djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,172 Commits 30 Branches 34 Tags 22 MiB
fc250f98d0
Commit Graph

67 Commits

Author SHA1 Message Date
Ryan Richard
d9d76726c2 Implement per-issuer OIDC JWKS endpoint 2020-10-16 17:51:40 -07:00
Andrew Keesler
617c5608ca Supervisor controllers apply custom labels to JWKS secrets 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-10-15 12:40:56 -07:00
Andrew Keesler
e05213f9dd
supervisor-generate-key: use EC keys intead of RSA 
EC keys are smaller and take less time to generate. Our integration
tests were super flakey because generating an RSA key would take up to
10 seconds *gasp*. The main token verifier that we care about is
Kubernetes, which supports P256, so hopefully it won't be that much of
an issue that our default signing key type is EC. The OIDC spec seems
kinda squirmy when it comes to using non-RSA signing algorithms...

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-15 11:33:08 -04:00
Andrew Keesler
fbcce700dc
Fix whitespace/spelling nits in JWKS controller 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-15 09:22:17 -04:00
Andrew Keesler
31225ac7ae
test/integration: reuse CreateTestOIDCProvider helper 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-15 09:09:49 -04:00
Andrew Keesler
c030551af0
supervisor-generate-key: unit and integration tests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-14 16:41:16 -04:00
Andrew Keesler
6aed025c79
supervisor-generate-key: initial spike 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-14 09:47:34 -04:00
Andrew Keesler
c555c14ccb
supervisor-oidc: add OIDCProviderConfig.Status.LastUpdateTime 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-09 11:54:50 -04:00
Andrew Keesler
bb015adf4e
Backfill tests to OIDCProviderConfig controller 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-09 10:39:17 -04:00
Ryan Richard
b74486f305 Start back-filling unit tests for OIDCProviderConfigWatcherController 
- Left some TODOs for more things that it should test
 2020-10-08 17:40:58 -07:00
Ryan Richard
8b7d96f42c Several small refactors related to OIDC providers 2020-10-08 11:28:21 -07:00
Andrew Keesler
da00fc708f
supervisor-oidc: checkpoint: add status to provider CRD 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-10-08 13:27:45 -04:00
Ryan Richard
6b653fc663 Creation and deletion of OIDC Provider discovery endpoints from config 
- The OIDCProviderConfigWatcherController synchronizes the
  OIDCProviderConfig settings to dynamically mount and unmount the
  OIDC discovery endpoints for each provider
- Integration test passes but unit tests need to be added still
 2020-10-07 19:18:34 -07:00
Andrew Keesler
f48a4e445e
Fix linting and unit tests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 11:48:21 -04:00
Andrew Keesler
019f44982c
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-07 10:54:56 -04:00
Andrew Keesler
fd6a7f5892
supervisor-oidc: hoist OIDC discovery handler for testing 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-10-06 11:16:57 -04:00
Ryan Richard
76bd462cf8 Implement very rough skeleton of the start of a supervisor server 
- This is just stab at a starting place because it felt easier to
  put something down on paper than to keep staring at a blank page
 2020-10-05 17:28:19 -07:00