djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ContainerImage.Pinniped/test/integration
History
Monis Khan 898f2bf942
impersonator: run as a distinct SA with minimal permissions 
This change updates the impersonation proxy code to run as a
distinct service account that only has permission to impersonate
identities.  Thus any future vulnerability that causes the
impersonation headers to be dropped will fail closed instead of
escalating to the concierge's default service account which has
significantly more permissions.

Signed-off-by: Monis Khan <mok@vmware.com>
 		2021-06-11 12:13:53 -04:00
..
category_test.go Ignore client-side throttling in kubectl stderr 2021-04-19 15:52:47 -04:00
cli_test.go Merge branch 'main' into initial_ldap 2021-05-11 11:09:37 -07:00
concierge_api_serving_certs_test.go Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-03-18 10:36:28 -04:00
concierge_availability_test.go All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
concierge_client_test.go Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-03-18 10:36:28 -04:00
concierge_credentialissuer_test.go Remove an invalid test assertion in TestCredentialIssuer. 2021-06-02 12:05:02 -05:00
concierge_credentialrequest_test.go Replace all usages of strPtr() with pointer.StringPtr() 2021-05-12 13:20:00 -07:00
concierge_impersonation_proxy_test.go impersonator: run as a distinct SA with minimal permissions 2021-06-11 12:13:53 -04:00
concierge_kubecertagent_test.go Add a new "legacy pod cleaner" controller. 2021-04-26 08:19:45 -06:00
concierge_kubectl_test.go Rename pinniped-server -> pinniped-concierge 2020-10-06 14:59:03 -04:00
e2e_test.go Enable skipping of LDAP int tests when a firewall will block them 2021-05-28 16:13:20 -07:00
kube_api_discovery_test.go Add stub LDAP API type and integration test 2021-04-06 13:10:01 -04:00
kubeclient_test.go Give kubeclient_test some default values for credentialissuer spec 2021-05-19 11:56:54 -07:00
ldap_client_test.go In LDAP, do not log username until we know the user exists. 2021-05-28 16:57:48 -05:00
rbac_test.go impersonator: run as a distinct SA with minimal permissions 2021-06-11 12:13:53 -04:00
supervisor_discovery_test.go Update TestSupervisorOIDCDiscovery for versioned IDP discovery endpoint 2021-05-13 13:07:31 -07:00
supervisor_healthz_test.go Remove library.AssertNoRestartsDuringTest and make that assertion implicit in library.IntegrationEnv. 2021-03-17 11:18:10 -05:00
supervisor_login_test.go Avoid a rare flake in TestSupervisorLogin. 2021-06-03 12:13:56 -05:00
supervisor_secrets_test.go Remove library.AssertNoRestartsDuringTest and make that assertion implicit in library.IntegrationEnv. 2021-03-17 11:18:10 -05:00
supervisor_storage_garbage_collection_test.go supervisor gc: use singleton queue 2021-05-04 14:44:55 -04:00
supervisor_storage_test.go All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
supervisor_upstream_test.go Merge branch 'main' into initial_ldap 2021-05-11 11:09:37 -07:00
whoami_test.go Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy 2021-03-16 14:35:07 -05:00