Ryan Richard
b564454bab
Make Pinniped compatible with Kube clusters which have enabled PSAs
...
Where possible, use securityContext settings which will work with the
most restrictive Pod Security Admission policy level (as of Kube 1.25).
Where privileged containers are needed, use the namespace-level
annotation to allow them.
Also adjust some integration tests to make similar changes to allow the
integration tests to pass on test clusters which use restricted PSAs.
2022-09-15 14:58:15 -07:00
anjalitelang
6b3a2e87c0
Update ROADMAP.md
2022-09-09 11:18:48 -04:00
anjalitelang
3c2820fdae
Update ROADMAP.md
...
Updating the roadmap based on current needs of users 9/9/2022
2022-09-09 11:18:19 -04:00
Pinny
4441ac0600
Updated versions in docs for v0.19.0 release
2022-08-26 20:08:48 +00:00
Ryan Richard
a5ac710831
Add unit test for expired refresh tokens used in refresh flow
2022-08-26 09:23:25 -07:00
Ryan Richard
5246ff9005
Give more time for slow envs to update in concierge_api_serving_certs_test.go
...
This test is a little flaky in slow Kubernetes clusters. Try giving a
little more time for things to update before failing the test, to
hopefully make this test a little more reliable.
2022-08-25 11:20:54 -07:00
Ryan Richard
24a3588eb0
Run codegen again using Go 1.19, causes whitespace diffs in generated code
2022-08-25 09:36:54 -07:00
Ryan Richard
8f27219ac9
Change allowed gcp auth plugin is deprecation warning text
...
It seems that google changed it from "the gcp auth plugin is deprecated
in v1.22+, unavailable in v1.25+; use gcloud instead" to instead say
"unavailable in v1.26+". Make the matcher in category_test.go more loose
to allow both to match.
2022-08-25 08:11:37 -07:00
Ryan Richard
736b385d7b
Merge pull request #1264 from vmware-tanzu/access_token_validation
...
Improve token exchange error messages and error test cases
2022-08-24 17:53:53 -07:00
Ryan Richard
c40465127e
Merge branch 'main' into access_token_validation
2022-08-24 16:50:21 -07:00
Ryan Richard
af7cf673e0
Merge pull request #1192 from vmware-tanzu/dependabot/docker/distroless/static-66cd130
...
Bump distroless/static from `2556293` to `66cd130`
2022-08-24 16:49:37 -07:00
Ryan Richard
ee99106160
Merge pull request #1193 from vmware-tanzu/dependabot/docker/hack/distroless/static-66cd130
...
Bump distroless/static from `2556293` to `66cd130` in /hack
2022-08-24 16:49:18 -07:00
Ryan Richard
65197d0f9d
Merge branch 'main' into access_token_validation
2022-08-24 16:41:12 -07:00
dependabot[bot]
f320a04125
Bump distroless/static from 2556293
to 66cd130
...
Bumps distroless/static from `2556293` to `66cd130`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 23:40:35 +00:00
dependabot[bot]
036c937db5
Bump distroless/static from 2556293
to 66cd130
in /hack
...
Bumps distroless/static from `2556293` to `66cd130`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-24 23:40:34 +00:00
Ryan Richard
4e8601e73b
Merge pull request #1272 from vmware-tanzu/bump_deps_aug_2022
...
Bump all deps
2022-08-24 16:39:45 -07:00
Ryan Richard
138f1d263f
Rerun godegen using Go 1.19, causes whitespace diffs in generated code
2022-08-24 16:06:42 -07:00
Ryan Richard
43af297b44
Add codegen for Kube 1.25, and update patch versions on older codegen
2022-08-24 15:13:21 -07:00
Ryan Richard
c6c2c525a6
Upgrade the linter and fix all new linter warnings
...
Also fix some tests that were broken by bumping golang and dependencies
in the previous commits.
Note that in addition to changes made to satisfy the linter which do not
impact the behavior of the code, this commit also adds ReadHeaderTimeout
to all usages of http.Server to satisfy the linter (and because it
seemed like a good suggestion).
2022-08-24 14:45:55 -07:00
Ryan Richard
03694d78a8
Implement new Destroy() interface from rest.Storage from Kube v1.25
2022-08-24 12:04:38 -07:00
Ryan Richard
fe083f73fc
Bump to golang 1.19.0 and to latest distroless base image
...
For fips dockerfile, the fips 1.19 compiler has not been released yet,
so bump to the latest available.
2022-08-24 11:18:53 -07:00
Ryan Richard
c1ebf5b737
Run go mod tidy -compat=1.17
2022-08-24 10:06:56 -07:00
Ryan Richard
dd7902faa0
bump golang deps
2022-08-24 10:03:09 -07:00
Ryan Richard
1384f75731
Improve token exchange error messages and error test cases
2022-08-23 17:20:30 -07:00
Ryan Richard
a876591765
Merge pull request #1126 from vmware-tanzu/dynamic_clients_proposal
...
Dynamic Supervisor OIDC Clients proposal
2022-07-26 09:27:37 -07:00
Ryan Richard
b5c0b4b90e
Merge pull request #1240 from vmware-tanzu/pause_community_meeting
...
pause community meeting for a little while
2022-07-26 09:24:19 -07:00
Ryan Richard
c07cc6b8ec
Update e2e_test.go for clusters which have ServerSideFieldValidation
...
Also update prepare-cluster-for-integration-tests.sh for new
kubectl version command options.
2022-07-25 17:25:21 -07:00
Ryan Richard
8c7fbd2c0c
pause community meeting for a little while
2022-07-25 12:07:18 -07:00
Ryan Richard
075bc824e7
Merge branch 'main' into dynamic_clients_proposal
2022-07-22 09:56:40 -07:00
Ryan Richard
7ccd41b5f2
docs gen tool changed its output, so rerun codegen
2022-07-22 09:56:20 -07:00
Ryan Richard
ae917bfd8d
Merge branch 'main' into dynamic_clients_proposal
2022-07-22 09:33:45 -07:00
Ryan Richard
7450fb6c8e
A few more small changes to the dynamic clients proposal
2022-07-22 09:26:24 -07:00
Mo Khan
ee3646ef13
Merge pull request #1239 from enj/goodbye
...
Update current maintainers ✌️ 👋 🫡
2022-07-22 10:39:55 -04:00
Monis Khan
1e56968491
Update current maintainers ✌️ 👋 🫡
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-07-21 18:07:54 -04:00
Ryan Richard
b507604b90
Update dynamic clients proposal with a link to the LDAP/AD UI release
...
Also fix a typos.
2022-07-21 11:37:58 -07:00
Ryan Richard
1eefba537d
Update dynamic clients proposal with details learned during implementation
...
Also fix some typos and add some clarifying comments.
2022-07-21 11:26:04 -07:00
Ryan Richard
8a23f244f3
Merge pull request #1215 from vmware-tanzu/prepare_supervisor_on_kind_linux
...
fix usage of base64 in hack script for linux
2022-06-29 10:51:16 -07:00
Ryan Richard
5b0c165dc8
fix usage of base64 in hack script
2022-06-28 12:44:41 -07:00
Ryan Richard
4878ae77e5
Merge pull request #1142 from vmware-tanzu/audit_logging_proposal
...
Audit logging proposal
2022-06-28 12:33:55 -07:00
Ryan Richard
18a1f3a43a
Merge branch 'main' into audit_logging_proposal
2022-06-28 12:33:02 -07:00
Ryan Richard
3cf3b28c5b
Update audit log proposal
2022-06-22 15:12:28 -07:00
Margo Crawford
018bdacc6d
Merge pull request #1191 from vmware-tanzu/codegen-docker-pull-always
...
Always attempt to docker pull before codegen
2022-06-10 13:31:47 -07:00
Margo Crawford
b3ad29fe1c
Always attempt to docker pull before codegen
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-10 12:26:40 -07:00
Ryan Richard
484c8f4bf3
Merge pull request #1183 from anjaltelang/main
...
Blog for v0.18.0
2022-06-08 15:14:31 -07:00
Ryan Richard
221f174768
Update v0.18.0 blog post date
2022-06-08 15:14:02 -07:00
Pinny
3ebf5ad4c3
Updated versions in docs for v0.18.0 release
2022-06-08 22:13:13 +00:00
Ryan Richard
ec533cd781
Skip some recently added integration tests when LDAP is unavailable
...
Also refactor to use shared test helper for skipping LDAP and AD tests.
2022-06-08 12:57:00 -07:00
Ryan Richard
1f505fc065
Update audience confusion section of proposal doc
2022-06-08 11:36:50 -07:00
Ryan Richard
dd61ada540
Allow new warning messages about GCP plugin in TestGetPinnipedCategory
2022-06-08 10:22:15 -07:00
Mo Khan
cc1163e326
Merge pull request #1179 from vmware-tanzu/auth_handler_form_post_csp
...
Fix bug in certain error handling for authorize endpoint when response_mode=form_post is requested
2022-06-08 08:47:56 -04:00