github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-18 05:28:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Introduce support for OIDC workload identity federation (#3711)

Browse Source 
* feat(oidc): introduce support for OIDC workload identity federation

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): add e2e test for bearer OIDC and a kind cluster

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): make OIDC workload identity federation its own feature

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): move errors to the errors package

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): fix race in cel package

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): compile cel expressions

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

---------

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
This commit is contained in:
Matheus Pimenta
2026-01-25 05:03:53 +00:00
committed by GitHub
parent ba3436c57e
commit bf619c570e
25 changed files with 5151 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/cli/server/root_test.go
+6 -3
View File
@@ -48,7 +48,8 @@ func checkAuthLogEntry(logData []byte, message string, expectedEnabled bool) boo
// expectedAuth maps authentication method names to their expected enabled status (true/false).
func verifyAuthenticationLogs(data []byte, expectedAuth map[string]bool) {
authMethods := []string{
"bearer authentication",
"jwt bearer authentication",
"oidc bearer authentication",
"basic authentication (htpasswd)",
"basic authentication (LDAP)",
"basic authentication (API key)",
@@ -2261,7 +2262,8 @@ func TestServeAPIKey(t *testing.T) {
So(string(data), ShouldContainSubstring, "configuration settings")
// verify authentication methods status messages are present
verifyAuthenticationLogs(data, map[string]bool{
"bearer authentication": false,
"jwt bearer authentication": false,
"oidc bearer authentication": false,
"basic authentication (htpasswd)": false,
"basic authentication (LDAP)": false,
"basic authentication (API key)": true,
@@ -2298,7 +2300,8 @@ func TestServeAPIKey(t *testing.T) {
So(string(data), ShouldContainSubstring, "configuration settings")
// verify authentication methods status messages are present
verifyAuthenticationLogs(data, map[string]bool{
"bearer authentication": false,
"jwt bearer authentication": false,
"oidc bearer authentication": false,
"basic authentication (htpasswd)": false,
"basic authentication (LDAP)": false,
"basic authentication (API key)": false,