djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,497 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

1497 Commits

Author SHA1 Message Date
Andrew Keesler aa705afc72
hack/tilt-up.sh: let folks specify tilt flags 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-14 09:22:21 -04:00
Andrew Keesler 3d5937a8e8
deploy/supervisor: type: eaxmple -> example 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-14 09:22:15 -04:00
Matt Moyer 33fcc74417
Add Dex to our integration test environment and use it to test the CLI. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-13 16:50:38 -05:00
Matt Moyer 50d80489be
Add initial CLI integration test for OIDC login. 
This is our first test using a real browser to interact with an upstream provider.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-13 10:41:53 -05:00
Matt Moyer 8a16a92c01
Rename some existing CLI test code. 
It will no longer be the only CLI test, so the names should be a bit more specific.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-13 10:25:39 -05:00
Matt Moyer d1e86e2616
Rename "TestClusterCapability" to more generic "Capability." 
This will be used for other types of "capabilities" of the test environment besides just those of the test cluster, such as those of an upstream OIDC provider.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-13 09:13:40 -05:00
Matt Moyer 67b692b11f
Implement the rest of an OIDC client CLI library. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-12 16:41:46 -05:00
Matt Moyer ce49d8bd7b
Remove the --use-pkce flag and just always use it. 
Based on the spec, it seems like it's required that OAuth2 servers which do not support PKCE should just ignore the parameters, so this should always work.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-12 16:41:46 -05:00
Matt Moyer a13d7ec5a1
Remove temporary --debug-auth-code-exchange flag for OIDC client CLI. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-12 16:41:46 -05:00
Ryan Richard 478b0a0fd8 Add supervisor yaml and rename concierge yaml in release process 
Add install-pinniped-supervisor.yaml and rename install-pinniped.yaml
to install-pinniped-concierge.yaml in the release process and
installation/demo documentation.
 2020-10-12 09:43:52 -07:00
Ryan Richard ff545db869
Merge pull request #148 from vmware-tanzu/supervisor-with-discovery 
Beginning of a Pinniped Supervisor Server, starting with an OIDC Discovery Endpoint
 2020-10-09 18:58:15 -07:00
Ryan Richard 6b135b93cf Binding both kind workers to the same localhost port fails, so just bind one 2020-10-09 18:42:15 -07:00
Ryan Richard d81d395c80 Get ready to deploy Supervisor in CI and run its integration tests 
- Also use ./test/integration instead of ./test/... everywhere because
  it will stream the output of the tests while they run
 2020-10-09 18:07:13 -07:00
Ryan Richard 171f3ed906 Add some docs for how to configure the Supervisor app after installing 2020-10-09 16:28:34 -07:00
Ryan Richard 354b922e48 Allow creation of different Service types in Supervisor ytt templates 
- Tiltfile and prepare-for-integration-tests.sh both specify the
  NodePort Service using `--data-value-yaml 'service_nodeport_port=31234'`
- Also rename the namespaces used by the Concierge and Supervisor apps
  during integration tests running locally
 2020-10-09 16:00:11 -07:00
Ryan Richard 34549b779b Make tilt work with the supervisor app and add more uninstall testing 
- Also continue renaming things related to the concierge app
- Enhance the uninstall test to also test uninstalling the supervisor
  and local-user-authenticator apps
 2020-10-09 14:25:34 -07:00
Ryan Richard 72b2d02777 Rename integration test env variables 
- Variables specific to concierge add it to their name
- All variables now start with `PINNIPED_TEST_` which makes it clear
  that they are for tests and also helps them not conflict with the
  env vars that are used in the Pinniped CLI code
 2020-10-09 10:11:47 -07:00
Ryan Richard b71959961d Merge branch 'main' into supervisor-with-discovery 2020-10-09 10:00:50 -07:00
Ryan Richard f5a6a0bb1e Move all three deployment dirs under a new top-level `deploy/` dir 2020-10-09 10:00:22 -07:00
Andrew Keesler c555c14ccb
supervisor-oidc: add OIDCProviderConfig.Status.LastUpdateTime 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-09 11:54:50 -04:00
Andrew Keesler bb015adf4e
Backfill tests to OIDCProviderConfig controller 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-09 10:39:17 -04:00
Andrew Keesler fac4d074d0
internal/multierror: add tests 
Signed-off-by: Andrew Keesler <ankeesler1@gmail.com>
 2020-10-09 08:00:41 -04:00
Ryan Richard b74486f305 Start back-filling unit tests for OIDCProviderConfigWatcherController 
- Left some TODOs for more things that it should test
 2020-10-08 17:40:58 -07:00
Ryan Richard a4389562e3 Fix mistake in deployment.yaml where service selector was hardcoded 2020-10-08 16:20:21 -07:00
Andrew Keesler 05141592f8 Refactor provider.Manager 
- And also handle when an issuer's path is a subpath of another issuer

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-10-08 14:40:56 -07:00
Ryan Richard 8b7d96f42c Several small refactors related to OIDC providers 2020-10-08 11:28:21 -07:00
Andrew Keesler da00fc708f
supervisor-oidc: checkpoint: add status to provider CRD 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-10-08 13:27:45 -04:00
Ryan Richard 6b653fc663 Creation and deletion of OIDC Provider discovery endpoints from config 
- The OIDCProviderConfigWatcherController synchronizes the
  OIDCProviderConfig settings to dynamically mount and unmount the
  OIDC discovery endpoints for each provider
- Integration test passes but unit tests need to be added still
 2020-10-07 19:18:34 -07:00
Andrew Keesler 154de991e4 Make concierge_api_discovery_test.go less sensitive to order in a list 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-10-07 11:42:30 -07:00
Andrew Keesler f48a4e445e
Fix linting and unit tests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 11:48:21 -04:00
Andrew Keesler 20ce142f90
Merge remote-tracking branch 'upstream/main' into supervisor-with-discovery 2020-10-07 11:37:33 -04:00
Andrew Keesler c49ebf4b57
supervisor-oidc: int test passes, but impl needs refactor 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 11:33:50 -04:00
Andrew Keesler 019f44982c
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 10:54:56 -04:00
Andrew Keesler 8a772793b8
supervisor-oidc: fix PINNIPED_SUPERVISOR test env vars? 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 10:51:39 -04:00
Andrew Keesler ead1ade24b
supervisor-oidc: forgot OIDCProviderConfig type registration in 14f1d86 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 10:50:55 -04:00
Ryan Richard ae56fcb46a Add integration test for the OIDC discovery endpoint 
- Intended to be a red test in this commit; will make it go
  green in a future commit
- Enhance env.go and prepare-for-integration-tests.sh to make it
  possible to write integration tests for the supervisor app
  by setting more env vars and by exposing the service to the kind
  host on a localhost port
- Add `--clean` option to prepare-for-integration-tests.sh
  to make it easier to start fresh
- Make prepare-for-integration-tests.sh advise you to run
  `go test -v -count 1 ./test/integration` because this does
  not buffer the test output
- Make concierge_api_discovery_test.go pass by adding expectations
  for the new OIDCProviderConfig type
 2020-10-06 17:53:29 -07:00
Ryan Richard a7c334a0f3
Update the file used as the demo screencast 
New version of the file was created by @danjahner
 2020-10-06 17:11:08 -07:00
Ryan Richard 044b5c4d46
Merge pull request #151 from vmware-tanzu/demo-screencast 
Add demo screencast and do some cleanup in demo.md
 2020-10-06 17:07:27 -07:00
Ryan Richard 6f8f99e49b
Add demo screencast and do some cleanup in demo.md 
- Note that this avoids committing the demo screencast
  file to our git history because it is 5.76 MB. We won't
  want to need to download that content on 
  every `git clone`.
- Instead the file is hosted by GitHub's CDN
 2020-10-06 16:35:58 -07:00
Ryan Richard 78cc49d658 Revert "supervisor-oidc: create dynamic config in YTT templates" 
This reverts commit 006d96ab92.
 2020-10-06 13:35:05 -07:00
Matt Moyer 8012d6a1c2
Merge pull request #147 from mattmoyer/oidc-cli 
Implement initial steps of OIDC CLI client.
 2020-10-06 15:20:30 -05:00
Matt Moyer 885005a3c1
Merge pull request #145 from mattmoyer/adjust-pr-template 
Iterate on pull request template.
 2020-10-06 15:20:01 -05:00
Matt Moyer 79c07f3e21
Merge pull request #146 from mattmoyer/tilt 
Add Tilt-based local dev workflow.
 2020-10-06 15:19:29 -05:00
Ryan Richard 14f1d86833
supervisor-oidc: add OIDCProviderConfig CRD 
This will hopefully come in handy later if we ever decide to add
support for multiple OIDC providers as a part of one supervisor.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-06 15:20:29 -04:00
Ryan Richard 5b3dd5fc7d
Rename pinniped-server -> pinniped-concierge 
Do we like this? We don't know yet.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-06 14:59:03 -04:00
Matt Moyer 38501ff763
Add initial "pinniped alpha login oidc" partial implementation. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-06 12:42:29 -05:00
Andrew Keesler 006d96ab92
supervisor-oidc: create dynamic config in YTT templates 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-06 11:16:57 -04:00
Andrew Keesler fd6a7f5892
supervisor-oidc: hoist OIDC discovery handler for testing 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-06 11:16:57 -04:00
Ryan Richard 76bd462cf8 Implement very rough skeleton of the start of a supervisor server 
- This is just stab at a starting place because it felt easier to
  put something down on paper than to keep staring at a blank page
 2020-10-05 17:28:19 -07:00
Matt Moyer b0a4ae13c5
Add Tilt-based local dev workflow. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-10-05 16:34:33 -05:00