ContainerImage.Pinniped/internal/controller
Ryan Richard e0ecdc004b Allow dynamic clients to be used in downstream OIDC flows
This is only a first commit towards making this feature work.
- Hook dynamic clients into fosite by returning them from the storage
  interface (after finding and validating them)
- In the auth endpoint, prevent the use of the username and password
  headers for dynamic clients to force them to use the browser-based
  login flows for all the upstream types
- Add happy path integration tests in supervisor_login_test.go
- Add lots of comments (and some small refactors) in
  supervisor_login_test.go to make it much easier to understand
- Add lots of unit tests for the auth endpoint regarding dynamic clients
  (more unit tests to be added for other endpoints in follow-up commits)
- Enhance crud.go to make lifetime=0 mean never garbage collect,
  since we want client secret storage Secrets to last forever
- Move the OIDCClient validation code to a package where it can be
  shared between the controller and the fosite storage interface
- Make shared test helpers for tests that need to create OIDC client
  secret storage Secrets
- Create a public const for "pinniped-cli" now that we are using that
  string in several places in the production code
2022-07-14 09:51:11 -07:00
..
apicerts Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
authenticator Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3 2022-06-07 15:26:30 -04:00
conditionsutil New controller watches OIDCClients and updates validation Conditions 2022-06-17 13:11:26 -04:00
impersonatorconfig Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
issuerconfig When merging CredentialIssuer updates, don't overwrite LastUpdated. 2021-05-27 17:09:12 -05:00
kubecertagent Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3 2022-06-07 15:26:30 -04:00
supervisorconfig Allow dynamic clients to be used in downstream OIDC flows 2022-07-14 09:51:11 -07:00
supervisorstorage Fix code that did not auto-merge correctly in previous merge from main 2022-01-14 10:59:39 -08:00
controller_test.go Clean this test up a trivial amount using require.Implementsf(). 2020-12-17 08:38:16 -06:00
utils.go Upstream Watcher Controller Syncs less often by adjusting its filters 2020-12-18 15:41:18 -08:00