diff --git a/deploy/concierge/deployment.yaml b/deploy/concierge/deployment.yaml index 33423efb..edef2fd8 100644 --- a/deploy/concierge/deployment.yaml +++ b/deploy/concierge/deployment.yaml @@ -51,6 +51,7 @@ data: apiService: (@= defaultResourceNameWithSuffix("api") @) impersonationConfigMap: (@= defaultResourceNameWithSuffix("impersonation-proxy-config") @) impersonationLoadBalancerService: (@= defaultResourceNameWithSuffix("impersonation-proxy-load-balancer") @) + impersonationClusterIPService: (@= defaultResourceNameWithSuffix("impersonation-proxy-cluster-ip") @) impersonationTLSCertificateSecret: (@= defaultResourceNameWithSuffix("impersonation-proxy-tls-serving-certificate") @) impersonationCACertificateSecret: (@= defaultResourceNameWithSuffix("impersonation-proxy-ca-certificate") @) impersonationSignerSecret: (@= defaultResourceNameWithSuffix("impersonation-proxy-signer-ca-certificate") @) diff --git a/internal/config/concierge/config.go b/internal/config/concierge/config.go index ad6a00df..bb7fbee8 100644 --- a/internal/config/concierge/config.go +++ b/internal/config/concierge/config.go @@ -114,6 +114,9 @@ func validateNames(names *NamesConfigSpec) error { if names.ImpersonationLoadBalancerService == "" { missingNames = append(missingNames, "impersonationLoadBalancerService") } + if names.ImpersonationClusterIPService == "" { + missingNames = append(missingNames, "impersonationClusterIPService") + } if names.ImpersonationTLSCertificateSecret == "" { missingNames = append(missingNames, "impersonationTLSCertificateSecret") } diff --git a/internal/config/concierge/config_test.go b/internal/config/concierge/config_test.go index baebf8c3..5d4097ea 100644 --- a/internal/config/concierge/config_test.go +++ b/internal/config/concierge/config_test.go @@ -40,6 +40,7 @@ func TestFromPath(t *testing.T) { kubeCertAgentPrefix: kube-cert-agent-prefix impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -71,6 +72,7 @@ func TestFromPath(t *testing.T) { APIService: "pinniped-api", ImpersonationConfigMap: "impersonationConfigMap-value", ImpersonationLoadBalancerService: "impersonationLoadBalancerService-value", + ImpersonationClusterIPService: "impersonationClusterIPService-value", ImpersonationTLSCertificateSecret: "impersonationTLSCertificateSecret-value", ImpersonationCACertificateSecret: "impersonationCACertificateSecret-value", ImpersonationSignerSecret: "impersonationSignerSecret-value", @@ -98,6 +100,7 @@ func TestFromPath(t *testing.T) { apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -120,6 +123,7 @@ func TestFromPath(t *testing.T) { APIService: "pinniped-api", ImpersonationConfigMap: "impersonationConfigMap-value", ImpersonationLoadBalancerService: "impersonationLoadBalancerService-value", + ImpersonationClusterIPService: "impersonationClusterIPService-value", ImpersonationTLSCertificateSecret: "impersonationTLSCertificateSecret-value", ImpersonationCACertificateSecret: "impersonationCACertificateSecret-value", ImpersonationSignerSecret: "impersonationSignerSecret-value", @@ -137,7 +141,7 @@ func TestFromPath(t *testing.T) { yaml: here.Doc(``), wantError: "validate names: missing required names: servingCertificateSecret, credentialIssuer, " + "apiService, impersonationConfigMap, impersonationLoadBalancerService, " + - "impersonationTLSCertificateSecret, impersonationCACertificateSecret, " + + "impersonationClusterIPService, impersonationTLSCertificateSecret, impersonationCACertificateSecret, " + "impersonationSignerSecret, agentServiceAccount", }, { @@ -149,6 +153,7 @@ func TestFromPath(t *testing.T) { credentialIssuer: pinniped-config impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -165,6 +170,7 @@ func TestFromPath(t *testing.T) { apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -181,6 +187,7 @@ func TestFromPath(t *testing.T) { apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -197,6 +204,7 @@ func TestFromPath(t *testing.T) { credentialIssuer: pinniped-config apiService: pinniped-api impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -213,6 +221,7 @@ func TestFromPath(t *testing.T) { credentialIssuer: pinniped-config apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value @@ -220,6 +229,23 @@ func TestFromPath(t *testing.T) { `), wantError: "validate names: missing required names: impersonationLoadBalancerService", }, + { + name: "Missing impersonationClusterIPService name", + yaml: here.Doc(` + --- + names: + servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate + credentialIssuer: pinniped-config + apiService: pinniped-api + impersonationConfigMap: impersonationConfigMap-value + impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value + impersonationCACertificateSecret: impersonationCACertificateSecret-value + impersonationSignerSecret: impersonationSignerSecret-value + agentServiceAccount: agentServiceAccount-value + `), + wantError: "validate names: missing required names: impersonationClusterIPService", + }, { name: "Missing impersonationTLSCertificateSecret name", yaml: here.Doc(` @@ -230,6 +256,7 @@ func TestFromPath(t *testing.T) { apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationCACertificateSecret: impersonationCACertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value agentServiceAccount: agentServiceAccount-value @@ -246,6 +273,7 @@ func TestFromPath(t *testing.T) { apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationSignerSecret: impersonationSignerSecret-value agentServiceAccount: agentServiceAccount-value @@ -262,6 +290,7 @@ func TestFromPath(t *testing.T) { apiService: pinniped-api impersonationConfigMap: impersonationConfigMap-value impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationTLSCertificateSecret: impersonationTLSCertificateSecret-value impersonationCACertificateSecret: impersonationCACertificateSecret-value agentServiceAccount: agentServiceAccount-value @@ -277,6 +306,7 @@ func TestFromPath(t *testing.T) { credentialIssuer: pinniped-config apiService: pinniped-api impersonationLoadBalancerService: impersonationLoadBalancerService-value + impersonationClusterIPService: impersonationClusterIPService-value impersonationSignerSecret: impersonationSignerSecret-value agentServiceAccount: agentServiceAccount-value `), diff --git a/internal/config/concierge/types.go b/internal/config/concierge/types.go index 4b4e56a2..ea174e65 100644 --- a/internal/config/concierge/types.go +++ b/internal/config/concierge/types.go @@ -40,6 +40,7 @@ type NamesConfigSpec struct { // TODO: remove this key entirely ImpersonationConfigMap string `json:"impersonationConfigMap"` ImpersonationLoadBalancerService string `json:"impersonationLoadBalancerService"` + ImpersonationClusterIPService string `json:"impersonationClusterIPService"` ImpersonationTLSCertificateSecret string `json:"impersonationTLSCertificateSecret"` ImpersonationCACertificateSecret string `json:"impersonationCACertificateSecret"` ImpersonationSignerSecret string `json:"impersonationSignerSecret"` diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index f5ea77cc..278b2438 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -261,7 +261,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { controllerlib.WithInformer, controllerlib.WithInitialEvent, c.NamesConfig.ImpersonationLoadBalancerService, - "impersonation-proxy-cluster-ip", // TODO wire this through from namesConfig + c.NamesConfig.ImpersonationClusterIPService, c.NamesConfig.ImpersonationTLSCertificateSecret, c.NamesConfig.ImpersonationCACertificateSecret, c.Labels,