ContainerImage.Pinniped/internal
Ryan Richard 34509e7430 Add more unit tests for dynamic clients and enhance token exchange
- Enhance the token exchange to check that the same client is used
  compared to the client used during the original authorization and
  token requests, and also check that the client has the token-exchange
  grant type allowed in its configuration.
- Reduce the minimum required bcrypt cost for OIDCClient secrets
  because 15 is too slow for real-life use, especially considering
  that every login and every refresh flow will require two client auths.
- In unit tests, use bcrypt hashes with a cost of 4, because bcrypt
  slows down by 13x when run with the race detector, and we run our
  tests with the race detector enabled, causing the tests to be
  unacceptably slow. The production code uses a higher minimum cost.
- Centralize all pre-computed bcrypt hashes used by unit tests to a
  single place. Also extract some other useful test helpers for
  unit tests related to OIDCClients.
- Add tons of unit tests for the token endpoint related to dynamic
  clients for authcode exchanges, token exchanges, and refreshes.
2022-07-20 13:55:56 -07:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
authenticators Don't do ldap group search when group scope not specified 2022-06-22 10:58:08 -07:00
certauthority Bump to go1.18.1 and fix linter errors 2022-04-13 16:43:06 -04:00
clusterhost Introduce clusterhost package to determine whether a cluster has control plane nodes 2021-02-09 11:16:01 -08:00
concierge Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
config Updates based on code review 2022-06-15 09:38:21 -07:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
controllerinit kubecertagent: fix flakey tests 2021-09-16 14:48:04 -04:00
controllerlib Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
controllermanager Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
crud Allow dynamic clients to be used in downstream OIDC flows 2022-07-14 09:51:11 -07:00
crypto/ptls Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
deploymentref Allow configuration of supervisor endpoints 2022-01-18 17:43:45 -05:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3 2022-06-07 15:26:30 -04:00
endpointaddr Add endpointaddr pkg for parsing host+port inputs. 2021-05-25 16:17:26 -05:00
execcredcache Add CLI caching of cluster-specific credentials. 2021-04-08 14:12:34 -05:00
fositestorage Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 2022-03-08 12:28:09 -08:00
fositestoragei More adjustments based on PR feedback 2021-04-27 16:54:26 -07:00
groupsuffix Change group names 2022-06-13 14:28:05 -07:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil Force the use of secure TLS config 2021-11-17 16:55:35 -05:00
issuer dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
kubeclient Change group names 2022-06-13 14:28:05 -07:00
leaderelection Ensure concierge and supervisor gracefully exit 2021-08-30 20:29:52 -04:00
localuserauthenticator Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
mocks Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
net/phttp Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 2022-03-08 12:28:09 -08:00
oidc Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
oidcclientsecretstorage Allow dynamic clients to be used in downstream OIDC flows 2022-07-14 09:51:11 -07:00
ownerref internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
plog Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
psession Supervisor should emit a warning when access token lifetime is too short 2022-01-20 13:48:50 -08:00
registry Updates based on code review 2022-06-15 09:38:21 -07:00
secret All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
supervisor Allow dynamic clients to be used in downstream OIDC flows 2022-07-14 09:51:11 -07:00
testutil Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
upstreamldap Add a couple tests, address pr comments 2022-06-22 14:19:55 -07:00
upstreamoidc Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
valuelesscontext valuelesscontext: make unit tests more clear 2021-04-30 10:43:29 -04:00