djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename pinniped-server -> pinniped-concierge

Browse Source 
Do we like this? We don't know yet.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Ryan Richard 2020-10-06 14:59:03 -04:00 committed by Andrew Keesler
parent 006d96ab92
commit 5b3dd5fc7d
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
17 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@ -20,7 +20,7 @@ COPY hack ./hack
# Build the executable binary (CGO_ENABLED=0 means static linking) # Build the executable binary (CGO_ENABLED=0 means static linking)
RUN mkdir out \ RUN mkdir out \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-server/... \ && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-concierge/... \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-supervisor/... \ && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-supervisor/... \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o out ./cmd/local-user-authenticator/... && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o out ./cmd/local-user-authenticator/...
@ -28,7 +28,7 @@ RUN mkdir out \
FROM debian:10.5-slim FROM debian:10.5-slim
# Copy the binaries from the build-env stage # Copy the binaries from the build-env stage
COPY --from=build-env /work/out/pinniped-server /usr/local/bin/pinniped-server COPY --from=build-env /work/out/pinniped-concierge /usr/local/bin/pinniped-concierge
COPY --from=build-env /work/out/pinniped-supervisor /usr/local/bin/pinniped-supervisor COPY --from=build-env /work/out/pinniped-supervisor /usr/local/bin/pinniped-supervisor
COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-user-authenticator COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-user-authenticator
@ -36,4 +36,4 @@ COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-us
EXPOSE 443 EXPOSE 443
# Set the entrypoint # Set the entrypoint
ENTRYPOINT ["/usr/local/bin/pinniped-server"] ENTRYPOINT ["/usr/local/bin/pinniped-concierge"]

2
cmd/pinniped-server/main.go → cmd/pinniped-concierge/main.go
View File

@ -12,7 +12,7 @@ import (
"k8s.io/component-base/logs" "k8s.io/component-base/logs"
"k8s.io/klog/v2" "k8s.io/klog/v2"
"go.pinniped.dev/internal/server" "go.pinniped.dev/internal/concierge/server"
) )
func main() { func main() {

2
internal/apiserver/apiserver.go → internal/concierge/apiserver/apiserver.go
View File

@ -87,7 +87,7 @@ func (c *Config) Complete() CompletedConfig {
// New returns a new instance of AdmissionServer from the given config. // New returns a new instance of AdmissionServer from the given config.
func (c completedConfig) New() (*PinnipedServer, error) { func (c completedConfig) New() (*PinnipedServer, error) {
genericServer, err := c.GenericConfig.New("pinniped-server", genericapiserver.NewEmptyDelegate()) // completion is done in Complete, no need for a second time genericServer, err := c.GenericConfig.New("pinniped-concierge", genericapiserver.NewEmptyDelegate()) // completion is done in Complete, no need for a second time
if err != nil { if err != nil {
return nil, fmt.Errorf("completion error: %w", err) return nil, fmt.Errorf("completion error: %w", err)
} }

10
internal/server/server.go → internal/concierge/server/server.go
View File

@ -1,7 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved. // Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
// Package server is the command line entry point for pinniped-server. // Package server is the command line entry point for pinniped-concierge.
package server package server
import ( import (
@ -15,8 +15,8 @@ import (
genericoptions "k8s.io/apiserver/pkg/server/options" genericoptions "k8s.io/apiserver/pkg/server/options"
loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/login/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/login/v1alpha1"
"go.pinniped.dev/internal/apiserver"
"go.pinniped.dev/internal/certauthority/dynamiccertauthority" "go.pinniped.dev/internal/certauthority/dynamiccertauthority"
"go.pinniped.dev/internal/concierge/apiserver"
"go.pinniped.dev/internal/controller/identityprovider/idpcache" "go.pinniped.dev/internal/controller/identityprovider/idpcache"
"go.pinniped.dev/internal/controllermanager" "go.pinniped.dev/internal/controllermanager"
"go.pinniped.dev/internal/downward" "go.pinniped.dev/internal/downward"
@ -26,7 +26,7 @@ import (
"go.pinniped.dev/pkg/config" "go.pinniped.dev/pkg/config"
) )
// App is an object that represents the pinniped-server application. // App is an object that represents the pinniped-concierge application.
type App struct { type App struct {
cmd *cobra.Command cmd *cobra.Command
@ -54,9 +54,9 @@ func (a *App) Run() error {
// Create the server command and save it into the App. // Create the server command and save it into the App.
func (a *App) addServerCommand(ctx context.Context, args []string, stdout, stderr io.Writer) { func (a *App) addServerCommand(ctx context.Context, args []string, stdout, stderr io.Writer) {
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "pinniped-server", Use: "pinniped-concierge",
Long: here.Doc(` Long: here.Doc(`
pinniped-server provides a generic API for mapping an external pinniped-concierge provides a generic API for mapping an external
credential from somewhere to an internal credential to be used for credential from somewhere to an internal credential to be used for
authenticating to the Kubernetes API.`), authenticating to the Kubernetes API.`),
RunE: func(cmd *cobra.Command, args []string) error { return a.runServer(ctx) }, RunE: func(cmd *cobra.Command, args []string) error { return a.runServer(ctx) },

10
internal/server/server_test.go → internal/concierge/server/server_test.go
View File

@ -15,17 +15,17 @@ import (
) )
const knownGoodUsage = ` const knownGoodUsage = `
pinniped-server provides a generic API for mapping an external pinniped-concierge provides a generic API for mapping an external
credential from somewhere to an internal credential to be used for credential from somewhere to an internal credential to be used for
authenticating to the Kubernetes API. authenticating to the Kubernetes API.
Usage: Usage:
pinniped-server [flags] pinniped-concierge [flags]
Flags: Flags:
-c, --config string path to configuration file (default "pinniped.yaml") -c, --config string path to configuration file (default "pinniped.yaml")
--downward-api-path string path to Downward API volume mount (default "/etc/podinfo") --downward-api-path string path to Downward API volume mount (default "/etc/podinfo")
-h, --help help for pinniped-server -h, --help help for pinniped-concierge
--log-flush-frequency duration Maximum number of seconds between log flushes (default 5s) --log-flush-frequency duration Maximum number of seconds between log flushes (default 5s)
` `
@ -48,7 +48,7 @@ func TestCommand(t *testing.T) {
{ {
name: "OneArgFails", name: "OneArgFails",
args: []string{"tuna"}, args: []string{"tuna"},
wantErr: `unknown command "tuna" for "pinniped-server"`, wantErr: `unknown command "tuna" for "pinniped-concierge"`,
}, },
{ {
name: "ShortConfigFlagSucceeds", name: "ShortConfigFlagSucceeds",
@ -64,7 +64,7 @@ func TestCommand(t *testing.T) {
"--config", "some/path/to/config.yaml", "--config", "some/path/to/config.yaml",
"tuna", "tuna",
}, },
wantErr: `unknown command "tuna" for "pinniped-server"`, wantErr: `unknown command "tuna" for "pinniped-concierge"`,
}, },
} }
for _, test := range tests { for _, test := range tests {

0
internal/server/testdata/podinfo/labels → internal/concierge/server/testdata/podinfo/labels vendored
View File

0
internal/server/testdata/podinfo/namespace → internal/concierge/server/testdata/podinfo/namespace vendored
View File

0
internal/server/testdata/valid-config.yaml → internal/concierge/server/testdata/valid-config.yaml vendored
View File

8
test/integration/cli_test.go
View File

@ -62,13 +62,13 @@ func TestCLI(t *testing.T) {
adminClient := library.NewClientset(t) adminClient := library.NewClientset(t)
t.Run( t.Run(
"access as user with kubectl", "access as user with kubectl",
accessAsUserWithKubectlTest(ctx, adminClient, kubeConfigYAML, env.TestUser.ExpectedUsername, env.Namespace), library.AccessAsUserWithKubectlTest(ctx, adminClient, kubeConfigYAML, env.TestUser.ExpectedUsername, env.Namespace),
) )
for _, group := range env.TestUser.ExpectedGroups { for _, group := range env.TestUser.ExpectedGroups {
group := group group := group
t.Run( t.Run(
"access as group "+group+" with kubectl", "access as group "+group+" with kubectl",
accessAsGroupWithKubectlTest(ctx, adminClient, kubeConfigYAML, group, env.Namespace), library.AccessAsGroupWithKubectlTest(ctx, adminClient, kubeConfigYAML, group, env.Namespace),
) )
} }
@ -76,10 +76,10 @@ func TestCLI(t *testing.T) {
kubeClient := library.NewClientsetForKubeConfig(t, kubeConfigYAML) kubeClient := library.NewClientsetForKubeConfig(t, kubeConfigYAML)
// Validate that we can auth to the API via our user. // Validate that we can auth to the API via our user.
t.Run("access as user with client-go", accessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient)) t.Run("access as user with client-go", library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, kubeClient))
for _, group := range env.TestUser.ExpectedGroups { for _, group := range env.TestUser.ExpectedGroups {
group := group group := group
t.Run("access as group "+group+" with client-go", accessAsGroupTest(ctx, adminClient, group, kubeClient)) t.Run("access as group "+group+" with client-go", library.AccessAsGroupTest(ctx, adminClient, group, kubeClient))
} }
} }

0
test/integration/api_discovery_test.go → test/integration/concierge_api_discovery_test.go
View File

0
test/integration/api_serving_certs_test.go → test/integration/concierge_api_serving_certs_test.go
View File

0
test/integration/app_availability_test.go → test/integration/concierge_availability_test.go
View File

0
test/integration/credentialissuerconfig_test.go → test/integration/concierge_credentialissuerconfig_test.go
View File

4
test/integration/credentialrequest_test.go → test/integration/concierge_credentialrequest_test.go
View File

@ -77,13 +77,13 @@ func TestSuccessfulCredentialRequest(t *testing.T) {
t.Run( t.Run(
"access as user", "access as user",
accessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, clientWithCertFromCredentialRequest), library.AccessAsUserTest(ctx, adminClient, env.TestUser.ExpectedUsername, clientWithCertFromCredentialRequest),
) )
for _, group := range env.TestUser.ExpectedGroups { for _, group := range env.TestUser.ExpectedGroups {
group := group group := group
t.Run( t.Run(
"access as group "+group, "access as group "+group,
accessAsGroupTest(ctx, adminClient, group, clientWithCertFromCredentialRequest), library.AccessAsGroupTest(ctx, adminClient, group, clientWithCertFromCredentialRequest),
) )
} }
} }

0
test/integration/kubecertagent_test.go → test/integration/concierge_kubecertagent_test.go
View File

0
test/integration/kubectl_test.go → test/integration/concierge_kubectl_test.go
View File

14
test/integration/common_test.go → test/library/access.go
View File

@ -1,6 +1,7 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved. // Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0 // SPDX-License-Identifier: Apache-2.0
package integration
package library
import ( import (
"context" "context"
@ -11,12 +12,11 @@ import (
"testing" "testing"
"time" "time"
"k8s.io/apimachinery/pkg/api/errors"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
) )
@ -31,7 +31,7 @@ const (
// //
// Use this function if you want to simply validate that a user can auth to the kube API after // Use this function if you want to simply validate that a user can auth to the kube API after
// performing a Pinniped credential exchange. // performing a Pinniped credential exchange.
func accessAsUserTest( func AccessAsUserTest(
ctx context.Context, ctx context.Context,
adminClient kubernetes.Interface, adminClient kubernetes.Interface,
testUsername string, testUsername string,
@ -53,7 +53,7 @@ func accessAsUserTest(
} }
} }
func accessAsUserWithKubectlTest( func AccessAsUserWithKubectlTest(
ctx context.Context, ctx context.Context,
adminClient kubernetes.Interface, adminClient kubernetes.Interface,
testKubeConfigYAML string, testKubeConfigYAML string,
@ -82,7 +82,7 @@ func accessAsUserWithKubectlTest(
// //
// Use this function if you want to simply validate that a user can auth to the kube API (via // Use this function if you want to simply validate that a user can auth to the kube API (via
// a group membership) after performing a Pinniped credential exchange. // a group membership) after performing a Pinniped credential exchange.
func accessAsGroupTest( func AccessAsGroupTest(
ctx context.Context, ctx context.Context,
adminClient kubernetes.Interface, adminClient kubernetes.Interface,
testGroup string, testGroup string,
@ -104,7 +104,7 @@ func accessAsGroupTest(
} }
} }
func accessAsGroupWithKubectlTest( func AccessAsGroupWithKubectlTest(
ctx context.Context, ctx context.Context,
adminClient kubernetes.Interface, adminClient kubernetes.Interface,
testKubeConfigYAML string, testKubeConfigYAML string,