github/kubelogin
1
0
Fork 0
mirror of https://github.com/int128/kubelogin.git synced 2026-05-17 21:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,129 Commits 5 Branches 76 Tags
v1.32.0
Commit Graph

51 Commits

Author SHA1 Message Date
Hidetake Iwata
6f62b25c40 Extract struct tokencache.Config (#1226) 2025-01-11 16:44:56 +09:00
Hidetake Iwata
c66570c030 Remove unused struct member (#1224) 2025-01-08 12:50:15 +09:00
kalle (jag)
afb25f511c Added key cache via OS keyring (#973) 
* Added key cache via OS keyring

* Fix lint issue

* Disable keyring in integration tests

* Disable keyring in system test

---------

Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2025-01-08 12:32:26 +09:00
Hidetake Iwata
0e9a39a571 Infer apiVersion from KUBERNETES_EXEC_INFO environment variable (#1162) 
* Infer apiVersion from KUBERNETES_EXEC_INFO

* Test client.authentication.k8s.io/v1

* Set --exec-interactive-mode

* Set --exec-interactive-mode=Never

* Fix comments
 2024-11-03 17:21:25 +09:00
Hidetake Iwata
f1f2a37adc Include essential options to token cache key (#1161) 2024-10-26 21:42:23 +09:00
Hidetake Iwata
438068e9de refactor: Move useAccessToken to oidc.Provider (#1160) 
* refactor: Move useAccessToken to oidc.Provider

* Generated by GitHub Actions (go / generate)

https://github.com/int128/kubelogin/actions/runs/11530911738

---------

Co-authored-by: update-generated-files-action <41898282+github-actions[bot]@users.noreply.github.com>
 2024-10-26 21:07:44 +09:00
Hidetake Iwata
3d114bfeba Lock token cache file before authentication (#1126) 
* Lock token cache file in authentication

* Fix tests

* make generate

* Lock before FindByKey

* Fix test
 2024-09-21 14:54:32 +09:00
Hidetake Iwata
66127ff3fc Migrate to mockery packages feature (#1124) 
* Migrate to mockery packages feature

* Fix workflow
 2024-08-17 12:27:13 +09:00
Adam Kafka
905238ce07 Add new --oidc-use-access-token flag to get-token (#1084) 
* Add new `--oidc-use-access-token` flag to `get-token`

Implements https://github.com/int128/kubelogin/issues/1083. See
description there for context.

In its current form, this PR is bare bones functionality. I have not yet
added any tests to confirm this behavior. Additionally, we could
consider updtating some of the naming. It is confusing to return a
`TokenSet` where `IDToken` actually has an `accessToken`. I'm open to
feedback on how best to improve this.

However, this PR is functional. I have validated it locally. Without
adding `--oidc-use-access-token`, and `id_token` is successfully
returned. Adding `--oidc-use-access-token` results in an `access_token`
being successfully returned.

* Fix failing tests

Needed to plumb through our new parameter `UseAccessToken` to the mocks
as well.

* Add a test to make sure new flag is plumbed through

* Support Access Tokens whose audience differ from the client_id

As noted in the PR, there are some cases where the access token `aud`
field will not be the `client_id`. To allow for these, we use a
different token verifier that will not verify that claim.

---------

Co-authored-by: Adam kafka <akafka@tesla.com>
 2024-08-16 16:57:05 +09:00
renovate[bot]
9e2fcd8cdb fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#925) 
* fix(deps): update module github.com/golang-jwt/jwt/v4 to v5

* Replace with `jwt.RegisteredClaims`

* Replace with `jwt.NewNumericDate`

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2023-05-14 21:38:48 +09:00
Hidetake Iwata
10412effa2 Run go fmt (#866) 
* Run go fmt

* Generated by GitHub Actions (go / generate)

https://github.com/int128/kubelogin/actions/runs/4971610724

---------

Co-authored-by: update-generated-files-action <41898282+github-actions[bot]@users.noreply.github.com>
 2023-05-14 18:21:55 +09:00
Martin Linkhorst
f03d4fe821 get-token: add --force-refresh flag to refresh ID token (#879) 2023-02-17 15:25:11 +09:00
Hidetake Iwata
7152bccd21 refactor: migrate to Testify Mock (#739) 2022-07-16 16:55:51 +09:00
Hidetake Iwata
8e1a63b1a2 Change mutex scope to bind address port (#430) 2020-11-23 17:41:07 +09:00
Hidetake Iwata
ebf81debe1 Refactor: credentialplugin/get_token_test.go (#429) 
* Refactor: extract const vars

* Refactor: extract ROPC test case
 2020-11-22 20:01:45 +09:00
Hidetake Iwata
2f271b5870 Refactor: replace Input fields with oidc.Provider (#428) 2020-11-21 12:35:23 +09:00
Hidetake Iwata
b1d8e8f7e1 Refactor: rewrite with Go errors package (#427) 2020-11-21 12:10:42 +09:00
Hidetake Iwata
5a3227409c Refactor: rename to infrastructure package (#426) 2020-11-21 07:56:52 +09:00
Hidetake Iwata
9bab6b2ccd Refactor: extract tokencache and repository package (#424) 2020-11-20 07:01:16 +09:00
Hidetake Iwata
4773b67abd Refactor: extract credentialplugin package (#422) 2020-11-18 10:00:39 +09:00
Hidetake Iwata
34762216c1 Refactor: extract tlsclientconfig.Config (#409) 2020-11-03 14:37:24 +09:00
Eric Poitras
878847f937 feat(389): Prevent concurrent authentication using a lockfile. (#397) 
* feat(389): Prevent concurrent authentication using a lockfile to protect the local port allocation.

* Fix test

* Refactor: inline values

Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2020-10-25 14:32:53 +09:00
Hidetake Iwata
b701a6f0aa Refactor: aggregate test cases to lease and full options (#406) 2020-10-25 12:24:35 +09:00
Christoph Stäbler
d1b89e3d38 Add username in token cache key (#404) 2020-10-24 20:44:29 +09:00
Hidetake Iwata
64bfc5a465 Refactor authentication use-cases (#395) 2020-10-03 20:01:26 +09:00
Hidetake Iwata
5b2c82fc33 Refactor: replace DTO with oidc.TokenSet type (#394) 
* Refactor: remove IDTokenClaims from TokenSet and decode in use-cases

* Refactor: use oidc.TokenSet for cache repository
 2020-10-03 17:49:21 +09:00
Hidetake Iwata
1dee4a354e Refactor: extract oidc.Provider (#393) 2020-10-03 08:35:35 +09:00
Hidetake Iwata
c488888834 Refactor: pull up packages of domain (#349) 2020-07-30 09:37:10 +09:00
Hidetake Iwata
a0e81e762c Refactor: split authentication package into methods (#346) 2020-07-30 00:31:23 +09:00
Hidetake Iwata
c4ce1629e2 Refactor: regenerate with the latest mockgen (#345) 2020-07-30 00:04:56 +09:00
Hidetake Iwata
8b9e31b4c5 Refactor: error messages and testing/logger (#243) 
* Refactor: respect -v option in testing/logger

* Refactor: revise error messages
 2020-02-22 12:31:00 +09:00
Hidetake Iwata
aac8780caf Refactor: move to testing/logger 2020-02-21 22:39:27 +09:00
Hidetake Iwata
f89525b184 Refactor: extract domain/jwt and testing/jwt (#241) 
* Refactor: extract domain/jwt and testing/jwt

* Refactor: remove jwt-go dep from product code
 2020-02-21 22:33:08 +09:00
Hidetake Iwata
7ce98c7119 Add --certificate-authority-data option (#233) 2020-02-12 10:15:12 +09:00
Hidetake Iwata
c53d415255 Refactor test and interfaces (#227) 
* Refactor: extract adaptors.browser package

* Refactor: rename to idp.Provider

* Refactor: rename to adaptors.credentialpluginwriter
 2020-02-07 11:56:31 +09:00
Hidetake Iwata
d223175b92 Refactor dependency injection (#209) 
* Refactor: use func type instead of factory interface

* Refactor: remove duplicated dependencies in di.go
 2020-01-17 22:01:40 +09:00
Hidetake Iwata
76f61300d6 Refactor: extract oidc.Claims model (#202) 
* Refactor: extract oidc.Claims model

* Refactor: extract Claims.IsExpired()
 2019-12-26 20:17:30 +09:00
Hidetake Iwata
f7f1985a89 Refactor (#201) 
* Refactor: rename to tokencache.Value

* Refactor: move to cmp.Diff from deep.Equal

* Refactor: reword error messages
 2019-12-26 11:51:14 +09:00
Hidetake Iwata
3d47c88a8d Fix token cache is not refreshed when oidc options changed (#200) 2019-12-25 10:44:44 +09:00
Hidetake Iwata
cc48fb4cf7 Refactor: regenerate mocks with newer mockgen (#181) 2019-10-31 11:17:53 +09:00
Hidetake Iwata
ec7f7a062a Refactor: extract GrantOptionSet (#180) 2019-10-31 11:02:03 +09:00
Hidetake Iwata
5a71247214 Refactor: extract authentication options (#177) 
* Refactor: extract authentication options

* Refactor: make subtests
 2019-10-30 21:32:51 +09:00
Hidetake Iwata
2700e439b9 Refactor: remove kubeconfig.OIDCConfig for single responsibility (#173) 
* Refactor: remove kubeconfig.OIDCConfig for single responsibility

* fixup: add comments and rename methods

* fixup: fix methods name

* fixup: replace GetX509OrNil with SetRootCAs
 2019-10-28 23:45:17 +09:00
Hidetake Iwata
dbf6238029 Refactor: rename auth package (#172) 2019-10-28 20:02:59 +09:00
Hidetake Iwata
93e893bc36 Refactor: replace ListenPort with BindAddress option (#171) 2019-10-28 19:59:45 +09:00
Hidetake Iwata
581284c626 Suppress success log to prevent screen disturbance (#165) 2019-10-19 15:36:47 +09:00
Hidetake Iwata
bf02210f2a Refactor: merge interface and implementation package (#141) 
* Refactor: move logger interfaces

* Refactor: move oidc interfaces

* Refactor: move env interface

* Refactor: move credential plugin interface

* Refactor: move token cache interface

* Refactor: move kubeconfig interface

* Refactor: move cmd interface

* Refactor: move use-cases interfaces
 2019-08-28 22:55:28 +09:00
Hidetake Iwata
53e8284b63 Move to k8s.io/klog (#139) 2019-08-27 14:48:44 +09:00
Hidetake Iwata
315d6151d7 Refactor (#133) 
* Refactor: change debug messages to lowercase

* Refactor: add debug messages

* Refactor Makefile

* Refactor: add keys and certificates of e2e tests
 2019-08-18 15:14:07 +09:00
Hidetake Iwata
5e0fc7f399 Save token cache for each issuer and client ID (#131) 2019-08-14 14:52:58 +09:00