187bd9060c
All FederationDomain Secrets have distinct Types
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-17 17:07:38 -08:00
2e191084b0
Miscellaneous wording changes
2020-12-17 16:42:45 -08:00
7a98900b28
Merge pull request #302 from mattmoyer/switch-registry-references
...
Move our main image references to the VMware Harbor registry.
2020-12-17 18:23:12 -06:00
28e23e14b5
Demo landing page
2020-12-17 16:08:51 -08:00
5f2807e693
Updates to the architecture page.
2020-12-17 15:55:05 -08:00
e0b94f4780
Move our main image references to the VMware Harbor registry.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 17:51:09 -06:00
587cced768
Add extra type info where SecretType is used
2020-12-17 15:43:20 -08:00
50964c6677
Supervisor CSRF Secret has unique Type
...
Signed-off-by: aram price <pricear@vmware.com>
2020-12-17 15:30:26 -08:00
81eb0735d1
Merge pull request #299 from mattmoyer/update-go-dependencies
...
Update dependencies before v0.3.0 release.
2020-12-17 17:28:40 -06:00
c7931bc6d5
Remove our main module dependency on golangci-lint.
...
We will still pin this in CI via an image dependency.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 17:01:32 -06:00
b27e3e1a89
Put a Type on the Secrets that we create for FederationDomain JWKS
...
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-17 14:48:49 -08:00
8db9331fed
Update ExpectedAuthorizeCodeSessionJSONFromFuzzing.
...
We stared at this very carefully and we don't think there are any structural changes. Maybe something small happened to get the RNG off by one?
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 16:31:08 -06:00
3e15e184ef
Update test assertions related to spf13/cobra.
...
It now correctly prints errors to stderr (https://github.com/spf13/cobra/pull/894 ).
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 16:31:08 -06:00
6a457466df
Update generated k8s code for 1.19.5.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 16:31:08 -06:00
3a81fbd1b4
Update fosite error usage.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 16:31:08 -06:00
421c17c421
Update all modules.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 16:31:08 -06:00
780d236d89
Merge pull request #300 from vmware-tanzu/even-more-opc-renames
...
Even more "op" and "opc" local variable renames
2020-12-17 13:51:54 -08:00
55483b726b
More "op" and "opc" local variable renames
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-17 13:49:53 -08:00
157d041b6a
README.md: first draft of Supervisor additions
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-17 15:36:33 -05:00
32602f579b
Merge pull request #298 from vmware-tanzu/more-opc-rename
...
Rename all "op" and "opc" usages
2020-12-17 12:31:52 -08:00
65e7df1417
Merge branch 'main' into more-opc-rename
2020-12-17 12:10:19 -08:00
b96d49df0f
Rename all "op" and "opc" usages
...
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-17 11:34:49 -08:00
152838e998
CONTRIBUTING.md: add missing integration test dependencies
...
Also alphabetize dependencies because sorting wins.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-17 13:59:23 -05:00
9183c3897f
Merge pull request #281 from mattmoyer/upgrade-dex
...
Upgrade the Dex we use for local testing to v2.27.0.
2020-12-17 12:50:36 -06:00
b009cee877
Add Margo and Mo as maintainers of Pinniped
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2020-12-17 13:37:20 -05:00
41832369fd
Upgrade the Dex we use for local testing to v2.27.0.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 12:04:09 -06:00
cc5cb394e0
Merge pull request #143 from enj/enj/i/cache_mutation_detector_unit
...
Enable cache mutation detector in unit tests
2020-12-17 10:09:02 -06:00
b60542f0d1
Clean this test up a trivial amount using `require.Implementsf()`.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-17 08:38:16 -06:00
dc8e7a2f39
Enable cache mutation detector in unit tests
...
Signed-off-by: Monis Khan <mok@vmware.com>
2020-12-17 08:38:15 -06:00
34e6e7567f
Merge pull request #295 from ankeesler/fix-secret-status
...
Only set single secret status field in FederationDomainSecretsController
2020-12-17 08:26:23 -06:00
04d54e622a
Only set single secret status field in FederationDomainSecretsController
...
This implementation is janky because I wanted to make the smallest change
possible to try to get the code back to stable so we can release.
Also deep copy an object so we aren't mutating the cache.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-12-17 07:41:53 -05:00
4c6e1e5fb3
supervisor_login_test.go: wait for the `/jwks.json` endpoint to be ready
...
- Also fail in a more obvious way if the token exchanged failed by
adding an assertion about its status code
2020-12-16 17:59:39 -08:00
b2b906f4fe
supervisor_discovery_test.go: make test timeouts longer to avoid flakes
2020-12-16 15:13:02 -08:00
40586b255c
Merge pull request #293 from vmware-tanzu/rename-oidcprovider-and-upstreamoidcprovider
...
Rename OIDCProvider -> FederationDomain and UpstreamOIDCProvider -> OIDCIdentityProvider
2020-12-16 14:58:33 -08:00
196e43aa48
Rename off of main
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-16 14:27:09 -08:00
fbe1a202c2
Merge pull request #283 from vmware-tanzu/username-and-subject-claims
...
Adjust subject and username claims
2020-12-16 15:23:34 -06:00
7dae166a69
Merge branch 'main' into username-and-subject-claims
2020-12-16 15:23:19 -06:00
72ce69410e
Merge pull request #273 from vmware-tanzu/secret-generation
...
Generate secrets for Pinniped Supervisor
2020-12-16 15:22:23 -06:00
7bb0d649c0
Merge pull request #290 from mattmoyer/rename-token-exchange-scope
...
Rename the "pinniped.sts.unrestricted" scope to "pinniped:request-audience".
2020-12-16 15:22:05 -06:00
c110e173ac
Merge pull request #286 from mattmoyer/upgrade-debian-base-image
...
Upgrade base images to Debian 10.7-slim.
2020-12-16 15:21:31 -06:00
111f6513ac
Upgrade base images to Debian 10.7-slim.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-16 15:16:31 -06:00
5367fd9fcb
Trigger CI
2020-12-16 15:13:28 -06:00
095ba14cc8
Merge remote-tracking branch 'upstream/main' into secret-generation
2020-12-16 15:40:34 -05:00
446863ad96
Merge pull request #292 from ankeesler/golang-debian-bump
...
Upgrade golang (1.15.5 -> 1.15.6)
2020-12-16 15:38:12 -05:00
8527c363bb
Rename the "pinniped.sts.unrestricted" scope to "pinniped:request-audience".
...
This is a bit more clear. We're changing this now because it is a non-backwards-compatible change that we can make now since none of this RFC8693 token exchange stuff has been released yet.
There is also a small typo fix in some flag usages (s/RF8693/RFC8693/)
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-16 14:24:13 -06:00
05127f4cfb
Merge pull request #291 from mattmoyer/tweak-oidcclient-timeouts
...
Tweak timeouts in oidcclient package.
2020-12-16 14:23:32 -06:00
653224c2ad
types_jwt.go.tmpl: Replace spaces with tabs
2020-12-16 12:21:30 -08:00
406fc95501
Empty commit to trigger CI
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-16 11:49:59 -08:00
01b6bf7850
Tweak timeouts in oidcclient package.
...
- The overall timeout for logins is increased to 90 minutes.
- The timeout for token refresh is increased from 30 seconds to 60 seconds to be a bit more tolerant of extremely slow networks.
- A new, matching timeout of 60 seconds has been added for the OIDC discovery, auth code exchange, and RFC8693 token exchange operations.
The new code uses the `http.Client.Timeout` field rather than managing contexts on individual requests. This is easier because the OIDC package stores a context at creation time and tries to use it later when performing key refresh operations.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-12-16 13:47:08 -06:00
2840e4e152
Merge pull request #288 from mattmoyer/fixup-securityheaders
...
Fix a regression in securityheaders package and add tests.
2020-12-16 13:46:28 -06:00
aram price