argo-cd

mirror of https://github.com/argoproj/argo-cd.git synced 2026-04-01 22:38:46 +02:00

Author	SHA1	Message	Date
Matthieu MOREL	e0ebb02443	chore: enable usestdlibvars linter (#20399 )	2024-10-16 07:54:00 -04:00
Matthieu MOREL	1c6ec19a86	fix: use `ErrorContains(t, err` instead of `Contains(t, err.Error()` (#20220 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-10-04 09:36:05 -04:00
Matthieu MOREL	c9ea5b13d2	chore: extend require-error rule from testifylint (#18658 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-06-14 09:15:31 -04:00
Matthieu MOREL	9f1e2e8453	chore: enable gocritic linter (#18633 ) * chore: enable gocritic linter Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update settings.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update app.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update grpcproxy.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update grpcproxy.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update util.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update server.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update app_management_ns_test.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update app_management_test.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update path_traversal.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update sessionmanager.go Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> * Update .golangci.yaml Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com> --------- Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-06-13 15:10:00 -04:00
Matthieu MOREL	7cf5ed06d4	chore: enable gofumpt and whitespace linters (#18567 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-06-11 15:41:55 +00:00
Matthieu MOREL	d7e99224d4	chore: enable errorlint linter on util folder (#18588 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-06-11 10:42:32 -04:00
Matthieu MOREL	32519c70a5	chore: enable error-nil rule from testifylint linter (#18544 ) Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>	2024-06-10 10:38:55 -04:00
Michael Crenshaw	852f744265	fix(api): respect all allowed audiences, regardless of check order (#17876 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2024-04-17 20:42:58 -04:00
Jann Fischer	d11e146ab5	chore: Fix linter issue with session manager (#17597 ) Signed-off-by: jannfis <jann@mistrust.net>	2024-03-22 15:05:18 +00:00
jannfis	d69c61ae1a	Merge pull request from GHSA-6v85-wr92-q4p7 * fix: Fix concurrency issue in session manager Signed-off-by: jannfis <jann@mistrust.net> * Add note that modification to the map must be done in a thread safe manner * chore: fix linter issues Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: jannfis <jann@mistrust.net> Signed-off-by: pashakostohrys <pavel@codefresh.io> Co-authored-by: Dan Garfield <dan@codefresh.io> Co-authored-by: pashakostohrys <pavel@codefresh.io>	2024-03-18 03:59:06 -04:00
pasha-codefresh	6596e088ac	Merge pull request from GHSA-2vgg-9h6w-m454 * feat: pick random user and exclude admin user and current user from deletion candidates Signed-off-by: pashakostohrys <pavel@codefresh.io> * feat: increase default max cache size Signed-off-by: pashakostohrys <pavel@codefresh.io> * add nil protection Signed-off-by: pashakostohrys <pavel@codefresh.io> * Update util/session/sessionmanager.go Signed-off-by: Dan Garfield <dan@codefresh.io> Signed-off-by: Dan Garfield <dan@codefresh.io> * chore: fix linter issues Signed-off-by: pashakostohrys <pavel@codefresh.io> --------- Signed-off-by: pashakostohrys <pavel@codefresh.io> Signed-off-by: Dan Garfield <dan@codefresh.io> Co-authored-by: Dan Garfield <dan@codefresh.io>	2024-03-18 03:58:18 -04:00
Eng Zer Jun	03026997d1	chore: use `t.Setenv` to set env vars in tests (#14377 ) This commit replaces `os.Setenv` with `t.Setenv` in tests. The environment variable is automatically restored to its original value when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.Setenv Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2023-07-06 19:50:08 -04:00
Nolan Emirot	7b74e1993e	chore: update redis client to v9 (#12746 ) * chore: update redis Signed-off-by: emirot <emirot.nolan@gmail.com> * chore: update redis Signed-off-by: emirot <emirot.nolan@gmail.com> * chore: update redis Signed-off-by: emirot <emirot.nolan@gmail.com> --------- Signed-off-by: emirot <emirot.nolan@gmail.com>	2023-03-08 09:42:10 -05:00
Michael Crenshaw	adb4471569	feat(security): require the `aud` claim from OIDC providers by default (#12187 ) Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2023-01-27 21:29:08 +00:00
Michael Crenshaw	b38bc0040b	Merge pull request from GHSA-q9hr-j4rf-8fjc * fix: verify audience claim Co-Authored-By: Vladimir Pouzanov <farcaller@gmail.com> Signed-off-by: CI <350466+crenshaw-dev@users.noreply.github.com> * fix lint Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix handling of expired token error Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * go mod tidy Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * handle single aud claim marshaled as a string Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: CI <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Vladimir Pouzanov <farcaller@gmail.com>	2023-01-25 09:15:03 -05:00
Leonardo Luz Almeida	5a6f969b83	chore: Refactor terminal handler to use auth-middleware (#12052 ) * chore: Refactor terminal handler to use auth-middleware Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * remove context key for now Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * implement unit-tests Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * remove claim valid check for now Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * remove unnecessary test Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * fix lint Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * don't too much details in http response Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * Fix error Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * Fix lint Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * trigger build Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> * builder pattern in terminal feature-flag middleware Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com> Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>	2023-01-24 10:46:36 -05:00
Michael Crenshaw	1ad91259bd	chore: upgrade go-oidc (#11579 ) * chore: upgrade go-oidc Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * take advantage of new error type Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>	2022-12-19 16:31:23 -05:00
Jake	1be1a0475b	feat: add HTTPS to dex server (#9424 ) (#9883 ) * feat: add HTTPS support to dex server (#9424) Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * refactor transports, add v2.5 to docs, other small nits Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * use OIDCTLSConfig in session manager Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * update tls to use os instead of ioutil (but really this is just me trying to get CICD to work) Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * cleanup and nits Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * fix tests after merge Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * fix tests Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com> * nit Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com>	2022-07-13 16:45:35 -04:00
Michael Crenshaw	b515ea789f	test: check for error messages from CI env (#9953 ) test: check for error messages from CI env (#9953) Signed-off-by: CI <michael@crenshaw.dev>	2022-07-12 10:28:05 -07:00
Michael Crenshaw	f223182ddc	Merge pull request from GHSA-7943-82jg-wmw5 * add tests to demonstrate issue Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> more Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> docs Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> settings tests Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> tests for OIDC handlers, consolidating test helpers Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> consolidate Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> consolidate Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> docs Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> * fix log message Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>	2022-07-12 08:46:13 -04:00
Michael Crenshaw	19cfbfd777	fix: respect OIDC providers' supported token signing algorithms (#9433 ) (#9761 ) * fix: respect OIDC providers' supported token signing algorithms (#9433) Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> * go mod tidy Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>	2022-06-22 15:30:47 -04:00
jannfis	a809469d9a	Merge pull request from GHSA-r642-gv9p-2wjj Signed-off-by: jannfis <jann@mistrust.net> Co-authored-by: Michael Crenshaw <michael@crenshaw.dev> Co-authored-by: Michael Crenshaw <michael@crenshaw.dev>	2022-05-18 13:16:21 +02:00
Yuan Tang	d6f3f87c69	chore: Migrate to use golang-jwt/jwt v4.2.0 (#8136 ) chore: Migrate to use golang-jwt/jwt v4.2.0 (#8136) Signed-off-by: Yuan Tang <terrytangyuan@gmail.com>	2022-01-13 13:12:21 -08:00
Leonardo Luz Almeida	7bac2c151a	fix: Inconsistent normalization logic during diff (#7980 ) fix: Inconsistent normalization logic during diff (#7980) Signed-off-by: Leonardo Luz Almeida <leonardo_almeida@intuit.com>	2021-12-22 08:57:48 -08:00
pasha-codefresh	6f794d0dc9	fix: Redis should reconnect on connectivity issue (#7207 ) fix: Redis should reconnect on connectivity issue (#7207) Signed-off-by: pashavictorovich <pavel@codefresh.io>	2021-09-15 09:05:48 -07:00
Alexander Matyushentsev	0e9823efa9	fix: userinfo /v1/session/userinfo should return authenticated=false if token has expired (#6282 ) fix: userinfo /v1/session/userinfo should return authenticated=false if token has expired (#6282) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-05-20 12:58:24 -07:00
Shoubhik Bose	6aee524e0a	chore: compile-time validation of adherence to interface contract (#5850 ) * fix: compile time validation of interface contract Signed-off-by: Shoubhik Bose <shbose@redhat.com> * fix: application specific parameter override is not reflected in application parameters tab (#5845) Signed-off-by: May Zhang <may_zhang@intuit.com> Signed-off-by: Shoubhik Bose <shbose@redhat.com> * chore: compile time resolution Signed-off-by: Shoubhik Bose <shbose@redhat.com> * chore: adherance to contract Signed-off-by: Shoubhik Bose <shbose@redhat.com> * Revert "fix: application specific parameter override is not reflected in application parameters tab (#5845)" This reverts commit `43c8012062`. Signed-off-by: Shoubhik Bose <shbose@redhat.com> Co-authored-by: May Zhang <may_zhang@intuit.com>	2021-04-15 12:45:57 -07:00
jannfis	ae49b45249	chore: Upgrade Go module to v2 (#5931 ) * chore: Upgrade Go module to v2 Signed-off-by: jannfis <jann@mistrust.net> * Restore import order Signed-off-by: jannfis <jann@mistrust.net> * fix knowntypes_normalizer codegen error Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * fix codegen Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * fix Procfile Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-04-01 20:44:18 +02:00
Jay Li	1c15e1845b	fix: Segmentation fault when no 'aud' inside a token (#5735 ) Signed-off-by: Jay Li <xenium_lee@163.com>	2021-03-11 10:26:30 -08:00
Alexander Matyushentsev	0ccd573229	feat: regenerate active users token if it is expiring soon (#5629 ) * feat: regenerate active users token if it is expiring soon Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> * Comment how 'renew-token' header is used Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-03-02 18:24:22 -08:00
Alexander Matyushentsev	6e2ee623f8	feat: support token revocation (#5477 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-02-16 10:33:40 -08:00
kshamajain99	d9e9a9939d	fix: disable jwt claim audience validation #5381 (#5413 ) * fix: disable audience validation Signed-off-by: kshamajain99 <kshamajain99@gmail.com> * update other places Signed-off-by: kshamajain99 <kshamajain99@gmail.com>	2021-02-04 16:38:12 -08:00
Alexander Matyushentsev	85ffe1c4bf	fix: account tokens should be rejected if required capability is disabled (#5414 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-02-04 15:45:49 -08:00
Alexander Matyushentsev	20ed703e03	fix: tokens keep working after account is deactivated (#5402 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-02-03 16:24:36 -08:00
Alexander Matyushentsev	a85f8e89f5	fix: a request which was using a revoked project token, would still be allowed to perform requests allowed by default policy (#5378 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-02-02 15:26:20 -08:00
Alexander Matyushentsev	64e1c3825a	fix: make sure JWT token time fields contain only integer values (#5228 ) Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>	2021-01-11 13:59:34 -08:00
jannfis	b314824e31	chore: Upgrade jwt-go to 4.0.0-preview1 (#5184 ) Signed-off-by: jannfis <jann@mistrust.net>	2021-01-05 19:12:50 +01:00
Liviu Costea	30ffe8de71	refactor(jwt): use typed access to claims (#5075 ) Signed-off-by: Liviu Costea <email.lcostea@gmail.com>	2020-12-22 10:30:12 -08:00
Jonathan West	4c3f97f78a	chore: Add a GitHub action that runs unit tests with -race to CI build (#4774 ) (#4775 ) * chore: Add a GitHub action that runs unit tests with -race to CI build (#4774) Signed-off-by: Jonathan West <jonwest@redhat.com> * chore: Add a GitHub action that runs unit tests with -race to CI build (#4774) Signed-off-by: Jonathan West <jonwest@redhat.com>	2020-11-07 12:57:18 +01:00
Alexander Matyushentsev	a96b476f16	refactor: upgrade gitops-engine version ( breaking API changes related to logr mirgation ) (#4652 )	2020-10-27 14:10:24 -07:00
May Zhang	23ac24bdea	fix: login with apiKey capability (#4557 ) * fix: login with apiKey capability * fix: update based on code review. * fix: update based on code review. * fix: check pws first.	2020-10-14 11:31:35 -07:00
jannfis	bc83719037	chore: Fix complaints of golang-ci lint v1.26.0 (#3673 )	2020-05-30 18:54:14 -07:00
Josh Soref	a724574ede	chore: Spelling (#3647 ) chore: Spelling (#3647)	2020-05-27 10:22:13 -07:00
Phil Gore	8aadc310c9	fix: apply scopes from argocd-rbac-cm to project jwt group searches (#3508 ) * merging changes * apply scopes from argocd-rbac-cm to projects * fixing server merge conflict * passing tests	2020-05-25 09:05:56 +02:00
Alexander Matyushentsev	fe8d47e0ea	feat: move engine code to argoproj/gitops-engine repo (#3599 )	2020-05-15 14:39:29 -07:00
Alexander Matyushentsev	192ee93fc4	feat: Gitops engine (#3066 ) * Move utils packages that are required for gitops engine under engine/pkg/utils package. Following changes were implemented: * util/health package is split into two parts: resource health assessement & resource health assessement and moved into engine/pkg/utils * utils packages moved: Closer and Close method of util package moved into engine/pkg/utils/io package * packages diff, errors, exec, json, kube and tracing moved into engine/pkg/utils * Move single cluster caching into engine/kube/cache package * move sync functionality to engine/kube/sync package * remove dependency on metrics package from engine/pkg/utils/kube/cache * move annotation label definitions into engine/pkg/utils/kube/sync * make sure engine/pkg has no dependencies on other argo-cd packages * allow importing engine as a go module * implement a high-level interface that might be consumed by flux * fix deadlock caused by cluster cache event handler * ClusterCache should return error if requested group kind not found * remove obsolete tests * apply reviewer notes	2020-05-15 10:01:18 -07:00
Alexander Matyushentsev	f5b600d4af	feat: limit the maximum number of concurrent login attempts (#3467 ) * feat: limit the maximum number of concurrent login attempts * unit test rate limiter * address reviewer questions	2020-04-23 12:33:17 -07:00
jannfis	76bacfdea4	fix: Add initial implementation for rate limiting failed logins (#3404 ) * fix: Add initial implementation for rate limiting failed logins * Trigger test build * Remove deprecated code and fix new project tests * move cache related code from sessionmanager to cache access wrapper * avoid using sleep in sessionmanager tests * mention SECONDS in session manager environment variables to make it easier to understand meaning of each variable * Login button should be disabled while user is waiting for login result * prevent timing-based user enumeration attack * reject too many failed attempts; always compute hash and introduce random delay * remove unused constants * fix linter errors Co-authored-by: Alexander Matyushentsev <amatyushentsev@gmail.com>	2020-04-21 11:10:25 -07:00
Alexander Matyushentsev	e5452ff70e	fix: return 401 error code if username does not exist (#3369 )	2020-04-06 11:15:15 +02:00
Alexander Matyushentsev	ac8ac14545	fix: SSO user unable to change local account password (#3297 ) (#3298 ) * fix: SSO user unable to change local account password (#3297) * apply code review notes	2020-03-29 10:35:25 +02:00

1 2

73 Commits