Commit graph

1506 commits

Author SHA1 Message Date
Eric Chiang
bad15c1c02 Dockerfile: update to Go 1.11.3
Go 1.11.3 and 1.10.6 were released to mitigate security issues.
These don't appear to impact dex, but update anyway.

Ref: https://groups.google.com/forum/#!topic/golang-announce/Kw31K8G7Fi0
2018-12-13 15:12:49 -08:00
Stephan Renatus
a3cf7b63b7
Merge pull request #1372 from babiel/configurable-auth-request-expiry
Make expiry of auth requests configurable

This is a band-aid against #1292

I did not change the default from 24h, but I think it should be much lower for safety.
2018-12-13 14:55:42 +01:00
Maximilian Gaß
74f84ce0be Change config test to non-default expiry settings 2018-12-13 14:47:51 +01:00
Maximilian Gaß
468c74d1d2 Make expiry of auth requests configurable 2018-12-13 11:50:34 +01:00
Stephan Renatus
aafbaa36c5
Merge pull request #1357 from srenatus/sr/issue-1354
postgres: expose database/sql tunables

Fixes #1354.

I've not had a need for MaxIdleConns and ConnMaxLifetime myself, but it felt weird to only expose of the three settings.
2018-12-06 09:12:42 +01:00
Eric Chiang
60264d440c
Merge pull request #1369 from josdotso/go-modules-docs
Documentation/dev-dependencies.md: Update for Go modules
2018-12-04 13:14:22 -08:00
Joshua M. Dotson
46296ab9d0 Documentation/dev-dependencies.md: Update for Go modules 2018-12-04 20:06:22 +00:00
Stephan Renatus
f5befb2e2d
Merge pull request #1368 from ericchiang/makefile-cleanups
Makefile: cleanups for newer versions of Go

Go 1.9 removed "./..." matching the vendor directory while Go 1.10 added
build and test caching. This means we no longer need to grep out
vendored matches (except for golint which doesn't implement the same
behavior), and we no longer need to pre-build packages with "go build -i".

https://golang.org/doc/go1.9#vendor-dotdotdot
https://golang.org/doc/go1.10#build
2018-12-04 08:44:29 +01:00
Eric Chiang
1a565266fc Makefile: cleanups for newer versions of Go
Go 1.9 removed "./..." matching the vendor directory while Go 1.10 added
build and test caching. This means we no longer need to grep out
vendored matches (except for golint which doesn't implement the same
behavior), and we no longer need to pre-build packages with "go build -i".

https://golang.org/doc/go1.9#vendor-dotdotdot
https://golang.org/doc/go1.10#build
2018-12-03 10:01:18 -08:00
Eric Chiang
8a479707b3
Merge pull request #1365 from josdotso/migrate-to-go-modules
Migrate to go modules
2018-12-03 09:55:32 -08:00
Joshua M. Dotson
eaeab218b8 vendor: make revendor 2018-12-03 17:13:56 +00:00
Joshua M. Dotson
172df9ccef *: remove glide and add Go module files 2018-12-03 17:13:49 +00:00
Stephan Renatus
17ac7c8a86
Merge pull request #1367 from srenatus/sr/cherry-pick-lib/pq-bump
bump lib/pq

taken from @vito's #1342.
2018-12-02 10:29:35 +01:00
Stephan Renatus
73fdf4f75b
storage/sql/postgres: expose stdlib tunables, set them for tests
- adapted TestUnmarshalConfig to ensure the fields are read in
- added a test to see that at least MaxOpenConns works:
  - this is only exposed through (*db).Stats() in go 1.11, so this test
    has a build tag
  - the other two configurables can't be read back, so we've got to
    trust that the mechanism works given the one instance that's tested..

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-30 09:55:01 +01:00
Alex Suraci
badbc8c738
bump lib/pq 2018-11-29 09:10:50 +01:00
Stephan Renatus
d91f9fbc51
Merge pull request #1366 from dexidp/revert-1342-pr/retry-on-pg-serialization-error
Revert "retry on serialization errors"

This will come back, as outline here: https://github.com/dexidp/dex/pull/1356#issuecomment-442523779
2018-11-29 09:09:31 +01:00
Stephan Renatus
8f3cca7ba4
Revert "retry on serialization errors" 2018-11-29 08:24:13 +01:00
Stephan Renatus
f3acec0b1b
Merge pull request #1275 from ccojocar/client-update-api
Extend the API with a function which updates the client configuration
2018-11-27 11:47:16 +01:00
Cosmin Cojocar
01c6b9dd91 Remove the 'public' field from UpdateClientReq proto message 2018-11-26 19:07:59 +01:00
Stephan Renatus
007e4dae3c
Merge pull request #1358 from OwenTuz/issue-1132-initial-kubernetes-documentation-improvements
Kubernetes docs: clarify steps around use/creation of TLS assets.
2018-11-26 13:54:44 +01:00
Stephan Renatus
5355b81e2a
Merge pull request #1359 from OwenTuz/issue-1190-document-capitalisation-of-dn
LDAP connector - Document that 'DN' must be in capitals
2018-11-26 13:07:35 +01:00
Owen Tuz
9ea2ade208 LDAP docs - remove extra wording re DN 2018-11-26 11:50:44 +00:00
Owen Tuz
e603a5e631 LDAP connector - Document that 'DN' must be in capitals 2018-11-26 10:02:41 +00:00
Owen Tuz
9b5122568a Kubernetes docs: replace absolute link with relative 2018-11-23 13:54:49 +00:00
Owen Tuz
72c9cf43a9 Fix comment in LDAP query documentation 2018-11-23 11:00:18 +00:00
Owen Tuz
45eb9b279b Kubernetes docs: wording nitpicks 2018-11-23 10:53:37 +00:00
Owen Tuz
58093dbb29 Kubernetes example: Add RBAC resources and serviceAccount to YAML manifest, remove some references to deprecated TPR approach 2018-11-23 10:48:00 +00:00
Owen Tuz
e028b79c97 Kubernetes docs: clarify steps around use/creation of TLS assets. 2018-11-22 13:37:50 +00:00
Stephan Renatus
5f054fcf2e
Merge pull request #1342 from concourse/pr/retry-on-pg-serialization-error
retry on serialization errors
2018-11-21 10:29:46 +01:00
Stephan Renatus
f7f7314fdb
Merge pull request #1350 from srenatus/sr/storage/nuke-standup-scripts
storage: nuke standup scripts, adapt dev-integration-test docs
2018-11-20 17:13:31 +01:00
Alex Suraci
85dd0684ba extract and document serialization failure check 2018-11-20 10:50:55 -05:00
Alex Suraci
587081a643 postgres: refactor error handling to fix retrying
prior to this change, many of the functions in the ExecTx callback would
wrap the error before returning it. this made it impossible to check
for the error code.

instead, the error wrapping has been moved to be external to the
`ExecTx` callback, so that the error code can be checked and
serialization failures can be retried.
2018-11-20 10:50:55 -05:00
Alex Suraci
5d67da1472 bump lib/pq 2018-11-20 10:50:55 -05:00
Alex Suraci
aa068b667a postgres: improve readability of error check 2018-11-20 10:50:55 -05:00
Alex Suraci
9b9013a560 postgres: use stdlib to set serializable tx level
also use a context for the rollback, which is a bit cleaner since it
only results in one 'defer', rather than N from the loop
2018-11-20 10:50:55 -05:00
Alex Suraci
7e96021428 retry on serialization errors 2018-11-20 10:50:55 -05:00
Stephan Renatus
6182f213ef
storage/conformance: remove old build tags
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:13 +01:00
Stephan Renatus
58b546a5be
dev-integration-test: add etcd notes
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Stephan Renatus
0740c2370d
storage/etcd: remove standup.sh
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Stephan Renatus
cbcb1f61f3
dev-integration-tests: update database steps (just use docker)
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Stephan Renatus
1d0568efe9
storage/sql: remove standup.sh
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2018-11-20 16:41:12 +01:00
Stephan Renatus
efb15205e9
Merge pull request #1352 from concourse/pr/support-pq-host-port
pg: support host:port for backwards-compatibility
2018-11-20 16:38:56 +01:00
Stephan Renatus
d40043808b
Merge pull request #1345 from concourse/pr/github-team-name-and-slug
Add 'both' option to use team name AND slug in TeamNameField

This allows the connector to be configured with both so that both team names and slugs can be returned in the groups. This makes configuring teams in an application a bit more foolproof; we would often have confusion over whether the team name or slug should be given by the user, so it's easier to just allow both, since collisions shouldn't be possible anyway.
2018-11-20 16:30:54 +01:00
Alex Suraci
0b856d1a75 pg: support host:port for backwards-compatibility 2018-11-20 10:22:39 -05:00
Josh Winters
bb11a1ebee github: add 'both' team name field option
this will result in both the team name *and* the team slug being
returned for each team, allowing a bit more flexibility in auth
validation.

Signed-off-by: Topher Bullock <tbullock@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
2018-11-20 10:12:44 -05:00
Stephan Renatus
b1fd2fa8b1
Merge pull request #1346 from concourse/pr/postgres-unix-sockets
Use pq connection parameters instead of URLs for postgres connections

This enables the use of socket paths like /var/run/postgresql for the 'host' instead of requiring TCP. Also, we know allow using a non-default port.
2018-11-20 15:52:40 +01:00
Divya Dadlani
f82b904d05 postgres: use connection string instead of url
otherwise it's impossible to use a Unix socket, as the path gets escaped
awkwardly.

Signed-off-by: Ciro S. Costa <cscosta@pivotal.io>
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
2018-11-20 09:32:44 -05:00
Stephan Renatus
7c8a22443a
Merge pull request #1349 from alexmt/1102-config-to-load-all-groups
Add config to explicitly enable loading all github groups

Follow-up for #1102.
2018-11-20 15:15:25 +01:00
Stephan Renatus
84ea412ca6
Merge pull request #1351 from CognotektGmbH/gypsydiver/1347-pr-gitlab-groups
Gitlab connector should not require the api scope.

Fixes #1347.
2018-11-20 14:49:11 +01:00
gypsydiver
f21e6a0f00 gypsydiver/1347-pr-gitlab-groups 2018-11-20 11:18:50 +01:00