djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,986 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

760 Commits

Author SHA1 Message Date
Margo Crawford 98b0b6b21c One line fix to the supervisor warnings test 
Make the scopes in the cache key include the new groups scope

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-24 08:09:32 -07:00
Margo Crawford 8adc1ce345 Fix failing active directory integration test 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-22 16:16:32 -07:00
Margo Crawford a010e72b29 Merge branch 'dynamic_clients' into require-groups-scope 2022-06-22 14:27:06 -07:00
Margo Crawford f2005b4c7f Merge branch 'dynamic_clients' into require-groups-scope 2022-06-22 12:30:54 -07:00
Margo Crawford c70a0b99a8 Don't do ldap group search when group scope not specified 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-22 10:58:08 -07:00
Margo Crawford 9903c5f79e Handle refresh requests without groups scope 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-22 08:21:16 -07:00
Ryan Richard 5aa0d91267
New controller watches OIDCClients and updates validation Conditions 2022-06-17 13:11:26 -04:00
Monis Khan 36a5c4c20d
Fix TestOIDCClientStaticValidation on old servers 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-06-17 09:04:03 -04:00
Mo Khan 4bf734061d
Merge pull request #1190 from vmware-tanzu/client-secret-api-noop 
aggregated api for oidcclientsecretrequest
 2022-06-16 10:30:13 -04:00
Margo Crawford 64cd8b0b9f Add e2e test for groups scope 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-15 13:41:22 -07:00
Monis Khan 59d67322d3
Static validation for OIDC clients 
The following validation is enforced:

1. Names must start with client.oauth.pinniped.dev-
2. Redirect URIs must start with https://
   or http://127.0.0.1
   or http://::1
3. All spec lists must not have duplicates

Added an integration test to assert all static validations.

Signed-off-by: Monis Khan <mok@vmware.com>
 2022-06-15 15:09:40 -04:00
Margo Crawford 424f925a14 Merge branch 'dynamic_clients' into client-secret-api-noop 2022-06-15 09:38:55 -07:00
Margo Crawford c117329553 Updates based on code review 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-15 09:38:21 -07:00
Margo Crawford 4d0c2e16f4 require groups scope to get groups back from supervisor 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-15 08:00:17 -07:00
Mo Khan c77bee67c1
Merge pull request #1189 from vmware-tanzu/token_exchange_aud 
Disallow certain requested audience strings in token exchange
 2022-06-14 16:41:51 -04:00
Margo Crawford 104e08b0f6 Merge branch 'dynamic_clients' into client-secret-api-noop 2022-06-13 15:52:34 -07:00
Margo Crawford 0c1f48cbc1 Move oidcclient into config.supervisor.pinniped.dev 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-13 15:48:54 -07:00
Margo Crawford 8f4285dbff Change group names 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-13 14:28:05 -07:00
Ryan Richard b9272b2729 Reserve all of *.pinniped.dev for requested aud in token exchanges 
Our previous plan was to reserve only *.oauth.pinniped.dev but we
changed our minds during PR review.
 2022-06-13 12:08:11 -07:00
Margo Crawford ba371423d9 Add integration test for OIDCClientSecretRequest 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-10 13:56:15 -07:00
Ryan Richard e7096c61a8 Merge branch 'main' into dynamic_clients 2022-06-10 12:52:59 -07:00
Margo Crawford 889348e999 WIP aggregated api for oidcclientsecretrequest 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-09 13:47:19 -07:00
Ryan Richard ec533cd781 Skip some recently added integration tests when LDAP is unavailable 
Also refactor to use shared test helper for skipping LDAP and AD tests.
 2022-06-08 12:57:00 -07:00
Ryan Richard dd61ada540 Allow new warning messages about GCP plugin in TestGetPinnipedCategory 2022-06-08 10:22:15 -07:00
Ryan Richard 321abfc98d Merge branch 'dynamic_clients' into token_exchange_aud 2022-06-08 09:03:29 -07:00
Ryan Richard 97d17bbda8 Merge branch 'main' into dynamic_clients 2022-06-08 09:03:06 -07:00
Ryan Richard ea45e5dfef Disallow certain requested audience strings in token exchange 2022-06-07 16:32:19 -07:00
Ryan Richard 8170889aef Update CSP header expectations in TestSupervisorLogin_Browser int test 2022-06-07 11:20:59 -07:00
Margo Crawford ca3da0bc90 Fix some disallowed kubebuilder annotations, fix kube api discovery test 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-06-04 21:04:40 -07:00
Ryan Richard cb8685b942 Add e2e test for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var 2022-06-02 11:27:54 -07:00
Ryan Richard 0f2a984308 Merge branch 'main' into ldap-login-ui 2022-05-11 11:32:15 -07:00
Ryan Richard aa732a41fb Add LDAP browser flow login failure tests to supervisor_login_test.go 
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
 2022-05-10 16:28:08 -07:00
Ryan Richard 0b106c245e Add LDAP browser flow login test to supervisor_login_test.go 2022-05-10 12:54:40 -07:00
Ryan Richard ab302cf2b7 Add AD via browser login e2e test and refactor e2e tests to share code 2022-05-10 10:30:32 -07:00
Ryan Richard a4e32d8f3d Extract browsertest.LoginToUpstreamLDAP() integration test helper 2022-05-09 15:43:36 -07:00
Ryan Richard 6e6e1f4add Update login page CSS selectors in e2e test 2022-05-05 13:56:38 -07:00
Margo Crawford 329d41aac7 Add the full end to end test for ldap web ui 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-05 08:49:58 -07:00
Margo Crawford eb891d77a5 Tiny fix: pinninpeds->pinnipeds 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-05-04 12:42:55 -07:00
Margo Crawford 07b2306254 Add basic outline of login get handler 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-28 11:51:36 -07:00
Margo Crawford eb1d3812ec Update authorization endpoint to redirect to new login page 
Also fix some test failures on the callback handler, register the
new login handler in manager.go and add a (half baked) integration test

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-26 12:51:56 -07:00
hectorj2f a3f7afaec4 oidc: add code challenge supported methods 
Signed-off-by: hectorj2f <hectorf@vmware.com>
 2022-04-19 01:21:39 +02:00
Margo Crawford d5337c9c19 Error format of untrusted certificate errors should depend on OS 
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-04-14 17:37:36 -07:00
Ryan Richard 53348b8464 Add custom prefix to downstream access and refresh tokens and authcodes 2022-04-13 10:13:27 -07:00
Monis Khan 3f0753ec5a
Remove duplication in secure TLS tests 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-01 10:56:38 -04:00
Monis Khan 15bc6a4a67
Add more details to FIPS comments 
Signed-off-by: Monis Khan <mok@vmware.com>
 2022-04-01 10:56:38 -04:00
Margo Crawford 53597bb824 Introduce FIPS compatibility 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2022-03-29 16:58:41 -07:00
Ryan Richard cf471d6422 Remove unused env.SupervisorHTTPAddress integration test var 2022-03-29 09:13:44 -07:00
Ryan Richard bedf4e5a39 Try to avoid getting a second username prompt in a test in e2e_test.go 2022-03-22 14:23:50 -07:00
Ryan Richard 2715741c2c Increase a test timeout in e2e_test.go 2022-03-22 12:13:10 -07:00
Ryan Richard d162e294ed Split up the context timeouts per test in e2e_test.go 2022-03-22 10:17:45 -07:00