github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Eric Chiang	3d2ee4e7be	oidc auth provider: don't trim issuer URL This mirrors a similar side fix for the API server authenticator. Don't trim the issuer URL provided by the user since OpenID Connect mandates that this URL exactly matches the URL returned by the issuer during discovery. Not test updates since this is already tested by the go-oidc client package. See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation	2016-08-18 16:37:50 -07:00
Eric Chiang	bc3dc12203	oidc authentication plugin: don't trim issuer URLs with trailing slashes The issuer URL passed to the plugin must identically match the issuer URL returned by OpenID Connect discovery. However, the plugin currently trims all trailing slashes from issuer URLs, causing a mismatch. Since the go-oidc client already handles this case correctly, don't trim the path.	2016-08-01 11:23:05 -07:00
David McMahon	ef0c9f0c5b	Remove "All rights reserved" from all the headers.	2016-06-29 17:47:36 -07:00
k8s-merge-robot	ade299c18f	Merge pull request #27146 from mikedanese/nil-ptr Automatic merge from submit-queue oidc: fix test nil pointer ``` 2016-06-09 13:12:37.262983 I \| http: TLS handshake error from 127.0.0.1:32814: remote error: bad certificate PASS --- FAIL: TestNewOIDCAuthProvider (0.87s) panic: runtime error: invalid memory address or nil pointer dereference [recovered] panic: runtime error: invalid memory address or nil pointer dereference [signal 0xb code=0x1 addr=0x0 pc=0x5d91ca] goroutine 12 [running]: panic(0x124bd00, 0xc8200101f0) /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/runtime/panic.go:464 +0x3e6 testing.tRunner.func1(0xc820023b90) /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/testing/testing.go:467 +0x192 panic(0x124bd00, 0xc8200101f0) /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/runtime/panic.go:426 +0x4e9 k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/testing.(*OIDCProvider).AddMinimalProviderConfig(0xc820020580, 0x0) /usr/local/google/home/mikedanese/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/testing/provider.go:85 +0x2a k8s.io/kubernetes/plugin/pkg/client/auth/oidc.TestNewOIDCAuthProvider(0xc820023b90) /usr/local/google/home/mikedanese/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/plugin/pkg/client/auth/oidc/oidc_test.go:51 +0x367 testing.tRunner(0xc820023b90, 0x1d0a360) /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/testing/testing.go:473 +0x98 created by testing.RunTests /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/testing/testing.go:582 +0x892 FAIL k8s.io/kubernetes/plugin/pkg/client/auth/oidc 3.081s ``` cc @bobbyrullo @yifan-gu	2016-06-10 00:12:28 -07:00
Mike Danese	c0cda8535e	oidc: fix test nil pointer	2016-06-09 13:15:59 -07:00
Matt Liggett	421950eecb	Avoid pathname collisions in TestNewOICAuthProvider. May fix #26815	2016-06-07 18:01:29 -07:00
Bobby Rullo	f575f89cd7	add tests for the OIDC WrapTransport tests that tokens gets refreshed, passed along as bearers, etc.	2016-05-18 17:03:12 -07:00
Bobby Rullo	94ffa344a8	OIDC authprovider more testable, and add backoff * Use an interface for OIDC Client, so that we're testing the behavior of the client, not the go-oidc package itself * add backoff and retry when server rejects token	2016-05-18 17:03:12 -07:00
Bobby Rullo	e85940ed17	add tests for newOIDCAuthProvider	2016-05-18 17:03:11 -07:00
Bobby Rullo	c990462d0f	Refactor test oidc provider into its own package This makes it easier to test other OIDC code.	2016-05-18 17:03:11 -07:00
Bobby Rullo	f2135bdf90	Implement new OIDC client AuthProvider This commit handles: * Passing ID Token as Bearer token * Refreshing of tokens using refresh-tokens * Persisting refreshed tokens * ability to add arbitrary extra scopes via config * this is what enables the cross-client/azp stuff	2016-05-18 17:02:48 -07:00

11 Commits (07d98bebe848231a8783bef5b50f079b04de66bf)