Ryan Richard
e334ad6f7e
Fix lint errors in federation_domain_watcher.go, and adjust unit test
2023-09-11 11:14:05 -07:00
Ryan Richard
97a374c00b
Refactor federation_domain_watcher_test.go and add new test to its table
2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
fe9364c58b
Expand IdentityProvidersFound condition in federation_domain_watcher
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:05 -07:00
Benjamin A. Petersen
e9fb4242d5
Update federation_domain_watcher with new IdentityProviderFound
...
- adds the truthy condition
- TODOs for falsy conditions
- addiional notes for other conditions
- tests updated to pass with the new condition
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:14:04 -07:00
Ryan Richard
48e44e13c6
Change federation_domain_watcher_test.go to use a test table style
2023-09-11 11:14:04 -07:00
Ryan Richard
5e2f98af65
Update informers unit test for FederationDomainWatcherController
2023-09-11 11:14:04 -07:00
Ryan Richard
0b408f4fc0
Change FederationDomain.Status to use Phase and Conditions
2023-09-11 11:14:02 -07:00
Ryan Richard
022fdb9cfd
Update a test assertion to make failure easier to understand
2023-09-11 11:12:27 -07:00
Ryan Richard
2c4927debe
update unit test that fails on slow CI workers
2023-09-11 11:11:56 -07:00
Ryan Richard
0f23931fe4
Fix some tests in supervisor_login_test.go
2023-09-11 11:11:56 -07:00
Ryan Richard
048f05d39c
fix callback_handler_test.go
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:11:56 -07:00
Ryan Richard
b71e5964aa
fix token_handler_test.go
2023-09-11 11:11:56 -07:00
Benjamin A. Petersen
9d792352bf
test FederationDomainIdentityProvidersListerFinder
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:11:56 -07:00
Ryan Richard
86c791b8a6
reorganize federation domain packages to be more intuitive
...
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
2023-09-11 11:11:52 -07:00
Benjamin A. Petersen
3160b5bad1
Reorganized FederationDomain packages to avoid circular dependency
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Ryan Richard
610f886fd8
Fix auth_handler_test.go
2023-09-11 11:09:50 -07:00
Benjamin A. Petersen
770f8af62b
Update auth_handler.go to return 422 error when upstream IdP not found
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Benjamin A. Petersen
6ef9cf273e
Fix post_login_handler_test.go
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Ryan Richard
793d1c6a5d
add a type assertion
2023-09-11 11:09:50 -07:00
Benjamin A. Petersen
8f6a12eae4
fix internal/oidc/provider/manager/manager_test.go
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Benjamin A. Petersen
5c0425fb71
refactor: rename "provider" to "federationdomain" when appropriate
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Ryan Richard
96098841dd
Get tests to compile again and fix lint errors
2023-09-11 11:09:50 -07:00
Benjamin A. Petersen
b7627208ea
Add tests for identity_transformation.go
...
Co-authored-by: Ryan Richard <richardry@vmware.com>
2023-09-11 11:09:50 -07:00
Ryan Richard
32aa015d5b
Fixup unit tests for the previous commit
2023-09-11 11:09:50 -07:00
Ryan Richard
7af75dfe3c
First draft of implementation of multiple IDPs support
2023-09-11 11:09:49 -07:00
Ryan Richard
1a53b4daea
Allow user-defined string & stringList consts for use in CEL expressions
2023-09-11 11:09:49 -07:00
Ryan Richard
5385fb38db
Add identity transformation packages idtransform and celformer
...
Implements Supervisor identity transformations helpers using CEL.
2023-09-11 11:09:49 -07:00
Joshua Casey
64f1bff13f
Use Conditions from apimachinery, specifically k8s.io/apimachinery/pkg/apis/meta/v1.Conditions
2023-09-11 10:13:39 -07:00
Ryan Richard
ce567c481b
Improve pod logs related to Supervisor TLS certificate problems
2023-09-11 09:13:21 -07:00
Joshua Casey
cd91edf26c
[LDAP] move attributeUnchangedSinceLogin from upstreamldap to activedirectoryupstreamwatcher
2023-09-06 14:52:01 -05:00
Joshua Casey
8fd55a1d81
Adjust test expectations for compilation differences with 1.21
...
- Requires some production code changes, to use pointers to function variables instead of pointers to functions
2023-09-06 14:52:01 -05:00
Joshua Casey
3908097c54
Run 'go fix ./...' with go1.21.0
2023-09-06 14:52:01 -05:00
Joshua Casey
12f18cbed8
Inline and remove testutil.TempDir
2023-09-06 14:52:01 -05:00
Joshua Casey
05a1187e2e
Simplify build tags associated with unsupported golang versions
2023-09-06 14:52:01 -05:00
Joshua Casey
76933f69b9
Update comments to indicate support for newer versions of Kubernetes
2023-08-29 15:40:52 -05:00
Joshua Casey
2dcc149fee
Split off helper function
2023-08-28 12:14:14 -05:00
Joshua Casey
38230fc518
Use pversion to retrieve buildtime information
2023-08-28 11:54:27 -05:00
Joshua Casey
ca05969f8d
Integration tests should use 'kubectl explain --output plaintext-openapiv2'
...
- OpenAPIV3 discovery of aggregate APIs seems to need a little more work in K8s 1.28
2023-08-28 10:50:11 -05:00
Joshua Casey
1b504b6fbd
Expose OpenAPIv3 explanations
2023-08-28 10:50:11 -05:00
Joshua Casey
23ec91dee0
K8s API Server audit events are no longer pointers
2023-08-28 10:50:10 -05:00
Joshua Casey
1707995378
Fix #1582 by not double-decoding the ca.crt field in external TLS secrets for the impersonation proxy
2023-08-08 20:17:21 -05:00
Joshua Casey
dc61d132cf
Address PR feedback, especially to check that the CA bundle is some kind of valid cert
2023-08-03 14:57:21 -05:00
Joshua Casey
959f18b67b
Add integration test to verify that the impersonation proxy will use an external TLS serving cert
2023-08-03 14:57:21 -05:00
Joshua Casey
ee75a63057
Test Refactor: use explicit names for mTLS signing cert
2023-08-03 14:57:21 -05:00
Joshua Casey
bd035a180e
Impersonation proxy detects when the user has configured an externally provided TLS secret to serve TLS
...
- https://github.com/vmware-tanzu/pinniped/tree/main/proposals/1547_impersonation-proxy-external-certs
- https://joshuatcasey.medium.com/k8s-mtls-auth-with-tls-passthrough-1bc25e750f52
2023-08-03 14:57:21 -05:00
Joshua Casey
3e57716f0e
The impersonation controller should sync when any secret of type kubernetes.io/tls changes in the namespace
2023-08-03 14:57:21 -05:00
Joshua Casey
63b5f921e1
Use k8s.io/utils/ptr instead of k8s.io/utils/pointer, which is deprecated
2023-07-28 09:16:02 -05:00
Ryan Richard
743cb2d250
kube cert agent pod requests 0 cpu to avoid scheduling failures
2023-07-25 10:09:30 -07:00
Joshua Casey
39912060f7
Remove untested comments
2023-07-19 15:50:12 -05:00
Joshua Casey
c142c52258
Do not name return variables
2023-07-19 15:49:22 -05:00