Mo Khan
Mo Khan
Our v1.22+ CI should assert this by forcing this to be enabled and including all the labels on our namespaces. This should be straightforward for the supervisor because it does...
Fosite misinterprets the CLI's attempt to refresh via the [basic auth header](https://github.com/golang/oauth2/blob/ee480838109b20d468babcb00b7027c82f962065/internal/token.go#L174-L176) to mean that it is actually trying to authenticate as a public client (even though the client secret...
Today, if a user attempts to supply query parameters as part of the TokenReview endpoint, those query parameters are ignored. Once #181540434 is completed and available in the K8s libraries,...
Follow-up from https://github.com/vmware-tanzu/pinniped/issues/820 https://github.com/vmware-tanzu/pinniped/blob/cd686ffdf31ae2a5f7241cd8d3ddf304c0684a19/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go#L121-L123 We will pick up https://github.com/kubernetes/kubernetes/pull/106155 when we bump our deps to v1.24 (assuming we can get it merged). Then we need to update our code to...
From #914 > Only bump github.com/ory/x to v0.0.297 instead of the latest v0.0.321 because v0.0.298+ pulls in a newer version of go.opentelemetry.io/otel/semconv which breaks k8s.io/apiserver. We should update k8s.io/apiserver to...
We give you a new refresh token on every refresh flow. Thus if an attacker steals your refresh token and uses it, they will invalidate your token. We should make...
TODO **Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] **Describe the solution...
Today TCR will give you a certificate that is valid until `end := time.Now() + 5*time.Minute` even if the input token has a expiration time that is before `end`. This...
https://github.com/golang/go/issues/48409 is expected to release in go 1.19 and will allow us to do something like `deployment.spec.template.spec.containers[0]` for the supervisor, concierge and kube-cert-agent deployments: ```yaml env: # reduce OOM likelyhood...