djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,970 Commits 30 Branches 34 Tags 22 MiB
c1ebf5b737
Commit Graph

2970 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Richard
203e040be1 Remove an unfinished integration test 
This commit is meant to be reverted when we are unblocked and
ready to start working on this integration test again. Temporarily
remove it so we can merge this PR to main.

Note: I had tried using t.Skip() in the test, but then that caused lint
failures, so decided to just remove it for now.
 2020-11-11 15:40:40 -08:00
Matt Moyer
fdcea0de05
Merge pull request #197 from jonasrosland/a-seal-of-approval 
Add first blog post
 2020-11-11 17:33:40 -06:00
Monis Khan
db6fc234b7 Add NullStorage for the authorize endpoint to use 
We want to run all of the fosite validations in the authorize
endpoint, but we don't need to store anything yet because
we are storing what we need for later in the upstream state
parameter.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-11 14:49:24 -08:00
jonasrosland
e6838ace6b Add first blog post 
Signed-off-by: jonasrosland <jrosland@vmware.com>
 2020-11-11 17:06:36 -05:00
Ryan Richard
4b8c1de647 Add unit test to auth_handler_test.go for non-openid authorize requests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-11 13:13:57 -08:00
Andrew Keesler
c2262773e6 Finish the WIP from the previous commit for saving authorize endpoint state 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-11 12:29:14 -08:00
Andrew Keesler
f806768039
Merge pull request #196 from ankeesler/ytt-logging 
Add YTT template value for log level
 2020-11-11 09:29:24 -05:00
Andrew Keesler
83a156d72b
Enable debug logging in all testing scenarios 
It is really helpful to have verbose logs during test debugging.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-11 09:01:43 -05:00
Andrew Keesler
724c0d3eb0
Add YTT template value for setting log level 
This is helpful for us, amongst other users, because we want to enable "debug"
logging whenever we deploy components for testing.

See a5643e3 for addition of log level.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-11 09:01:38 -05:00
Monis Khan
dd190dede6 WIP for saving authorize endpoint state into upstream state param 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-10 17:58:00 -08:00
Matt Moyer
5b8e0c4d99
Merge pull request #195 from mattmoyer/fix-links 
Fix some links on the community page.
 2020-11-10 17:22:37 -06:00
Matt Moyer
b2b8d5457d
Fix some links on the community page. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-10 17:19:30 -06:00
Matt Moyer
16ef0b2d41
Merge pull request #194 from jonasrosland/website-fixes 
Minor website fixes and adding netlify configs
 2020-11-10 16:24:51 -06:00
jonasrosland
d097de7fdf Minor website fixes and adding netlify configs 
Signed-off-by: jonasrosland <jrosland@vmware.com>
 2020-11-10 16:03:07 -05:00
Matt Moyer
101394c714
Merge pull request #188 from smalltalk-ai/main 
Hugo version of Pinniped site
 2020-11-10 14:51:45 -06:00
Matt Moyer
06df825dab
Merge pull request #193 from mattmoyer/add-extra-sites 
Add Netlify configs for extra redirect domains.
 2020-11-10 14:03:37 -06:00
Matt Moyer
f7efc360a0
Add Netlify configs for extra redirect domains. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-10 13:58:31 -06:00
Amy Manion
ad74f259de Content updates 
-remove extra blog posts
-remove extra images
-replace Andrew’s picture
 2020-11-10 13:39:13 -05:00
Andrew Keesler
005225d5f9 Use the new plog pkg in auth_handler.go 
- Add a new helper method to plog to make a consistent way to log
  expected errors at the info level (as opposed to unexpected
  system errors that would be logged using plog.Error)

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-10 10:33:52 -08:00
Ryan Richard
b9726615dd Merge branch 'main' into authorize_endpoint 2020-11-10 09:29:21 -08:00
Ryan Richard
01941d6b2a Run Tilt containers as root because live-reload breaks otherwise 2020-11-10 09:27:44 -08:00
Ryan Richard
b21c27b219 Merge branch 'main' into authorize_endpoint 2020-11-10 09:24:19 -08:00
Mo Khan
9bfcaa33c6
Merge pull request #190 from enj/enj/f/klog_levels 
Add log level support
 2020-11-10 12:14:02 -05:00
Monis Khan
1c60e09f13
Make race detector happy by removing parallelism 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-10 11:23:42 -05:00
Monis Khan
15a5332428
Reduce log spam 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-10 10:22:27 -05:00
Monis Khan
a5643e3738
Add log level support 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-10 10:22:27 -05:00
Monis Khan
9356f64c55
Remove global klog --log-flush-frequency flag 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-11-10 08:48:42 -05:00
Ryan Richard
246471bc91 Also run OIDC validations in supervisor authorize endpoint 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-06 14:44:58 -08:00
Adam Powell
896e1b45f0 Hugo version of Pinniped site 2020-11-06 12:42:57 -10:00
Andrew Keesler
4032ed32ae
Auth endpoint integration test initial thoughts 
This is awaiting the new upstream OIDC provider CRD in order
to pass, however hopefully this is a starting point for us.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-05 11:00:05 -05:00
Ryan Richard
33ce79f89d Expose the Supervisor OIDC authorization endpoint to the public 2020-11-04 17:06:47 -08:00
Andrew Keesler
3bc13517b2
prepare-for-integration-tests.sh: add check for chromedriver 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 15:53:32 -08:00
Andrew Keesler
a36f7c6c07 Test that the port of localhost redirect URI is ignored during validation 
Also move definition of our oauth client and the general fosite
configuration to a helper so we can use the same config to construct
the handler for both test and production code.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-04 15:04:50 -08:00
Ryan Richard
ba688f56aa Supervisor authorize endpoint errors when PKCE code_challenge_method is invalid 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 12:29:43 -08:00
Matt Moyer
8684f8f628
Merge pull request #139 from enj/enj/i/use_parent_func 
Use parent func to indicate when the controller queue is a singleton
 2020-11-04 14:21:50 -06:00
Andrew Keesler
2564d1be42 Supervisor authorize endpoint errors when missing PKCE params 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-11-04 12:19:07 -08:00
Matt Moyer
4da3d93f6e
The supervisor JWKS observer and TLS cert controllers use the ctx after all, whoops. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-04 13:08:50 -06:00
Ryan Richard
0045ce4286 Refactor auth_handler_test.go's creation of paths and urls to use helpers 2020-11-04 09:58:40 -08:00
Monis Khan
418f4d20ae
Use parent func to indicate when the controller queue is a singleton 
This prevents unnecessary sync loop runs when the controller is
running with a single worker.  When the controller is running with
more than one worker, it prevents subtle bugs that can cause the
controller to go "back in time."

Signed-off-by: Monis Khan <mok@vmware.com>
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-11-04 11:08:10 -06:00
Ryan Richard
8a7e22e63e @ankeesler: Maybe, but not this time ;) 2020-11-04 08:43:45 -08:00
Andrew Keesler
9e4ffd1cce
One of these days I will get here.Doc() spacing correct 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 11:29:33 -05:00
Andrew Keesler
6fe455c687
auth_handler.go: comment out currently unused fosite wiring 
See e8f4336 for why this is here in the first place.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 11:20:03 -05:00
Andrew Keesler
d8c8f04860
auth_handler.go: write some more negative tests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 11:12:26 -05:00
Andrew Keesler
e8f433643f
auth_handler.go: only inject oauth store into handler 
Previously we were injecting the whole oauth handler chain into this function,
which meant we were essentially writing unit tests to test our tests. Let's push
some of this logic into the source code.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 10:35:26 -05:00
Andrew Keesler
4f95e6a372
auth_handler.go: add test for invalid downstream redirect uri 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 10:30:53 -05:00
Andrew Keesler
259ffb5267
Checkpoint: write a single negative test using fosite 
Bringing in fosite to our go.mod introduced those other go.mod changes.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-04 10:15:19 -05:00
Andrew Keesler
aab0fd644f
Merge remote-tracking branch 'upstream/main' into authorize_endpoint 2020-11-04 10:14:54 -05:00
Andrew Keesler
e7a817e67a
Merge pull request #186 from ankeesler/bump-jose 
gopkg.in/square/go-jose.v2: v2.2.2 -> v2.5.1
 2020-11-04 10:14:32 -05:00
Andrew Keesler
0bbf55e46f
gopkg.in/square/go-jose.v2: v2.2.2 -> v2.5.1 
We were behind for some reason. Probably makes sense to bump to
latest version to get bug fixes and such.
 2020-11-04 09:55:18 -05:00
Ryan Richard
c34e5a727d Starting the implementation of an OIDC authorization endpoint handler 
Does not validate incoming request parameters yet. Also is not
served on the http/https ports yet. Those will come in future commits.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-11-03 16:17:38 -08:00