Commit Graph

  • 59263ea733
    Rename CredentialIssuerConfig to CredentialIssuer. Matt Moyer 2020-11-02 15:39:43 -0600
  • b13a8075e4
    Merge pull request #183 from vmware-tanzu/non-root Matt Moyer 2020-11-02 17:39:14 -0600
  • d596f8c3e5 Empty commit to trigger CI Ryan Richard 2020-11-02 15:18:39 -0800
  • 75c35e74cc Refactor and add unit tests for previous commit to run agent pod as root Ryan Richard 2020-11-02 15:03:37 -0800
  • e4f4cd7ca0
    Merge pull request #181 from mattmoyer/add-psp-cluster-role-permission Matt Moyer 2020-11-02 15:35:56 -0600
  • a01921012d
    kubecertagent: explicitly run as root Ryan Richard 2020-11-02 16:33:46 -0500
  • 2e50e8f01b
    hack/lib/tilt: run Tilt images with non-root user Ryan Richard 2020-11-02 16:32:50 -0500
  • 935577f8e7
    Give the concierge access to use any PodSecurityPolicy. Matt Moyer 2020-11-02 15:10:00 -0600
  • 781f86d18c
    deploy: add memory limits Ryan Richard 2020-11-02 14:57:39 -0500
  • fcea48c8f9
    Run as non-root Andrew Keesler 2020-11-02 11:57:05 -0500
  • 7639d5e161
    Merge pull request #178 from ankeesler/test-cleanup Andrew Keesler 2020-11-02 12:22:34 -0500
  • ab5c04b1f3
    Merge pull request #176 from vmware-tanzu/agent_pod_additional_label_handling Ryan Richard 2020-11-02 09:08:42 -0800
  • fb3c5749e8
    test/integration: protect from NPE and follow doc conventions Andrew Keesler 2020-11-02 11:42:46 -0500
  • 7597b12a51 Small unit test changes for deleter_test.go Ryan Richard 2020-11-02 08:40:39 -0800
  • fb53a5dc13
    Fix unit tests on Windows and add related workflow Andrew Keesler 2020-10-28 09:43:27 -0400
  • 5bbfc35d27
    Merge pull request #175 from mattmoyer/split-config-apis Matt Moyer 2020-10-30 19:42:03 -0500
  • f76b9857da Don't use custom labels when selecting an agent pod Ryan Richard 2020-10-30 17:41:17 -0700
  • 9e1922f1ed
    Split the config CRDs into two API groups. Matt Moyer 2020-10-30 15:09:14 -0500
  • 01f4fdb5c3 Remove namespace from a ClusterRoleBinding, which are not namespaced Ryan Richard 2020-10-30 16:10:04 -0700
  • a5379c08e2 Whitespace-only change in two files Andrew Keesler 2020-10-30 15:18:40 -0700
  • ad95bb44b0
    Merge pull request #174 from mattmoyer/rename-webhook-idp Matt Moyer 2020-10-30 15:50:39 -0500
  • 4b7592feaf Skip a part of an integration test which is not so easy with real Ingress Ryan Richard 2020-10-30 13:19:23 -0700
  • 34da8c7877
    Rename existing references to "IDP" and "Identity Provider". Matt Moyer 2020-10-30 14:02:21 -0500
  • f3a83882a4
    Rename the IdentityProvider field to Authenticator in TokenCredentialRequest. Matt Moyer 2020-10-30 12:41:21 -0500
  • 0f25657a35
    Rename WebhookIdentityProvider to WebhookAuthenticator. Matt Moyer 2020-10-30 11:39:26 -0500
  • e69183aa8a
    Rename idp.concierge.pinniped.dev to authentication.concierge.pinniped.dev. Matt Moyer 2020-10-30 11:03:25 -0500
  • 81390bba89
    Rename idp.pinniped.dev to idp.concierge.pinniped.dev. Matt Moyer 2020-10-30 10:51:56 -0500
  • 59431a3d3d
    Merge pull request #173 from mattmoyer/parallel-codegen Matt Moyer 2020-10-30 13:45:21 -0500
  • 9760c03617
    Do codegen across all version in parallel. Matt Moyer 2020-10-30 11:12:53 -0500
  • 8b8ffc21c4
    Merge pull request #172 from mattmoyer/rename-login-api Matt Moyer 2020-10-30 10:23:45 -0500
  • f0320dfbd8
    Rename login API to login.concierge.pinniped.dev. Matt Moyer 2020-10-30 09:34:43 -0500
  • 3277e778ea Add a comment to an integration test Ryan Richard 2020-10-29 15:42:22 -0700
  • 9c13b7144e
    Merge pull request #170 from vmware-tanzu/oidc_https_endpoints Ryan Richard 2020-10-28 17:15:11 -0700
  • 059b6e885f Allow ytt templating of the loadBalancerIP for the supervisor Ryan Richard 2020-10-28 16:45:23 -0700
  • 4af508981a Make default TLS secret name from app name in supervisor_discovery_test.go Ryan Richard 2020-10-28 16:11:19 -0700
  • a007fc3bd3 Form paths correctly when the path arg is empty in supervisor_discovery_test.go Ryan Richard 2020-10-28 15:22:53 -0700
  • c52874250a Fix a mistake in supervisor_discovery_test.go Ryan Richard 2020-10-28 14:25:01 -0700
  • 01dddd3cae Add some docs for configuring supervisor TLS Ryan Richard 2020-10-28 13:42:02 -0700
  • bd04570e51 supervisor_discovery_test.go tests hostnames are treated as case-insensitive Andrew Keesler 2020-10-28 13:09:20 -0700
  • 8ff64d4c1a Require https scheme for OIDCProviderConfig Issuer field Ryan Richard 2020-10-28 12:49:41 -0700
  • 2542a8e175 Stash and restore any pre-existing default TLS cert in supervisor_discovery_test.go Andrew Keesler 2020-10-28 12:32:21 -0700
  • 29e0ce5662 Configure name of the supervisor default TLS cert secret via ConfigMap Ryan Richard 2020-10-28 11:56:50 -0700
  • 978ecda758 Test SNI & default certs being used at the same time in integration test Ryan Richard 2020-10-28 08:58:50 -0700
  • 170d3a3993 Forgot to commit some test fixtures in a prior commit Ryan Richard 2020-10-27 17:00:00 -0700
  • 2777c4e9f3 Update prepare-for-integration-tests.sh to use ./hack/kind-{up,down}.sh Ryan Richard 2020-10-27 16:56:53 -0700
  • 38802c2184 Add a way to set a default supervisor TLS cert for when SNI won't work Ryan Richard 2020-10-27 16:33:08 -0700
  • 7bce16737b
    Get rid of WIP workflow Andrew Keesler 2020-10-27 18:39:19 -0400
  • 96c4661a25
    Fix unit-tests workflow YAML. Andrew Keesler 2020-10-27 18:26:11 -0400
  • 45189e3e2b
    No way this windows-unit-tests workflow works. Andrew Keesler 2020-10-27 18:20:12 -0400
  • d5dd65cfe8
    So...does this macos-unit-tests workflow work? Andrew Keesler 2020-10-27 18:00:54 -0400
  • 1f1b6c884e Add integration test: supervisor TLS termination and SNI virtual hosting Ryan Richard 2020-10-27 14:57:25 -0700
  • eeb110761e Rename secretName to SNICertificateSecretName in OIDCProviderConfig Ryan Richard 2020-10-26 17:25:45 -0700
  • 8b7c30cfbd Supervisor listens for HTTPS on port 443 with configurable TLS certs Ryan Richard 2020-10-26 17:03:26 -0700
  • 7880f7ea41
    Merge pull request #171 from danjahner/main Matt Moyer 2020-10-26 17:20:36 -0500
  • 13ccb07fe4
    Rename logo file Dan Jahner 2020-10-26 15:06:04 -0700
  • 6c092deba5
    Merge pull request #169 from mattmoyer/promote-login-command Matt Moyer 2020-10-23 19:48:44 -0500
  • 25a91019c2 Add spec.secretName to OPC and handle case-insensitive hostnames Ryan Richard 2020-10-23 16:25:44 -0700
  • 7615667b9b
    Update TestCLILoginOIDC to use new non-alpha login command. Matt Moyer 2020-10-23 14:31:15 -0500
  • 0948457521
    Promote the pinniped login command out of alpha. Matt Moyer 2020-10-23 14:26:51 -0500
  • 110c72a5d4
    dynamiccertauthority: fix cert expiration test failure Andrew Keesler 2020-10-23 15:34:25 -0400
  • f928ef4752 Also mention using a service mesh is an option for supervisor ingress Andrew Keesler 2020-10-23 10:23:17 -0700
  • eafdef7b11 Add docs for creating an Ingress for the Supervisor Ryan Richard 2020-10-22 16:57:41 -0700
  • 4c844ba334
    Merge pull request #168 from mattmoyer/cli-session-refresh Matt Moyer 2020-10-22 18:13:42 -0500
  • 07001e5ee3
    Extend TestCLILoginOIDC to test refresh flow. Matt Moyer 2020-10-22 17:35:06 -0500
  • 3508a28369
    Implement refresh flow in ./internal/oidcclient package. Matt Moyer 2020-10-22 16:12:02 -0500
  • 397ec61e57 Specify the supervisor NodePort Service's port and nodePort separately Ryan Richard 2020-10-22 15:37:35 -0700
  • 8ae04605ca
    Add comments for magic 31234 port Ryan Richard 2020-10-22 17:53:40 -0400
  • 8772a00824
    Merge pull request #167 from mattmoyer/fix-accidental-timeout-regression Matt Moyer 2020-10-22 12:24:49 -0500
  • ce598eb58e
    Fix a timeout in TestCLILoginOIDC that was accidentally shortened in 0adbb5234e. Matt Moyer 2020-10-22 11:49:04 -0500
  • 4b24e9c625
    Merge pull request #166 from mattmoyer/add-cli-test-debug-output Matt Moyer 2020-10-22 11:17:18 -0500
  • fe3b44b134
    Add some verbose logging to TestCLILoginOIDC. Matt Moyer 2020-10-22 10:30:51 -0500
  • 122f7cffdb Make the supervisor healthz endpoint public Ryan Richard 2020-10-21 15:24:48 -0700
  • 5dbc03efe9
    Merge pull request #165 from mattmoyer/cli-session-cache Matt Moyer 2020-10-21 16:30:03 -0500
  • 0adbb5234e
    Extend TestCLILoginOIDC to test ID token caching behavior. Matt Moyer 2020-10-21 15:02:42 -0500
  • e919ef6582
    Add a file-based session cache. Matt Moyer 2020-10-21 12:54:26 -0500
  • fa5f653de6 Implement readinessProbe and livenessProbe for supervisor Andrew Keesler 2020-10-21 11:51:31 -0700
  • e8113e3770
    Add basic caching framework to ./internal/oidclient package. Matt Moyer 2020-10-21 13:05:19 -0500
  • 7f6a82aa91
    Refactor and rename ./internal/oidcclient/login to ./internal/oidcclient. Matt Moyer 2020-10-21 13:04:46 -0500
  • 4ef41f969d
    Add a util helper for marking a CLI flag as hidden. Matt Moyer 2020-10-19 10:48:10 -0500
  • 3e39800005
    Merge pull request #164 from vmware-tanzu/virtual-hosts Andrew Keesler 2020-10-21 09:16:59 -0400
  • 52ebd77527 Add optional PINNIPED_TEST_SUPERVISOR_HTTPS_CA_BUNDLE for integration tests Ryan Richard 2020-10-20 16:46:33 -0700
  • ec21fc8595 Also delete the final OIDCProviderConfig made by an integration test Ryan Richard 2020-10-20 15:59:25 -0700
  • 276dff5772 Introduce PINNIPED_TEST_SUPERVISOR_HTTPS_ADDRESS Ryan Richard 2020-10-20 15:57:10 -0700
  • 90235418b9 Add a test for when issuer hostname and supervisor public address differ Ryan Richard 2020-10-20 15:22:03 -0700
  • 9ba93d66c3
    test/integration: prefactoring for testing virtual hosts Ryan Richard 2020-10-20 17:00:36 -0400
  • aff85acf37
    Merge pull request #163 from vmware-tanzu/discovery_jwks Ryan Richard 2020-10-19 13:00:49 -0700
  • 4da64f38b5 Integration test for per-issuer OIDC JWKS endpoints Ryan Richard 2020-10-19 12:21:18 -0700
  • d9d76726c2 Implement per-issuer OIDC JWKS endpoint Ryan Richard 2020-10-16 17:51:40 -0700
  • 7e21b9b78d
    apicerts: return error on missing pre-requirements Monis Khan 2020-10-15 14:11:32 -0400
  • 08659a6583
    Merge pull request #158 from vmware-tanzu/label_every_resource Ryan Richard 2020-10-15 14:02:29 -0700
  • e2630be00a Update feature proposal template to work for users and contributors Andrew Keesler 2020-10-15 17:01:24 -0400
  • 8fe031e73d Do not copy pkg directory in Dockerfile Andrew Keesler 2020-10-15 13:31:16 -0700
  • 617c5608ca Supervisor controllers apply custom labels to JWKS secrets Andrew Keesler 2020-10-15 12:40:56 -0700
  • dda3c21a8e
    Add missing parenthesis to bug report template Andrew Keesler 2020-10-15 14:07:43 -0400
  • f8e461dfc3 Merge branch 'main' into label_every_resource Ryan Richard 2020-10-15 10:19:03 -0700
  • 94f20e57b1 Concierge controllers add labels to all created resources Ryan Richard 2020-10-15 10:14:23 -0700
  • 943286bbc6
    Merge pull request #157 from ankeesler/generate-jwk-key Andrew Keesler 2020-10-15 11:55:22 -0400
  • e05213f9dd
    supervisor-generate-key: use EC keys intead of RSA Andrew Keesler 2020-10-15 11:33:08 -0400
  • 5a0dab768f
    test/integration: remove unused function (see 31225ac7a) Andrew Keesler 2020-10-15 09:26:15 -0400
  • fbcce700dc
    Fix whitespace/spelling nits in JWKS controller Andrew Keesler 2020-10-15 09:22:17 -0400