Matt Moyer
68d20298f2
Fix chromedriver usage inside our test container.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-14 13:18:11 -05:00
Matt Moyer
19a1d569c9
Restructure this test to avoid data races.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-14 12:28:08 -05:00
Ryan Richard
a197a26335
Change community meeting time
...
And some other general cleanup
2020-10-14 09:54:09 -07:00
Andrew Keesler
6aed025c79
supervisor-generate-key: initial spike
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-14 09:47:34 -04:00
Andrew Keesler
aa705afc72
hack/tilt-up.sh: let folks specify tilt flags
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-14 09:22:21 -04:00
Andrew Keesler
3d5937a8e8
deploy/supervisor: type: eaxmple -> example
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-14 09:22:15 -04:00
Matt Moyer
33fcc74417
Add Dex to our integration test environment and use it to test the CLI.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-13 16:50:38 -05:00
Matt Moyer
50d80489be
Add initial CLI integration test for OIDC login.
...
This is our first test using a real browser to interact with an upstream provider.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-13 10:41:53 -05:00
Matt Moyer
8a16a92c01
Rename some existing CLI test code.
...
It will no longer be the only CLI test, so the names should be a bit more specific.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-13 10:25:39 -05:00
Matt Moyer
d1e86e2616
Rename "TestClusterCapability" to more generic "Capability."
...
This will be used for other types of "capabilities" of the test environment besides just those of the test cluster, such as those of an upstream OIDC provider.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-13 09:13:40 -05:00
Matt Moyer
67b692b11f
Implement the rest of an OIDC client CLI library.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-12 16:41:46 -05:00
Matt Moyer
ce49d8bd7b
Remove the --use-pkce flag and just always use it.
...
Based on the spec, it seems like it's required that OAuth2 servers which do not support PKCE should just ignore the parameters, so this should always work.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-12 16:41:46 -05:00
Matt Moyer
a13d7ec5a1
Remove temporary --debug-auth-code-exchange flag for OIDC client CLI.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-12 16:41:46 -05:00
Ryan Richard
ff545db869
Merge pull request #148 from vmware-tanzu/supervisor-with-discovery
...
Beginning of a Pinniped Supervisor Server, starting with an OIDC Discovery Endpoint
2020-10-09 18:58:15 -07:00
Ryan Richard
6b135b93cf
Binding both kind workers to the same localhost port fails, so just bind one
2020-10-09 18:42:15 -07:00
Ryan Richard
d81d395c80
Get ready to deploy Supervisor in CI and run its integration tests
...
- Also use ./test/integration instead of ./test/... everywhere because
it will stream the output of the tests while they run
2020-10-09 18:07:13 -07:00
Ryan Richard
171f3ed906
Add some docs for how to configure the Supervisor app after installing
2020-10-09 16:28:34 -07:00
Ryan Richard
354b922e48
Allow creation of different Service types in Supervisor ytt templates
...
- Tiltfile and prepare-for-integration-tests.sh both specify the
NodePort Service using `--data-value-yaml 'service_nodeport_port=31234'`
- Also rename the namespaces used by the Concierge and Supervisor apps
during integration tests running locally
2020-10-09 16:00:11 -07:00
Ryan Richard
34549b779b
Make tilt work with the supervisor app and add more uninstall testing
...
- Also continue renaming things related to the concierge app
- Enhance the uninstall test to also test uninstalling the supervisor
and local-user-authenticator apps
2020-10-09 14:25:34 -07:00
Ryan Richard
72b2d02777
Rename integration test env variables
...
- Variables specific to concierge add it to their name
- All variables now start with `PINNIPED_TEST_` which makes it clear
that they are for tests and also helps them not conflict with the
env vars that are used in the Pinniped CLI code
2020-10-09 10:11:47 -07:00
Ryan Richard
b71959961d
Merge branch 'main' into supervisor-with-discovery
2020-10-09 10:00:50 -07:00
Ryan Richard
f5a6a0bb1e
Move all three deployment dirs under a new top-level deploy/
dir
2020-10-09 10:00:22 -07:00
Andrew Keesler
c555c14ccb
supervisor-oidc: add OIDCProviderConfig.Status.LastUpdateTime
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-09 11:54:50 -04:00
Andrew Keesler
bb015adf4e
Backfill tests to OIDCProviderConfig controller
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-09 10:39:17 -04:00
Andrew Keesler
fac4d074d0
internal/multierror: add tests
...
Signed-off-by: Andrew Keesler <ankeesler1@gmail.com>
2020-10-09 08:00:41 -04:00
Ryan Richard
b74486f305
Start back-filling unit tests for OIDCProviderConfigWatcherController
...
- Left some TODOs for more things that it should test
2020-10-08 17:40:58 -07:00
Ryan Richard
a4389562e3
Fix mistake in deployment.yaml where service selector was hardcoded
2020-10-08 16:20:21 -07:00
Andrew Keesler
05141592f8
Refactor provider.Manager
...
- And also handle when an issuer's path is a subpath of another issuer
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-10-08 14:40:56 -07:00
Ryan Richard
8b7d96f42c
Several small refactors related to OIDC providers
2020-10-08 11:28:21 -07:00
Andrew Keesler
da00fc708f
supervisor-oidc: checkpoint: add status to provider CRD
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-10-08 13:27:45 -04:00
Ryan Richard
6b653fc663
Creation and deletion of OIDC Provider discovery endpoints from config
...
- The OIDCProviderConfigWatcherController synchronizes the
OIDCProviderConfig settings to dynamically mount and unmount the
OIDC discovery endpoints for each provider
- Integration test passes but unit tests need to be added still
2020-10-07 19:18:34 -07:00
Andrew Keesler
154de991e4
Make concierge_api_discovery_test.go less sensitive to order in a list
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-10-07 11:42:30 -07:00
Andrew Keesler
f48a4e445e
Fix linting and unit tests
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 11:48:21 -04:00
Andrew Keesler
20ce142f90
Merge remote-tracking branch 'upstream/main' into supervisor-with-discovery
2020-10-07 11:37:33 -04:00
Andrew Keesler
c49ebf4b57
supervisor-oidc: int test passes, but impl needs refactor
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 11:33:50 -04:00
Andrew Keesler
019f44982c
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 10:54:56 -04:00
Andrew Keesler
8a772793b8
supervisor-oidc: fix PINNIPED_SUPERVISOR test env vars?
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 10:51:39 -04:00
Andrew Keesler
ead1ade24b
supervisor-oidc: forgot OIDCProviderConfig type registration in 14f1d86
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-07 10:50:55 -04:00
Ryan Richard
ae56fcb46a
Add integration test for the OIDC discovery endpoint
...
- Intended to be a red test in this commit; will make it go
green in a future commit
- Enhance env.go and prepare-for-integration-tests.sh to make it
possible to write integration tests for the supervisor app
by setting more env vars and by exposing the service to the kind
host on a localhost port
- Add `--clean` option to prepare-for-integration-tests.sh
to make it easier to start fresh
- Make prepare-for-integration-tests.sh advise you to run
`go test -v -count 1 ./test/integration` because this does
not buffer the test output
- Make concierge_api_discovery_test.go pass by adding expectations
for the new OIDCProviderConfig type
2020-10-06 17:53:29 -07:00
Ryan Richard
a7c334a0f3
Update the file used as the demo screencast
...
New version of the file was created by @danjahner
2020-10-06 17:11:08 -07:00
Ryan Richard
044b5c4d46
Merge pull request #151 from vmware-tanzu/demo-screencast
...
Add demo screencast and do some cleanup in demo.md
2020-10-06 17:07:27 -07:00
Ryan Richard
6f8f99e49b
Add demo screencast and do some cleanup in demo.md
...
- Note that this avoids committing the demo screencast
file to our git history because it is 5.76 MB. We won't
want to need to download that content on
every `git clone`.
- Instead the file is hosted by GitHub's CDN
2020-10-06 16:35:58 -07:00
Ryan Richard
78cc49d658
Revert "supervisor-oidc: create dynamic config in YTT templates"
...
This reverts commit 006d96ab92
.
2020-10-06 13:35:05 -07:00
Matt Moyer
8012d6a1c2
Merge pull request #147 from mattmoyer/oidc-cli
...
Implement initial steps of OIDC CLI client.
2020-10-06 15:20:30 -05:00
Matt Moyer
885005a3c1
Merge pull request #145 from mattmoyer/adjust-pr-template
...
Iterate on pull request template.
2020-10-06 15:20:01 -05:00
Matt Moyer
79c07f3e21
Merge pull request #146 from mattmoyer/tilt
...
Add Tilt-based local dev workflow.
2020-10-06 15:19:29 -05:00
Ryan Richard
14f1d86833
supervisor-oidc: add OIDCProviderConfig CRD
...
This will hopefully come in handy later if we ever decide to add
support for multiple OIDC providers as a part of one supervisor.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 15:20:29 -04:00
Ryan Richard
5b3dd5fc7d
Rename pinniped-server -> pinniped-concierge
...
Do we like this? We don't know yet.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 14:59:03 -04:00
Matt Moyer
38501ff763
Add initial "pinniped alpha login oidc" partial implementation.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-10-06 12:42:29 -05:00
Andrew Keesler
006d96ab92
supervisor-oidc: create dynamic config in YTT templates
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-10-06 11:16:57 -04:00