djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,499 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

2499 Commits

Author SHA1 Message Date
Ryan Richard 9e27c28b39 Fix TestImpersonationProxy integration test changes from previous commit 
Forgot to account for our new booking annotation on the impersonator's
Service.
 2021-07-23 14:23:24 -07:00
Margo Crawford 5d23068690 Removed a todo that was resolved 2021-07-23 13:01:41 -07:00
Margo Crawford 1050f39789 Integration test deactivated ad account 2021-07-23 13:01:41 -07:00
Margo Crawford 00978c15f7 Update wording for ActiveDirectoryIdentityProvider crd 2021-07-23 13:01:41 -07:00
Margo Crawford 8ea1bd3dfb Make prepare-for-integration-tests active directory setup accessible for anyone 2021-07-23 13:01:41 -07:00
Margo Crawford 91085e68f9 Refactoring defaulting logic 2021-07-23 13:01:41 -07:00
Margo Crawford f99f7be836 Default values for ad usersearch and groupsearch 2021-07-23 13:01:41 -07:00
Margo Crawford 890d9c3216 resolve some todos about error handling search base discovery results 2021-07-23 13:01:41 -07:00
Margo Crawford cb0ee07b51 Fetch AD search base from defaultNamingContext when not specified 2021-07-23 13:01:41 -07:00
Margo Crawford 8e1d70562d Remove shared variables from ldap upstream observer 2021-07-23 13:01:41 -07:00
Margo Crawford 5d8d7246c2 Refactor active directory and ldap controllers to share almost everything 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-07-23 13:01:41 -07:00
Ryan Richard 3b4f521596 Changed TestLDAPUpstream.TestUsernameAttributeName back to TestUserMailAttributeName 
Also added TestUserSAMAccountNameValue

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-07-23 13:01:40 -07:00
Margo Crawford e5c8cbb3a4 One line fix for lint error. Forgot a period in a comment. 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-07-23 13:01:40 -07:00
Margo Crawford 7696f4256d Move defaulting of ad username and uid attributes to controller 
Now the controller uses upstreamldap so there is less duplication,
since they are very similar.

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2021-07-23 13:01:40 -07:00
Ryan Richard aaa4861373 Custom API Group overlay for AD 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-07-23 13:01:40 -07:00
Margo Crawford b3d0b28bd0 Integration test fixes, fixing objectGUID handling 2021-07-23 13:01:40 -07:00
Margo Crawford 5c283d941c Helper script for running active directory tests 2021-07-23 13:01:40 -07:00
Margo Crawford 94e90a5d26 groups related env variables for AD 2021-07-23 13:01:40 -07:00
Margo Crawford be6f9f83ce RBAC rules for activedirectoryidentityprovider 2021-07-23 13:01:40 -07:00
Margo Crawford 3b8edb84a5 WIP on active directory integration test 2021-07-23 13:01:40 -07:00
Margo Crawford 8fb35c6569 Active Directory cli options 2021-07-23 13:01:40 -07:00
Margo Crawford 3899292e89 Advertise Active Directory idps 2021-07-23 13:01:40 -07:00
Margo Crawford b06de69f6a ActiveDirectoryIdentityProvider 
- Create CRD
- Create implementation of AD-specific user search defaults
 2021-07-23 13:01:40 -07:00
Ryan Richard ac4bc02817 Enhance integration test for CredentialIssuer spec annotations 2021-07-23 09:46:40 -07:00
Ryan Richard 708164b878 Carefully merge desired annotations into impersonation proxy Service 
Don't overwrite annotations that might have come from a human user or
from some other non-Pinniped controller.
 2021-07-22 17:09:50 -07:00
Ryan Richard e30cf6e51a
Merge branch 'main' into cli_username_password_env_vars 2021-07-22 09:29:03 -07:00
Matt Moyer ee30b78117
Update ROADMAP.md 
Bump "Wider Concierge cluster support" to August.
 2021-07-22 10:30:45 -05:00
Ryan Richard 64aba7e703 Add new howto guide login.md 2021-07-21 12:10:47 -07:00
Matt Moyer c6c3a80a86
Merge pull request #733 from mattmoyer/switch-tools-images 
Switch to GHCR tools images for local tests, with `imagePullPolicy: IfNotPresent`.
 2021-07-21 11:47:37 -06:00
Margo Crawford a7af63ca3a
Merge pull request #729 from rdimitrov/dimitrovr/add-dex-docs 
Add documentation for configuring Supervisor with Dex and Github
 2021-07-21 08:48:49 -07:00
Matt Moyer ae72d30cec
Switch to GHCR tools images for local tests, with `imagePullPolicy: IfNotPresent`. 
This is more consistent with our CI environment.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-07-21 09:21:05 -05:00
Nanci Lancaster fec59eb1bf
Merge pull request #731 from microwavables/main 
Removed Andrew Keesler, Pablo Schumaker from site, moved them to emeritus status on maintainers file,
 2021-07-20 15:37:04 -07:00
Radoslav Dimitrov f6273b0604 Update the Prerequisites section and add a note about the groups scope 
Add Dex to the prerequisites and add a note that to query for the groups
scope the user must set the organizations Dex should search against.
Otherwise the groups claim would be empty. This is because of the format
group claims are represented, i.e. "org:team".

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
 2021-07-20 13:49:45 +03:00
Ryan Richard deb699a84a e2e test: PINNIPED_USERNAME/PINNIPED_PASSWORD env vars during LDAP login 2021-07-19 17:08:52 -07:00
Ryan Richard cac45fd999 LDAP logins read from PINNIPED_USERNAME and PINNIPED_PASSWORD env vars 
For CLI-based auth, such as with LDAP upstream identity providers, the
user may use these environment variables to avoid getting interactively
prompted for username and password.
 2021-07-19 16:20:59 -07:00
Radoslav Dimitrov 0bdd1bc68f Add documentation for configuring Supervisor with Dex and Github 
The following guide describes the process of configuring Supervisor
with Dex and identify users through their Github account. Issue #415

Signed-off-by: Radoslav Dimitrov <dimitrovr@vmware.com>
 2021-07-19 16:00:43 +03:00
Mo Khan 4605846499
Merge pull request #724 from vmware-tanzu/fix_git_sha_in_version_info 
Copy .git dir during Docker build; used to bake git sha into binary
 2021-07-16 14:34:33 -04:00
Ryan Richard 4670890a82 Add .git dir to Docker; used to bake git sha into binary 2021-07-16 09:51:46 -07:00
Margo Crawford d204b46c18
Merge pull request #721 from vmware-tanzu/resolve-load-balancer-dns 
wait for lb dns to resolve in the impersonation proxy integration test
 2021-07-15 17:02:08 -07:00
Ryan Richard b3208f0ca6 wait for lb dns to resolve in the impersonation proxy integration test 
this will hopefully fix some flakes where aws provisioned a host for the
load balancer but the tests weren't able to resolve it.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-07-15 16:39:15 -07:00
Ryan Richard be7bf9c193
Merge pull request #718 from vmware-tanzu/workaround_for_flaky_unit_test 
TestAgentController unit test is flaky, try to add workaround
 2021-07-15 14:17:11 -07:00
Ryan Richard 2bba39d723 TestAgentController unit test is flaky, try to add workaround 
TestAgentController really runs the controller and evaluates multiple
calls to the controller's Sync with real informers caching updates.
There is a large amount of non-determinism in this unit test, and it
does not always behave the same way. Because it makes assertions about
the specific errors that should be returned by Sync, it was not
accounting for some errors that are only returned by Sync once in a
while depending on the exact (unpredictable) order of operations.

This commit doesn't fix the non-determinism in the test, but rather
tries to work around it by also allowing other (undesired but
inevitable) error messages to appear in the list of actual error
messages returned by the calls to the Sync function.

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-07-15 13:41:31 -07:00
anjalitelang dc567d0d1f
Update ROADMAP.md 
Added https://github.com/vmware-tanzu/pinniped/issues/577 to Roadmap
 2021-07-15 12:29:51 -04:00
Ryan Richard 143837c136
Merge pull request #714 from vmware-tanzu/ytt_install_doc_fix 
ytt install docs suggest that you checkout the release tag
 2021-07-14 12:52:23 -07:00
Ryan Richard 11eb18d348 ytt install docs suggest that you checkout the release tag 
Previously, the ytt install docs suggested that you use ytt templates
from the HEAD of main with the container image from the latest public
release, which could result in a mismatch.
 2021-07-14 10:59:51 -07:00
Ryan Richard d5cf5b91d6
Merge pull request #711 from vmware-tanzu/e2e_test_clear_cookies 
Clear the browser cookies between each TestE2EFullIntegration subtest
 2021-07-13 16:43:57 -07:00
Ryan Richard 48b58e2fad Clear the browser cookies between each TestE2EFullIntegration test 
It seems like page.ClearCookies() only clears cookies for the current
domain, so there doesn't seem to be a function to clear all browser
cookies. Instead, we'll just start a whole new browser each test.
They start fast enough that it shouldn't be a problem.
 2021-07-13 16:20:02 -07:00
Ryan Richard 7ef3d42e01
Merge pull request #704 from mattmoyer/deflake-serving-certificate-rotation-test 
Make TestAPIServingCertificateAutoCreationAndRotation less flaky.
 2021-07-13 14:58:54 -07:00
Ryan Richard 33461ddc14
Merge branch 'main' into deflake-serving-certificate-rotation-test 2021-07-13 14:04:34 -07:00
Mo Khan 238c9e6743
Merge pull request #709 from vmware-tanzu/dependabot/go_modules/github.com/tdewolff/minify/v2-2.9.19 
Bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19
 2021-07-12 14:48:16 -04:00