Ryan Richard
b564454bab
Make Pinniped compatible with Kube clusters which have enabled PSAs
...
Where possible, use securityContext settings which will work with the
most restrictive Pod Security Admission policy level (as of Kube 1.25).
Where privileged containers are needed, use the namespace-level
annotation to allow them.
Also adjust some integration tests to make similar changes to allow the
integration tests to pass on test clusters which use restricted PSAs.
2022-09-15 14:58:15 -07:00
Ryan Richard
5246ff9005
Give more time for slow envs to update in concierge_api_serving_certs_test.go
...
This test is a little flaky in slow Kubernetes clusters. Try giving a
little more time for things to update before failing the test, to
hopefully make this test a little more reliable.
2022-08-25 11:20:54 -07:00
Ryan Richard
8f27219ac9
Change allowed gcp auth plugin is deprecation warning text
...
It seems that google changed it from "the gcp auth plugin is deprecated
in v1.22+, unavailable in v1.25+; use gcloud instead" to instead say
"unavailable in v1.26+". Make the matcher in category_test.go more loose
to allow both to match.
2022-08-25 08:11:37 -07:00
Ryan Richard
c6c2c525a6
Upgrade the linter and fix all new linter warnings
...
Also fix some tests that were broken by bumping golang and dependencies
in the previous commits.
Note that in addition to changes made to satisfy the linter which do not
impact the behavior of the code, this commit also adds ReadHeaderTimeout
to all usages of http.Server to satisfy the linter (and because it
seemed like a good suggestion).
2022-08-24 14:45:55 -07:00
Ryan Richard
c07cc6b8ec
Update e2e_test.go for clusters which have ServerSideFieldValidation
...
Also update prepare-cluster-for-integration-tests.sh for new
kubectl version command options.
2022-07-25 17:25:21 -07:00
Ryan Richard
ec533cd781
Skip some recently added integration tests when LDAP is unavailable
...
Also refactor to use shared test helper for skipping LDAP and AD tests.
2022-06-08 12:57:00 -07:00
Ryan Richard
dd61ada540
Allow new warning messages about GCP plugin in TestGetPinnipedCategory
2022-06-08 10:22:15 -07:00
Ryan Richard
8170889aef
Update CSP header expectations in TestSupervisorLogin_Browser int test
2022-06-07 11:20:59 -07:00
Ryan Richard
cb8685b942
Add e2e test for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var
2022-06-02 11:27:54 -07:00
Ryan Richard
0f2a984308
Merge branch 'main' into ldap-login-ui
2022-05-11 11:32:15 -07:00
Ryan Richard
aa732a41fb
Add LDAP browser flow login failure tests to supervisor_login_test.go
...
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
2022-05-10 16:28:08 -07:00
Ryan Richard
0b106c245e
Add LDAP browser flow login test to supervisor_login_test.go
2022-05-10 12:54:40 -07:00
Ryan Richard
ab302cf2b7
Add AD via browser login e2e test and refactor e2e tests to share code
2022-05-10 10:30:32 -07:00
Ryan Richard
a4e32d8f3d
Extract browsertest.LoginToUpstreamLDAP() integration test helper
2022-05-09 15:43:36 -07:00
Ryan Richard
6e6e1f4add
Update login page CSS selectors in e2e test
2022-05-05 13:56:38 -07:00
Margo Crawford
329d41aac7
Add the full end to end test for ldap web ui
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-05 08:49:58 -07:00
Margo Crawford
eb891d77a5
Tiny fix: pinninpeds->pinnipeds
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 12:42:55 -07:00
Margo Crawford
07b2306254
Add basic outline of login get handler
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 11:51:36 -07:00
Margo Crawford
eb1d3812ec
Update authorization endpoint to redirect to new login page
...
Also fix some test failures on the callback handler, register the
new login handler in manager.go and add a (half baked) integration test
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-26 12:51:56 -07:00
hectorj2f
a3f7afaec4
oidc: add code challenge supported methods
...
Signed-off-by: hectorj2f <hectorf@vmware.com>
2022-04-19 01:21:39 +02:00
Margo Crawford
d5337c9c19
Error format of untrusted certificate errors should depend on OS
...
Go 1.18.1 started using MacOS' x509 verification APIs on Macs
rather than Go's own. The error messages are different.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-14 17:37:36 -07:00
Ryan Richard
53348b8464
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 10:13:27 -07:00
Monis Khan
3f0753ec5a
Remove duplication in secure TLS tests
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Monis Khan
15bc6a4a67
Add more details to FIPS comments
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
Margo Crawford
53597bb824
Introduce FIPS compatibility
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-29 16:58:41 -07:00
Ryan Richard
cf471d6422
Remove unused env.SupervisorHTTPAddress integration test var
2022-03-29 09:13:44 -07:00
Ryan Richard
bedf4e5a39
Try to avoid getting a second username prompt in a test in e2e_test.go
2022-03-22 14:23:50 -07:00
Ryan Richard
2715741c2c
Increase a test timeout in e2e_test.go
2022-03-22 12:13:10 -07:00
Ryan Richard
d162e294ed
Split up the context timeouts per test in e2e_test.go
2022-03-22 10:17:45 -07:00
Monis Khan
8fac6cb9a4
Rework or remove tests that rely on the http port
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-10 19:43:12 -05:00
Ryan Richard
fffcb7f5b4
Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2
...
- Two of the linters changed their names
- Updated code and nolint comments to make all linters pass with 1.44.2
- Added a new hack/install-linter.sh script to help developers install
the expected version of the linter for local development
2022-03-08 12:28:09 -08:00
Margo Crawford
f6ad5d5c45
Add group change warning test for Active Directory
...
Also refactor some of the AD test helper functions
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-02 11:54:36 -08:00
Monis Khan
eae55a8595
Fix typo in group removed warning
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-02 12:58:30 -05:00
Margo Crawford
609b55a6d7
Pinniped Supervisor should issue a warning when groups change during refresh
2022-03-01 14:01:57 -08:00
Ryan Richard
e1e3342b3d
Increase a test timeout to account for slower test on EKS in CI
...
The test takes longer on EKS because it has to wait about 2 minutes for
the EKS load balancer to be ready during the test.
2022-02-22 11:46:15 -08:00
Margo Crawford
e2c6dcd6e6
Add integration test
2022-02-17 12:50:28 -08:00
Ryan Richard
dec89b5378
Merge branch 'main' into proposal_process
2022-02-17 12:48:58 -08:00
Margo Crawford
662f2cef9c
Integration test for updating group search base
...
Also a small change to a comment
2022-02-17 11:29:59 -08:00
Margo Crawford
ca523b1f20
Always update groups even if it's nil
...
Also de-dup groups and various small formatting changes
2022-02-17 11:29:59 -08:00
Margo Crawford
cd7538861a
Add integration test where we don't get groups back
2022-02-17 11:29:59 -08:00
Margo Crawford
013b521838
Upstream ldap group refresh:
...
- Doing it inline on the refresh request
2022-02-17 11:29:59 -08:00
Ryan Richard
9dbf7d6bf5
Merge branch 'main' into proposal_process
2022-02-17 10:07:37 -08:00
Ryan Richard
c09daa8513
Merge branch 'main' into fix_int_test_macos
2022-02-16 11:09:11 -08:00
Monis Khan
b8202d89d9
Enforce naming convention for browser based tests
...
This allows us to target browser based tests with the regex:
go test -v -race -count 1 -timeout 0 ./test/integration -run '/_Browser'
New tests that call browsertest.Open will automatically be forced to
follow this convention.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-16 09:20:28 -05:00
Ryan Richard
1aa17bd84d
Check for darwin before relaxing stderr vs stdout assertion in e2e test
2022-02-15 13:45:04 -08:00
Ryan Richard
b0c36c6633
Fix int test that was failing on MacOS, and some small doc changes
2022-02-15 11:19:49 -08:00
Ryan Richard
5d79d4b9dc
Fix form_post.js mistake from recent commit; Better CORS on callback
2022-02-08 17:30:48 -08:00
Mo Khan
29368e8242
Make the linter happy
2022-02-08 16:31:04 -05:00
Ryan Richard
cd825c5e51
Use "-v6" for kubectl for an e2e test so we can get more failure output
2022-02-08 13:00:49 -08:00
Monis Khan
8ee461ae8a
e2e_test: handle hung go routines and readers
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-02-08 11:40:10 -05:00