djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
79ca1d7fb0
ContainerImage.Pinniped/internal
History
Ryan Richard 79ca1d7fb0 Perform an upstream refresh during downstream refresh for OIDC upstreams 
- If the upstream refresh fails, then fail the downstream refresh
- If the upstream refresh returns an ID token, then validate it (we
  use its claims in the future, but not in this commit)
- If the upstream refresh returns a new refresh token, then save it
  into the user's session in storage
- Pass the provider cache into the token handler so it can use the
  cached providers to perform upstream refreshes
- Handle unexpected errors in the token handler where the user's session
  does not contain the expected data. These should not be possible
  in practice unless someone is manually editing the storage, but
  handle them anyway just to be safe.
- Refactor to share the refresh code between the CLI and the token
  endpoint by moving it into the UpstreamOIDCIdentityProviderI
  interface, since the token endpoint needed it to be part of that
  interface anyway
2021-10-13 12:31:20 -07:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
authenticators More LDAP WIP: started controller and LDAP server connection code 2021-04-09 18:49:43 -07:00
certauthority certauthority: tolerate larger clock skew between API server and pinniped 2021-09-21 09:32:24 -04:00
clusterhost Introduce clusterhost package to determine whether a cluster has control plane nodes 2021-02-09 11:16:01 -08:00
concierge Ensure concierge and supervisor gracefully exit 2021-08-30 20:29:52 -04:00
config Remove references to impersonationConfigMap. 2021-05-26 15:24:59 -05:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
controllerinit kubecertagent: fix flakey tests 2021-09-16 14:48:04 -04:00
controllerlib test/integration: run parallel tests concurrently with serial tests 2021-08-26 12:59:52 -04:00
controllermanager Ensure concierge and supervisor gracefully exit 2021-08-30 20:29:52 -04:00
crud Supervisor storage garbage collection controller enabled in production 2020-12-11 15:21:34 -08:00
deploymentref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert dynamiccert: prevent misuse of NewServingCert 2021-08-17 12:58:32 -04:00
endpointaddr Add endpointaddr pkg for parsing host+port inputs. 2021-05-25 16:17:26 -05:00
execcredcache Add CLI caching of cluster-specific credentials. 2021-04-08 14:12:34 -05:00
fositestorage Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
fositestoragei More adjustments based on PR feedback 2021-04-27 16:54:26 -07:00
groupsuffix Remove unparam linter 2021-08-19 10:20:24 -07:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil Adjust our securityheader pkg to support form_post. 2021-07-09 12:08:43 -05:00
issuer dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
kubeclient Add leader election middleware 2021-08-20 12:18:25 -04:00
leaderelection Ensure concierge and supervisor gracefully exit 2021-08-30 20:29:52 -04:00
localuserauthenticator Switch to a slimmer distroless base image. 2021-08-09 15:05:13 -04:00
mocks Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
oidc Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
ownerref internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
plog WIP on new plog 2021-04-21 09:02:45 -07:00
psession Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
registry token credential request: fix trace log kind 2021-09-20 15:34:05 -04:00
secret All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
supervisor/server Ensure concierge and supervisor gracefully exit 2021-08-30 20:29:52 -04:00
testutil Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
upstreamldap Require refresh tokens for upstream OIDC and save more session data 2021-10-08 15:48:21 -07:00
upstreamoidc Perform an upstream refresh during downstream refresh for OIDC upstreams 2021-10-13 12:31:20 -07:00
valuelesscontext valuelesscontext: make unit tests more clear 2021-04-30 10:43:29 -04:00