djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cd686ffdf3
ContainerImage.Pinniped/cmd/pinniped/cmd
History
Monis Khan cd686ffdf3
Force the use of secure TLS config 
This change updates the TLS config used by all pinniped components.
There are no configuration knobs associated with this change.  Thus
this change tightens our static defaults.

There are four TLS config levels:

1. Secure (TLS 1.3 only)
2. Default (TLS 1.2+ best ciphers that are well supported)
3. Default LDAP (TLS 1.2+ with less good ciphers)
4. Legacy (currently unused, TLS 1.2+ with all non-broken ciphers)

Highlights per component:

1. pinniped CLI
   - uses "secure" config against KAS
   - uses "default" for all other connections
2. concierge
   - uses "secure" config as an aggregated API server
   - uses "default" config as a impersonation proxy API server
   - uses "secure" config against KAS
   - uses "default" config for JWT authenticater (mostly, see code)
   - no changes to webhook authenticater (see code)
3. supervisor
   - uses "default" config as a server
   - uses "secure" config against KAS
   - uses "default" config against OIDC IDPs
   - uses "default LDAP" config against LDAP IDPs

Signed-off-by: Monis Khan <mok@vmware.com>
2021-11-17 16:55:35 -05:00
..
testdata Generate more helpful context/cluster/user names in pinniped get kubeconfig 2021-04-05 12:36:02 -05:00
alpha.go Add initial "pinniped alpha login oidc" partial implementation. 2020-10-06 12:42:29 -05:00
cobra_util_test.go Add initial "pinniped alpha login oidc" partial implementation. 2020-10-06 12:42:29 -05:00
cobra_util.go Declare war on namespaces 2021-02-10 21:52:07 -05:00
flag_types_test.go certauthority.go: Refactor issuing client versus server certs 2021-03-12 16:09:37 -08:00
flag_types.go Rename this flag types for consistency. 2021-03-08 14:33:38 -06:00
generate_markdown_help.go cmd/pinniped: add generate-markdown-help for generating CLI doc 2021-03-23 09:35:58 -04:00
get.go Update test assertions related to spf13/cobra. 2020-12-17 16:31:08 -06:00
kube_util.go cmd/pinniped: add whoami command 2021-03-18 08:56:34 -04:00
kubeconfig_test.go Change default install hint to use get.pinniped.dev/cli 2021-10-26 17:14:13 -04:00
kubeconfig.go Force the use of secure TLS config 2021-11-17 16:55:35 -05:00
login_oidc_test.go Merge branch 'main' of github.com:vmware-tanzu/pinniped into active-directory-identity-provider 2021-08-24 12:19:29 -07:00
login_oidc.go Force the use of secure TLS config 2021-11-17 16:55:35 -05:00
login_static_test.go login: update tests for new client exec code 2021-08-09 19:16:55 -04:00
login_static.go Log lines about using cached credential 2021-04-21 09:02:45 -07:00
login.go Merge branch 'main' into initial_ldap 2021-04-14 17:47:26 -07:00
root.go cmd/pinniped: delete get-kubeconfig + exchange-token 2021-02-09 17:01:57 -05:00
version_test.go Update test assertions related to spf13/cobra. 2020-12-17 16:31:08 -06:00
version.go cmd/pinniped: add version command 2020-09-28 10:44:33 -04:00
whoami_test.go Generate more helpful context/cluster/user names in pinniped get kubeconfig 2021-04-05 12:36:02 -05:00
whoami.go Merge branch 'main' into impersonation-proxy 2021-03-22 09:27:18 -07:00