djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,956 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

1956 Commits

Author SHA1 Message Date
Ryan Richard 9ee11d2a49 Merge branch 'main' into ldap_docs 2021-05-25 16:19:06 -07:00
Ryan Richard bf39f930d4 Some light docs wordsmithing and reordering of the sidebar 2021-05-25 16:15:45 -07:00
Matt Moyer 18a2a27a06
Merge pull request #640 from mattmoyer/endpointaddr 
Refactor "endpoint address" parsing code into shared package.
 2021-05-25 17:22:31 -05:00
Anjali Telang 47582e3290 Documentation for using Jumpcloud as LDAP provider with Pinniped Supervisor 2021-05-25 17:52:32 -04:00
Matt Moyer 89eff28549
Convert LDAP code to use endpointaddr package. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-25 16:17:27 -05:00
Matt Moyer d9a3992b3b
Add endpointaddr pkg for parsing host+port inputs. 
This type of field appears in more than one of our APIs, so this package will provide a single source of truth for validating and parsing inputs.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-25 16:17:26 -05:00
Matt Moyer 61362f8187
Merge pull request #639 from vmware-tanzu/dependabot/go_modules/github.com/google/go-cmp-0.5.6 
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6
 2021-05-25 11:04:08 -05:00
dependabot[bot] f89f2281d8
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-25 05:51:17 +00:00
Ryan Richard f5b11a0239 New docs: 1) Concierge with Supervisor, and 2) Supervisor with OpenLDAP 2021-05-24 19:08:25 -07:00
Ryan Richard 5e8945c616
Merge pull request #632 from vmware-tanzu/ldap_additional_unit_test 
Add another unit test for the LDAP client code
 2021-05-24 14:26:13 -07:00
Ryan Richard 2331c2dae2 Merge branch 'main' into ldap_additional_unit_test 2021-05-24 14:24:48 -07:00
Ryan Richard 2014f4623d Move require.NoError() to t.Cleanup() 2021-05-24 14:24:09 -07:00
Matt Moyer 468463ce1d
Merge pull request #635 from mattmoyer/fix-docs-version-to-better-default 
Replace all references to "a specific version" with v0.8.0.
 2021-05-24 14:25:48 -05:00
Matt Moyer 520eb43bfd
Replace all references to "a specific version" with v0.8.0. 
The documentation was a bit confusing before, and it was easy to accidentally install a very outdated version if you weren't reading carefully.

We could consider writing a post-release CI job to update these references automatically (perhaps using a Hugo macro?), but for now a manual update seems sufficient.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-24 11:50:16 -05:00
Matt Moyer 523a8d432f
Merge pull request #616 from vmware-tanzu/okta-supervisor-docs 
Add doc for configuring the supervisor with okta
 2021-05-24 10:34:02 -05:00
Matt Moyer 1ab1d41735
Minor cleanups on the new Supervisor+Okta docs page. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-24 10:31:06 -05:00
Margo Crawford 36168122cc
Add doc for configuring the supervisor with okta 2021-05-24 10:30:50 -05:00
Ryan Richard b16e84d90a Add another unit test for the LDAP client code 2021-05-21 12:44:01 -07:00
Matt Moyer 2d0cb16239
Merge pull request #631 from mattmoyer/remove-openapi-codegen 
Stop generating zz_generated.openapi.go files.
 2021-05-21 12:19:09 -05:00
Matt Moyer fd9d9b8c73
Stop generating zz_generated.openapi.go files. 
It turns out we no longer need these and can skip this bit of code generation.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 11:16:59 -05:00
Matt Moyer 44f6fd4437
Merge pull request #630 from mattmoyer/20210521-dependency-updates 
Upgrade Go module dependencies
 2021-05-21 11:12:03 -05:00
Matt Moyer f0d5923091
Downgrade k8s.io/kube-openapi back to a previous version. 
9b07d72531...00de3ae54c

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:42:39 -05:00
Matt Moyer 85ebaa96d5
Upgrade k8s.io/kube-openapi dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:11:26 -05:00
Matt Moyer cf5bc9f1b4
Upgrade k8s.io/utils dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:07:41 -05:00
Matt Moyer 0d02ba6af3
Upgrade k8s.io/gengo dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:07:00 -05:00
Matt Moyer 74a569fa82
Upgrade golang.org/x/* module dependencies. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:06:29 -05:00
Matt Moyer 01c0514057
Upgrade github.com/pkg/browser. 
This some some kind of improvement on Windows.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:00:19 -05:00
Matt Moyer 0d42c1e9fe
Update to Kubernetes 1.21.1 runtime components. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 09:57:41 -05:00
Ryan Richard 1307c49212
Merge pull request #620 from vmware-tanzu/ldap_starttls 
Support `StartTLS` for `LDAPIdentityProvider`s
 2021-05-20 16:16:37 -07:00
Ryan Richard b01665386d Use latest container image of our fork of bitnami-docker-openldap 2021-05-20 15:49:34 -07:00
Ryan Richard 901ddd1870 Merge branch 'main' into ldap_starttls 2021-05-20 13:40:56 -07:00
Ryan Richard 8b549f66d4 Add integration test for LDAP StartTLS 2021-05-20 13:39:48 -07:00
Ryan Richard 4780c39640
Merge pull request #618 from vmware-tanzu/initial_ldap_group_support 
Initial support for upstream LDAP group membership
 2021-05-20 13:10:23 -07:00
Ryan Richard 7e76b66639 LDAP upstream watcher controller tries using both TLS and StartTLS 
- Automatically try to fall back to using StartTLS when using TLS
  doesn't work. Only complain when both don't work.
- Remember (in-memory) which one worked and keeping using that one
  in the future (unless the pod restarts).
 2021-05-20 12:46:33 -07:00
Ryan Richard fff90ed2ca
Merge branch 'main' into initial_ldap_group_support 2021-05-20 12:36:04 -07:00
Matt Moyer 562942cdbf
Merge pull request #627 from mattmoyer/use-informers-for-credentialissuer-updates 
Create CredentialIssuer at install, not runtime.
 2021-05-20 10:13:41 -05:00
Ryan Richard 025b37f839 upstreamldap.New() now supports a StartTLS config option 
- This enhances our LDAP client code to make it possible to optionally
  dial an LDAP server without TLS and then use StartTLS to upgrade
  the connection to TLS.
- The controller for LDAPIdentityProviders is not using this option
  yet. That will come in a future commit.
 2021-05-19 17:17:44 -07:00
Matt Moyer 657488fe90
Create CredentialIssuer at install, not runtime. 
Previously, our controllers would automatically create a CredentialIssuer with a singleton name. The helpers we had for this also used "raw" client access and did not take advantage of the informer cache pattern.

With this change, the CredentialIssuer is always created at install time in the ytt YAML. The controllers now only update the existing CredentialIssuer status, and they do so using the informer cache as much as possible.

This change is targeted at only the kubecertagent controller to start. The impersonatorconfig controller will be updated in a following PR along with other changes.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-19 17:15:25 -05:00
Ryan Richard 94d6b76958 Merge branch 'initial_ldap_group_support' into ldap_starttls 2021-05-19 13:12:56 -07:00
Ryan Richard 424c112bbc Merge branch 'main' into initial_ldap_group_support 2021-05-19 13:12:17 -07:00
Ryan Richard b5063e59ab Merge branch 'initial_ldap_group_support' into ldap_starttls 2021-05-18 16:39:59 -07:00
Ryan Richard a6f95cfff1 Configure openldap to disallow non-TLS clients 
- For testing purposes, we would like to ensure that when we connect
  to the LDAP server we cannot accidentally avoid using TLS or StartTLS.
- Also enabled the openldap `memberOf` overlay in case we want to
  support group search using `memberOf` in the future.
- This required changes to the docker.io/bitnami/openldap container
  image, so we're using our own fork for now. Will submit a PR to
  bitnami/openldap to see if they will accept it (or something similar)
  upstream.
 2021-05-18 16:38:12 -07:00
Matt Moyer efeb25b8eb
Merge pull request #619 from vmware-tanzu/dependabot/go_modules/github.com/creack/pty-1.1.12 
Bump github.com/creack/pty from 1.1.11 to 1.1.12
 2021-05-18 09:16:27 -05:00
dependabot[bot] f595e81dbb
Bump github.com/creack/pty from 1.1.11 to 1.1.12 
Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/creack/pty/releases)
- [Commits](https://github.com/creack/pty/compare/v1.1.11...v1.1.12)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-18 05:56:45 +00:00
Mo Khan 0f5f72829b
Merge pull request #594 from enj/enj/i/tcr_strict_user_info 
cred req: disallow lossy user info translations
 2021-05-17 19:28:21 -04:00
Monis Khan f40fd29c7c
local-user-authenticator: stop setting UID 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-05-17 19:03:45 -04:00
Monis Khan 35479e2978
cred req: disallow lossy user info translations 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-05-17 19:03:44 -04:00
Ryan Richard 742b70d6a4 Merge branch 'main' into initial_ldap_group_support 2021-05-17 14:24:56 -07:00
Ryan Richard dab5ff3788 ldap_client_test.go: Forgot to change an assertion related to groups 2021-05-17 14:21:57 -07:00
Ryan Richard 99099fd32f Yet more debugging of tests which only fail in main CI 2021-05-17 14:20:41 -07:00