Rename pinniped-server -> pinniped-concierge

Do we like this? We don't know yet.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

Dockerfile

@@ -20,7 +20,7 @@ COPY hack ./hack
 
 # Build the executable binary (CGO_ENABLED=0 means static linking)
 RUN mkdir out \
-  && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-server/... \
+  && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-concierge/... \
   && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-supervisor/... \
   && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o out ./cmd/local-user-authenticator/...
 
@@ -28,7 +28,7 @@ RUN mkdir out \
 FROM debian:10.5-slim
 
 # Copy the binaries from the build-env stage
-COPY --from=build-env /work/out/pinniped-server /usr/local/bin/pinniped-server
+COPY --from=build-env /work/out/pinniped-concierge /usr/local/bin/pinniped-concierge
 COPY --from=build-env /work/out/pinniped-supervisor /usr/local/bin/pinniped-supervisor
 COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-user-authenticator
 
@@ -36,4 +36,4 @@ COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-us
 EXPOSE 443
 
 # Set the entrypoint
-ENTRYPOINT ["/usr/local/bin/pinniped-server"]
+ENTRYPOINT ["/usr/local/bin/pinniped-concierge"]

cmd/pinniped-concierge/main.go

@@ -12,7 +12,7 @@ import (
 	"k8s.io/component-base/logs"
 	"k8s.io/klog/v2"
 
-	"go.pinniped.dev/internal/server"
+	"go.pinniped.dev/internal/concierge/server"
 )
 
 func main() {

internal/concierge/apiserver/apiserver.go

@@ -87,7 +87,7 @@ func (c *Config) Complete() CompletedConfig {
 
 // New returns a new instance of AdmissionServer from the given config.
 func (c completedConfig) New() (*PinnipedServer, error) {
-	genericServer, err := c.GenericConfig.New("pinniped-server", genericapiserver.NewEmptyDelegate()) // completion is done in Complete, no need for a second time
+	genericServer, err := c.GenericConfig.New("pinniped-concierge", genericapiserver.NewEmptyDelegate()) // completion is done in Complete, no need for a second time
 	if err != nil {
 		return nil, fmt.Errorf("completion error: %w", err)
 	}

internal/concierge/server/server.go

@@ -1,7 +1,7 @@
 // Copyright 2020 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-// Package server is the command line entry point for pinniped-server.
+// Package server is the command line entry point for pinniped-concierge.
 package server
 
 import (
@@ -15,8 +15,8 @@ import (
 	genericoptions "k8s.io/apiserver/pkg/server/options"
 
 	loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/login/v1alpha1"
-	"go.pinniped.dev/internal/apiserver"
 	"go.pinniped.dev/internal/certauthority/dynamiccertauthority"
+	"go.pinniped.dev/internal/concierge/apiserver"
 	"go.pinniped.dev/internal/controller/identityprovider/idpcache"
 	"go.pinniped.dev/internal/controllermanager"
 	"go.pinniped.dev/internal/downward"
@@ -26,7 +26,7 @@ import (
 	"go.pinniped.dev/pkg/config"
 )
 
-// App is an object that represents the pinniped-server application.
+// App is an object that represents the pinniped-concierge application.
 type App struct {
 	cmd *cobra.Command
 
@@ -54,9 +54,9 @@ func (a *App) Run() error {
 // Create the server command and save it into the App.
 func (a *App) addServerCommand(ctx context.Context, args []string, stdout, stderr io.Writer) {
 	cmd := &cobra.Command{
-		Use: "pinniped-server",
+		Use: "pinniped-concierge",
 		Long: here.Doc(`
-			pinniped-server provides a generic API for mapping an external
+			pinniped-concierge provides a generic API for mapping an external
 			credential from somewhere to an internal credential to be used for
 			authenticating to the Kubernetes API.`),
 		RunE: func(cmd *cobra.Command, args []string) error { return a.runServer(ctx) },

internal/concierge/server/server_test.go

@@ -15,17 +15,17 @@ import (
 )
 
 const knownGoodUsage = `
-pinniped-server provides a generic API for mapping an external
+pinniped-concierge provides a generic API for mapping an external
 credential from somewhere to an internal credential to be used for
 authenticating to the Kubernetes API.
 
 Usage:
-  pinniped-server [flags]
+  pinniped-concierge [flags]
 
 Flags:
   -c, --config string                  path to configuration file (default "pinniped.yaml")
       --downward-api-path string       path to Downward API volume mount (default "/etc/podinfo")
-  -h, --help                           help for pinniped-server
+  -h, --help                           help for pinniped-concierge
       --log-flush-frequency duration   Maximum number of seconds between log flushes (default 5s)
 `
 
@@ -48,7 +48,7 @@ func TestCommand(t *testing.T) {
 		{
 			name:    "OneArgFails",
 			args:    []string{"tuna"},
-			wantErr: `unknown command "tuna" for "pinniped-server"`,
+			wantErr: `unknown command "tuna" for "pinniped-concierge"`,
 		},
 		{
 			name: "ShortConfigFlagSucceeds",
@@ -64,7 +64,7 @@ func TestCommand(t *testing.T) {
 				"--config", "some/path/to/config.yaml",
 				"tuna",
 			},
-			wantErr: `unknown command "tuna" for "pinniped-server"`,
+			wantErr: `unknown command "tuna" for "pinniped-concierge"`,
 		},
 	}
 	for _, test := range tests {

test/integration/cli_test.go

@@ -62,13 +62,13 @@ func TestCLI(t *testing.T) {
 	adminClient := library.NewClientset(t)
 	t.Run(
 		"access as user with kubectl",
-		accessAsUserWithKubectlTest(ctx, adminClient, kubeConfigYAML, env.TestUser.ExpectedUsername, env.Namespace),
+		library.AccessAsUserWithKubectlTest(ctx, adminClient, kubeConfigYAML, env.TestUser.ExpectedUsername, env.Namespace),
 	)
 	for _, group := range env.TestUser.ExpectedGroups {
 		group := group
 		t.Run(
 			"access as group "+group+" with kubectl",
-			accessAsGroupWithKubectlTest(ctx, adminClient, kubeConfigYAML, group, env.Namespace),
+			library.AccessAsGroupWithKubectlTest(ctx, adminClient, kubeConfigYAML, group, env.Namespace),
 		)
 	}
 
@@ -76,10 +76,10 @@ func TestCLI(t *testing.T) {
 	kubeClient := library.NewClientsetForKubeConfig(t, kubeConfigYAML)
 
 	// Validate that we can auth to the API via our user.
-	t.Run("access as user with client-go", accessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient))
+	t.Run("access as user with client-go", library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient))
 	for _, group := range env.TestUser.ExpectedGroups {
 		group := group
-		t.Run("access as group "+group+" with client-go", accessAsGroupTest(ctx, adminClient, group, kubeClient))
+		t.Run("access as group "+group+" with client-go", library.AccessAsGroupTest(ctx, adminClient, group, kubeClient))
 	}
 }
 

test/integration/concierge_credentialrequest_test.go

@@ -77,13 +77,13 @@ func TestSuccessfulCredentialRequest(t *testing.T) {
 
 	t.Run(
 		"access as user",
-		accessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, clientWithCertFromCredentialRequest),
+		library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, clientWithCertFromCredentialRequest),
 	)
 	for _, group := range env.TestUser.ExpectedGroups {
 		group := group
 		t.Run(
 			"access as group "+group,
-			accessAsGroupTest(ctx, adminClient, group, clientWithCertFromCredentialRequest),
+			library.AccessAsGroupTest(ctx, adminClient, group, clientWithCertFromCredentialRequest),
 		)
 	}
 }

test/library/access.go

@@ -1,6 +1,7 @@
 // Copyright 2020 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
-package integration
+
+package library
 
 import (
 	"context"
@@ -11,12 +12,11 @@ import (
 	"testing"
 	"time"
 
-	"k8s.io/apimachinery/pkg/api/errors"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	v1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 )
@@ -31,7 +31,7 @@ const (
 //
 // Use this function if you want to simply validate that a user can auth to the kube API after
 // performing a Pinniped credential exchange.
-func accessAsUserTest(
+func AccessAsUserTest(
 	ctx context.Context,
 	adminClient kubernetes.Interface,
 	testUsername string,
@@ -53,7 +53,7 @@ func accessAsUserTest(
 	}
 }
 
-func accessAsUserWithKubectlTest(
+func AccessAsUserWithKubectlTest(
 	ctx context.Context,
 	adminClient kubernetes.Interface,
 	testKubeConfigYAML string,
@@ -82,7 +82,7 @@ func accessAsUserWithKubectlTest(
 //
 // Use this function if you want to simply validate that a user can auth to the kube API (via
 // a group membership) after performing a Pinniped credential exchange.
-func accessAsGroupTest(
+func AccessAsGroupTest(
 	ctx context.Context,
 	adminClient kubernetes.Interface,
 	testGroup string,
@@ -104,7 +104,7 @@ func accessAsGroupTest(
 	}
 }
 
-func accessAsGroupWithKubectlTest(
+func AccessAsGroupWithKubectlTest(
 	ctx context.Context,
 	adminClient kubernetes.Interface,
 	testKubeConfigYAML string,