5621c1161a
Bump google.com/api-project-999119582588/go-boringcrypto/golang in /hack
...
Bumps google.com/api-project-999119582588/go-boringcrypto/golang from 1.17.8b7 to 1.18.1b7.
---
updated-dependencies:
- dependency-name: google.com/api-project-999119582588/go-boringcrypto/golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-14 13:26:21 +00:00
79fd8e2901
Merge pull request #1119 from enj/enj/i/fips_log_errs
...
Only emit FIPS startup log when running a server component
2022-04-14 09:19:40 -04:00
e0886c6948
Only emit FIPS startup log when running a server component
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 18:31:02 -04:00
f5cc2f20f7
Merge pull request #1118 from enj/enj/i/go1.18_linter_fix
...
Bump to go1.18.1 and fix linter errors
2022-04-13 18:15:20 -04:00
8fd77b72df
Bump to go1.18.1 and fix linter errors
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-13 16:43:06 -04:00
8ecf18521c
Merge pull request #1112 from vmware-tanzu/fips-website-docs
...
document how to use the fips dockerfile on our website
2022-04-13 16:41:25 -04:00
96c705bf94
document how to use the fips dockerfile on our website
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-13 12:45:58 -07:00
d0d20e00e4
Merge pull request #1117 from vmware-tanzu/prefix_tokens
...
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 15:34:42 -04:00
53348b8464
Add custom prefix to downstream access and refresh tokens and authcodes
2022-04-13 10:13:27 -07:00
13daf59217
Merge pull request #1108 from vicmarbev/main
...
Use vmware-tanzu/carvel instead of the deprecated k14s/tap to install deps with brew
2022-04-13 08:43:39 -07:00
9ebf3a5b92
Merge branch 'main' into main
2022-04-13 08:41:04 -07:00
6af1aaeb20
Merge pull request #1114 from enj/enj/i/fips_init_log
...
Use klog to make sure FIPS init log is emitted
2022-04-12 16:23:38 -04:00
6b4fbb6e0e
Use klog to make sure FIPS init log is emitted
...
We cannot use plog until the log level config has been setup, but
that occurs after this init function has run.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-12 14:36:06 -04:00
edf4ffb018
Merge pull request #1101 from vmware-tanzu/dependabot/docker/hack/distroless/static-2556293
...
Bump distroless/static from `80c956f` to `2556293` in /hack
2022-04-11 12:37:25 -04:00
721526b7e7
Bump distroless/static from `80c956f` to `2556293` in /hack
...
Bumps distroless/static from `80c956f` to `2556293`.
---
updated-dependencies:
- dependency-name: distroless/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:13:12 +00:00
91681b9368
Update ROADMAP.md
...
Edits to the wiki based on our current backlog 4/5/2022
2022-04-06 16:08:04 -04:00
3c6f97a457
Target hack/Dockerfile_fips correctly
2022-04-06 15:32:08 -04:00
12cbd744b7
Syntax highlighting for Dockerfile_fips
2022-04-06 15:31:07 -04:00
103538858f
Merge pull request #1094 from vmware-tanzu/disable_http
...
Supervisor HTTP listener disabled by default and may only bind to loopback interfaces
2022-04-05 12:39:04 -07:00
bdabdf0f42
Update comment in FederationDomainTLSSpec
2022-04-05 09:53:22 -07:00
25d20d4081
Merge branch 'main' into disable_http
2022-04-05 09:00:26 -07:00
dc24397df4
Use vmware-tanzu/carvel instead of the deprecated k14/tap to install deps with brew
2022-04-05 16:43:22 +02:00
c0874706d9
Merge pull request #1106 from enj/enj/i/fips_followup
...
Add more details to FIPS comments
2022-04-01 13:16:50 -04:00
07066e020d
Explicitly set defaultServing ciphers in FIPS mode
...
This is a no-op today, but could change in the future when we add
support for FIPS in non-strict mode.
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:59:47 -04:00
3f0753ec5a
Remove duplication in secure TLS tests
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
15bc6a4a67
Add more details to FIPS comments
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-01 10:56:38 -04:00
ce82d799c9
Run OSSF scorecard on release branches
2022-04-01 10:41:23 -04:00
a453522d81
Add OSSF Scorecard GitHub Action
2022-04-01 10:30:01 -04:00
51c527a965
Change to camel-case for insecureAcceptExternalUnencryptedHttpRequests
...
- Use camel-case in the static configmap
- Parse the value into a boolean in the go struct instead of a string
- Add test for when unsupported value is used in the configmap
- Run the config_test.go tests in parallel
- Update some paragraphs in configure-supervisor.md for clarity
2022-03-31 16:23:45 -07:00
ae7aac020a
Merge branch 'main' into disable_http
2022-03-30 11:30:32 -07:00
17e8faa0fe
Have dependabot keep the FIPS dockerfile updated
2022-03-30 13:55:19 -04:00
6639ce2a1f
Merge pull request #1061 from vmware-tanzu/fips-boringcrypto
...
FIPs compatibility
2022-03-30 13:43:23 -04:00
53597bb824
Introduce FIPS compatibility
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-03-29 16:58:41 -07:00
0e54ba1a20
Slightly fancier way to prevent old values.yaml names from being used
2022-03-29 14:24:40 -07:00
b07a4131e5
Merge branch 'main' into disable_http
2022-03-29 12:47:53 -07:00
2cffea5880
Merge pull request #1099 from vmware-tanzu/remove_supervisorhttpaddress_var
...
Remove unused env.SupervisorHTTPAddress integration test var
2022-03-29 13:36:00 -04:00
5f34efc0b7
Empty commit to trigger CI
2022-03-29 09:39:18 -07:00
cf471d6422
Remove unused env.SupervisorHTTPAddress integration test var
2022-03-29 09:13:44 -07:00
3592f80457
Merge branch 'main' into disable_http
2022-03-28 17:03:59 -07:00
488f08dd6e
Provide a way to override the new HTTP loopback-only validation
...
Add new deprecated_insecure_accept_external_unencrypted_http_requests
value in values.yaml. Allow it to be a boolean or a string to make it
easier to use (both --data-value and --data-value-yaml will work).
Also:
- Consider "ip6-localhost" and "ip6-loopback" to be loopback addresses
for the validation
- Remove unused env.SupervisorHTTPAddress var
- Deprecate the `service_http_*` values in values.yaml by renaming them
and causing a ytt render error when the old names are used
2022-03-28 17:03:23 -07:00
cd25cb89c4
Merge pull request #1093 from enj/enj/d/ws1
...
Add Workspace ONE Access docs
2022-03-24 20:24:29 -04:00
57fb085bef
Add Workspace ONE Access docs
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-03-24 20:17:54 -04:00
8d12c1b674
HTTP listener: default disabled and may only bind to loopback interfaces
2022-03-24 15:46:10 -07:00
9c5adad062
Merge pull request #1092 from vmware-tanzu/remove_oryx_direct_dep
...
Remove direct dependency on ory/x
2022-03-24 15:16:34 -04:00
4649b8e0e4
Merge pull request #1085 from pnbrown/community-page-update
...
Update _index.html
2022-03-24 14:02:51 -04:00
48c5a625a5
Remove our direct dependency on ory/x
...
ory/x has new releases very often, sometimes multiple times per week,
causing a lot of noise from dependabot. We were barely using it
directly, so replace our direct usages with equivalent code.
2022-03-24 10:24:54 -07:00
42bd385cbd
Merge pull request #1088 from vmware-tanzu/pty_int_test_flakes
...
WIP: Try to fix recent integration test flakes
2022-03-22 18:10:08 -07:00
bedf4e5a39
Try to avoid getting a second username prompt in a test in e2e_test.go
2022-03-22 14:23:50 -07:00
2715741c2c
Increase a test timeout in e2e_test.go
2022-03-22 12:13:10 -07:00
d20b2056f2
Merge branch 'main' into pty_int_test_flakes
2022-03-22 11:14:19 -07:00
dependabot[bot]