Ryan Richard
7751c0bf59
Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3
...
Several API changes in Kube required changes in Pinniped code.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-07 15:26:30 -04:00
Ryan Richard
8170889aef
Update CSP header expectations in TestSupervisorLogin_Browser int test
2022-06-07 11:20:59 -07:00
Mo Khan
38bfdd6b70
Merge branch 'main' into auth_handler_form_post_csp
2022-06-07 11:42:09 -04:00
Margo Crawford
e5a96e353c
Merge pull request #1185 from vmware-tanzu/oidc_client_crd
...
OIDC client crd
2022-06-06 14:16:10 -07:00
Anjali Telang
52bbbcf7e8
margo's suggestions
2022-06-06 17:03:52 -04:00
Mo Khan
a3ec15862d
Run CodeQL on dynamic_clients branch
2022-06-06 16:41:38 -04:00
Ryan Richard
98c45fefe9
Merge branch 'main' into auth_handler_form_post_csp
2022-06-06 11:51:51 -07:00
Margo Crawford
d6442ed53d
Merge pull request #1180 from vmware-tanzu/cli_flow_env_var
...
Allow `PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW` env var to override `--upstream-identity-provider-flow` CLI flag
2022-06-06 11:49:00 -07:00
Margo Crawford
0dec2eee32
Add enum validation for scopes and grant types
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-06 10:15:25 -07:00
Ryan Richard
fd9d641b5c
Add doc for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var
2022-06-06 09:47:50 -07:00
Ryan Richard
326cc194e9
Merge branch 'main' into cli_flow_env_var
2022-06-06 09:38:57 -07:00
Margo Crawford
3cacb5b022
Fix typo in oidcclient spec and status descriptions
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-06 07:38:57 -07:00
Margo Crawford
ca3da0bc90
Fix some disallowed kubebuilder annotations, fix kube api discovery test
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-04 21:04:40 -07:00
Margo Crawford
cd47ba53c2
Add CRD for OIDCClient
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-06-03 16:22:15 -07:00
anjalitelang
2f6349c96d
Merge pull request #1166 from anjaltelang/main
...
Roadmap updates for future
2022-06-02 17:27:14 -04:00
anjalitelang
225bbdd36b
Merge branch 'main' into main
2022-06-02 17:25:43 -04:00
Ryan Richard
30d09b2b7e
Empty commit
2022-06-02 13:10:34 -07:00
Ryan Richard
cb8685b942
Add e2e test for PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var
2022-06-02 11:27:54 -07:00
Ryan Richard
6e461821d6
Allow PINNIPED_UPSTREAM_IDENTITY_PROVIDER_FLOW env var to override flow
...
Env var may be used with CLI to override the flow selected by the
--upstream-identity-provider-flow CLI flag.
2022-06-02 10:30:03 -07:00
Ryan Richard
b99c4773a2
Use CSP headers in auth handler response
...
When response_mode=form_post is requested, some error cases will be
returned to the client using the form_post web page to POST the result
back to the client's redirect URL.
2022-06-02 09:23:34 -07:00
Monis Khan
212f00ebde
Recommend a single approach to address all goals
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-06-01 10:26:37 -04:00
Mo Khan
75a32ae243
Merge pull request #1145 from enj/enj/f/json_logs
...
Switch to go.uber.org/zap for JSON formatted logging
2022-05-24 13:15:22 -04:00
Monis Khan
0674215ef3
Switch to go.uber.org/zap for JSON formatted logging
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-24 11:17:42 -04:00
Ryan Richard
03ccef03fe
Merge pull request #1163 from vmware-tanzu/ldap-login-ui
...
Support a browser-based login flow for LDAP and Active Directory providers
2022-05-24 10:19:34 -04:00
Ryan Richard
438ab0a0e1
Merge branch 'main' into ldap-login-ui
2022-05-20 08:40:34 -07:00
Ryan Richard
39fd9ba270
Small refactors and comments for LDAP/AD UI
2022-05-19 16:02:08 -07:00
Anjali Telang
cc985aa98a
Roadmap updates for future
...
Signed-off-by: Anjali Telang <atelang@vmware.com>
2022-05-19 15:53:53 -04:00
Ryan Richard
7388097de7
Merge pull request #1116 from vmware-tanzu/proposal-ldap-web-ui
...
ldap/ad web ui proposal
2022-05-16 16:22:17 -07:00
Ryan Richard
f008c081b3
Accept LDAP UI proposal
2022-05-16 16:21:33 -07:00
Ryan Richard
1092fc4a9e
Add PR link to LDAP UI proposal
2022-05-16 16:21:17 -07:00
Ryan Richard
dc6874e9cd
Move remaining open q's to answered q's
2022-05-16 16:20:42 -07:00
Ryan Richard
0f2a984308
Merge branch 'main' into ldap-login-ui
2022-05-11 11:32:15 -07:00
Ryan Richard
4101a55001
Update docs for new LDAP/AD browser-based login flow
...
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
2022-05-11 11:19:08 -07:00
Ryan Richard
aa732a41fb
Add LDAP browser flow login failure tests to supervisor_login_test.go
...
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
2022-05-10 16:28:08 -07:00
Ryan Richard
0b106c245e
Add LDAP browser flow login test to supervisor_login_test.go
2022-05-10 12:54:40 -07:00
Ryan Richard
ab302cf2b7
Add AD via browser login e2e test and refactor e2e tests to share code
2022-05-10 10:30:32 -07:00
Ryan Richard
a4e32d8f3d
Extract browsertest.LoginToUpstreamLDAP() integration test helper
2022-05-09 15:43:36 -07:00
Ryan Richard
831abc315e
Update audit log proposal key names and timestamp format
2022-05-09 14:45:18 -07:00
Monis Khan
6bb34130fe
Add asymmetric crypto based client secret generation
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 15:58:52 -04:00
Margo Crawford
22aea6ab9d
Address some small comments to make the doc more understandable
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-09 12:55:32 -07:00
Monis Khan
58f8a10919
Add data model and secret generation alternatives
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-09 00:05:06 -04:00
Monis Khan
1c4ed8b404
Add recommendation for solving the audience confusion problem
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-06 22:26:59 -04:00
Pinny
afc73221d6
Updated versions in docs for v0.17.0 release
2022-05-06 19:28:56 +00:00
Ryan Richard
4c44f583e9
Don't add pinniped_idp_name pinniped_idp_type params into upstream state
2022-05-06 12:00:46 -07:00
Margo Crawford
408e390094
Add more detail on how we should display errors
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-06 11:00:01 -07:00
Ryan Richard
ec22b5715b
Add Pinniped favicon to login UI page 🦭
2022-05-05 14:46:07 -07:00
Ryan Richard
6e6e1f4add
Update login page CSS selectors in e2e test
2022-05-05 13:56:38 -07:00
Ryan Richard
00d68845c4
Add --flow
to choose login flow in prepare-supervisor-on-kind.sh
2022-05-05 13:42:23 -07:00
Ryan Richard
cffa353ffb
Login page styling/structure for users, screen readers, passwd managers
...
Also:
- Add CSS to login page
- Refactor login page HTML and CSS into a new package
- New custom CSP headers for the login page, because the requirements
are different from the form_post page
2022-05-05 13:13:25 -07:00
Ryan Richard
6ca7c932ae
Add unit test for rendering form_post response from POST /login
2022-05-05 13:13:25 -07:00