pinniped

mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-03-03 18:20:48 +00:00

Author	SHA1	Message	Date
Joshua Casey	ca5bb2170c	webhookcontroller should use a logger that is built for each webhook authenticator	2024-08-05 11:32:20 -07:00
Joshua Casey	05a2fd97f8	webhookcontroller now only logs the webhook authenticator name instead of an object Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	dedd51df91	Test Refactor: webhookauthenticator_test checks exact log line equality Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	290676e4d1	improve info/debug log messages for jwtcachefiller & webhookcachefiller Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	8725ab4caa	do not make any assumption about OIDC issuer 404 page body in test Instead of using Dex or Okta, use a fake localhost issuer which does not exist. This will give a consistent connection error message. Needed because Dex and Okta return different 404 error pages, so we can't easily make a test assertion that works for both. Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	3891f90f43	skip external CA bundle tests when CA bundle is empty Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	9f17ba5ae4	change wording of TLS config loaded success messages	2024-08-05 11:32:20 -07:00
Ashish Amarnath	81d42cb3b9	add unit tests for validatedsettings cache storing ca bundle hash Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com> Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	dfef9f470f	fix bug in webhookcachefiller caused when status update returns error Also refactor test assertions regarding log statements in jwtcachefiller_test.go and webhookcachefiller_test.go Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	f5da417450	fix bug in jwtcachefiller caused when status update returns error Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	a888083c50	Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte) Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	99cfc4fbce	Remove tlsconfigutil.CABundle.IsEqual and ensure that tlsconfigutil.NewCABundle handles nil/empty input Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	fcceeed9fa	Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	4cf0e46c38	tlsconfigutil.CABundle should generate its own certPool	2024-08-05 11:32:20 -07:00
Joshua Casey	34eff2a2f9	Refactor tlsconfigutil.buildCABundle to make it more clear where the bundle is coming from	2024-08-05 11:32:20 -07:00
Joshua Casey	e82cb2c7ba	Refactor tlsconfigutil.getCertPool to return a CABundle and change its name to buildCABundle	2024-08-05 11:32:20 -07:00
Joshua Casey	0711093ccd	Add tests for tlsconfigutil.CABundle and all callers should use the constructor	2024-08-05 11:32:20 -07:00
Joshua Casey	15d0006841	Pull tlsconfigutil.CABundle into a separate file	2024-08-05 11:32:20 -07:00
Ashish Amarnath	282b949c24	update jwtcachefiller to use new tlsconfigutil.CABundle type Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ashish Amarnath	005dbf3aa8	refactor tlsconfigutil to return a caBundle type Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ashish Amarnath	a1dcba4731	add unit tests for validatedsettings cache storing ca bundle hash Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Ashish Amarnath	2a62beeb5f	store ca bundle hash in validated settings cache Signed-off-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	242fa8afb2	When reading CA bundle from a secret/configmap, return more specific err When the bundle does not contain any certs, make the error more specific. Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	e3ed722252	Minor refactor Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	9a16dc28b7	Fix another integration test	2024-08-05 11:32:20 -07:00
Joshua Casey	de86809b69	Fix some integration tests	2024-08-05 11:32:20 -07:00
Joshua Casey	9420bfde5b	webhookcachefiller controller loops over all webhookauthenticators	2024-08-05 11:32:20 -07:00
Ryan Richard	adb460b644	refactor integration test to use proper test table	2024-08-05 11:32:20 -07:00
Ryan Richard	06b47a5792	jwtcachefiller controller loops over all jwtauthenticators Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	ca2dd2d476	refactor InferSupervisorIssuerURL() func; remove a TODO Co-authored-by: Joshua Casey <joshuatcasey@gmail.com> Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	60f82d2a55	Fix integration test typo	2024-08-05 11:32:20 -07:00
Ryan Richard	414ff503ef	extract some common condition reason string constants	2024-08-05 11:32:20 -07:00
Joshua Casey	4ec5766ea9	Modify Concierge/Superivsor TLS spec integration tests to allow for older K8s versions	2024-08-05 11:32:20 -07:00
Joshua Casey	b7c26c43ca	Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the Supervisor TLS config static validation integration tests Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	4b2ed52f44	Add GitHubIdentityProvider to the Supervisor TLS config static validation integration tests Co-authored-by: Ryan Richard <richardry@vmware.com>	2024-08-05 11:32:20 -07:00
Ryan Richard	f381c92f0b	Use templates to reduce duplication in concierge_tls_spec_test.go Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-08-05 11:32:20 -07:00
Joshua Casey	3a303cc8fb	Supervisor TLS Spec validation integration tests should use helper method	2024-08-05 11:32:20 -07:00
Ryan Richard	09724cfa71	Add unit test: when discovery is already cached for OIDCIdentityProvider	2024-08-05 11:32:20 -07:00
Joshua Casey	d74c2a6e3f	Supervisor TLS spec integration tests should use an OIDC issuer url from the test environment	2024-08-05 11:32:19 -07:00
Joshua Casey	0f9352db3b	Integration tests should use a helper func to infer Supervisor's downstream issuer URL	2024-08-05 11:32:19 -07:00
Joshua Casey	afec420ce6	Add JWTAuthenticators to the static validation checks for concierge TLS spec	2024-08-05 11:32:19 -07:00
Joshua Casey	d5e3ad9da0	Concierge external TLS static integration tests use the real URL of the deployed local-user-authenticator	2024-08-05 11:32:19 -07:00
Ryan Richard	0f103ed2a4	Add unit tests for external CA bundle in oidc_upstream_watcher_test.go	2024-08-05 11:32:19 -07:00
Joshua Casey	d62d6a1f27	Refactor github_controller_watcher to simplify the tls Dial	2024-08-05 11:32:19 -07:00
Ryan Richard	a4ad5d68a9	Fix *_tls_spec_test.go for old versions of Kubernetes Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-08-05 11:32:19 -07:00
Ryan Richard	30c0fd479e	Fix e2e_test.go Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>	2024-08-05 11:32:19 -07:00
Ryan Richard	756966c55b	add "Status" printer column to JWTAuthenticator and WebhookAuthenticator	2024-08-05 11:32:19 -07:00
Joshua Casey	288e092d2e	GitHub IDP watcher should not dial an address that has already been validated	2024-08-05 11:32:19 -07:00
Ryan Richard	72745cd8fe	run codegen to update copyrights	2024-08-05 11:32:19 -07:00
Ryan Richard	8060e82745	include external CA bundles in the cache key in oidc_upstream_watcher.go	2024-08-05 11:32:19 -07:00

1 2 3 4 5 ...

4209 Commits