github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
40,957 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

23 Commits (0c669fe6cc48208ebcdd43fa2ff425fce3c359a0)

Author SHA1 Message Date
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Jeff Lowdermilk 3766787458 Document config options for gcp auth provider plugin. 2016-11-21 10:56:39 -08:00
Jeff Lowdermilk 5a6cd558c2 Fix race condition in gcp auth provider plugin 2016-11-11 16:27:36 -08:00
Jeff Lowdermilk 283bb31ada Add cmd support to gcp auth provider plugin 2016-11-02 13:57:30 -07:00
Mike Danese 3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
guangxuli 528b99e143 no need to remove file respectively 2016-09-29 14:24:58 +08:00
Chao Xu e17e0b19ab remove special clientrepo code from main repository gcp plugin 
rename plugin/pkg/client/auth/plugins.go package name to auth

add the plugin import line in client-gen

update import_known_versions for release_1_5 clientset

change copy.sh
 2016-09-26 15:40:29 -07:00
Chao Xu a4e62297d6 fix tests 2016-09-21 14:44:39 -07:00
Eric Chiang 26830b8db9 plugin/pkg: add ericchiang to owners for OpenID Connect plugins 2016-09-13 11:14:16 -07:00
Eric Chiang 3d2ee4e7be oidc auth provider: don't trim issuer URL 
This mirrors a similar side fix for the API server authenticator.
Don't trim the issuer URL provided by the user since OpenID Connect
mandates that this URL exactly matches the URL returned by the
issuer during discovery.

Not test updates since this is already tested by the go-oidc client
package.

See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
 2016-08-18 16:37:50 -07:00
Chao Xu 51c0271e0a added a e2e test that uses the staged client; made necessary changes to gcp auth plugin to pass the gke tests 2016-08-09 14:07:54 -07:00
Eric Chiang bc3dc12203 oidc authentication plugin: don't trim issuer URLs with trailing slashes 
The issuer URL passed to the plugin must identically match the issuer
URL returned by OpenID Connect discovery. However, the plugin currently
trims all trailing slashes from issuer URLs, causing a mismatch. Since
the go-oidc client already handles this case correctly, don't trim the
path.
 2016-08-01 11:23:05 -07:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
k8s-merge-robot ade299c18f Merge pull request #27146 from mikedanese/nil-ptr 
Automatic merge from submit-queue

oidc: fix test nil pointer

```
2016-06-09 13:12:37.262983 I | http: TLS handshake error from 127.0.0.1:32814: remote error: bad certificate
PASS
--- FAIL: TestNewOIDCAuthProvider (0.87s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0 pc=0x5d91ca]

goroutine 12 [running]:
panic(0x124bd00, 0xc8200101f0)
        /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/runtime/panic.go:464 +0x3e6
testing.tRunner.func1(0xc820023b90)
        /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/testing/testing.go:467 +0x192
panic(0x124bd00, 0xc8200101f0)
        /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/runtime/panic.go:426 +0x4e9
k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/testing.(*OIDCProvider).AddMinimalProviderConfig(0xc820020580, 0x0)
        /usr/local/google/home/mikedanese/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/testing/provider.go:85 +0x2a
k8s.io/kubernetes/plugin/pkg/client/auth/oidc.TestNewOIDCAuthProvider(0xc820023b90)
        /usr/local/google/home/mikedanese/go/src/k8s.io/kubernetes/_output/local/go/src/k8s.io/kubernetes/plugin/pkg/client/auth/oidc/oidc_test.go:51 +0x367
testing.tRunner(0xc820023b90, 0x1d0a360)
        /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/testing/testing.go:473 +0x98
created by testing.RunTests
        /usr/local/google/home/mikedanese/.gimme/versions/go1.6.1.linux.amd64/src/testing/testing.go:582 +0x892
FAIL    k8s.io/kubernetes/plugin/pkg/client/auth/oidc   3.081s
```

cc @bobbyrullo @yifan-gu
 2016-06-10 00:12:28 -07:00
Mike Danese c0cda8535e oidc: fix test nil pointer 2016-06-09 13:15:59 -07:00
Matt Liggett 421950eecb Avoid pathname collisions in TestNewOICAuthProvider. 
May fix #26815
 2016-06-07 18:01:29 -07:00
Bobby Rullo f575f89cd7 add tests for the OIDC WrapTransport 
tests that tokens gets refreshed, passed along as bearers, etc.
 2016-05-18 17:03:12 -07:00
Bobby Rullo 94ffa344a8 OIDC authprovider more testable, and add backoff 
* Use an interface for OIDC Client, so that we're testing the behavior
  of the client, not the go-oidc package itself
* add backoff and retry when server rejects token
 2016-05-18 17:03:12 -07:00
Bobby Rullo e85940ed17 add tests for newOIDCAuthProvider 2016-05-18 17:03:11 -07:00
Bobby Rullo c990462d0f Refactor test oidc provider into its own package 
This makes it easier to test other OIDC code.
 2016-05-18 17:03:11 -07:00
Bobby Rullo f2135bdf90 Implement new OIDC client AuthProvider 
This commit handles:
     * Passing ID Token as Bearer token
     * Refreshing of tokens using refresh-tokens
     * Persisting refreshed tokens
     * ability to add arbitrary extra scopes via config
       * this is what enables the cross-client/azp stuff
 2016-05-18 17:02:48 -07:00
CJ Cullen 13a7d92d0f Add a ConfigPersister for AuthProvider plugins in kubectl/clients. 2016-05-07 18:15:18 -07:00
CJ Cullen 03f9b5adc0 Add client auth plugin framework for kubectl with GCP auth plugin. 2016-04-14 17:49:16 -07:00