Ryan Richard
|
86c791b8a6
|
reorganize federation domain packages to be more intuitive
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
|
2023-09-11 11:11:52 -07:00 |
|
Benjamin A. Petersen
|
3160b5bad1
|
Reorganized FederationDomain packages to avoid circular dependency
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2023-09-11 11:09:50 -07:00 |
|
Ryan Richard
|
610f886fd8
|
Fix auth_handler_test.go
|
2023-09-11 11:09:50 -07:00 |
|
Benjamin A. Petersen
|
770f8af62b
|
Update auth_handler.go to return 422 error when upstream IdP not found
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2023-09-11 11:09:50 -07:00 |
|
Benjamin A. Petersen
|
6ef9cf273e
|
Fix post_login_handler_test.go
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2023-09-11 11:09:50 -07:00 |
|
Ryan Richard
|
793d1c6a5d
|
add a type assertion
|
2023-09-11 11:09:50 -07:00 |
|
Benjamin A. Petersen
|
8f6a12eae4
|
fix internal/oidc/provider/manager/manager_test.go
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2023-09-11 11:09:50 -07:00 |
|
Benjamin A. Petersen
|
5c0425fb71
|
refactor: rename "provider" to "federationdomain" when appropriate
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2023-09-11 11:09:50 -07:00 |
|
Ryan Richard
|
96098841dd
|
Get tests to compile again and fix lint errors
|
2023-09-11 11:09:50 -07:00 |
|
Benjamin A. Petersen
|
b7627208ea
|
Add tests for identity_transformation.go
Co-authored-by: Ryan Richard <richardry@vmware.com>
|
2023-09-11 11:09:50 -07:00 |
|
Ryan Richard
|
32aa015d5b
|
Fixup unit tests for the previous commit
|
2023-09-11 11:09:50 -07:00 |
|
Ryan Richard
|
7af75dfe3c
|
First draft of implementation of multiple IDPs support
|
2023-09-11 11:09:49 -07:00 |
|
Ryan Richard
|
1a53b4daea
|
Allow user-defined string & stringList consts for use in CEL expressions
|
2023-09-11 11:09:49 -07:00 |
|
Ryan Richard
|
5385fb38db
|
Add identity transformation packages idtransform and celformer
Implements Supervisor identity transformations helpers using CEL.
|
2023-09-11 11:09:49 -07:00 |
|
Joshua Casey
|
64f1bff13f
|
Use Conditions from apimachinery, specifically k8s.io/apimachinery/pkg/apis/meta/v1.Conditions
|
2023-09-11 10:13:39 -07:00 |
|
Ryan Richard
|
ce567c481b
|
Improve pod logs related to Supervisor TLS certificate problems
|
2023-09-11 09:13:21 -07:00 |
|
Joshua Casey
|
cd91edf26c
|
[LDAP] move attributeUnchangedSinceLogin from upstreamldap to activedirectoryupstreamwatcher
|
2023-09-06 14:52:01 -05:00 |
|
Joshua Casey
|
8fd55a1d81
|
Adjust test expectations for compilation differences with 1.21
- Requires some production code changes, to use pointers to function variables instead of pointers to functions
|
2023-09-06 14:52:01 -05:00 |
|
Joshua Casey
|
3908097c54
|
Run 'go fix ./...' with go1.21.0
|
2023-09-06 14:52:01 -05:00 |
|
Joshua Casey
|
12f18cbed8
|
Inline and remove testutil.TempDir
|
2023-09-06 14:52:01 -05:00 |
|
Joshua Casey
|
05a1187e2e
|
Simplify build tags associated with unsupported golang versions
|
2023-09-06 14:52:01 -05:00 |
|
Joshua Casey
|
76933f69b9
|
Update comments to indicate support for newer versions of Kubernetes
|
2023-08-29 15:40:52 -05:00 |
|
Joshua Casey
|
2dcc149fee
|
Split off helper function
|
2023-08-28 12:14:14 -05:00 |
|
Joshua Casey
|
38230fc518
|
Use pversion to retrieve buildtime information
|
2023-08-28 11:54:27 -05:00 |
|
Joshua Casey
|
ca05969f8d
|
Integration tests should use 'kubectl explain --output plaintext-openapiv2'
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
|
2023-08-28 10:50:11 -05:00 |
|
Joshua Casey
|
1b504b6fbd
|
Expose OpenAPIv3 explanations
|
2023-08-28 10:50:11 -05:00 |
|
Joshua Casey
|
23ec91dee0
|
K8s API Server audit events are no longer pointers
|
2023-08-28 10:50:10 -05:00 |
|
Joshua Casey
|
1707995378
|
Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy
|
2023-08-08 20:17:21 -05:00 |
|
Joshua Casey
|
dc61d132cf
|
Address PR feedback, especially to check that the CA bundle is some kind of valid cert
|
2023-08-03 14:57:21 -05:00 |
|
Joshua Casey
|
959f18b67b
|
Add integration test to verify that the impersonation proxy will use an external TLS serving cert
|
2023-08-03 14:57:21 -05:00 |
|
Joshua Casey
|
ee75a63057
|
Test Refactor: use explicit names for mTLS signing cert
|
2023-08-03 14:57:21 -05:00 |
|
Joshua Casey
|
bd035a180e
|
Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
|
2023-08-03 14:57:21 -05:00 |
|
Joshua Casey
|
3e57716f0e
|
The impersonation controller should sync when any secret of type kubernetes.io/tls changes in the namespace
|
2023-08-03 14:57:21 -05:00 |
|
Joshua Casey
|
63b5f921e1
|
Use k8s.io/utils/ptr instead of k8s.io/utils/pointer, which is deprecated
|
2023-07-28 09:16:02 -05:00 |
|
Ryan Richard
|
743cb2d250
|
kube cert agent pod requests 0 cpu to avoid scheduling failures
|
2023-07-25 10:09:30 -07:00 |
|
Joshua Casey
|
39912060f7
|
Remove untested comments
|
2023-07-19 15:50:12 -05:00 |
|
Joshua Casey
|
c142c52258
|
Do not name return variables
|
2023-07-19 15:49:22 -05:00 |
|
Joshua Casey
|
741ccfd2ce
|
Fix lint
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
183c771d4e
|
Mark untested code paths
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
3d7eb55fc2
|
Pass caBundle instead of an object
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
5004925444
|
Backfill test cases
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
10c3e482b4
|
Prefer early return
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
8d8e1f3abd
|
Backfill issuer tests
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
f8ce2af08c
|
Use go:embed for easier to read tests
|
2023-07-19 15:47:48 -05:00 |
|
Joshua Casey
|
52b0cf43ca
|
Fix godoc
|
2023-07-19 15:47:47 -05:00 |
|
Joshua Casey
|
67cd5e70c2
|
Func ldap.Conn.Close() now returns an error
- https://github.com/go-ldap/ldap/compare/v3.4.4...v3.4.5
|
2023-07-06 16:48:25 -07:00 |
|
Ryan Richard
|
d30d76b7ac
|
Increase some test timeouts
|
2023-05-31 17:41:36 -07:00 |
|
Ryan Richard
|
600d002a35
|
Use groupSearch.userAttributeForFilter during ActiveDirectory group searches
- Load the setting in the controller.
- The LDAP auth code is shared between AD and LDAP,
so no new changes there in this commit.
|
2023-05-31 11:17:40 -07:00 |
|
Ryan Richard
|
c187474499
|
Use groupSearch.userAttributeForFilter during LDAP group searches
Load the setting in the controller.
Use the setting during authentication and during refreshes.
|
2023-05-25 14:25:17 -07:00 |
|
Ryan Richard
|
bd95f33f5e
|
Update string "zapr@v1.2.4" in unit test expectation
|
2023-05-12 09:18:47 -07:00 |
|