Monis Khan
a6085c9678
Drop unsafe unwrapper for exec.roundTripper
...
exec.roundTripper now implements utilnet.RoundTripperWrapper so this
unsafe hack is no longer needed.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-12-17 08:28:30 -05:00
Monis Khan
86f2bea8c5
pinniped CLI: allow all forms of http redirects
...
For password based login on the CLI (i.e. no browser), this change
relaxes the response code check to allow for any redirect code
handled by the Go standard library. In the future, we can drop the
rewriteStatusSeeOtherToStatusFoundForBrowserless logic from the
server side code.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-12-17 08:28:29 -05:00
Mo Khan
adf04d29f7
Merge pull request #914 from enj/enj/i/bump_0.23.0
...
Update all deps to latest where possible, bump Kube deps to v0.23.1
2021-12-16 21:45:32 -05:00
Monis Khan
9599ffcfb9
Update all deps to latest where possible, bump Kube deps to v0.23.1
...
Highlights from this dep bump:
1. Made a copy of the v0.4.0 github.com/go-logr/stdr implementation
for use in tests. We must bump this dep as Kube code uses a
newer version now. We would have to rewrite hundreds of test log
assertions without this copy.
2. Use github.com/felixge/httpsnoop to undo the changes made by
ory/fosite#636 for CLI based login flows. This is required for
backwards compatibility with older versions of our CLI. A
separate change after this will update the CLI to be more
flexible (it is purposefully not part of this change to confirm
that we did not break anything). For all browser login flows, we
now redirect using http.StatusSeeOther instead of http.StatusFound.
3. Drop plog.RemoveKlogGlobalFlags as klog no longer mutates global
process flags
4. Only bump github.com/ory/x to v0.0.297 instead of the latest
v0.0.321 because v0.0.298+ pulls in a newer version of
go.opentelemetry.io/otel/semconv which breaks k8s.io/apiserver.
We should update k8s.io/apiserver to use the newer code.
5. Migrate all code from k8s.io/apimachinery/pkg/util/clock to
k8s.io/utils/clock and k8s.io/utils/clock/testing
6. Delete testutil.NewDeleteOptionsRecorder and migrate to the new
kubetesting.NewDeleteActionWithOptions
7. Updated ExpectedAuthorizeCodeSessionJSONFromFuzzing caused by
fosite's new rotated_secrets OAuth client field. This new field
is currently not relevant to us as we have no private clients.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-12-16 21:15:27 -05:00
Mo Khan
69d5951296
Merge pull request #919 from microwavables/updating-community-details
...
Updated community and resources pages
2021-12-16 17:14:21 -05:00
Mo Khan
b148359337
Merge pull request #918 from vmware-tanzu/replace_reflections
...
Replace reflections in go.mod
2021-12-16 17:10:28 -05:00
Nanci Lancaster
e31a410096
Updated community and resources pages
2021-12-16 16:02:47 -06:00
Ryan Richard
6bf67f44ef
replace reflections in go.mod
2021-12-16 11:15:24 -08:00
Mo Khan
fdc91ec56c
Merge pull request #909 from vmware-tanzu/dependabot/docker/golang-1.17.5
...
Bump golang from 1.17.4 to 1.17.5
2021-12-10 12:41:02 -05:00
dependabot[bot]
884d18bade
Bump golang from 1.17.4 to 1.17.5
...
Bumps golang from 1.17.4 to 1.17.5.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-10 17:03:50 +00:00
Mo Khan
ca2ee26c86
Merge pull request #884 from vmware-tanzu/upstream-ad-refresh
...
Upstream active directory refresh checks for password changes, deactivated and locked users
2021-12-09 20:51:46 -05:00
Margo Crawford
59d999956c
Move ad specific stuff to controller
...
also make extra refresh attributes a separate field rather than part of
Extra
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-12-09 16:16:36 -08:00
Margo Crawford
acaad05341
Make pwdLastSet stuff more generic and not require parsing the timestamp
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-12-09 16:16:36 -08:00
Margo Crawford
65f3464995
Fix issue with very high integer value parsing, add unit tests
...
also add comment about urgent replication
2021-12-09 16:16:36 -08:00
Margo Crawford
ee4f725209
Incorporate PR feedback
2021-12-09 16:16:36 -08:00
Margo Crawford
ef5a04c7ce
Check for locked users on ad upstream refresh
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-12-09 16:16:36 -08:00
Margo Crawford
f62e9a2d33
Active directory checks for deactivated user
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-12-09 16:16:36 -08:00
Margo Crawford
da9b4620b3
Active Directory checks whether password has changed recently during
...
upstream refresh
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-12-09 16:16:35 -08:00
Margo Crawford
8db0203839
Add test for upstream ldap idp not found, wrong idp uid, and malformed
...
fosite session storage
2021-12-09 16:16:35 -08:00
Ryan Richard
92bd3b49c8
Merge branch 'main' into upstream_access_revocation_during_gc
2021-12-09 14:16:52 -08:00
anjalitelang
4110297a8f
Update ROADMAP.md
...
Updated roadmap to reflect current velocity
2021-12-09 16:59:09 -05:00
Ryan Richard
dbcb213691
Merge branch 'main' into upstream_access_revocation_during_gc
2021-12-08 14:29:59 -08:00
Ryan Richard
f410d2bd00
Add revocation of upstream access tokens to garbage collector
...
Also refactor the code that decides which types of revocation failures
are worth retrying. Be more selective by only retrying those types of
errors that are likely to be worth retrying.
2021-12-08 14:29:25 -08:00
Mo Khan
7a3b5e3571
Merge pull request #908 from vmware-tanzu/microwavables-main
...
Added GOVERNANCE.md file to repo
2021-12-08 14:38:21 -05:00
Nanci Lancaster
505bc47ae1
Added GOVERNANCE.md file to repo
...
Signed-off-by: Nanci Lancaster <nancil@vmware.com>
2021-12-08 14:29:16 -05:00
Ryan Richard
c9c218fdf0
Merge branch 'main' into upstream_access_revocation_during_gc
2021-12-06 14:47:27 -08:00
Ryan Richard
46008a7235
Add struct field for storing upstream access token in downstream session
2021-12-06 14:43:39 -08:00
Mo Khan
2c5b74c960
Merge pull request #905 from vmware-tanzu/dependabot/docker/golang-1.17.4
...
Bump golang from 1.17.3 to 1.17.4
2021-12-06 15:44:42 -05:00
dependabot[bot]
db68fc3a2b
Bump golang from 1.17.3 to 1.17.4
...
Bumps golang from 1.17.3 to 1.17.4.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-06 01:14:25 +00:00
Ryan Richard
29490ee665
ran go mod tidy
2021-12-03 16:40:01 -08:00
Ryan Richard
b981055d31
Support revocation of access tokens in UpstreamOIDCIdentityProviderI
...
- Rename the RevokeRefreshToken() function to RevokeToken() and make it
take the token type (refresh or access) as a new parameter.
- This is a prefactor getting ready to support revocation of upstream
access tokens in the garbage collection handler.
2021-12-03 13:44:24 -08:00
Ryan Richard
edd3547977
Merge pull request #903 from vmware-tanzu/code-walkthrough-doc
...
Add first draft of code walk-through doc
2021-12-03 12:19:29 -08:00
Ryan Richard
aa361a70a7
clarifications to code walkthrough doc
2021-12-03 10:50:02 -08:00
Ryan Richard
7b6bdd8129
fix link to blog and add another in doc
2021-12-03 10:32:16 -08:00
Ryan Richard
4aed3385b6
Merge branch 'main' into code-walkthrough-doc
2021-12-03 09:17:35 -08:00
Ryan Richard
2736c3603a
fix typo in doc
2021-12-03 09:17:17 -08:00
Ryan Richard
3ea90467b7
add first draft of code walk-through doc
2021-12-02 17:18:50 -08:00
anjalitelang
683027468e
Update ROADMAP.md
2021-12-02 12:00:54 -05:00
Mo Khan
269cae3a9f
Merge pull request #895 from enj/enj/f/warning_rt
...
phttp: add generic support for RFC 2616 14.46 warnings headers
2021-11-30 16:15:39 -05:00
Monis Khan
9d4a932656
phttp: add generic support for RFC 2616 14.46 warnings headers
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-11-30 15:11:59 -05:00
Mo Khan
1611cf681a
Merge pull request #876 from vmware-tanzu/upstream_refresh_revocation_during_gc
...
Revoke upstream OIDC refresh tokens during downstream session garbage collection
2021-11-23 20:15:37 -05:00
Mo Khan
78474cfae9
Merge branch 'main' into upstream_refresh_revocation_during_gc
2021-11-23 19:29:13 -05:00
Mo Khan
aaf847040f
Merge pull request #893 from vmware-tanzu/fix_unit_test
...
Attempt to fix a unit test that always failed on my laptop
2021-11-23 19:25:16 -05:00
Ryan Richard
e44540043d
Attempt to fix a unit test that always failed on my laptop
...
Try to make the GCP plugin config less sensitive to the setup of the
computer on which it runs.
2021-11-23 15:47:19 -08:00
Ryan Richard
69be273e01
Merge branch 'main' into upstream_refresh_revocation_during_gc
2021-11-23 14:55:44 -08:00
Mo Khan
5a1de2f54c
Merge pull request #888 from vmware-tanzu/customize_ports
...
Make Concierge server port numbers configurable
2021-11-23 17:51:04 -05:00
Ryan Richard
91eed1ab24
Merge branch 'main' into upstream_refresh_revocation_during_gc
2021-11-23 12:11:39 -08:00
Ryan Richard
3ca8c49334
Improve garbage collector log format and some comments
2021-11-23 12:11:17 -08:00
Mo Khan
f28b33bbf0
Merge branch 'main' into customize_ports
2021-11-23 08:30:48 -05:00
Mo Khan
537f85205d
Merge pull request #889 from enj/enj/i/strict_tls_acceptance
...
tls: fix integration tests for long lived environments
2021-11-18 16:37:15 -05:00