djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,607 Commits 30 Branches 34 Tags 22 MiB
78bdb1928a
Commit Graph

2607 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Monis Khan
9599ffcfb9
Update all deps to latest where possible, bump Kube deps to v0.23.1 
Highlights from this dep bump:

1. Made a copy of the v0.4.0 github.com/go-logr/stdr implementation
   for use in tests.  We must bump this dep as Kube code uses a
   newer version now.  We would have to rewrite hundreds of test log
   assertions without this copy.
2. Use github.com/felixge/httpsnoop to undo the changes made by
   ory/fosite#636 for CLI based login flows.  This is required for
   backwards compatibility with older versions of our CLI.  A
   separate change after this will update the CLI to be more
   flexible (it is purposefully not part of this change to confirm
   that we did not break anything).  For all browser login flows, we
   now redirect using http.StatusSeeOther instead of http.StatusFound.
3. Drop plog.RemoveKlogGlobalFlags as klog no longer mutates global
   process flags
4. Only bump github.com/ory/x to v0.0.297 instead of the latest
   v0.0.321 because v0.0.298+ pulls in a newer version of
   go.opentelemetry.io/otel/semconv which breaks k8s.io/apiserver.
   We should update k8s.io/apiserver to use the newer code.
5. Migrate all code from k8s.io/apimachinery/pkg/util/clock to
   k8s.io/utils/clock and k8s.io/utils/clock/testing
6. Delete testutil.NewDeleteOptionsRecorder and migrate to the new
   kubetesting.NewDeleteActionWithOptions
7. Updated ExpectedAuthorizeCodeSessionJSONFromFuzzing caused by
   fosite's new rotated_secrets OAuth client field.  This new field
   is currently not relevant to us as we have no private clients.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-12-16 21:15:27 -05:00
Mo Khan
69d5951296
Merge pull request #919 from microwavables/updating-community-details 
Updated community and resources pages
 2021-12-16 17:14:21 -05:00
Mo Khan
b148359337
Merge pull request #918 from vmware-tanzu/replace_reflections 
Replace reflections in go.mod
 2021-12-16 17:10:28 -05:00
Nanci Lancaster
e31a410096 Updated community and resources pages 2021-12-16 16:02:47 -06:00
Ryan Richard
6bf67f44ef replace reflections in go.mod 2021-12-16 11:15:24 -08:00
Mo Khan
fdc91ec56c
Merge pull request #909 from vmware-tanzu/dependabot/docker/golang-1.17.5 
Bump golang from 1.17.4 to 1.17.5
 2021-12-10 12:41:02 -05:00
dependabot[bot]
884d18bade
Bump golang from 1.17.4 to 1.17.5 
Bumps golang from 1.17.4 to 1.17.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-10 17:03:50 +00:00
Mo Khan
ca2ee26c86
Merge pull request #884 from vmware-tanzu/upstream-ad-refresh 
Upstream active directory refresh checks for password changes, deactivated and locked users
 2021-12-09 20:51:46 -05:00
Margo Crawford
59d999956c Move ad specific stuff to controller 
also make extra refresh attributes a separate field rather than part of
Extra

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-12-09 16:16:36 -08:00
Margo Crawford
acaad05341 Make pwdLastSet stuff more generic and not require parsing the timestamp 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-12-09 16:16:36 -08:00
Margo Crawford
65f3464995 Fix issue with very high integer value parsing, add unit tests 
also add comment about urgent replication
 2021-12-09 16:16:36 -08:00
Margo Crawford
ee4f725209 Incorporate PR feedback 2021-12-09 16:16:36 -08:00
Margo Crawford
ef5a04c7ce Check for locked users on ad upstream refresh 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-12-09 16:16:36 -08:00
Margo Crawford
f62e9a2d33 Active directory checks for deactivated user 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-12-09 16:16:36 -08:00
Margo Crawford
da9b4620b3 Active Directory checks whether password has changed recently during 
upstream refresh

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-12-09 16:16:35 -08:00
Margo Crawford
8db0203839 Add test for upstream ldap idp not found, wrong idp uid, and malformed 
fosite session storage
 2021-12-09 16:16:35 -08:00
Ryan Richard
92bd3b49c8 Merge branch 'main' into upstream_access_revocation_during_gc 2021-12-09 14:16:52 -08:00
anjalitelang
4110297a8f
Update ROADMAP.md 
Updated roadmap to reflect current velocity
 2021-12-09 16:59:09 -05:00
Ryan Richard
dbcb213691 Merge branch 'main' into upstream_access_revocation_during_gc 2021-12-08 14:29:59 -08:00
Ryan Richard
f410d2bd00 Add revocation of upstream access tokens to garbage collector 
Also refactor the code that decides which types of revocation failures
are worth retrying. Be more selective by only retrying those types of
errors that are likely to be worth retrying.
 2021-12-08 14:29:25 -08:00
Mo Khan
7a3b5e3571
Merge pull request #908 from vmware-tanzu/microwavables-main 
Added GOVERNANCE.md file to repo
 2021-12-08 14:38:21 -05:00
Nanci Lancaster
505bc47ae1
Added GOVERNANCE.md file to repo 
Signed-off-by: Nanci Lancaster <nancil@vmware.com>
 2021-12-08 14:29:16 -05:00
Ryan Richard
c9c218fdf0 Merge branch 'main' into upstream_access_revocation_during_gc 2021-12-06 14:47:27 -08:00
Ryan Richard
46008a7235 Add struct field for storing upstream access token in downstream session 2021-12-06 14:43:39 -08:00
Mo Khan
2c5b74c960
Merge pull request #905 from vmware-tanzu/dependabot/docker/golang-1.17.4 
Bump golang from 1.17.3 to 1.17.4
 2021-12-06 15:44:42 -05:00
dependabot[bot]
db68fc3a2b
Bump golang from 1.17.3 to 1.17.4 
Bumps golang from 1.17.3 to 1.17.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-06 01:14:25 +00:00
Ryan Richard
29490ee665 ran go mod tidy 2021-12-03 16:40:01 -08:00
Ryan Richard
b981055d31 Support revocation of access tokens in UpstreamOIDCIdentityProviderI 
- Rename the RevokeRefreshToken() function to RevokeToken() and make it
  take the token type (refresh or access) as a new parameter.
- This is a prefactor getting ready to support revocation of upstream
  access tokens in the garbage collection handler.
 2021-12-03 13:44:24 -08:00
Ryan Richard
edd3547977
Merge pull request #903 from vmware-tanzu/code-walkthrough-doc 
Add first draft of code walk-through doc
 2021-12-03 12:19:29 -08:00
Ryan Richard
aa361a70a7 clarifications to code walkthrough doc 2021-12-03 10:50:02 -08:00
Ryan Richard
7b6bdd8129 fix link to blog and add another in doc 2021-12-03 10:32:16 -08:00
Ryan Richard
4aed3385b6 Merge branch 'main' into code-walkthrough-doc 2021-12-03 09:17:35 -08:00
Ryan Richard
2736c3603a fix typo in doc 2021-12-03 09:17:17 -08:00
Ryan Richard
3ea90467b7 add first draft of code walk-through doc 2021-12-02 17:18:50 -08:00
anjalitelang
683027468e
Update ROADMAP.md 2021-12-02 12:00:54 -05:00
Mo Khan
269cae3a9f
Merge pull request #895 from enj/enj/f/warning_rt 
phttp: add generic support for RFC 2616 14.46 warnings headers
 2021-11-30 16:15:39 -05:00
Monis Khan
9d4a932656
phttp: add generic support for RFC 2616 14.46 warnings headers 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-11-30 15:11:59 -05:00
Mo Khan
1611cf681a Merge pull request #876 from vmware-tanzu/upstream_refresh_revocation_during_gc 
Revoke upstream OIDC refresh tokens during downstream session garbage collection
 2021-11-23 20:15:37 -05:00
Mo Khan
78474cfae9
Merge branch 'main' into upstream_refresh_revocation_during_gc 2021-11-23 19:29:13 -05:00
Mo Khan
aaf847040f
Merge pull request #893 from vmware-tanzu/fix_unit_test 
Attempt to fix a unit test that always failed on my laptop
 2021-11-23 19:25:16 -05:00
Ryan Richard
e44540043d Attempt to fix a unit test that always failed on my laptop 
Try to make the GCP plugin config less sensitive to the setup of the
computer on which it runs.
 2021-11-23 15:47:19 -08:00
Ryan Richard
69be273e01
Merge branch 'main' into upstream_refresh_revocation_during_gc 2021-11-23 14:55:44 -08:00
Mo Khan
5a1de2f54c
Merge pull request #888 from vmware-tanzu/customize_ports 
Make Concierge server port numbers configurable
 2021-11-23 17:51:04 -05:00
Ryan Richard
91eed1ab24 Merge branch 'main' into upstream_refresh_revocation_during_gc 2021-11-23 12:11:39 -08:00
Ryan Richard
3ca8c49334 Improve garbage collector log format and some comments 2021-11-23 12:11:17 -08:00
Mo Khan
f28b33bbf0
Merge branch 'main' into customize_ports 2021-11-23 08:30:48 -05:00
Mo Khan
537f85205d
Merge pull request #889 from enj/enj/i/strict_tls_acceptance 
tls: fix integration tests for long lived environments
 2021-11-18 16:37:15 -05:00
Ryan Richard
b8a93b6b90 Merge branch 'main' into customize_ports 2021-11-18 09:31:18 -08:00
Monis Khan
764a1ad7e4
tls: fix integration tests for long lived environments 
This change updates the new TLS integration tests to:

1. Only create the supervisor default TLS serving cert if needed
2. Port forward the node port supervisor service since that is
   available in all environments

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-11-18 03:55:56 -05:00
Mo Khan
6a68c6532c
Merge pull request #873 from enj/enj/i/strict_tls 
Force the use of secure TLS config
 2021-11-17 19:17:13 -05:00