Merge branch 'main' into impersonation-proxy
This commit is contained in:
commit
045c427317
@ -3,7 +3,7 @@
|
||||
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM golang:1.15.8 as build-env
|
||||
FROM golang:1.16.0 as build-env
|
||||
|
||||
WORKDIR /work
|
||||
COPY . .
|
||||
|
10
go.mod
10
go.mod
@ -9,17 +9,15 @@ require (
|
||||
github.com/davecgh/go-spew v1.1.1
|
||||
github.com/go-logr/logr v0.4.0
|
||||
github.com/go-logr/stdr v0.4.0
|
||||
github.com/go-openapi/spec v0.19.9
|
||||
github.com/go-openapi/spec v0.20.3
|
||||
github.com/gofrs/flock v0.8.0
|
||||
github.com/golang/mock v1.4.4
|
||||
github.com/golang/mock v1.5.0
|
||||
github.com/google/go-cmp v0.5.4
|
||||
github.com/google/gofuzz v1.2.0
|
||||
github.com/gorilla/securecookie v1.1.1
|
||||
github.com/kr/text v0.2.0 // indirect
|
||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
|
||||
github.com/oleiade/reflections v1.0.1 // indirect
|
||||
github.com/onsi/ginkgo v1.13.0 // indirect
|
||||
github.com/ory/fosite v0.36.0
|
||||
github.com/ory/fosite v0.38.0
|
||||
github.com/pkg/browser v0.0.0-20201207095918-0426ae3fba23
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/sclevine/agouti v3.0.0+incompatible
|
||||
@ -31,9 +29,7 @@ require (
|
||||
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
|
||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
|
||||
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d // indirect
|
||||
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
|
||||
gopkg.in/square/go-jose.v2 v2.5.1
|
||||
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
|
||||
k8s.io/api v0.20.4
|
||||
k8s.io/apimachinery v0.20.4
|
||||
k8s.io/apiserver v0.20.4
|
||||
|
33
go.sum
33
go.sum
@ -216,16 +216,20 @@ github.com/go-logr/stdr v0.4.0/go.mod h1:NO1vneyJDqKVgJYnxhwXWWmQPOvNM391IG3H8ql
|
||||
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
|
||||
github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
|
||||
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
|
||||
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
|
||||
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||
github.com/go-openapi/jsonreference v0.19.4 h1:3Vw+rh13uq2JFNxgnMTGE1rnoieU9FmyE1gvnyylsYg=
|
||||
github.com/go-openapi/jsonreference v0.19.4/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
|
||||
github.com/go-openapi/jsonreference v0.19.5 h1:1WJP/wi4OjB4iV8KVbH73rQaoialJrqv8gitZLxGLtM=
|
||||
github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg=
|
||||
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
|
||||
github.com/go-openapi/spec v0.19.9 h1:9z9cbFuZJ7AcvOHKIY+f6Aevb4vObNDkTEyoMfO7rAc=
|
||||
github.com/go-openapi/spec v0.19.9/go.mod h1:vqK/dIdLGCosfvYsQV3WfC7N3TiZSnGY2RZKoFK7X28=
|
||||
github.com/go-openapi/spec v0.20.3 h1:uH9RQ6vdyPSs2pSy9fL8QPspDF2AMIMPtmK5coSSjtQ=
|
||||
github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg=
|
||||
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
|
||||
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng=
|
||||
github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
|
||||
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
|
||||
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
|
||||
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
|
||||
@ -486,8 +490,9 @@ github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFU
|
||||
github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
|
||||
github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
|
||||
github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
|
||||
github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc=
|
||||
github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
|
||||
github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g=
|
||||
github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
@ -635,6 +640,8 @@ github.com/joho/godotenv v1.2.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqx
|
||||
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
|
||||
github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo=
|
||||
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
|
||||
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
|
||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
||||
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
|
||||
@ -688,6 +695,8 @@ github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
|
||||
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
|
||||
github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
|
||||
github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
|
||||
github.com/markbates/deplist v1.0.4/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
|
||||
github.com/markbates/deplist v1.0.5/go.mod h1:gRRbPbbuA8TmMiRvaOzUlRfzfjeCCBqX2A6arxN01MM=
|
||||
github.com/markbates/deplist v1.1.3/go.mod h1:BF7ioVzAJYEtzQN/os4rt8H8Ti3h0T7EoN+7eyALktE=
|
||||
@ -809,8 +818,8 @@ github.com/ory/analytics-go/v4 v4.0.0/go.mod h1:FMx9cLRD9xN+XevPvZ5FDMfignpmcqPP
|
||||
github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs=
|
||||
github.com/ory/dockertest/v3 v3.5.4/go.mod h1:J8ZUbNB2FOhm1cFZW9xBpDsODqsSWcyYgtJYVPcnF70=
|
||||
github.com/ory/fosite v0.29.0/go.mod h1:0atSZmXO7CAcs6NPMI/Qtot8tmZYj04Nddoold4S2h0=
|
||||
github.com/ory/fosite v0.36.0 h1:6XGd9sE0h/y6XJx3L3iRm/UFPHVEnARQch0YFxvxziQ=
|
||||
github.com/ory/fosite v0.36.0/go.mod h1:NE15bS1ya8E4J8VmminFY+nsZdoBQu+5/vGF2ELvDsY=
|
||||
github.com/ory/fosite v0.38.0 h1:4y+IurqBAu/Gf0NlW47gabRJZyYIqda+OFHMx5fsy6Q=
|
||||
github.com/ory/fosite v0.38.0/go.mod h1:37r59qkOSPueYKmaA7EHiXrDMF1B+XPN+MgkZgTRg3Y=
|
||||
github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90/go.mod h1:sxnvPCxChFuSmTJGj8FdMupeq1BezCiEpDjTUXQ4hf4=
|
||||
github.com/ory/go-acc v0.2.5 h1:31irXHzG2vnKQSE4weJm7AdfrnpaVjVCq3nD7viXCJE=
|
||||
github.com/ory/go-acc v0.2.5/go.mod h1:4Kb/UnPcT8qRAk3IAxta+hvVapdxTLWtrr7bFLlEgpw=
|
||||
@ -1083,8 +1092,8 @@ golang.org/x/crypto v0.0.0-20200320181102-891825fb96df/go.mod h1:LzIPMQfyMNhhGPh
|
||||
golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 h1:3wPMTskHO3+O6jqTEXyFcsnuxMQOqYSaHsDxcbUXpqA=
|
||||
golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
@ -1171,6 +1180,8 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
|
||||
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20181003184128-c57b0facaced/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@ -1257,8 +1268,12 @@ golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201112073958-5cba982894dd h1:5CtCZbICpIOFdgO940moixOPjc0178IU44m4EjOO5IY=
|
||||
golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@ -1266,6 +1281,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
|
||||
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
|
||||
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
|
52
internal/controller/issuerconfig/update_strategy.go
Normal file
52
internal/controller/issuerconfig/update_strategy.go
Normal file
@ -0,0 +1,52 @@
|
||||
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package issuerconfig
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sort"
|
||||
|
||||
"go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
"go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||
)
|
||||
|
||||
// UpdateStrategy creates or updates the desired strategy in the CredentialIssuer status.strategies field.
|
||||
// The CredentialIssuer will be created if it does not already exist.
|
||||
func UpdateStrategy(ctx context.Context,
|
||||
name string,
|
||||
credentialIssuerLabels map[string]string,
|
||||
pinnipedAPIClient versioned.Interface,
|
||||
strategy v1alpha1.CredentialIssuerStrategy,
|
||||
) error {
|
||||
return CreateOrUpdateCredentialIssuerStatus(
|
||||
ctx,
|
||||
name,
|
||||
credentialIssuerLabels,
|
||||
pinnipedAPIClient,
|
||||
func(configToUpdate *v1alpha1.CredentialIssuerStatus) { mergeStrategy(configToUpdate, strategy) },
|
||||
)
|
||||
}
|
||||
|
||||
func mergeStrategy(configToUpdate *v1alpha1.CredentialIssuerStatus, strategy v1alpha1.CredentialIssuerStrategy) {
|
||||
var existing *v1alpha1.CredentialIssuerStrategy
|
||||
for i := range configToUpdate.Strategies {
|
||||
if configToUpdate.Strategies[i].Type == strategy.Type {
|
||||
existing = &configToUpdate.Strategies[i]
|
||||
break
|
||||
}
|
||||
}
|
||||
if existing != nil {
|
||||
strategy.DeepCopyInto(existing)
|
||||
} else {
|
||||
configToUpdate.Strategies = append(configToUpdate.Strategies, strategy)
|
||||
}
|
||||
sort.Stable(sortableStrategies(configToUpdate.Strategies))
|
||||
}
|
||||
|
||||
// TODO: sort strategies by server preference rather than alphanumerically by type.
|
||||
type sortableStrategies []v1alpha1.CredentialIssuerStrategy
|
||||
|
||||
func (s sortableStrategies) Len() int { return len(s) }
|
||||
func (s sortableStrategies) Less(i, j int) bool { return s[i].Type < s[j].Type }
|
||||
func (s sortableStrategies) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
|
145
internal/controller/issuerconfig/update_strategy_test.go
Normal file
145
internal/controller/issuerconfig/update_strategy_test.go
Normal file
@ -0,0 +1,145 @@
|
||||
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package issuerconfig
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
"go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
)
|
||||
|
||||
func TestMergeStrategy(t *testing.T) {
|
||||
t1 := metav1.Now()
|
||||
t2 := metav1.NewTime(metav1.Now().Add(-1 * time.Hour))
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
configToUpdate v1alpha1.CredentialIssuerStatus
|
||||
strategy v1alpha1.CredentialIssuerStrategy
|
||||
expected v1alpha1.CredentialIssuerStatus
|
||||
}{
|
||||
{
|
||||
name: "new entry",
|
||||
configToUpdate: v1alpha1.CredentialIssuerStatus{
|
||||
Strategies: nil,
|
||||
},
|
||||
strategy: v1alpha1.CredentialIssuerStrategy{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.SuccessStrategyStatus,
|
||||
Reason: "some reason",
|
||||
Message: "some message",
|
||||
LastUpdateTime: t1,
|
||||
},
|
||||
expected: v1alpha1.CredentialIssuerStatus{
|
||||
Strategies: []v1alpha1.CredentialIssuerStrategy{
|
||||
{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.SuccessStrategyStatus,
|
||||
Reason: "some reason",
|
||||
Message: "some message",
|
||||
LastUpdateTime: t1,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "existing entry to update",
|
||||
configToUpdate: v1alpha1.CredentialIssuerStatus{
|
||||
Strategies: []v1alpha1.CredentialIssuerStrategy{
|
||||
{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.ErrorStrategyStatus,
|
||||
Reason: "some starting reason",
|
||||
Message: "some starting message",
|
||||
LastUpdateTime: t2,
|
||||
},
|
||||
},
|
||||
},
|
||||
strategy: v1alpha1.CredentialIssuerStrategy{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.SuccessStrategyStatus,
|
||||
Reason: "some reason",
|
||||
Message: "some message",
|
||||
LastUpdateTime: t1,
|
||||
},
|
||||
expected: v1alpha1.CredentialIssuerStatus{
|
||||
Strategies: []v1alpha1.CredentialIssuerStrategy{
|
||||
{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.SuccessStrategyStatus,
|
||||
Reason: "some reason",
|
||||
Message: "some message",
|
||||
LastUpdateTime: t1,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "new entry among others",
|
||||
configToUpdate: v1alpha1.CredentialIssuerStatus{
|
||||
Strategies: []v1alpha1.CredentialIssuerStrategy{
|
||||
{
|
||||
Type: "Type0",
|
||||
Status: v1alpha1.ErrorStrategyStatus,
|
||||
Reason: "some starting reason 0",
|
||||
Message: "some starting message 0",
|
||||
LastUpdateTime: t2,
|
||||
},
|
||||
{
|
||||
Type: "Type2",
|
||||
Status: v1alpha1.ErrorStrategyStatus,
|
||||
Reason: "some starting reason 0",
|
||||
Message: "some starting message 0",
|
||||
LastUpdateTime: t2,
|
||||
},
|
||||
},
|
||||
},
|
||||
strategy: v1alpha1.CredentialIssuerStrategy{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.SuccessStrategyStatus,
|
||||
Reason: "some reason",
|
||||
Message: "some message",
|
||||
LastUpdateTime: t1,
|
||||
},
|
||||
expected: v1alpha1.CredentialIssuerStatus{
|
||||
Strategies: []v1alpha1.CredentialIssuerStrategy{
|
||||
{
|
||||
Type: "Type0",
|
||||
Status: v1alpha1.ErrorStrategyStatus,
|
||||
Reason: "some starting reason 0",
|
||||
Message: "some starting message 0",
|
||||
LastUpdateTime: t2,
|
||||
},
|
||||
// Expect the Type1 entry to be sorted alphanumerically between the existing entries.
|
||||
{
|
||||
Type: "Type1",
|
||||
Status: v1alpha1.SuccessStrategyStatus,
|
||||
Reason: "some reason",
|
||||
Message: "some message",
|
||||
LastUpdateTime: t1,
|
||||
},
|
||||
{
|
||||
Type: "Type2",
|
||||
Status: v1alpha1.ErrorStrategyStatus,
|
||||
Reason: "some starting reason 0",
|
||||
Message: "some starting message 0",
|
||||
LastUpdateTime: t2,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
updated := tt.configToUpdate.DeepCopy()
|
||||
mergeStrategy(updated, tt.strategy)
|
||||
require.Equal(t, &tt.expected, updated)
|
||||
})
|
||||
}
|
||||
}
|
@ -18,6 +18,7 @@ import (
|
||||
|
||||
pinnipedclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||
pinnipedcontroller "go.pinniped.dev/internal/controller"
|
||||
"go.pinniped.dev/internal/controller/issuerconfig"
|
||||
"go.pinniped.dev/internal/controllerlib"
|
||||
"go.pinniped.dev/internal/plog"
|
||||
)
|
||||
@ -121,7 +122,13 @@ func (c *annotaterController) Sync(ctx controllerlib.Context) error {
|
||||
keyPath,
|
||||
); err != nil {
|
||||
err = fmt.Errorf("cannot update agent pod: %w", err)
|
||||
strategyResultUpdateErr := createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, err)
|
||||
strategyResultUpdateErr := issuerconfig.UpdateStrategy(
|
||||
ctx.Context,
|
||||
c.credentialIssuerLocationConfig.Name,
|
||||
nil,
|
||||
c.pinnipedAPIClient,
|
||||
strategyError(c.clock, err),
|
||||
)
|
||||
if strategyResultUpdateErr != nil {
|
||||
// If the CI update fails, then we probably want to try again. This controller will get
|
||||
// called again because of the pod create failure, so just try the CI update again then.
|
||||
|
@ -17,6 +17,7 @@ import (
|
||||
pinnipedclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||
"go.pinniped.dev/internal/constable"
|
||||
pinnipedcontroller "go.pinniped.dev/internal/controller"
|
||||
"go.pinniped.dev/internal/controller/issuerconfig"
|
||||
"go.pinniped.dev/internal/controllerlib"
|
||||
"go.pinniped.dev/internal/plog"
|
||||
)
|
||||
@ -96,13 +97,12 @@ func (c *createrController) Sync(ctx controllerlib.Context) error {
|
||||
if len(controllerManagerPods) == 0 {
|
||||
// If there are no controller manager pods, we alert the user that we can't find the keypair via
|
||||
// the CredentialIssuer.
|
||||
return createOrUpdateCredentialIssuer(
|
||||
return issuerconfig.UpdateStrategy(
|
||||
ctx.Context,
|
||||
*c.credentialIssuerLocationConfig,
|
||||
c.credentialIssuerLocationConfig.Name,
|
||||
c.credentialIssuerLabels,
|
||||
c.clock,
|
||||
c.pinnipedAPIClient,
|
||||
constable.Error("did not find kube-controller-manager pod(s)"),
|
||||
strategyError(c.clock, constable.Error("did not find kube-controller-manager pod(s)")),
|
||||
)
|
||||
}
|
||||
|
||||
@ -131,13 +131,12 @@ func (c *createrController) Sync(ctx controllerlib.Context) error {
|
||||
Create(ctx.Context, agentPod, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
err = fmt.Errorf("cannot create agent pod: %w", err)
|
||||
strategyResultUpdateErr := createOrUpdateCredentialIssuer(
|
||||
strategyResultUpdateErr := issuerconfig.UpdateStrategy(
|
||||
ctx.Context,
|
||||
*c.credentialIssuerLocationConfig,
|
||||
c.credentialIssuerLocationConfig.Name,
|
||||
c.credentialIssuerLabels,
|
||||
c.clock,
|
||||
c.pinnipedAPIClient,
|
||||
err,
|
||||
strategyError(c.clock, err),
|
||||
)
|
||||
if strategyResultUpdateErr != nil {
|
||||
// If the CI update fails, then we probably want to try again. This controller will get
|
||||
|
@ -14,6 +14,7 @@ import (
|
||||
|
||||
pinnipedclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||
pinnipedcontroller "go.pinniped.dev/internal/controller"
|
||||
"go.pinniped.dev/internal/controller/issuerconfig"
|
||||
"go.pinniped.dev/internal/controllerlib"
|
||||
"go.pinniped.dev/internal/dynamiccert"
|
||||
)
|
||||
@ -87,21 +88,39 @@ func (c *execerController) Sync(ctx controllerlib.Context) error {
|
||||
|
||||
certPEM, err := c.podCommandExecutor.Exec(agentPod.Namespace, agentPod.Name, "cat", certPath)
|
||||
if err != nil {
|
||||
strategyResultUpdateErr := createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, err)
|
||||
strategyResultUpdateErr := issuerconfig.UpdateStrategy(
|
||||
ctx.Context,
|
||||
c.credentialIssuerLocationConfig.Name,
|
||||
nil,
|
||||
c.pinnipedAPIClient,
|
||||
strategyError(c.clock, err),
|
||||
)
|
||||
klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuer with strategy success")
|
||||
return err
|
||||
}
|
||||
|
||||
keyPEM, err := c.podCommandExecutor.Exec(agentPod.Namespace, agentPod.Name, "cat", keyPath)
|
||||
if err != nil {
|
||||
strategyResultUpdateErr := createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, err)
|
||||
strategyResultUpdateErr := issuerconfig.UpdateStrategy(
|
||||
ctx.Context,
|
||||
c.credentialIssuerLocationConfig.Name,
|
||||
nil,
|
||||
c.pinnipedAPIClient,
|
||||
strategyError(c.clock, err),
|
||||
)
|
||||
klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuer with strategy success")
|
||||
return err
|
||||
}
|
||||
|
||||
c.dynamicCertProvider.Set([]byte(certPEM), []byte(keyPEM))
|
||||
|
||||
err = createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, nil)
|
||||
err = issuerconfig.UpdateStrategy(
|
||||
ctx.Context,
|
||||
c.credentialIssuerLocationConfig.Name,
|
||||
nil,
|
||||
c.pinnipedAPIClient,
|
||||
strategySuccess(c.clock),
|
||||
)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -10,7 +10,6 @@
|
||||
package kubecertagent
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"hash/fnv"
|
||||
@ -25,8 +24,6 @@ import (
|
||||
corev1informers "k8s.io/client-go/informers/core/v1"
|
||||
|
||||
configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
|
||||
pinnipedclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned"
|
||||
"go.pinniped.dev/internal/controller/issuerconfig"
|
||||
"go.pinniped.dev/internal/plog"
|
||||
)
|
||||
|
||||
@ -280,32 +277,6 @@ func findControllerManagerPodForSpecificAgentPod(
|
||||
return maybeControllerManagerPod, nil
|
||||
}
|
||||
|
||||
func createOrUpdateCredentialIssuer(ctx context.Context,
|
||||
ciConfig CredentialIssuerLocationConfig,
|
||||
credentialIssuerLabels map[string]string,
|
||||
clock clock.Clock,
|
||||
pinnipedAPIClient pinnipedclientset.Interface,
|
||||
err error,
|
||||
) error {
|
||||
return issuerconfig.CreateOrUpdateCredentialIssuerStatus(
|
||||
ctx,
|
||||
ciConfig.Name,
|
||||
credentialIssuerLabels,
|
||||
pinnipedAPIClient,
|
||||
func(configToUpdate *configv1alpha1.CredentialIssuerStatus) {
|
||||
var strategyResult configv1alpha1.CredentialIssuerStrategy
|
||||
if err == nil {
|
||||
strategyResult = strategySuccess(clock)
|
||||
} else {
|
||||
strategyResult = strategyError(clock, err)
|
||||
}
|
||||
configToUpdate.Strategies = []configv1alpha1.CredentialIssuerStrategy{
|
||||
strategyResult,
|
||||
}
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
func strategySuccess(clock clock.Clock) configv1alpha1.CredentialIssuerStrategy {
|
||||
return configv1alpha1.CredentialIssuerStrategy{
|
||||
Type: configv1alpha1.KubeClusterSigningCertificateStrategyType,
|
||||
|
@ -15,35 +15,34 @@ import (
|
||||
time "time"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
user "k8s.io/apiserver/pkg/authentication/user"
|
||||
|
||||
login "go.pinniped.dev/generated/latest/apis/concierge/login"
|
||||
user "k8s.io/apiserver/pkg/authentication/user"
|
||||
)
|
||||
|
||||
// MockCertIssuer is a mock of CertIssuer interface
|
||||
// MockCertIssuer is a mock of CertIssuer interface.
|
||||
type MockCertIssuer struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockCertIssuerMockRecorder
|
||||
}
|
||||
|
||||
// MockCertIssuerMockRecorder is the mock recorder for MockCertIssuer
|
||||
// MockCertIssuerMockRecorder is the mock recorder for MockCertIssuer.
|
||||
type MockCertIssuerMockRecorder struct {
|
||||
mock *MockCertIssuer
|
||||
}
|
||||
|
||||
// NewMockCertIssuer creates a new mock instance
|
||||
// NewMockCertIssuer creates a new mock instance.
|
||||
func NewMockCertIssuer(ctrl *gomock.Controller) *MockCertIssuer {
|
||||
mock := &MockCertIssuer{ctrl: ctrl}
|
||||
mock.recorder = &MockCertIssuerMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockCertIssuer) EXPECT() *MockCertIssuerMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// IssuePEM mocks base method
|
||||
// IssuePEM mocks base method.
|
||||
func (m *MockCertIssuer) IssuePEM(arg0 pkix.Name, arg1 []string, arg2 time.Duration) ([]byte, []byte, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "IssuePEM", arg0, arg1, arg2)
|
||||
@ -53,36 +52,36 @@ func (m *MockCertIssuer) IssuePEM(arg0 pkix.Name, arg1 []string, arg2 time.Durat
|
||||
return ret0, ret1, ret2
|
||||
}
|
||||
|
||||
// IssuePEM indicates an expected call of IssuePEM
|
||||
// IssuePEM indicates an expected call of IssuePEM.
|
||||
func (mr *MockCertIssuerMockRecorder) IssuePEM(arg0, arg1, arg2 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IssuePEM", reflect.TypeOf((*MockCertIssuer)(nil).IssuePEM), arg0, arg1, arg2)
|
||||
}
|
||||
|
||||
// MockTokenCredentialRequestAuthenticator is a mock of TokenCredentialRequestAuthenticator interface
|
||||
// MockTokenCredentialRequestAuthenticator is a mock of TokenCredentialRequestAuthenticator interface.
|
||||
type MockTokenCredentialRequestAuthenticator struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockTokenCredentialRequestAuthenticatorMockRecorder
|
||||
}
|
||||
|
||||
// MockTokenCredentialRequestAuthenticatorMockRecorder is the mock recorder for MockTokenCredentialRequestAuthenticator
|
||||
// MockTokenCredentialRequestAuthenticatorMockRecorder is the mock recorder for MockTokenCredentialRequestAuthenticator.
|
||||
type MockTokenCredentialRequestAuthenticatorMockRecorder struct {
|
||||
mock *MockTokenCredentialRequestAuthenticator
|
||||
}
|
||||
|
||||
// NewMockTokenCredentialRequestAuthenticator creates a new mock instance
|
||||
// NewMockTokenCredentialRequestAuthenticator creates a new mock instance.
|
||||
func NewMockTokenCredentialRequestAuthenticator(ctrl *gomock.Controller) *MockTokenCredentialRequestAuthenticator {
|
||||
mock := &MockTokenCredentialRequestAuthenticator{ctrl: ctrl}
|
||||
mock.recorder = &MockTokenCredentialRequestAuthenticatorMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockTokenCredentialRequestAuthenticator) EXPECT() *MockTokenCredentialRequestAuthenticatorMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// AuthenticateTokenCredentialRequest mocks base method
|
||||
// AuthenticateTokenCredentialRequest mocks base method.
|
||||
func (m *MockTokenCredentialRequestAuthenticator) AuthenticateTokenCredentialRequest(arg0 context.Context, arg1 *login.TokenCredentialRequest) (user.Info, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "AuthenticateTokenCredentialRequest", arg0, arg1)
|
||||
@ -91,7 +90,7 @@ func (m *MockTokenCredentialRequestAuthenticator) AuthenticateTokenCredentialReq
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// AuthenticateTokenCredentialRequest indicates an expected call of AuthenticateTokenCredentialRequest
|
||||
// AuthenticateTokenCredentialRequest indicates an expected call of AuthenticateTokenCredentialRequest.
|
||||
func (mr *MockTokenCredentialRequestAuthenticatorMockRecorder) AuthenticateTokenCredentialRequest(arg0, arg1 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthenticateTokenCredentialRequest", reflect.TypeOf((*MockTokenCredentialRequestAuthenticator)(nil).AuthenticateTokenCredentialRequest), arg0, arg1)
|
||||
|
@ -1,43 +1,44 @@
|
||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
//
|
||||
|
||||
// Code generated by MockGen. DO NOT EDIT.
|
||||
// Source: github.com/coreos/go-oidc (interfaces: KeySet)
|
||||
// Source: github.com/coreos/go-oidc/v3/oidc (interfaces: KeySet)
|
||||
|
||||
// Package mockkeyset is a generated GoMock package.
|
||||
package mockkeyset
|
||||
|
||||
import (
|
||||
context "context"
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
// MockKeySet is a mock of KeySet interface
|
||||
// MockKeySet is a mock of KeySet interface.
|
||||
type MockKeySet struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockKeySetMockRecorder
|
||||
}
|
||||
|
||||
// MockKeySetMockRecorder is the mock recorder for MockKeySet
|
||||
// MockKeySetMockRecorder is the mock recorder for MockKeySet.
|
||||
type MockKeySetMockRecorder struct {
|
||||
mock *MockKeySet
|
||||
}
|
||||
|
||||
// NewMockKeySet creates a new mock instance
|
||||
// NewMockKeySet creates a new mock instance.
|
||||
func NewMockKeySet(ctrl *gomock.Controller) *MockKeySet {
|
||||
mock := &MockKeySet{ctrl: ctrl}
|
||||
mock.recorder = &MockKeySetMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockKeySet) EXPECT() *MockKeySetMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// VerifySignature mocks base method
|
||||
// VerifySignature mocks base method.
|
||||
func (m *MockKeySet) VerifySignature(arg0 context.Context, arg1 string) ([]byte, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "VerifySignature", arg0, arg1)
|
||||
@ -46,7 +47,7 @@ func (m *MockKeySet) VerifySignature(arg0 context.Context, arg1 string) ([]byte,
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// VerifySignature indicates an expected call of VerifySignature
|
||||
// VerifySignature indicates an expected call of VerifySignature.
|
||||
func (mr *MockKeySetMockRecorder) VerifySignature(arg0, arg1 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "VerifySignature", reflect.TypeOf((*MockKeySet)(nil).VerifySignature), arg0, arg1)
|
||||
|
@ -12,36 +12,35 @@ import (
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
v1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
v10 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
v1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
|
||||
)
|
||||
|
||||
// MockSecretHelper is a mock of SecretHelper interface
|
||||
// MockSecretHelper is a mock of SecretHelper interface.
|
||||
type MockSecretHelper struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockSecretHelperMockRecorder
|
||||
}
|
||||
|
||||
// MockSecretHelperMockRecorder is the mock recorder for MockSecretHelper
|
||||
// MockSecretHelperMockRecorder is the mock recorder for MockSecretHelper.
|
||||
type MockSecretHelperMockRecorder struct {
|
||||
mock *MockSecretHelper
|
||||
}
|
||||
|
||||
// NewMockSecretHelper creates a new mock instance
|
||||
// NewMockSecretHelper creates a new mock instance.
|
||||
func NewMockSecretHelper(ctrl *gomock.Controller) *MockSecretHelper {
|
||||
mock := &MockSecretHelper{ctrl: ctrl}
|
||||
mock.recorder = &MockSecretHelperMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockSecretHelper) EXPECT() *MockSecretHelperMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// Generate mocks base method
|
||||
// Generate mocks base method.
|
||||
func (m *MockSecretHelper) Generate(arg0 *v1alpha1.FederationDomain) (*v1.Secret, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "Generate", arg0)
|
||||
@ -50,13 +49,13 @@ func (m *MockSecretHelper) Generate(arg0 *v1alpha1.FederationDomain) (*v1.Secret
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// Generate indicates an expected call of Generate
|
||||
// Generate indicates an expected call of Generate.
|
||||
func (mr *MockSecretHelperMockRecorder) Generate(arg0 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Generate", reflect.TypeOf((*MockSecretHelper)(nil).Generate), arg0)
|
||||
}
|
||||
|
||||
// Handles mocks base method
|
||||
// Handles mocks base method.
|
||||
func (m *MockSecretHelper) Handles(arg0 v10.Object) bool {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "Handles", arg0)
|
||||
@ -64,13 +63,13 @@ func (m *MockSecretHelper) Handles(arg0 v10.Object) bool {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// Handles indicates an expected call of Handles
|
||||
// Handles indicates an expected call of Handles.
|
||||
func (mr *MockSecretHelperMockRecorder) Handles(arg0 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Handles", reflect.TypeOf((*MockSecretHelper)(nil).Handles), arg0)
|
||||
}
|
||||
|
||||
// IsValid mocks base method
|
||||
// IsValid mocks base method.
|
||||
func (m *MockSecretHelper) IsValid(arg0 *v1alpha1.FederationDomain, arg1 *v1.Secret) bool {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "IsValid", arg0, arg1)
|
||||
@ -78,13 +77,13 @@ func (m *MockSecretHelper) IsValid(arg0 *v1alpha1.FederationDomain, arg1 *v1.Sec
|
||||
return ret0
|
||||
}
|
||||
|
||||
// IsValid indicates an expected call of IsValid
|
||||
// IsValid indicates an expected call of IsValid.
|
||||
func (mr *MockSecretHelperMockRecorder) IsValid(arg0, arg1 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsValid", reflect.TypeOf((*MockSecretHelper)(nil).IsValid), arg0, arg1)
|
||||
}
|
||||
|
||||
// NamePrefix mocks base method
|
||||
// NamePrefix mocks base method.
|
||||
func (m *MockSecretHelper) NamePrefix() string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "NamePrefix")
|
||||
@ -92,13 +91,13 @@ func (m *MockSecretHelper) NamePrefix() string {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// NamePrefix indicates an expected call of NamePrefix
|
||||
// NamePrefix indicates an expected call of NamePrefix.
|
||||
func (mr *MockSecretHelperMockRecorder) NamePrefix() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NamePrefix", reflect.TypeOf((*MockSecretHelper)(nil).NamePrefix))
|
||||
}
|
||||
|
||||
// ObserveActiveSecretAndUpdateParentFederationDomain mocks base method
|
||||
// ObserveActiveSecretAndUpdateParentFederationDomain mocks base method.
|
||||
func (m *MockSecretHelper) ObserveActiveSecretAndUpdateParentFederationDomain(arg0 *v1alpha1.FederationDomain, arg1 *v1.Secret) *v1alpha1.FederationDomain {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "ObserveActiveSecretAndUpdateParentFederationDomain", arg0, arg1)
|
||||
@ -106,7 +105,7 @@ func (m *MockSecretHelper) ObserveActiveSecretAndUpdateParentFederationDomain(ar
|
||||
return ret0
|
||||
}
|
||||
|
||||
// ObserveActiveSecretAndUpdateParentFederationDomain indicates an expected call of ObserveActiveSecretAndUpdateParentFederationDomain
|
||||
// ObserveActiveSecretAndUpdateParentFederationDomain indicates an expected call of ObserveActiveSecretAndUpdateParentFederationDomain.
|
||||
func (mr *MockSecretHelperMockRecorder) ObserveActiveSecretAndUpdateParentFederationDomain(arg0, arg1 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ObserveActiveSecretAndUpdateParentFederationDomain", reflect.TypeOf((*MockSecretHelper)(nil).ObserveActiveSecretAndUpdateParentFederationDomain), arg0, arg1)
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
//
|
||||
|
||||
@ -10,35 +10,36 @@ package mocktokenauthenticator
|
||||
|
||||
import (
|
||||
context "context"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
authenticator "k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
reflect "reflect"
|
||||
)
|
||||
|
||||
// MockToken is a mock of Token interface
|
||||
// MockToken is a mock of Token interface.
|
||||
type MockToken struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockTokenMockRecorder
|
||||
}
|
||||
|
||||
// MockTokenMockRecorder is the mock recorder for MockToken
|
||||
// MockTokenMockRecorder is the mock recorder for MockToken.
|
||||
type MockTokenMockRecorder struct {
|
||||
mock *MockToken
|
||||
}
|
||||
|
||||
// NewMockToken creates a new mock instance
|
||||
// NewMockToken creates a new mock instance.
|
||||
func NewMockToken(ctrl *gomock.Controller) *MockToken {
|
||||
mock := &MockToken{ctrl: ctrl}
|
||||
mock.recorder = &MockTokenMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockToken) EXPECT() *MockTokenMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// AuthenticateToken mocks base method
|
||||
// AuthenticateToken mocks base method.
|
||||
func (m *MockToken) AuthenticateToken(arg0 context.Context, arg1 string) (*authenticator.Response, bool, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "AuthenticateToken", arg0, arg1)
|
||||
@ -48,7 +49,7 @@ func (m *MockToken) AuthenticateToken(arg0 context.Context, arg1 string) (*authe
|
||||
return ret0, ret1, ret2
|
||||
}
|
||||
|
||||
// AuthenticateToken indicates an expected call of AuthenticateToken
|
||||
// AuthenticateToken indicates an expected call of AuthenticateToken.
|
||||
func (mr *MockTokenMockRecorder) AuthenticateToken(arg0, arg1 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthenticateToken", reflect.TypeOf((*MockToken)(nil).AuthenticateToken), arg0, arg1)
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
//
|
||||
|
||||
@ -10,35 +10,36 @@ package mocktokenauthenticatorcloser
|
||||
|
||||
import (
|
||||
context "context"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
authenticator "k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
reflect "reflect"
|
||||
)
|
||||
|
||||
// MockTokenAuthenticatorCloser is a mock of TokenAuthenticatorCloser interface
|
||||
// MockTokenAuthenticatorCloser is a mock of TokenAuthenticatorCloser interface.
|
||||
type MockTokenAuthenticatorCloser struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockTokenAuthenticatorCloserMockRecorder
|
||||
}
|
||||
|
||||
// MockTokenAuthenticatorCloserMockRecorder is the mock recorder for MockTokenAuthenticatorCloser
|
||||
// MockTokenAuthenticatorCloserMockRecorder is the mock recorder for MockTokenAuthenticatorCloser.
|
||||
type MockTokenAuthenticatorCloserMockRecorder struct {
|
||||
mock *MockTokenAuthenticatorCloser
|
||||
}
|
||||
|
||||
// NewMockTokenAuthenticatorCloser creates a new mock instance
|
||||
// NewMockTokenAuthenticatorCloser creates a new mock instance.
|
||||
func NewMockTokenAuthenticatorCloser(ctrl *gomock.Controller) *MockTokenAuthenticatorCloser {
|
||||
mock := &MockTokenAuthenticatorCloser{ctrl: ctrl}
|
||||
mock.recorder = &MockTokenAuthenticatorCloserMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockTokenAuthenticatorCloser) EXPECT() *MockTokenAuthenticatorCloserMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// AuthenticateToken mocks base method
|
||||
// AuthenticateToken mocks base method.
|
||||
func (m *MockTokenAuthenticatorCloser) AuthenticateToken(arg0 context.Context, arg1 string) (*authenticator.Response, bool, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "AuthenticateToken", arg0, arg1)
|
||||
@ -48,19 +49,19 @@ func (m *MockTokenAuthenticatorCloser) AuthenticateToken(arg0 context.Context, a
|
||||
return ret0, ret1, ret2
|
||||
}
|
||||
|
||||
// AuthenticateToken indicates an expected call of AuthenticateToken
|
||||
// AuthenticateToken indicates an expected call of AuthenticateToken.
|
||||
func (mr *MockTokenAuthenticatorCloserMockRecorder) AuthenticateToken(arg0, arg1 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthenticateToken", reflect.TypeOf((*MockTokenAuthenticatorCloser)(nil).AuthenticateToken), arg0, arg1)
|
||||
}
|
||||
|
||||
// Close mocks base method
|
||||
// Close mocks base method.
|
||||
func (m *MockTokenAuthenticatorCloser) Close() {
|
||||
m.ctrl.T.Helper()
|
||||
m.ctrl.Call(m, "Close")
|
||||
}
|
||||
|
||||
// Close indicates an expected call of Close
|
||||
// Close indicates an expected call of Close.
|
||||
func (mr *MockTokenAuthenticatorCloserMockRecorder) Close() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Close", reflect.TypeOf((*MockTokenAuthenticatorCloser)(nil).Close))
|
||||
|
@ -1,4 +1,4 @@
|
||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
//
|
||||
|
||||
@ -10,39 +10,40 @@ package mockupstreamoidcidentityprovider
|
||||
|
||||
import (
|
||||
context "context"
|
||||
url "net/url"
|
||||
reflect "reflect"
|
||||
|
||||
gomock "github.com/golang/mock/gomock"
|
||||
nonce "go.pinniped.dev/pkg/oidcclient/nonce"
|
||||
oidctypes "go.pinniped.dev/pkg/oidcclient/oidctypes"
|
||||
pkce "go.pinniped.dev/pkg/oidcclient/pkce"
|
||||
oauth2 "golang.org/x/oauth2"
|
||||
url "net/url"
|
||||
reflect "reflect"
|
||||
)
|
||||
|
||||
// MockUpstreamOIDCIdentityProviderI is a mock of UpstreamOIDCIdentityProviderI interface
|
||||
// MockUpstreamOIDCIdentityProviderI is a mock of UpstreamOIDCIdentityProviderI interface.
|
||||
type MockUpstreamOIDCIdentityProviderI struct {
|
||||
ctrl *gomock.Controller
|
||||
recorder *MockUpstreamOIDCIdentityProviderIMockRecorder
|
||||
}
|
||||
|
||||
// MockUpstreamOIDCIdentityProviderIMockRecorder is the mock recorder for MockUpstreamOIDCIdentityProviderI
|
||||
// MockUpstreamOIDCIdentityProviderIMockRecorder is the mock recorder for MockUpstreamOIDCIdentityProviderI.
|
||||
type MockUpstreamOIDCIdentityProviderIMockRecorder struct {
|
||||
mock *MockUpstreamOIDCIdentityProviderI
|
||||
}
|
||||
|
||||
// NewMockUpstreamOIDCIdentityProviderI creates a new mock instance
|
||||
// NewMockUpstreamOIDCIdentityProviderI creates a new mock instance.
|
||||
func NewMockUpstreamOIDCIdentityProviderI(ctrl *gomock.Controller) *MockUpstreamOIDCIdentityProviderI {
|
||||
mock := &MockUpstreamOIDCIdentityProviderI{ctrl: ctrl}
|
||||
mock.recorder = &MockUpstreamOIDCIdentityProviderIMockRecorder{mock}
|
||||
return mock
|
||||
}
|
||||
|
||||
// EXPECT returns an object that allows the caller to indicate expected use
|
||||
// EXPECT returns an object that allows the caller to indicate expected use.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) EXPECT() *MockUpstreamOIDCIdentityProviderIMockRecorder {
|
||||
return m.recorder
|
||||
}
|
||||
|
||||
// ExchangeAuthcodeAndValidateTokens mocks base method
|
||||
// ExchangeAuthcodeAndValidateTokens mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) ExchangeAuthcodeAndValidateTokens(arg0 context.Context, arg1 string, arg2 pkce.Code, arg3 nonce.Nonce, arg4 string) (*oidctypes.Token, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "ExchangeAuthcodeAndValidateTokens", arg0, arg1, arg2, arg3, arg4)
|
||||
@ -51,13 +52,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) ExchangeAuthcodeAndValidateTokens(ar
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// ExchangeAuthcodeAndValidateTokens indicates an expected call of ExchangeAuthcodeAndValidateTokens
|
||||
// ExchangeAuthcodeAndValidateTokens indicates an expected call of ExchangeAuthcodeAndValidateTokens.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) ExchangeAuthcodeAndValidateTokens(arg0, arg1, arg2, arg3, arg4 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ExchangeAuthcodeAndValidateTokens", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).ExchangeAuthcodeAndValidateTokens), arg0, arg1, arg2, arg3, arg4)
|
||||
}
|
||||
|
||||
// GetAuthorizationURL mocks base method
|
||||
// GetAuthorizationURL mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) GetAuthorizationURL() *url.URL {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetAuthorizationURL")
|
||||
@ -65,13 +66,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) GetAuthorizationURL() *url.URL {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// GetAuthorizationURL indicates an expected call of GetAuthorizationURL
|
||||
// GetAuthorizationURL indicates an expected call of GetAuthorizationURL.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) GetAuthorizationURL() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAuthorizationURL", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).GetAuthorizationURL))
|
||||
}
|
||||
|
||||
// GetClientID mocks base method
|
||||
// GetClientID mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) GetClientID() string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetClientID")
|
||||
@ -79,13 +80,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) GetClientID() string {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// GetClientID indicates an expected call of GetClientID
|
||||
// GetClientID indicates an expected call of GetClientID.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) GetClientID() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetClientID", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).GetClientID))
|
||||
}
|
||||
|
||||
// GetGroupsClaim mocks base method
|
||||
// GetGroupsClaim mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) GetGroupsClaim() string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetGroupsClaim")
|
||||
@ -93,13 +94,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) GetGroupsClaim() string {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// GetGroupsClaim indicates an expected call of GetGroupsClaim
|
||||
// GetGroupsClaim indicates an expected call of GetGroupsClaim.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) GetGroupsClaim() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetGroupsClaim", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).GetGroupsClaim))
|
||||
}
|
||||
|
||||
// GetName mocks base method
|
||||
// GetName mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) GetName() string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetName")
|
||||
@ -107,13 +108,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) GetName() string {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// GetName indicates an expected call of GetName
|
||||
// GetName indicates an expected call of GetName.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) GetName() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetName", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).GetName))
|
||||
}
|
||||
|
||||
// GetScopes mocks base method
|
||||
// GetScopes mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) GetScopes() []string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetScopes")
|
||||
@ -121,13 +122,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) GetScopes() []string {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// GetScopes indicates an expected call of GetScopes
|
||||
// GetScopes indicates an expected call of GetScopes.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) GetScopes() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetScopes", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).GetScopes))
|
||||
}
|
||||
|
||||
// GetUsernameClaim mocks base method
|
||||
// GetUsernameClaim mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) GetUsernameClaim() string {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetUsernameClaim")
|
||||
@ -135,13 +136,13 @@ func (m *MockUpstreamOIDCIdentityProviderI) GetUsernameClaim() string {
|
||||
return ret0
|
||||
}
|
||||
|
||||
// GetUsernameClaim indicates an expected call of GetUsernameClaim
|
||||
// GetUsernameClaim indicates an expected call of GetUsernameClaim.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) GetUsernameClaim() *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetUsernameClaim", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).GetUsernameClaim))
|
||||
}
|
||||
|
||||
// ValidateToken mocks base method
|
||||
// ValidateToken mocks base method.
|
||||
func (m *MockUpstreamOIDCIdentityProviderI) ValidateToken(arg0 context.Context, arg1 *oauth2.Token, arg2 nonce.Nonce) (*oidctypes.Token, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "ValidateToken", arg0, arg1, arg2)
|
||||
@ -150,7 +151,7 @@ func (m *MockUpstreamOIDCIdentityProviderI) ValidateToken(arg0 context.Context,
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// ValidateToken indicates an expected call of ValidateToken
|
||||
// ValidateToken indicates an expected call of ValidateToken.
|
||||
func (mr *MockUpstreamOIDCIdentityProviderIMockRecorder) ValidateToken(arg0, arg1, arg2 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ValidateToken", reflect.TypeOf((*MockUpstreamOIDCIdentityProviderI)(nil).ValidateToken), arg0, arg1, arg2)
|
||||
|
@ -40,8 +40,10 @@ type TokenExchangeHandler struct {
|
||||
accessTokenStorage oauth2.AccessTokenStorage
|
||||
}
|
||||
|
||||
var _ fosite.TokenEndpointHandler = (*TokenExchangeHandler)(nil)
|
||||
|
||||
func (t *TokenExchangeHandler) HandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) error {
|
||||
if !(requester.GetGrantTypes().ExactOne("urn:ietf:params:oauth:grant-type:token-exchange")) {
|
||||
if !t.CanHandleTokenEndpointRequest(requester) {
|
||||
return errors.WithStack(fosite.ErrUnknownRequest)
|
||||
}
|
||||
return nil
|
||||
@ -139,3 +141,11 @@ func (t *TokenExchangeHandler) validateAccessToken(ctx context.Context, requeste
|
||||
}
|
||||
return originalRequester, nil
|
||||
}
|
||||
|
||||
func (t *TokenExchangeHandler) CanSkipClientAuth(_ fosite.AccessRequester) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func (t *TokenExchangeHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool {
|
||||
return requester.GetGrantTypes().ExactOne("urn:ietf:params:oauth:grant-type:token-exchange")
|
||||
}
|
||||
|
@ -31,4 +31,6 @@ related:
|
||||
- name: date
|
||||
weight: 50
|
||||
threshold: 0
|
||||
toLower: true
|
||||
toLower: true
|
||||
|
||||
enableGitInfo: true
|
||||
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
title: Getting Started with Pinniped
|
||||
cascade:
|
||||
layout: docs
|
||||
menu:
|
||||
@ -7,8 +8,6 @@ menu:
|
||||
weight: 1
|
||||
---
|
||||
|
||||
# Getting started with Pinniped
|
||||
|
||||
Pinniped is an authentication service for Kubernetes clusters.
|
||||
As a Kubernetes cluster administrator or user, you can learn how Pinniped works, see how to use it on your clusters, and dive into internals of Pinniped's APIs and architecture.
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
title: Pinniped Background
|
||||
cascade:
|
||||
layout: docs
|
||||
menu:
|
||||
@ -8,6 +9,4 @@ menu:
|
||||
weight: 110
|
||||
---
|
||||
|
||||
# Pinniped background
|
||||
|
||||
{{< docsmenu "background" >}}
|
||||
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
title: Pinniped Reference
|
||||
cascade:
|
||||
layout: docs
|
||||
menu:
|
||||
@ -8,6 +9,4 @@ menu:
|
||||
weight: 100
|
||||
---
|
||||
|
||||
# Pinniped reference
|
||||
|
||||
{{< docsmenu "reference" >}}
|
||||
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
title: Pinniped Tutorials
|
||||
cascade:
|
||||
layout: docs
|
||||
menu:
|
||||
@ -8,8 +9,6 @@ menu:
|
||||
weight: 40
|
||||
---
|
||||
|
||||
# Pinniped tutorials
|
||||
|
||||
These tutorials demonstrate how to use the Pinniped command-line tool, Concierge, and Supervisor:
|
||||
|
||||
{{< docsmenu "tutorials" >}}
|
||||
|
Loading…
Reference in New Issue
Block a user