Dynamic OIDC clients feature #1181
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## main #1181 +/- ##
==========================================
- Coverage 79.71% 77.03% -2.69%
==========================================
Files 144 165 +21
Lines 10522 11449 +927
==========================================
+ Hits 8388 8820 +432
- Misses 1853 2342 +489
- Partials 281 287 +6
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
OIDC client crd
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Our previous plan was to reserve only *.oauth.pinniped.dev but we changed our minds during PR review.
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Move oidcclient into config.supervisor.pinniped.dev
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Disallow certain requested audience strings in token exchange
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Needed to update the new v1.25 generated code to include the new APIs that were added in the dynamic_clients branch.
This commit is a WIP commit because it doesn't include many tests for the new feature. Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
- Change update-codegen.sh script to also generated openapi code for the aggregated API types - Update both aggregated API servers' configuration to make them serve the openapi docs for the aggregated APIs - Add new integration test which runs `kubectl explain` for all Pinniped API resources, and all fields and subfields of those resources - Update some the comments on the API structs - Change some names of the tmpl files to make the filename better match the struct names
…lientSecretStorage Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Sets the Name, Namespace, CreationTimestamp fields in the object meta of the return value. Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
When oidcclientsecretstorage.Set() wants to update the contents of the storage Secret, it also wants to keep the original ownerRef of the storage Secret, so it needs the middleware to rewrite the API group of the ownerRef again during the update (just like it had initially done during the create of the Secret).
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Implement OIDCClientSecretRequest API for managing dynamic client secrets
Co-authored-by: Ryan Richard <richardry@vmware.com> Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
Add docs for dynamic clients
cfryanr
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is intended to be a long-lived feature branch for the maintainers to share while they work towards implementing the proposal from #1126.
Release note: