djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
855 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

855 Commits

Author SHA1 Message Date
Rajat Goyal 7e78c9322c Remove duplicate documentation images from the repo and change all links to point to the Hugo site 2020-12-02 23:58:19 +05:30
Rajat Goyal 31810a97e1 Remove duplicate docs from the repo and change all links to point to the Hugo site 2020-12-02 23:58:19 +05:30
Matt Moyer be8f11fe5a
Merge pull request #246 from mattmoyer/build-on-go-1.14 
Tweak some stdlib usage so we compile under Go 1.14.
 2020-11-30 17:38:19 -06:00
Matt Moyer 24c4bc0dd4
Tweak some stdlib usage so we compile under Go 1.14. 
Mainly, avoid using some `testing` helpers that were added in 1.14, as well as a couple of other niceties we can live without.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-30 10:11:41 -06:00
Andrew Keesler 385d2db445
Merge pull request #245 from ankeesler/fix-supervisor-login-test 
Run TestSupervisorLogin only on valid HTTP/HTTPS supervisor addresses
 2020-11-30 11:05:43 -05:00
Andrew Keesler eae6d355f8
test/integration: skip TestSupervisorLogin until new callback logic is on main 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-30 10:12:03 -05:00
Andrew Keesler 5be46d0bb7
test/integration: get downstream issuer path from upstream redirect 
See comment in the code.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-30 09:58:08 -05:00
Andrew Keesler 5b04192945
Run TestSupervisorLogin only on valid HTTP/HTTPS supervisor addresses 
We were assuming that env.SupervisorHTTPAddress was set, but it might not be
depending on the environment on which the integration tests are being run. For
example, in our acceptance environments, we don't currently set
env.SupervisorHTTPAddress.

I tried to follow the pattern from TestSupervisorOIDCDiscovery here.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-30 09:23:12 -05:00
Matt Moyer dfb6544171
Merge pull request #238 from jknostman3/patch-1 
Update site demo to use pinniped-concierge namespace
 2020-11-20 17:15:26 -06:00
Matt Moyer 3596610f40
Merge pull request #239 from enj/enj/f/fosite_defaults 
Set defaults for fosite config
 2020-11-20 17:14:05 -06:00
Monis Khan d39cc08b66
Set defaults for fosite config 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-20 17:18:52 -05:00
Matt Moyer ad9439eef2
Merge pull request #207 from vmware-tanzu/dependabot/docker/golang-1.15.5 
Bump golang from 1.15.3 to 1.15.5
 2020-11-20 15:18:23 -06:00
Jake Knostman 15bffc6b16
Update site demo to use pinniped-concierge namespace 2020-11-20 12:31:23 -08:00
dependabot[bot] 901242c1e1
Bump golang from 1.15.3 to 1.15.5 
Bumps golang from 1.15.3 to 1.15.5.

Signed-off-by: dependabot[bot] <support@github.com>
 2020-11-20 20:19:51 +00:00
Matt Moyer fd0e0bb4c9
Merge pull request #234 from rajat404/main 
Avoid printing the error message twice from client
 2020-11-20 13:29:35 -06:00
Rajat Goyal 53bece2186 Avoid printing the error message twice from client 2020-11-21 00:05:26 +05:30
Matt Moyer 1a881e4f2b
Merge pull request #232 from mattmoyer/adjust-test-environment-upstream-clients 
Split test environment variables so there's a specific supervisor upstream client.
 2020-11-20 09:46:04 -06:00
Matt Moyer bc700d58ae
Split test environment variables so there's a specific supervisor upstream client. 
Prior to this we re-used the CLI testing client to test the authorize flow of the supervisor, but they really need to be separate upstream clients. For example, the supervisor client should be a non-public client with a client secret and a different callback endpoint.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-20 08:03:06 -06:00
Mo Khan b8fb37b9f6
Merge pull request #233 from enj/enj/i/tmp_disable_max_flight 
Temporarily disable max inflight checks for mutating requests
 2020-11-19 22:51:03 -05:00
Monis Khan 4a28d1f800
Temporarily disable max inflight checks for mutating requests 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-19 21:21:10 -05:00
Mo Khan 20b62b8841
Merge pull request #231 from enj/enj/f/fosite_kube_storage 
Add kube based storage for use with fosite
 2020-11-19 15:34:55 -05:00
Monis Khan 86865d155a
Switch fuzzing test to UTC 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-19 14:04:25 -05:00
Monis Khan 3575be7742
Add authorization code storage 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-19 13:18:27 -05:00
Monis Khan b7d823a077
Add generic Kube API based CRUD storage 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-19 13:18:02 -05:00
Mo Khan 3bc5952f7e
Merge pull request #227 from mattmoyer/add-authorizationconfig-omitempty 
Use `omitempty` on UpstreamOIDCProvider `spec.authorizationConfig` field.
 2020-11-18 20:10:55 -05:00
Matt Moyer 7520dadbdd
Use `omitempty` on UpstreamOIDCProvider `spec.authorizationConfig` field. 
This allows you to omit the field in creation requests, which was annoying.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-18 17:14:35 -06:00
Mo Khan 8a4be431f6
Merge pull request #230 from vmware-tanzu/scc 
Add nonroot SCC to work on OpenShift clusters
 2020-11-18 17:46:01 -05:00
Mo Khan c32e452db8
Add nonroot SCC to work on OpenShift clusters 2020-11-18 17:08:45 -05:00
Ryan Richard 24bd8b2e42
Merge pull request #226 from absoludity/fix-getting-started4 
Fix demo.md and update default namespace for pinniped concierge.
 2020-11-18 13:39:04 -08:00
Ryan Richard c83cec341b
Merge branch 'main' into fix-getting-started4 2020-11-17 15:02:36 -08:00
Matt Moyer 7404ee4531
Merge pull request #224 from mattmoyer/make-oidcclient-public 
Move `./internal/oidcclient` to `./pkg/oidcclient`.
 2020-11-17 15:13:50 -06:00
Matt Moyer e0a9bef6ce
Move `./internal/oidcclient` to `./pkg/oidcclient`. 
This will allow it to be imported by Go code outside of our repository, which was something we have planned for since this code was written.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-17 14:53:32 -06:00
Matt Moyer 428b9f2758
Merge pull request #223 from mattmoyer/refactor-cert-gen 
Refactor certificate generation for integration test Dex.
 2020-11-17 12:45:20 -06:00
Matt Moyer 0d1ad6e1df
Fix some broken resource grouping/ordering in Tiltfile. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-17 12:21:15 -06:00
Matt Moyer 6ce2f109bf
Refactor certificate generation for integration test Dex. 
Before, we did this in an init container, which meant if the Dex pod restarted we would have fresh certs, but our Tilt/bash setup didn't account for this.

Now, the certs are generated by a Job which runs once and saves the generated files into a Secret. This should be a bit more stable.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-17 11:36:36 -06:00
Matt Moyer 3b9fb71dd1
Merge pull request #222 from mattmoyer/readd-supervisor-login-tests 
Re-add the TestSupervisorLogin integration test.
 2020-11-17 11:16:01 -06:00
Matt Moyer d6d808d185
Re-add the TestSupervisorLogin integration test. 
This is 99% Andrew's code from 4032ed32ae, but tweaked to work with the new UpstreamOIDCProvider setup.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-17 09:21:17 -06:00
Matt Moyer b75a6cdb76
Merge pull request #221 from mattmoyer/use-https-dex 
Add support for custom CA bundle in CLI and UpstreamOIDCProvider.
 2020-11-16 20:47:16 -06:00
Matt Moyer b31deff0fb
Update integration tests to use HTTPS Dex for UpstreamOIDCProvider testing. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-16 20:23:20 -06:00
Matt Moyer ee978fdde8
Add controller support for spec.tls field. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-16 20:23:20 -06:00
Matt Moyer e867fb82b9
Add `spec.tls` field to UpstreamOIDCProvider API. 
This allows for a custom CA bundle to be used when connecting to the upstream issuer.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-16 20:23:20 -06:00
Matt Moyer b17ac6ec0b
Update integration tests to run Dex over HTTPS. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-16 20:23:20 -06:00
Matt Moyer dd2133458e
Add --ca-bundle flag to "pinniped login oidc" command. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-16 18:15:20 -06:00
Matt Moyer e7ecfd3954
Merge pull request #219 from mattmoyer/add-test-proxy 
Convert CLI tests to work through an HTTP forward proxy.
 2020-11-16 17:48:16 -06:00
Matt Moyer c8b17978a9
Convert CLI tests to work through an HTTP forward proxy. 
This change deploys a small Squid-based proxy into the `dex` namespace in our integration test environment. This lets us use the cluster-local DNS name (`http://dex.dex.svc.cluster.local/dex`) as the OIDC issuer. It will make generating certificates easier, and most importantly it will mean that our CLI can see Dex at the same name/URL as the supervisor running inside the cluster.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-16 17:16:58 -06:00
Matt Moyer a4733025ce
Merge pull request #220 from jonasrosland/fix-landing-text 
Fix landing page use cases
 2020-11-16 16:36:44 -06:00
jonasrosland 332ed8e50b Fix landing page use cases 
Signed-off-by: jonasrosland <jrosland@vmware.com>
 2020-11-16 12:00:06 -05:00
Michael Nelson 57a2dc9fc1 Update default namespace for pinniped-concierge to match install-pinniped-concierge.yaml 2020-11-16 11:05:53 +11:00
Michael Nelson 9bb9402e89 Updated doc/demo.md with required namespace 2020-11-16 11:05:53 +11:00
Matt Moyer 84b61fac88
Merge pull request #215 from mattmoyer/fix-upstream-oidc-provider 
Fix some issues in the UpstreamOIDCProvider CRD and controller
 2020-11-13 17:23:10 -06:00