Ryan Richard
b77297c68d
Validate the upstream email_verified
claim when it makes sense
2021-01-25 15:10:41 -08:00
Matt Moyer
156e8d9df4
Merge pull request #334 from mattmoyer/fix-test-e2e-full-integration-groups-assertion
...
Fix an issue in TestE2EFullIntegration groups assertions.
2021-01-14 21:22:13 -06:00
Matt Moyer
6a0dc1e2bb
Fix an issue in TestE2EFullIntegration groups assertions.
...
The group claims read from the session cache file are loaded as `[]interface{}` (slice of empty interfaces) so when we previously did a `groups, _ := idTokenClaims[oidc.DownstreamGroupsClaim].([]string)`, then `groups` would always end up nil.
The solution I tried here was to convert the expected value to also be `[]interface{}` so that `require.Equal(t, ...)` does the right thing.
This bug only showed up in our acceptance environnment against Okta, since we don't have any other integration test coverage with IDPs that pass a groups claim.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-01-14 21:06:02 -06:00
Margo Crawford
b95f2c97b9
Merge pull request #333 from vmware-tanzu/groups-claim-parsing
...
groups claim parsing
2021-01-14 15:55:42 -08:00
Margo Crawford
d11a73c519
PR feedback-- omit empty groups, keep groups as nil until last minute
...
Also log keys and values for claims
2021-01-14 15:11:00 -08:00
Andrew Keesler
6fce1bd6bb
Allow arrays of type interface
...
and always set the groups claim to an
array in the downstream token
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-14 17:21:41 -05:00
Margo Crawford
5e60c14ce7
internal/upstreamoidc: log claims from ID token and userinfo
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-14 16:47:39 -05:00
Andrew Keesler
434448a2f9
Merge pull request #331 from ankeesler/1-20-owner-ref-test
...
Update test/integration/kubeclient_test.go to work with Kube 1.20 GC behavior
2021-01-14 10:59:02 -05:00
Andrew Keesler
8a916ce8ae
test/integration: add test helper to avoid race conditions
...
We were seeing a race in this test code since the require.NoError() and
require.Eventually() would write to the same testing.T state on separate
goroutines. Hopefully this helper function should cover the cases when we want
to require.NoError() inside a require.Eventually() without causing a race.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Margo Crawford <margaretc@vmware.com>
Co-authored-by: Monis Khan <i@monis.app>
2021-01-14 10:19:35 -05:00
Andrew Keesler
a0546942b8
test/integration: skip part of test to avoid Kube 1.20 GC bug
...
See comment.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Margo Crawford <margaretc@vmware.com>
Co-authored-by: Monis Khan <i@monis.app>
2021-01-14 10:19:26 -05:00
Andrew Keesler
3151ca92db
Merge pull request #322 from enj/enj/f/user_info_test
...
Wire in new env vars for user info testing
2021-01-12 11:51:46 -05:00
Monis Khan
3c3da9e75d
Wire in new env vars for user info testing
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-12 11:23:25 -05:00
Mo Khan
3f08f2e11e
Merge pull request #318 from enj/enj/f/user_info_endpoint
...
Fetch claims from the user info endpoint if provided
2021-01-11 14:14:20 -05:00
Monis Khan
6fff179e39
Fetch claims from the user info endpoint if provided
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-09 18:16:24 -05:00
Margo Crawford
3569076d3e
Merge pull request #317 from vmware-tanzu/kubernetes-1.20
...
Switching to Kubernetes 1.20
2021-01-08 15:31:48 -08:00
Margo Crawford
2686031ac1
Fixing documentation to reference 1.20 generated docs
2021-01-08 15:21:23 -08:00
Margo Crawford
9051342d6d
Ignore lint error
2021-01-08 14:13:04 -08:00
Margo Crawford
6f04613aed
Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20
2021-01-08 13:22:31 -08:00
Margo Crawford
326f10bbbf
Resolving code review suggestions:
...
- set provideClusterInfo to true
- kubernetes library versions to 0.20.1
- version timestamps back to v0.0.0-00010101000000-000000000000
2021-01-08 10:21:59 -08:00
Mo Khan
6a9976742c
Merge pull request #316 from enj/enj/i/always_set_owner_ref
...
Always set an owner ref back to our deployment
2021-01-07 19:51:02 -05:00
Margo Crawford
1b770b01ae
Fix failing kubeconfig unit test
2021-01-07 16:23:41 -08:00
Margo Crawford
5611212ea9
Changing references from 1.19 to 1.20
2021-01-07 15:25:47 -08:00
Margo Crawford
b8f56bd10b
1.20 Changes to the update script and Dockerfile
2021-01-07 13:20:25 -08:00
Monis Khan
bba0f3a230
Always set an owner ref back to our deployment
...
This change updates our clients to always set an owner ref when:
1. The operation is a create
2. The object does not already have an owner ref set
Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-07 15:25:40 -05:00
Margo Crawford
9b8e4f4d5b
Merge pull request #315 from vmware-tanzu/kube-versions-1.20.0
...
Kubernetes 1.20.0 generated code
2021-01-07 10:47:52 -08:00
Margo Crawford
b7cd026bd6
Merge branch 'main' of github.com:vmware-tanzu/pinniped into kube-versions-1.20.0
2021-01-07 10:30:40 -08:00
Margo Crawford
553e25cbb7
Add generated/1.20 directory
2021-01-07 10:29:56 -08:00
Margo Crawford
988eee82cf
Merge pull request #314 from vmware-tanzu/kube-versions-1.20.0
...
Add kubernetes 1.20 to kube-versions.txt
2021-01-07 09:57:36 -08:00
Margo Crawford
da1bf06764
Add kubernetes 1.20 to kube-versions.txt
2021-01-07 09:51:45 -08:00
Andrew Keesler
13d17ba352
Merge pull request #312 from ankeesler/credential-issuer-test-timing
...
test/integration: fix intermittent failures on GKE
2021-01-06 14:58:06 -05:00
Andrew Keesler
3d8616e75f
test/integration: fix intermittent failures on GKE
...
See comment. This is at least a first step to make our GKE acceptance
environment greener. Previously, this test assumed that the Pinniped-under-test
had been deployed in (roughly) the last 10 minutes, which is not an assumption
that we make anywhere else in the integration test suite.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-06 12:09:11 -05:00
Margo Crawford
e7884d8793
Merge pull request #313 from vmware-tanzu/copyright-year
...
Copyright year validation in linter and pre-commit hook
2021-01-06 09:08:19 -08:00
Margo Crawford
19d592566d
Merge branch 'main' into copyright-year
2021-01-06 09:03:13 -08:00
Margo Crawford
afa140b6a6
Add more text explaining what copyright notice should look like
2021-01-05 16:06:59 -08:00
Margo Crawford
ea6ebd0226
Got pre-commit to check for correct copyright year
2021-01-05 15:53:14 -08:00
Andrew Keesler
53a185083c
Hopefully triggering the precommit hook
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-05 14:15:46 -08:00
Margo Crawford
f1e177fee7
Copyright year precommit hook
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-05 14:02:28 -08:00
Andrew Keesler
75bc5bdc7e
Linter allows range of years in copyright
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-05 13:35:09 -08:00
Margo Crawford
0d4588aa8d
Merge pull request #311 from vmware-tanzu/dont-block-owner-deletion
...
Remove blockOwnerDeletion from the supervisor secrets
2021-01-05 13:18:39 -08:00
Andrew Keesler
40753d1454
Remove blockOwnerDeletion from the supervisor secrets
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-05 10:44:36 -08:00
Andrew Keesler
dd3c990a51
Merge pull request #310 from vmware-tanzu/supervisor-demo
...
Supervisor demo
2021-01-05 09:57:53 -05:00
Andrew Keesler
ef74ba7238
Re-export arch diagram to embed images
...
I followed the steps in site/content/docs/img/README.md.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-05 08:44:10 -05:00
Andrew Keesler
b4415a05d0
I don't _think_ we need this picture anymore
...
See f25b4a3
.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-05 08:36:26 -05:00
Margo Crawford
7817d15657
Remove image width constraint on architecture diagram
2021-01-04 17:08:47 -08:00
Margo Crawford
f25b4a3e12
De-duped architecture diagram references
2021-01-04 16:47:34 -08:00
Margo Crawford
8422659ee5
Fixed typos and issues with the demo code
...
- Also cleaned up some wording
2021-01-04 16:23:24 -08:00
Margo Crawford
ef828cf2e1
Add rough draft of supervisor demo
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-04 15:31:53 -05:00
Ryan Richard
546b8b5d25
Merge pull request #305 from vmware-tanzu/quiet-secrets-controllers
...
Sync Secret-watching controller less often by adjusting their filters to be more specific
2020-12-18 18:21:51 -08:00
Ryan Richard
a7f383f610
Merge branch 'main' into quiet-secrets-controllers
2020-12-18 18:20:54 -08:00
Ryan Richard
116c8dd6c5
SupervisorSecretsController Syncs less often by adjusting its filters
...
- Only watches Secrets of type
"secrets.pinniped.dev/supervisor-csrf-signing-key"
Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-18 15:57:12 -08:00