Mark Sagi-Kazar
d877fca092
Fix coding style
2019-02-22 21:43:55 +01:00
Mark Sagi-Kazar
06521ffa49
Remove the logrus logger wrapper
2019-02-22 21:31:46 +01:00
Mark Sagi-Kazar
aec2edb441
Match the interface to logrus implementation
2019-02-22 21:27:54 +01:00
Mark Sagi-Kazar
d1c8f8d095
Remove structured logging from the logger interface
2019-02-22 21:26:30 +01:00
Eric Chiang
e913a252cd
Merge pull request #1410 from sagikazarmark/fix-typo
...
Fix typo
2019-02-22 12:02:27 -08:00
Mark Sagi-Kazar
c48cb36e8f
Fix typo
2019-02-22 20:54:19 +01:00
Eric Chiang
8b4a9bf5ee
Merge pull request #1409 from bonifaido/production-users-banzaicloud
...
production users: add Banzai Cloud
2019-02-22 11:05:02 -08:00
Nandor Kracser
6c71b330a8
production users: add Banzai Cloud
2019-02-22 16:40:34 +01:00
Mark Sagi-Kazar
be581fa7ff
Add logger interface and stop relying on Logrus directly
2019-02-22 13:38:57 +01:00
Stephan Renatus
ca66289077
Merge pull request #1402 from lstoll/lstoll-mod-fix
...
Update modules for go 1.11.4+
2019-02-11 09:40:22 +01:00
Lincoln Stoll
b96b02e506
Update modules for go 1.11.4+
...
Go 1.11.3 changed how checksums are created in some cases, which caused
failures building via modules. (ref golang/go#29278 )
Update the checksums for the failing modules.
To catch this is the future, a modules build was added to the build matrix. I
also noted that we were pinning the `.0` patchlevel of each go version which
wouldn't have picked this up, updated it to build with the latest patch
release.
2019-02-09 14:59:30 +02:00
Stephan Renatus
7bd4071b4c
Merge pull request #1396 from jtnord/useLoginId-dexidp
...
Use github login as the id
2019-02-05 13:54:49 +01:00
Stephan Renatus
815311fa19
Merge pull request #1397 from ericchiang/health-check-endpoint
...
server: update health check endpoint to query storage periodically
2019-02-04 21:38:58 +01:00
Eric Chiang
8935a1479c
server: update health check endpoint to query storage periodically
...
Instead of querying the storage every time a health check is performed
query it periodically and save the result.
2019-02-04 19:02:41 +00:00
James Nord
fe247b106b
remove blank line that tripped up make verify-proto
2019-02-04 14:06:06 +00:00
James Nord
9840fccdbb
rename useLoginAsId -> useLoginAsID
2019-02-04 14:05:57 +00:00
Stephan Renatus
be171a2a53
Merge pull request #1395 from hainesc/master
...
Display access token in example app
2019-02-04 14:24:01 +01:00
Joel Speed
8f113548a5
Merge pull request #1249 from srenatus/sr/add-ldap-filter-test
...
ldap_test: add filter tests
2019-02-03 15:58:54 +00:00
Stephan Renatus
b6f4740a15
Merge pull request #1390 from okamototk/activedirectory
...
Add Active Directory and kubelogin integration sample.
2019-02-03 11:09:33 +01:00
Stephan Renatus
df18cb0c22
ldap_test: add filter tests
...
The filters for user and group searches hadn't been included in our LDAP
tests. Now they are.
The concrete test cases are somewhat contrived, but that shouldn't
matter too much. Also note that the example queries I've used are not
supported in AD: https://stackoverflow.com/a/10043452
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-02-03 11:06:11 +01:00
James Nord
5822a5ce9e
fix formatting of connector/github/github_test.go
2019-02-01 11:47:45 +00:00
James Nord
1911b52c6b
Add documentation for the new GitHub useLoginAsId option
2019-02-01 11:37:40 +00:00
James Nord
03ffd0798c
Allow an option to use the github user handle rather than an id.
...
For downstream apps using a github handle is much simpler than working
with numbers.
WHilst the number is stable and the handle is not - GitHUb does give you
a big scary wanring if you try and change it that bad things may happen
to you, and generally few users ever change it.
This can be enabled with a configuration option `useLoginAsId`
2019-02-01 11:37:40 +00:00
Haines Chan
18b6b34b67
Display access token in example app
2019-02-01 15:39:35 +08:00
Stephan Renatus
b5826e66f0
Merge pull request #1394 from srenatus/sr/docs/maintainers
...
update MAINTAINERS, mirror guidelines into dev doc
2019-01-31 17:25:27 +01:00
Stephan Renatus
81f155882a
Merge pull request #1392 from stevendanna/tls-configuration
...
Bump minimum TLS protocol to TLSv1.2
2019-01-29 12:48:57 +01:00
Steven Danna
59f8b02d47
Set minimum TLS protocol version to TLSv1.2, set PreferServerCipherSuites
...
Some environments are subject to strict rules about the permitted TLS
protocol verion and available ciphers. Setting TLSv1.2 as the minimum
version ensures we do not use weaker protocols. We've opted against
making this configurable given the age of TLSv1.2 and the increasing
push to deprecate TLSv1.1 and older.
The PreferServerCipherSuites setting is also commonly flagged by SSL
quality scanning tools. Since Go provides a relatively modern set of
default ciphers by default, defaulting this to true is unlikely to
make much practical difference.
Signed-off-by: Steven Danna <steve@chef.io>
2019-01-29 11:18:55 +00:00
Stephan Renatus
4abf3b2102
docs: mirror resolution of #1281 in dev doc
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-01-29 10:29:12 +01:00
Stephan Renatus
2cfadcd95a
MAINTAINERS: add @JoelSpeed
...
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2019-01-29 10:25:55 +01:00
Takashi Okamoto
337bbe5f09
fix typos.
2019-01-26 10:44:50 +00:00
Takashi Okamoto
1b7b3515d7
Add Active Directory instruction.
2019-01-26 04:26:01 +00:00
Takashi Okamoto
fbdb55aba9
Add doc for kubelogin and Active Directory ingtegration sample.
2019-01-26 04:16:55 +00:00
Takashi Okamoto
2d7de4ec70
Add Active Directory and kubeloing integration sample.
2019-01-26 04:15:50 +00:00
Stephan Renatus
5ae094206b
Merge pull request #1389 from ericchiang/bump-go
...
Dockerfile: update Go to 1.11.5
2019-01-24 08:52:33 +01:00
Eric Chiang
86eeee2ae2
Dockerfile: update Go to 1.11.5
2019-01-23 14:16:50 -08:00
Stephan Renatus
f1581ff873
Merge pull request #1374 from kbalka/keystone-connector
...
PR contains connector for openstack keystone.
Features:
access tokens
refresh tokens
groups
Requirements:
access to openstack keystone instance
keystone administrative account credentials
Enabling keystone connector specific tests:
make sure docker is running
export DEX_TEST_KEYSTONE=1
make tests
2019-01-11 15:46:28 +01:00
Krzysztof Balka
e8ba848907
keystone: fetching groups only if requested, refactoring.
2019-01-11 15:14:59 +01:00
joannano
88d1e2b041
keystone: test cases, refactoring and cleanup
2019-01-11 15:14:56 +01:00
Krzysztof Balka
a965365a2b
keystone: refresh token and groups
2019-01-11 15:14:11 +01:00
knangia
0774a89066
keystone: squashed changes from knangia/dex
2019-01-11 15:12:59 +01:00
Stephan Renatus
2d1ac74ec0
Merge pull request #1380 from dkess/emailsuffix
...
LDAP connector - add emailSuffix config option
2019-01-09 08:16:41 +01:00
Daniel Kessler
ee54a50956
LDAP connector - add emailSuffix config option
2019-01-08 19:01:42 -08:00
Eric Chiang
27f66e795e
Merge pull request #1377 from hainesc/master
...
Replace "GET", "POST" to http.MethodGet and http.MethodPost
2018-12-27 10:41:47 -08:00
Haines Chan
b78b8aeee0
Replace "GET", "POST" to http.MethodGet and http.MethodPost
2018-12-27 16:27:36 +08:00
Stephan Renatus
4329f407dc
Merge pull request #1373 from ericchiang/go-1.11.3
...
Dockerfile: update to Go 1.11.3
2018-12-14 08:43:32 +01:00
Eric Chiang
bad15c1c02
Dockerfile: update to Go 1.11.3
...
Go 1.11.3 and 1.10.6 were released to mitigate security issues.
These don't appear to impact dex, but update anyway.
Ref: https://groups.google.com/forum/#!topic/golang-announce/Kw31K8G7Fi0
2018-12-13 15:12:49 -08:00
Stephan Renatus
a3cf7b63b7
Merge pull request #1372 from babiel/configurable-auth-request-expiry
...
Make expiry of auth requests configurable
This is a band-aid against #1292
I did not change the default from 24h, but I think it should be much lower for safety.
2018-12-13 14:55:42 +01:00
Maximilian Gaß
74f84ce0be
Change config test to non-default expiry settings
2018-12-13 14:47:51 +01:00
Maximilian Gaß
468c74d1d2
Make expiry of auth requests configurable
2018-12-13 11:50:34 +01:00
Stephan Renatus
aafbaa36c5
Merge pull request #1357 from srenatus/sr/issue-1354
...
postgres: expose database/sql tunables
Fixes #1354 .
I've not had a need for MaxIdleConns and ConnMaxLifetime myself, but it felt weird to only expose of the three settings.
2018-12-06 09:12:42 +01:00