Commit graph

870 commits

Author SHA1 Message Date
Eric Chiang
a3235d022a *: verify "state" field before passing request to callback connectors
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.

Callbacks now all look like:

    https://dex.example.com/callback

Instead of:

    https://dex.example.com/callback/(connector id)

Even when multiple connectors are being used.
2016-10-27 10:23:09 -07:00
Eric Chiang
88896eb949 Merge pull request #637 from squat/fix_cache_control
server/handlers: fix Cache-Control header
2016-10-26 15:07:18 -07:00
Lucas Serven
5c498ae4df server/handlers: fix Cache-Control header
fixes: #636

This commit addresses a problem where the `max-age` value is being set
in nanoseconds as opposed to seconds, as required by the specification.
2016-10-26 14:58:18 -07:00
Eric Chiang
4ab78d0ded storage/kubernetes: run transactional conformance tests 2016-10-26 13:30:45 -07:00
Eric Chiang
5720ecf412 storage/conformance: add tests for transactional guarantees 2016-10-26 13:30:45 -07:00
Eric Chiang
99e312eadd Merge pull request #632 from ericchiang/dev-docs-storage-options
Documentation: add a document on storage options
2016-10-26 12:33:37 -07:00
Eric Chiang
6c4839860e Documentation: add a document on storage options 2016-10-26 12:32:45 -07:00
Eric Chiang
d350938fb0 Merge pull request #626 from ericchiang/storage-kubernetes-guess-namespace-from-service-account-token
storage/kubernetes: guess namespace from the service account token
2016-10-25 16:54:58 -07:00
Eric Chiang
ff9816464e Merge pull request #627 from ericchiang/dev-expand-envs-in-config
*: expand environment variables in config
2016-10-25 15:02:54 -07:00
Eric Chiang
101a2bc22a Merge pull request #634 from rithujohn191/kubeconfig_context
storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context
2016-10-25 14:57:57 -07:00
Eric Chiang
e0b83af981 Merge pull request #629 from ericchiang/dev-storage-kubernetes-dont-print-error
storage/kubernetes: don't automatically print errors on bad HTTP status codes
2016-10-25 14:16:32 -07:00
rithu leena john
9de16f2c45 storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context 2016-10-25 11:59:34 -07:00
Eric Chiang
6c4ad8c04d Merge pull request #630 from ericchiang/dev-storage-kubernetes-kubeconfig-guessing
storage/kubernetes: don't guess the kubeconfig location and change test env
2016-10-24 16:14:54 -07:00
Eric Chiang
191c84813f vendor: revendor 2016-10-23 20:53:35 -07:00
Eric Chiang
bc16de0b58 storage/kubernetes: don't guess the kubeconfig location and change test env
Using the default KUBECONFIG environment variable to indicate that
the Kubernetes tests should be run lead to cases where developers
accidentally ran the tests. This has now been changed to
"DEX_KUBECONFIG" and documentation hsa been added detailing how to
run these tests.

Additionally, no other storage reads environment variables for its
normal configuration (outside of tests) so the Kubernetes storage
no longer does.

Overall, be less surprising.
2016-10-23 20:53:29 -07:00
Eric Chiang
138ff96c00 storage/kubernetes: don't automatically print errors on bad HTTP status codes
These status codes spam the error logs for events like key rotation
and third party resource creation. In these cases "bad" status codes
are expected and shouldn't be automatically printed.
2016-10-23 07:42:42 -07:00
Eric Chiang
a11db557b4 *: expand environment variables in config
Allow users to define config values which are read form environemnt
variables. Helpful for sensitive variables such as OAuth2 client IDs
or LDAP credentials.
2016-10-22 13:49:40 -07:00
Eric Chiang
8c9c5160b6 storage/kubernetes: guess namespace from the service account token
The in cluster kubernetes client currently requires using the
downward API to determine its namespace. However this value can be
determine by inspecting the service account token mounted into the
pod. As a fallback, use this to guess the current namespace.
2016-10-21 23:35:17 -07:00
Eric Chiang
ba9f6c6cd6 Merge pull request #618 from ericchiang/dev-contrib-ldap-container
contrib/openldap: add an OpenLDAP Docker image for testing
2016-10-20 13:14:17 -07:00
Eric Chiang
373ac050f7 contrib/openldap: add a OpenLDAP container for testing 2016-10-20 09:43:06 -07:00
Eric Chiang
ea52bf263b Merge pull request #623 from ericchiang/dev-port-oob-template
*: port oob template
2016-10-19 13:53:02 -07:00
Eric Chiang
7084a801d7 *: port oob template 2016-10-19 12:45:17 -07:00
Eric Chiang
86b2d93966 Merge pull request #594 from ericchiang/dev-proposal-upstream-refreshing
Documentation/proposals: add a proposal for keeping data in-sync during refreshes
2016-10-17 11:58:20 -07:00
Eric Chiang
774242f750 Documentation/proposals: added a caveats section to upstream refreshing proposal 2016-10-17 11:54:10 -07:00
Eric Chiang
688d798ff4 Merge pull request #620 from ericchiang/dev-fix-rotation-polling
server: fix key rotation polling
2016-10-17 11:13:00 -07:00
Eric Chiang
892fa3fe35 server: rename "rotationStrategy.period" to "rotationFrequency"
gorename command run:

    gorename \
      -from '"github.com/coreos/dex/server".rotationStrategy.period' \
      -to rotationFrequency
2016-10-17 10:57:14 -07:00
Eric Chiang
d8033999d5 server: fix key rotation polling 2016-10-17 10:47:47 -07:00
Eric Chiang
3e94e65b68 Merge pull request #617 from ericchiang/dev-aci-path
*: build aci at the correct path including version, OS, and arch
2016-10-14 14:40:14 -07:00
Eric Chiang
26b43e19c8 *: build aci at the correct path including version, OS, and arch 2016-10-14 14:29:22 -07:00
Eric Chiang
8b909140fd Merge pull request #615 from ericchiang/dev-fix-sql-keys-query
dev branch: fix sql keys query
2016-10-14 12:30:59 -07:00
Eric Chiang
fe320c1928 storage/sql: fix typo in keys query 2016-10-14 12:28:49 -07:00
Eric Chiang
0a3aabc8ff storage/conformace: add conformance tests for keys 2016-10-14 12:28:49 -07:00
Eric Chiang
ade27b3d5e Merge pull request #612 from ericchiang/dev-make-example-config-more-readable
*: add more comments to the example config
2016-10-14 09:01:53 -07:00
Eric Chiang
6a9df8ab1c Merge pull request #606 from ericchiang/dev-self-managed-third-party-resources
dev branch: self managed third party resources
2016-10-14 09:00:05 -07:00
Eric Chiang
dc13f09fb7 *: add more comments to the example config 2016-10-14 08:58:57 -07:00
Eric Chiang
e25a364dbe Merge pull request #611 from ericchiang/dev-gc-reduce-verbosity
server: only print gc stats if something has been removed
2016-10-13 22:01:16 -07:00
Eric Chiang
89ecfd2ede server: only print gc stats if something has been removed 2016-10-13 21:55:56 -07:00
Eric Chiang
7288e49c19 Merge pull request #610 from ericchiang/dev-fix-linting
dev branch: fix linting
2016-10-13 18:19:13 -07:00
Eric Chiang
96440e4cc5 *: fix linting 2016-10-13 18:15:20 -07:00
Eric Chiang
e7d7c3500a Merge pull request #608 from ericchiang/dev-properly-compile-version
dev branch: properly compile version into docker images
2016-10-13 18:03:56 -07:00
Eric Chiang
3dac0063df *: properly compile version into docker images 2016-10-13 17:58:40 -07:00
Eric Chiang
b7c6eea341 examples/k8s: update documentation 2016-10-13 17:41:52 -07:00
Eric Chiang
691476b477 storage/kubernetes: manage third party resources and drop support for 1.3 2016-10-13 17:41:52 -07:00
Eric Chiang
f37836490b Merge pull request #603 from ericchiang/dev-add-license-and-developer-certificate-of-origin
dev branch: add DCO and LICENSE
2016-10-13 11:59:14 -07:00
Eric Chiang
63179e319a *: add DCO and LICENSE 2016-10-13 11:33:32 -07:00
Eric Chiang
5bec61d73f Merge pull request #602 from ericchiang/dev-add-garbage-collect-method-to-storage
dev branch: add garbage collect method to storage
2016-10-12 22:08:53 -07:00
Eric Chiang
449f34ed2a storage/sql: print error before calling t.Fatal 2016-10-12 22:00:08 -07:00
Eric Chiang
4296604f11 {cmd,server}: move garbage collection logic to server 2016-10-12 21:50:20 -07:00
Eric Chiang
3e20a080fe server: fix auth request expiry 2016-10-12 18:51:13 -07:00
Eric Chiang
558059ee58 storage/kubernetes: add garbage collection method 2016-10-12 18:48:23 -07:00