull request #1096 from vmware-tanzu/dependabot/docker/distroless/static-2556293 
Bump distroless/static from `80c956f` to `2556293`
 2022-04-14 12:53:59 -04:00
dependabot[bot] 2fa81546f3
Bump distroless/static from `80c956f` to `2556293` 
Bumps distroless/static from `80c956f` to `2556293`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 14:51:17 +00:00
Mo Khan 43485563ff
Merge pull request #1120 from vmware-tanzu/dependabot/docker/hack/google.com/api-project-999119582588/go-boringcrypto/golang-1.18.1b7 
Bump google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7 in /hack
 2022-04-14 10:26:04 -04:00
dependabot[bot] 5621c1161a
Bump google.com/api-project-999119582588/go-boringcrypto/golang in /hack 
Bumps google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7.

---
updated-dependencies:
- dependency-name: google.com/api-project-999119582588/go-boringcrypto/golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 13:26:21 +00:00
Mo Khan 79fd8e2901
Merge pull request #1119 from enj/enj/i/fips_log_errs 
Only emit FIPS startup log when running a server component
 2022-04-14 09:19:40 -04:00
Monis Khan e0886c6948
Only emit FIPS startup log when running a server component 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-13 18:31:02 -04:00
Mo Khan f5cc2f20f7
Merge pull request #1118 from enj/enj/i/go1.18_linter_fix 
Bump to go1.18.1 and fix linter errors
 2022-04-13 18:15:20 -04:00
Monis Khan 8fd77b72df
Bump to go1.18.1 and fix linter errors 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-13 16:43:06 -04:00
Mo Khan 8ecf18521c
Merge pull request #1112 from vmware-tanzu/fips-website-docs 
document how to use the fips dockerfile on our website
 2022-04-13 16:41:25 -04:00
Margo Crawford 96c705bf94 document how to use the fips dockerfile on our website 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-13 12:45:58 -07:00
Mo Khan d0d20e00e4
Merge pull request #1117 from vmware-tanzu/prefix_tokens 
Add custom prefix to downstream access and refresh tokens and authcodes
 2022-04-13 15:34:42 -04:00
Ryan Richard 53348b8464 Add custom prefix to downstream access and refresh tokens and authcodes 2022-04-13 10:13:27 -07:00
Ryan Richard 13daf59217
Merge pull request #1108 from vicmarbev/main 
Use vmware-tanzu/carvel instead of the deprecated k14s/tap to install deps with brew
 2022-04-13 08:43:39 -07:00
Ryan Richard 9ebf3a5b92
Merge branch 'main' into main 2022-04-13 08:41:04 -07:00
Mo Khan 6af1aaeb20
Merge pull request #1114 from enj/enj/i/fips_init_log 
Use klog to make sure FIPS init log is emitted
 2022-04-12 16:23:38 -04:00