djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,119 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

3119 Commits

Author SHA1 Message Date
Ryan Richard 8ff6ef32e9 Allow additional claims to map into an ID token issued by the supervisor 
- Specify mappings on OIDCIdentityProvider.spec.claims.additionalClaimMappings
- Advertise additionalClaims in the OIDC discovery endpoint under claims_supported

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-13 14:59:50 -08:00
Joshua Casey f4c9202f49
Merge pull request #1369 from vmware-tanzu/kube_cert_agent_reduce_memory 
Reduce memory consumption of pinniped-concierge-kube-cert-agent binary
 2023-01-13 14:26:39 -06:00
Ryan Richard bc7ffd37a6 Reduce memory consumption of pinniped-concierge-kube-cert-agent binary 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-13 11:07:42 -08:00
Pinny f691baec74 Updated versions in docs for v0.21.0 release 2022-12-21 13:12:06 +00:00
Ryan Richard 39a95e1198
Merge pull request #1354 from vmware-tanzu/dump_more_deps_dec_2022 
Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7
 2022-12-15 10:35:54 -08:00
Ryan Richard 6d3ed73eee Bump Go 1.19.1 -> 1.19.4, and go-boringcrypto 1.18.6b7 -> 1.18.9b7 2022-12-15 09:40:32 -08:00
Ryan Richard e3a963b73f
Merge pull request #1340 from vmware-tanzu/jtc/update-maintainers 
Update maintainers
 2022-12-15 09:31:14 -08:00
Ryan Richard 30818cb66d
Merge pull request #1353 from vmware-tanzu/dump_deps_dec_2022 
Upgrade project Go dependencies
 2022-12-15 09:23:16 -08:00
Ryan Richard 976035115e Stop using pointer pkg functions that were deprecated by dependency bump 2022-12-14 08:47:16 -08:00
Ryan Richard 85b67f254c Add more assertion to token_handler_test.go for token exchange exp claim 2022-12-14 08:47:16 -08:00
Ryan Richard e1a0367b03 Upgrade project Go dependencies 
Most of the changes in this commit are because of these fosite PRs
which changed behavior and/or APIs in fosite:
- https://github.com/ory/fosite/pull/667
- https://github.com/ory/fosite/pull/679 (from me!)
- https://github.com/ory/fosite/pull/675
- https://github.com/ory/fosite/pull/688

Due to the changes in fosite PR #688, we need to bump our storage
version for anything which stores the DefaultSession struct as JSON.
 2022-12-14 08:47:16 -08:00
Joshua Casey a9aac69c65 Add https://github.com/joshuatcasey as a Maintainer. Remove Technical Lead role. 2022-12-08 11:47:06 -06:00
Joshua Casey d88895c4a5 Prettify MAINTAINERS.md 2022-12-08 11:43:09 -06:00
Ryan Richard d35306aa85
Merge pull request #1322 from rooso/main 
Update example configuration for Active Directory
 2022-11-09 09:35:32 -08:00
rooso 3548362ce4
Update example configuration for Active Directory 
there was an typo in the example configuration for Microsoft Active Directory. Attribute was `userPrincipleName` but should be `userPrincipalName`
 2022-10-20 14:34:12 +02:00
Ben Petersen 4951cbe5d4
Merge pull request #1306 from vmware-tanzu/ci-updates-for-external-idps 
Update TestLDAPSearch_Parallel to notice different var for external ldap server
 2022-09-29 12:35:50 -04:00
Ryan Richard 66f4ee8a1b Update more tests to notice different var for external ldap server 2022-09-28 14:32:10 -07:00
Benjamin A. Petersen 09b9075abb
Update TestLDAPSearch_Parallel to notice different var for external ldap server 2022-09-28 16:02:56 -04:00
Ben Petersen 99c635c38d
Merge pull request #1304 from vmware-tanzu/site-footers 
Update site footer and maintainers page
 2022-09-27 16:18:18 -04:00
Benjamin A. Petersen 265c63fa54
Update site footer and maintainers page 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-27 16:13:55 -04:00
Pinny 2995e6a48c Updated versions in docs for v0.20.0 release 2022-09-27 17:16:32 +00:00
Ryan Richard 563c193499 Fix integration test expectation for AKS clusters 2022-09-26 17:00:11 -07:00
Ryan Richard 0d215566d8 Yet another integration test fix for dynamic clients feature with Okta 2022-09-26 16:41:52 -07:00
Ryan Richard 23185d55a5 Another integration test fix for dynamic clients feature with Okta 
Also increase the timeout in an integration test because it is flaking
on one of the GKE environments sometimes, probably because the
Concierge controllers aren't ready fast enough before the integration
tests start.
 2022-09-26 14:43:50 -07:00
Ryan Richard f302e71b0f Fix some integration tests' handling of groups to work with Okta 2022-09-26 12:40:07 -07:00
Ryan Richard 110681cdb8 Fix the name of the API Service updater controller in the log messages 2022-09-26 12:37:34 -07:00
Ryan Richard 36dbc7c9bf Update supervisor_storage_test.go to avoid using fuzzed value 
The fuzzed value depends on which Go compiler is used. This breaks
the fips tests in CI as long as the fips compiler is a version behind
(we are still waiting for the 1.19 fips compiler to come out).

The fuzzing is still being tested by a separate unit test, so we are
not losing fuzzing test coverage.
 2022-09-26 11:19:39 -07:00
Ryan Richard 1e05012bdb
Merge pull request #1303 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.12.2 
Bump github.com/tdewolff/minify/v2 from 2.12.1 to 2.12.2
 2022-09-26 07:56:37 -07:00
dependabot[bot] e122e65b0a
Bump github.com/tdewolff/minify/v2 from 2.12.1 to 2.12.2 
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.12.1 to 2.12.2.
- [Release notes](https://github.com/tdewolff/minify/releases)
- [Commits](https://github.com/tdewolff/minify/compare/v2.12.1...v2.12.2)

---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-26 01:34:52 +00:00
Ryan Richard d444242431
Merge pull request #1302 from vmware-tanzu/bump_deps_sept_2022 
Bump deps sept 2022
 2022-09-23 16:38:41 -07:00
Ryan Richard 3b507dab4a Upgrade generated code to use the latest available versions of Kube libs 
Manually kube-versions.txt and then ran ./hack/update.sh to update the
generated code.
 2022-09-23 14:55:23 -07:00
Ryan Richard bad95c072e Upgrade project dependencies to latest 
- Upgrade Go used in CI from 1.19.0 to 1.19.1
- Upgrade all go.mod direct dependencies to latest available versions
- Upgrade distroless base image to latest available version
- Upgrade Go fips compiler to to latest available version

Note that upgrading the go-oidc library changed an error message
returned by that library, so update the places where tests were
expecting that error message.
 2022-09-23 14:41:54 -07:00
Ryan Richard eb62f04f21
Merge pull request #1181 from vmware-tanzu/dynamic_clients 
Dynamic OIDC clients feature
 2022-09-23 14:03:08 -07:00
Ryan Richard 208a566bdf Merge branch 'main' into dynamic_clients 2022-09-23 14:01:11 -07:00
Ryan Richard 510286570a
Merge pull request #1286 from vmware-tanzu/psa 
Make Pinniped compatible with Kube clusters which have enabled PSAs
 2022-09-23 13:56:23 -07:00
Ryan Richard 66b1df2dd9 Fix a test assertion in supervisor_oidcclientsecret_test.go 2022-09-23 07:59:05 -07:00
Ryan Richard a7eb16dde1
Merge pull request #1255 from vmware-tanzu/dynamic_clients_docs 
Add docs for dynamic clients
 2022-09-22 12:34:17 -07:00
Ryan Richard b46a2f0267 Add more details about OIDCClients to configure-auth-for-webapps.md 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-22 12:31:31 -07:00
Ryan Richard e27b04cb41
Merge pull request #1273 from vmware-tanzu/dynamic_client_create_secret 
Implement OIDCClientSecretRequest API for managing dynamic client secrets
 2022-09-22 11:31:47 -07:00
Ryan Richard 3a7b373a7d Add OIDCClientSecretRequest to code-walkthrough.md 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-22 11:26:17 -07:00
Ryan Richard ba98c8cc14 Enhance Kube middleware to rewrite API group of ownerRefs on update verb 
When oidcclientsecretstorage.Set() wants to update the contents of the
storage Secret, it also wants to keep the original ownerRef of the
storage Secret, so it needs the middleware to rewrite the API group
of the ownerRef again during the update (just like it had initially done
during the create of the Secret).
 2022-09-21 21:30:44 -07:00
Ryan Richard 31716358a9 Make the assertNoRestartsDuringTest() helper ignore terminating pods 2022-09-21 21:27:02 -07:00
Ryan Richard 12b3079377 integration tests for oidcclientsecretrequest endpoint 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-21 16:25:41 -07:00
Benjamin A. Petersen a7ca2cf2dd fix test name in clientsecretrequest unit tests 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-21 15:17:23 -07:00
Ryan Richard b49dcc7d45 Resolve a todo in oidcclientsecretstorage.go 2022-09-21 15:17:21 -07:00
Ryan Richard 90f13225ef Update integration test helper to call new OIDCClientSecretRequest API 2022-09-21 15:17:21 -07:00
Ryan Richard ee3515f23b Create OIDCClientSecretRequest returns metadata 
Sets the Name, Namespace, CreationTimestamp fields in the object meta
of the return value.

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-21 15:17:10 -07:00
Ryan Richard 7997285b19 Make fields optional on OIDCClientSecretRequest 2022-09-21 15:17:08 -07:00
Benjamin A. Petersen 6d863a159b Add unit tests for clientsecretrequest logs 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-21 15:17:02 -07:00
Benjamin A. Petersen 5e3a912200 Add unit tests for clientsecretrequest 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2022-09-21 15:16:48 -07:00