Commit Graph

2232 Commits

Author SHA1 Message Date
Stephan Renatus
df18cb0c22
ldap_test: add filter tests
The filters for user and group searches hadn't been included in our LDAP
tests. Now they are.

The concrete test cases are somewhat contrived, but that shouldn't
matter too much. Also note that the example queries I've used are not
supported in AD: https://stackoverflow.com/a/10043452

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-02-03 11:06:11 +01:00
James Nord
5822a5ce9e fix formatting of connector/github/github_test.go 2019-02-01 11:47:45 +00:00
James Nord
1911b52c6b Add documentation for the new GitHub useLoginAsId option 2019-02-01 11:37:40 +00:00
James Nord
03ffd0798c Allow an option to use the github user handle rather than an id.
For downstream apps using a github handle is much simpler than working
with numbers.

WHilst the number is stable and the handle is not - GitHUb does give you
a big scary wanring if you try and change it that bad things may happen
to you, and generally few users ever change it.

This can be enabled with a configuration option `useLoginAsId`
2019-02-01 11:37:40 +00:00
Haines Chan
18b6b34b67 Display access token in example app 2019-02-01 15:39:35 +08:00
Stephan Renatus
b5826e66f0
Merge pull request #1394 from srenatus/sr/docs/maintainers
update MAINTAINERS, mirror guidelines into dev doc
2019-01-31 17:25:27 +01:00
Stephan Renatus
81f155882a
Merge pull request #1392 from stevendanna/tls-configuration
Bump minimum TLS protocol to TLSv1.2
2019-01-29 12:48:57 +01:00
Steven Danna
59f8b02d47
Set minimum TLS protocol version to TLSv1.2, set PreferServerCipherSuites
Some environments are subject to strict rules about the permitted TLS
protocol verion and available ciphers. Setting TLSv1.2 as the minimum
version ensures we do not use weaker protocols. We've opted against
making this configurable given the age of TLSv1.2 and the increasing
push to deprecate TLSv1.1 and older.

The PreferServerCipherSuites setting is also commonly flagged by SSL
quality scanning tools. Since Go provides a relatively modern set of
default ciphers by default, defaulting this to true is unlikely to
make much practical difference.

Signed-off-by: Steven Danna <steve@chef.io>
2019-01-29 11:18:55 +00:00
Stephan Renatus
4abf3b2102
docs: mirror resolution of #1281 in dev doc
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-01-29 10:29:12 +01:00
Stephan Renatus
2cfadcd95a
MAINTAINERS: add @JoelSpeed
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-01-29 10:25:55 +01:00
Takashi Okamoto
337bbe5f09 fix typos. 2019-01-26 10:44:50 +00:00
Takashi Okamoto
1b7b3515d7 Add Active Directory instruction. 2019-01-26 04:26:01 +00:00
Takashi Okamoto
fbdb55aba9 Add doc for kubelogin and Active Directory ingtegration sample. 2019-01-26 04:16:55 +00:00
Takashi Okamoto
2d7de4ec70 Add Active Directory and kubeloing integration sample. 2019-01-26 04:15:50 +00:00
Stephan Renatus
5ae094206b
Merge pull request #1389 from ericchiang/bump-go
Dockerfile: update Go to 1.11.5
2019-01-24 08:52:33 +01:00
Eric Chiang
86eeee2ae2 Dockerfile: update Go to 1.11.5 2019-01-23 14:16:50 -08:00
Stephan Renatus
f1581ff873
Merge pull request #1374 from kbalka/keystone-connector
PR contains connector for openstack keystone.

Features:

    access tokens
    refresh tokens
    groups

Requirements:

    access to openstack keystone instance
    keystone administrative account credentials

Enabling keystone connector specific tests:

    make sure docker is running
    export DEX_TEST_KEYSTONE=1
    make tests
2019-01-11 15:46:28 +01:00
Krzysztof Balka
e8ba848907 keystone: fetching groups only if requested, refactoring. 2019-01-11 15:14:59 +01:00
joannano
88d1e2b041 keystone: test cases, refactoring and cleanup 2019-01-11 15:14:56 +01:00
Krzysztof Balka
a965365a2b keystone: refresh token and groups 2019-01-11 15:14:11 +01:00
knangia
0774a89066 keystone: squashed changes from knangia/dex 2019-01-11 15:12:59 +01:00
Stephan Renatus
2d1ac74ec0
Merge pull request #1380 from dkess/emailsuffix
LDAP connector - add emailSuffix config option
2019-01-09 08:16:41 +01:00
Daniel Kessler
ee54a50956 LDAP connector - add emailSuffix config option 2019-01-08 19:01:42 -08:00
Eric Chiang
27f66e795e
Merge pull request #1377 from hainesc/master
Replace "GET", "POST" to http.MethodGet and http.MethodPost
2018-12-27 10:41:47 -08:00
Haines Chan
b78b8aeee0 Replace "GET", "POST" to http.MethodGet and http.MethodPost 2018-12-27 16:27:36 +08:00
Stephan Renatus
4329f407dc
Merge pull request #1373 from ericchiang/go-1.11.3
Dockerfile: update to Go 1.11.3
2018-12-14 08:43:32 +01:00
Eric Chiang
bad15c1c02 Dockerfile: update to Go 1.11.3
Go 1.11.3 and 1.10.6 were released to mitigate security issues.
These don't appear to impact dex, but update anyway.

Ref: https://groups.google.com/forum/#!topic/golang-announce/Kw31K8G7Fi0
2018-12-13 15:12:49 -08:00
Stephan Renatus
a3cf7b63b7
Merge pull request #1372 from babiel/configurable-auth-request-expiry
Make expiry of auth requests configurable

This is a band-aid against #1292

I did not change the default from 24h, but I think it should be much lower for safety.
2018-12-13 14:55:42 +01:00
Maximilian Gaß
74f84ce0be Change config test to non-default expiry settings 2018-12-13 14:47:51 +01:00
Maximilian Gaß
468c74d1d2 Make expiry of auth requests configurable 2018-12-13 11:50:34 +01:00
Stephan Renatus
aafbaa36c5
Merge pull request #1357 from srenatus/sr/issue-1354
postgres: expose database/sql tunables

Fixes #1354.

I've not had a need for MaxIdleConns and ConnMaxLifetime myself, but it felt weird to only expose of the three settings.
2018-12-06 09:12:42 +01:00
Eric Chiang
60264d440c
Merge pull request #1369 from josdotso/go-modules-docs
Documentation/dev-dependencies.md: Update for Go modules
2018-12-04 13:14:22 -08:00
Joshua M. Dotson
46296ab9d0 Documentation/dev-dependencies.md: Update for Go modules 2018-12-04 20:06:22 +00:00
Stephan Renatus
f5befb2e2d
Merge pull request #1368 from ericchiang/makefile-cleanups
Makefile: cleanups for newer versions of Go

Go 1.9 removed "./..." matching the vendor directory while Go 1.10 added
build and test caching. This means we no longer need to grep out
vendored matches (except for golint which doesn't implement the same
behavior), and we no longer need to pre-build packages with "go build -i".

https://golang.org/doc/go1.9#vendor-dotdotdot
https://golang.org/doc/go1.10#build
2018-12-04 08:44:29 +01:00
Eric Chiang
1a565266fc Makefile: cleanups for newer versions of Go
Go 1.9 removed "./..." matching the vendor directory while Go 1.10 added
build and test caching. This means we no longer need to grep out
vendored matches (except for golint which doesn't implement the same
behavior), and we no longer need to pre-build packages with "go build -i".

https://golang.org/doc/go1.9#vendor-dotdotdot
https://golang.org/doc/go1.10#build
2018-12-03 10:01:18 -08:00
Eric Chiang
8a479707b3
Merge pull request #1365 from josdotso/migrate-to-go-modules
Migrate to go modules
2018-12-03 09:55:32 -08:00
Joshua M. Dotson
eaeab218b8 vendor: make revendor 2018-12-03 17:13:56 +00:00
Joshua M. Dotson
172df9ccef *: remove glide and add Go module files 2018-12-03 17:13:49 +00:00
Stephan Renatus
17ac7c8a86
Merge pull request #1367 from srenatus/sr/cherry-pick-lib/pq-bump
bump lib/pq

taken from @vito's #1342.
2018-12-02 10:29:35 +01:00
Stephan Renatus
73fdf4f75b
storage/sql/postgres: expose stdlib tunables, set them for tests
- adapted TestUnmarshalConfig to ensure the fields are read in
- added a test to see that at least MaxOpenConns works:
  - this is only exposed through (*db).Stats() in go 1.11, so this test
    has a build tag
  - the other two configurables can't be read back, so we've got to
    trust that the mechanism works given the one instance that's tested..

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-30 09:55:01 +01:00
Alex Suraci
badbc8c738
bump lib/pq 2018-11-29 09:10:50 +01:00
Stephan Renatus
d91f9fbc51
Merge pull request #1366 from dexidp/revert-1342-pr/retry-on-pg-serialization-error
Revert "retry on serialization errors"

This will come back, as outline here: https://github.com/dexidp/dex/pull/1356#issuecomment-442523779
2018-11-29 09:09:31 +01:00
Stephan Renatus
8f3cca7ba4
Revert "retry on serialization errors" 2018-11-29 08:24:13 +01:00
Stephan Renatus
f3acec0b1b
Merge pull request #1275 from ccojocar/client-update-api
Extend the API with a function which updates the client configuration
2018-11-27 11:47:16 +01:00
Cosmin Cojocar
01c6b9dd91 Remove the 'public' field from UpdateClientReq proto message 2018-11-26 19:07:59 +01:00
Stephan Renatus
007e4dae3c
Merge pull request #1358 from OwenTuz/issue-1132-initial-kubernetes-documentation-improvements
Kubernetes docs: clarify steps around use/creation of TLS assets.
2018-11-26 13:54:44 +01:00
Stephan Renatus
5355b81e2a
Merge pull request #1359 from OwenTuz/issue-1190-document-capitalisation-of-dn
LDAP connector - Document that 'DN' must be in capitals
2018-11-26 13:07:35 +01:00
Owen Tuz
9ea2ade208 LDAP docs - remove extra wording re DN 2018-11-26 11:50:44 +00:00
Owen Tuz
e603a5e631 LDAP connector - Document that 'DN' must be in capitals 2018-11-26 10:02:41 +00:00
Owen Tuz
9b5122568a Kubernetes docs: replace absolute link with relative 2018-11-23 13:54:49 +00:00