djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ee05f155ca
ContainerImage.Pinniped/internal
History
Ryan Richard 288d9c999e Use custom suffix in Spec.Authenticator.APIGroup of TokenCredentialRequest 
When the Pinniped server has been installed with the `api_group_suffix`
option, for example using `mysuffix.com`, then clients who would like to
submit a `TokenCredentialRequest` to the server should set the
`Spec.Authenticator.APIGroup` field as `authentication.concierge.mysuffix.com`.

This makes more sense from the client's point of view than using the
default `authentication.concierge.pinniped.dev` because
`authentication.concierge.mysuffix.com` is the name of the API group
that they can observe their cluster and `authentication.concierge.pinniped.dev`
does not exist as an API group on their cluster.

This commit includes both the client and server-side changes to make
this work, as well as integration test updates.

Co-authored-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Margo Crawford <margaretc@vmware.com>
2021-02-03 15:49:15 -08:00
..
certauthority Add a CA.Pool() method to ./internal/certauthority. 2020-12-02 15:55:34 -06:00
concierge Use custom suffix in Spec.Authenticator.APIGroup of TokenCredentialRequest 2021-02-03 15:49:15 -08:00
config Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller Use custom suffix in Spec.Authenticator.APIGroup of TokenCredentialRequest 2021-02-03 15:49:15 -08:00
controllerlib Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
controllermanager Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
crud Supervisor storage garbage collection controller enabled in production 2020-12-11 15:21:34 -08:00
deploymentref Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert internal/provider -> internal/dynamiccert 2020-09-23 08:29:35 -04:00
fositestorage Update ExpectedAuthorizeCodeSessionJSONFromFuzzing. 2020-12-17 16:31:08 -06:00
groupsuffix Use custom suffix in Spec.Authenticator.APIGroup of TokenCredentialRequest 2021-02-03 15:49:15 -08:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil Simplify securityheader package by merging header fields. 2020-12-16 12:41:05 -06:00
kubeclient internal/kubeclient: fix not found test and request body closing bug 2021-02-03 08:19:34 -05:00
mocks internal/mocks/mockroundtripper: we don't need these anymore 2021-02-03 08:55:38 -05:00
multierror Backfill tests to OIDCProviderConfig controller 2020-10-09 10:39:17 -04:00
oidc Add some trivial unit tests to internal/oidc/csrftoken. 2021-02-02 09:38:17 -06:00
ownerref Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
plog Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
registry/credentialrequest Changing references from 1.19 to 1.20 2021-01-07 15:25:47 -08:00
secret Rename off of main 2020-12-16 14:27:09 -08:00
testutil internal/kubeclient: fix not found test and request body closing bug 2021-02-03 08:19:34 -05:00
upstreamoidc Upgrade to github.com/coreos/go-oidc v3.0.0. 2021-01-21 12:08:14 -06:00