-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement proposal to allow Pinniped custom resources to ref configmaps or secrets for CA bundles #1996
Commits on Aug 5, 2024
-
update go templates for TLSSpec for concierge and supervisor
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 842f14a - Browse repository at this point
Copy the full SHA 842f14aView commit details -
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 19c3f2c - Browse repository at this point
Copy the full SHA 19c3f2cView commit details -
add CRD validation integration tests
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7e6dadb - Browse repository at this point
Copy the full SHA 7e6dadbView commit details -
refactor tls spec validation into its own package
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 080c75e - Browse repository at this point
Copy the full SHA 080c75eView commit details -
unify TLS Spec between supervisor and concierge
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aab1ee9 - Browse repository at this point
Copy the full SHA aab1ee9View commit details -
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3a969a8 - Browse repository at this point
Copy the full SHA 3a969a8View commit details -
get all supervisor unit tests to pass
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 199562f - Browse repository at this point
Copy the full SHA 199562fView commit details -
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 207bac9 - Browse repository at this point
Copy the full SHA 207bac9View commit details -
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9ab7c39 - Browse repository at this point
Copy the full SHA 9ab7c39View commit details -
Configuration menu - View commit details
-
Copy full SHA for 90e8cc8 - Browse repository at this point
Copy the full SHA 90e8cc8View commit details -
update supervisor RBAC to allow get, list, and watch on configmaps
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for edc327b - Browse repository at this point
Copy the full SHA edc327bView commit details -
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for afcd80d - Browse repository at this point
Copy the full SHA afcd80dView commit details -
integration tests for supervisor oidc, ldap, activedirectory IDP
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 821a893 - Browse repository at this point
Copy the full SHA 821a893View commit details -
add namespace to jwt authenticator controller
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6a610a9 - Browse repository at this point
Copy the full SHA 6a610a9View commit details -
integration tests for supervisor oidc, ldap, activedirectory IDP
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8eb15a9 - Browse repository at this point
Copy the full SHA 8eb15a9View commit details -
integration tests for concierge authenticators
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cb4b63f - Browse repository at this point
Copy the full SHA cb4b63fView commit details -
test secret and configmap filtering in concierge authenticator contro…
…llers Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1b7a26d - Browse repository at this point
Copy the full SHA 1b7a26dView commit details -
add code review todos and light refactoring
Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e9023e - Browse repository at this point
Copy the full SHA 6e9023eView commit details -
jwtauthenticator controller redoes validations when external CA bundl…
…e changes Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bf1c02d - Browse repository at this point
Copy the full SHA bf1c02dView commit details -
error when CA bundle from Secret or ConfigMap is empty
Co-authored-by: Joshua Casey <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 920b519 - Browse repository at this point
Copy the full SHA 920b519View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2d5943b - Browse repository at this point
Copy the full SHA 2d5943bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 66401b4 - Browse repository at this point
Copy the full SHA 66401b4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 373713f - Browse repository at this point
Copy the full SHA 373713fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8060e82 - Browse repository at this point
Copy the full SHA 8060e82View commit details -
Configuration menu - View commit details
-
Copy full SHA for 72745cd - Browse repository at this point
Copy the full SHA 72745cdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 288e092 - Browse repository at this point
Copy the full SHA 288e092View commit details -
Configuration menu - View commit details
-
Copy full SHA for 756966c - Browse repository at this point
Copy the full SHA 756966cView commit details -
Co-authored-by: Joshua Casey <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 30c0fd4 - Browse repository at this point
Copy the full SHA 30c0fd4View commit details -
Fix *_tls_spec_test.go for old versions of Kubernetes
Co-authored-by: Joshua Casey <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a4ad5d6 - Browse repository at this point
Copy the full SHA a4ad5d6View commit details -
Configuration menu - View commit details
-
Copy full SHA for d62d6a1 - Browse repository at this point
Copy the full SHA d62d6a1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0f103ed - Browse repository at this point
Copy the full SHA 0f103edView commit details -
Concierge external TLS static integration tests use the real URL of t…
…he deployed local-user-authenticator
Configuration menu - View commit details
-
Copy full SHA for d5e3ad9 - Browse repository at this point
Copy the full SHA d5e3ad9View commit details -
Configuration menu - View commit details
-
Copy full SHA for afec420 - Browse repository at this point
Copy the full SHA afec420View commit details -
Integration tests should use a helper func to infer Supervisor's down…
…stream issuer URL
Configuration menu - View commit details
-
Copy full SHA for 0f9352d - Browse repository at this point
Copy the full SHA 0f9352dView commit details -
Supervisor TLS spec integration tests should use an OIDC issuer url f…
…rom the test environment
Configuration menu - View commit details
-
Copy full SHA for d74c2a6 - Browse repository at this point
Copy the full SHA d74c2a6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 09724cf - Browse repository at this point
Copy the full SHA 09724cfView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3a303cc - Browse repository at this point
Copy the full SHA 3a303ccView commit details -
Use templates to reduce duplication in concierge_tls_spec_test.go
Co-authored-by: Joshua Casey <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f381c92 - Browse repository at this point
Copy the full SHA f381c92View commit details -
Add GitHubIdentityProvider to the Supervisor TLS config static valida…
…tion integration tests Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4b2ed52 - Browse repository at this point
Copy the full SHA 4b2ed52View commit details -
Add LDAPIdentityProvider and ActiveDirectoryIdentityProvider to the S…
…upervisor TLS config static validation integration tests Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b7c26c4 - Browse repository at this point
Copy the full SHA b7c26c4View commit details -
Modify Concierge/Superivsor TLS spec integration tests to allow for o…
…lder K8s versions
Configuration menu - View commit details
-
Copy full SHA for 4ec5766 - Browse repository at this point
Copy the full SHA 4ec5766View commit details -
Configuration menu - View commit details
-
Copy full SHA for 414ff50 - Browse repository at this point
Copy the full SHA 414ff50View commit details -
Configuration menu - View commit details
-
Copy full SHA for 60f82d2 - Browse repository at this point
Copy the full SHA 60f82d2View commit details -
refactor InferSupervisorIssuerURL() func; remove a TODO
Co-authored-by: Joshua Casey <[email protected]> Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ca2dd2d - Browse repository at this point
Copy the full SHA ca2dd2dView commit details -
jwtcachefiller controller loops over all jwtauthenticators
Co-authored-by: Joshua Casey <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 06b47a5 - Browse repository at this point
Copy the full SHA 06b47a5View commit details -
Configuration menu - View commit details
-
Copy full SHA for adb460b - Browse repository at this point
Copy the full SHA adb460bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9420bfd - Browse repository at this point
Copy the full SHA 9420bfdView commit details -
Configuration menu - View commit details
-
Copy full SHA for de86809 - Browse repository at this point
Copy the full SHA de86809View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9a16dc2 - Browse repository at this point
Copy the full SHA 9a16dc2View commit details -
Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e3ed722 - Browse repository at this point
Copy the full SHA e3ed722View commit details -
When reading CA bundle from a secret/configmap, return more specific err
When the bundle does not contain any certs, make the error more specific. Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 242fa8a - Browse repository at this point
Copy the full SHA 242fa8aView commit details -
store ca bundle hash in validated settings cache
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2a62bee - Browse repository at this point
Copy the full SHA 2a62beeView commit details -
add unit tests for validatedsettings cache storing ca bundle hash
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a1dcba4 - Browse repository at this point
Copy the full SHA a1dcba4View commit details -
refactor tlsconfigutil to return a caBundle type
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 005dbf3 - Browse repository at this point
Copy the full SHA 005dbf3View commit details -
update jwtcachefiller to use new tlsconfigutil.CABundle type
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 282b949 - Browse repository at this point
Copy the full SHA 282b949View commit details -
Configuration menu - View commit details
-
Copy full SHA for 15d0006 - Browse repository at this point
Copy the full SHA 15d0006View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0711093 - Browse repository at this point
Copy the full SHA 0711093View commit details -
Refactor tlsconfigutil.getCertPool to return a CABundle and change it…
…s name to buildCABundle
Configuration menu - View commit details
-
Copy full SHA for e82cb2c - Browse repository at this point
Copy the full SHA e82cb2cView commit details -
Refactor tlsconfigutil.buildCABundle to make it more clear where the …
…bundle is coming from
Configuration menu - View commit details
-
Copy full SHA for 34eff2a - Browse repository at this point
Copy the full SHA 34eff2aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4cf0e46 - Browse repository at this point
Copy the full SHA 4cf0e46View commit details -
Refactor tlsconfigutil.CABundle 'getters' to not have 'get' in the name
Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fcceeed - Browse repository at this point
Copy the full SHA fcceeedView commit details -
Remove tlsconfigutil.CABundle.IsEqual and ensure that tlsconfigutil.N…
…ewCABundle handles nil/empty input Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 99cfc4f - Browse repository at this point
Copy the full SHA 99cfc4fView commit details -
Introduce type alias CABundleHash for the hash of a CA bundle ([32]byte)
Co-authored-by: Ryan Richard <[email protected]> Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a888083 - Browse repository at this point
Copy the full SHA a888083View commit details -
fix bug in jwtcachefiller caused when status update returns error
Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f5da417 - Browse repository at this point
Copy the full SHA f5da417View commit details -
fix bug in webhookcachefiller caused when status update returns error
Also refactor test assertions regarding log statements in jwtcachefiller_test.go and webhookcachefiller_test.go Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dfef9f4 - Browse repository at this point
Copy the full SHA dfef9f4View commit details -
add unit tests for validatedsettings cache storing ca bundle hash
Signed-off-by: Ashish Amarnath <[email protected]> Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 81d42cb - Browse repository at this point
Copy the full SHA 81d42cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9f17ba5 - Browse repository at this point
Copy the full SHA 9f17ba5View commit details -
skip external CA bundle tests when CA bundle is empty
Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3891f90 - Browse repository at this point
Copy the full SHA 3891f90View commit details -
do not make any assumption about OIDC issuer 404 page body in test
Instead of using Dex or Okta, use a fake localhost issuer which does not exist. This will give a consistent connection error message. Needed because Dex and Okta return different 404 error pages, so we can't easily make a test assertion that works for both. Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8725ab4 - Browse repository at this point
Copy the full SHA 8725ab4View commit details -
improve info/debug log messages for jwtcachefiller & webhookcachefiller
Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 290676e - Browse repository at this point
Copy the full SHA 290676eView commit details -
Test Refactor: webhookauthenticator_test checks exact log line equality
Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dedd51d - Browse repository at this point
Copy the full SHA dedd51dView commit details -
webhookcontroller now only logs the webhook authenticator name instea…
…d of an object Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 05a2fd9 - Browse repository at this point
Copy the full SHA 05a2fd9View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca5bb21 - Browse repository at this point
Copy the full SHA ca5bb21View commit details -
webhookcachefiller adds more detail when it chooses to update or not …
…update status conditions
Configuration menu - View commit details
-
Copy full SHA for 1438f06 - Browse repository at this point
Copy the full SHA 1438f06View commit details -
Configuration menu - View commit details
-
Copy full SHA for 15c84fc - Browse repository at this point
Copy the full SHA 15c84fcView commit details -
jwtcachefiller now tests for exact log lines and prints when it choos…
…es to not update the status
Configuration menu - View commit details
-
Copy full SHA for d6d66fa - Browse repository at this point
Copy the full SHA d6d66faView commit details -
update expectation conditions message when CA bundle is not configured
fix a typo where we intended to use a configmap instead of a secret Signed-off-by: Ashish Amarnath <[email protected]> Co-authored-by: Ryan Richard <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a0c259f - Browse repository at this point
Copy the full SHA a0c259fView commit details -
webhookcachefiller and jwtcachefiller always update status when needed
Even when the authenticator is found in the cache, try to update its status. Failing to do so would mean that the actual status will not be overwritten by the controller's newly computed desired status. Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ed50294 - Browse repository at this point
Copy the full SHA ed50294View commit details -
secret/configmap with CA bundle to be created in namespace where pinn…
…iped is installed Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 19c4acf - Browse repository at this point
Copy the full SHA 19c4acfView commit details -
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 43964ff - Browse repository at this point
Copy the full SHA 43964ffView commit details -
Configuration menu - View commit details
-
Copy full SHA for 91ef689 - Browse repository at this point
Copy the full SHA 91ef689View commit details -
Configuration menu - View commit details
-
Copy full SHA for 02e41ba - Browse repository at this point
Copy the full SHA 02e41baView commit details -
update docs and change struct name in types_tls.go.tmpl files
Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e0235ed - Browse repository at this point
Copy the full SHA e0235edView commit details -
refactor test helpers in supervisor_login_test.go
Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2181418 - Browse repository at this point
Copy the full SHA 2181418View commit details -
Add integration tests for tls spec validation in JWTAuthenticator and…
… WebhookAuthenticator Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c340509 - Browse repository at this point
Copy the full SHA c340509View commit details -
add integration test for TLS config validation in OIDCIdentityProvider
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 59402bc - Browse repository at this point
Copy the full SHA 59402bcView commit details -
add integration test for TLS config validation in GitHubIdentityProvider
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 23129da - Browse repository at this point
Copy the full SHA 23129daView commit details -
Configuration menu - View commit details
-
Copy full SHA for a40c88e - Browse repository at this point
Copy the full SHA a40c88eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 67de14a - Browse repository at this point
Copy the full SHA 67de14aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2ebf9d3 - Browse repository at this point
Copy the full SHA 2ebf9d3View commit details -
assert on condition message in concierge_tls_spec_test.go and supervi…
…sor_tls_spec_test.go
Configuration menu - View commit details
-
Copy full SHA for db2d7c8 - Browse repository at this point
Copy the full SHA db2d7c8View commit details -
test more condition message cases in concierge_tls_spec_test.go and s…
…upervisor_tls_spec_test.go
Configuration menu - View commit details
-
Copy full SHA for 4eb9a09 - Browse repository at this point
Copy the full SHA 4eb9a09View commit details -
improve api docs for TLSSpec in authenticator and IDP specs
Signed-off-by: Ashish Amarnath <[email protected]> Co-authored-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 59c2295 - Browse repository at this point
Copy the full SHA 59c2295View commit details -
Configuration menu - View commit details
-
Copy full SHA for d4ac69d - Browse repository at this point
Copy the full SHA d4ac69dView commit details -
refactor to use new certificateAuthorityDataSourceKind enum
Signed-off-by: Ashish Amarnath <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b70db9d - Browse repository at this point
Copy the full SHA b70db9dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 06b7d30 - Browse repository at this point
Copy the full SHA 06b7d30View commit details -
Revert "Add integration tests for tls spec validation in JWTAuthentic…
…ator and WebhookAuthenticator" This reverts commit c340509.
Configuration menu - View commit details
-
Copy full SHA for 23fd15f - Browse repository at this point
Copy the full SHA 23fd15fView commit details -
Revert "add integration test for TLS config validation in OIDCIdentit…
…yProvider" This reverts commit 59402bc.
Configuration menu - View commit details
-
Copy full SHA for fdeca2c - Browse repository at this point
Copy the full SHA fdeca2cView commit details -
Revert "add integration test for TLS config validation in GitHubIdent…
…ityProvider" This reverts commit 23129da.
Configuration menu - View commit details
-
Copy full SHA for 2af510a - Browse repository at this point
Copy the full SHA 2af510aView commit details