From b2be83ee4510f9e6d3f4631fb7a3c16c54c0e6c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Mar 2021 05:50:01 +0000 Subject: [PATCH 1/3] Bump github.com/ory/fosite from 0.38.0 to 0.39.0 Bumps [github.com/ory/fosite](https://github.com/ory/fosite) from 0.38.0 to 0.39.0. - [Release notes](https://github.com/ory/fosite/releases) - [Changelog](https://github.com/ory/fosite/blob/master/CHANGELOG.md) - [Commits](https://github.com/ory/fosite/compare/v0.38.0...v0.39.0) Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a1c0e7e2..99333061 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/gorilla/securecookie v1.1.1 github.com/oleiade/reflections v1.0.1 // indirect github.com/onsi/ginkgo v1.13.0 // indirect - github.com/ory/fosite v0.38.0 + github.com/ory/fosite v0.39.0 github.com/pkg/browser v0.0.0-20201207095918-0426ae3fba23 github.com/pkg/errors v0.9.1 github.com/sclevine/agouti v3.0.0+incompatible diff --git a/go.sum b/go.sum index 041d4e99..765ed5eb 100644 --- a/go.sum +++ b/go.sum @@ -815,8 +815,8 @@ github.com/ory/analytics-go/v4 v4.0.0/go.mod h1:FMx9cLRD9xN+XevPvZ5FDMfignpmcqPP github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= github.com/ory/dockertest/v3 v3.5.4/go.mod h1:J8ZUbNB2FOhm1cFZW9xBpDsODqsSWcyYgtJYVPcnF70= github.com/ory/fosite v0.29.0/go.mod h1:0atSZmXO7CAcs6NPMI/Qtot8tmZYj04Nddoold4S2h0= -github.com/ory/fosite v0.38.0 h1:4y+IurqBAu/Gf0NlW47gabRJZyYIqda+OFHMx5fsy6Q= -github.com/ory/fosite v0.38.0/go.mod h1:37r59qkOSPueYKmaA7EHiXrDMF1B+XPN+MgkZgTRg3Y= +github.com/ory/fosite v0.39.0 h1:u1Ct/ME7XYzREvufr7ehBIdq/KatjVLIYg/ABqWzprw= +github.com/ory/fosite v0.39.0/go.mod h1:37r59qkOSPueYKmaA7EHiXrDMF1B+XPN+MgkZgTRg3Y= github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90/go.mod h1:sxnvPCxChFuSmTJGj8FdMupeq1BezCiEpDjTUXQ4hf4= github.com/ory/go-acc v0.2.5 h1:31irXHzG2vnKQSE4weJm7AdfrnpaVjVCq3nD7viXCJE= github.com/ory/go-acc v0.2.5/go.mod h1:4Kb/UnPcT8qRAk3IAxta+hvVapdxTLWtrr7bFLlEgpw= From 876f0a55d891a4c5088094150e5dbbcee034b6be Mon Sep 17 00:00:00 2001 From: Pablo Schuhmacher Date: Tue, 9 Mar 2021 18:41:40 -0800 Subject: [PATCH 2/3] Create ROADMAP.md in actual markdown fixed the random html generated when converting the google doc to markdown --- ROADMAP.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 ROADMAP.md diff --git a/ROADMAP.md b/ROADMAP.md new file mode 100644 index 00000000..27a80068 --- /dev/null +++ b/ROADMAP.md @@ -0,0 +1,50 @@ + +## **Pinniped Project Roadmap** + + +### +**About this document** + +This document provides a link to the[ Pinniped Project issues](https://github.com/vmware-tanzu/pinniped/issues) list that serves as the up to date description of items that are in the Pinniped release pipeline. Most items are gathered from the community or include a feedback loop with the community. This should serve as a reference point for Pinniped users and contributors to understand where the project is heading, and help determine if a contribution could be conflicting with a longer term plan. + + +### +**How to help?** + +Discussion on the roadmap can take place in threads under [Issues](https://github.com/vmware-tanzu/pinniped/issues) or in [community meetings](https://github.com/vmware-tanzu/pinniped/blob/main/CONTRIBUTING.md#meeting-with-the-maintainers). Please open and comment on an issue if you want to provide suggestions and feedback to an item in the roadmap. Please review the roadmap to avoid potential duplicated effort. + + +### +**Need an idea for a contribution?** + +We’ve created an [Opportunity Areas](https://docs.google.com/document/d/1A5xqeOfT01CDjnd76ED2yFWMx1lkcJ6odFMUTDM-VcE/edit#heading=h.dfdy0cv2dm2q) discussion thread that outlines some areas we believe are excellent starting points for the community to get involved. In that discussion we’ve included specific work items that one might consider that also support the high-level items presented in our roadmap. + + +### +**How to add an item to the roadmap?** + +Please open an issue to track any initiative on the roadmap of Pinniped (usually driven by new feature requests). We will work with and rely on our community to focus our efforts to improve Pinniped. + + +### +**Current Roadmap** + +The following table includes the current roadmap for Pinniped. If you have any questions or would like to contribute to Pinniped, please attend a [community meeting](https://github.com/vmware-tanzu/pinniped/blob/main/CONTRIBUTING.md#meeting-with-the-maintainers) to discuss with our team. If you don't know where to start, we are always looking for contributors that will help us reduce technical, automation, and documentation debt. Please take the timelines & dates as proposals and goals. Priorities and requirements change based on community feedback, roadblocks encountered, community contributions, etc. If you depend on a specific item, we encourage you to attend community meetings to get updated status information, or help us deliver that feature by contributing to Pinniped. + + + +Last Updated: March 2021 +Theme|Description|Timeline| +|--|--|--| +|Impersonation Proxy|Adds support for more types of clusters (managed services)|Mar 2021| +|LDAP Support|Extends upstream IDP protocols|Apr 2021| +|Device Code Flow|Add support for OAuth 2.0 Device Authorization Grant in the Pinniped CLI and Supervisor|Apr 2021| +|Improved Documentation|Reorganizing and improving Pinniped docs; new how-to guides and tutorials|May 2021| +|CLI Improvements|Improving CLI UX for setting up Supervisor IDPs|May 2021| +|Multiple IDPs|Support for multiple upstream IDPs to be configured simultaneously|Jun 2021| +|Improving Security Posture|Offer the best security posture for Kubernetes cluster authentication|Exploring/Ongoing| +|Improve our CI/CD systems|Upgrade tests; make Kind more efficient and reliable for CI ; Windows tests; performance tests; scale tests; soak tests|Exploring/Ongoing| +|Telemetry|Adding some useful phone home metrics as well as some vanity metrics|Exploring/Ongoing| +|Observability|Expose Pinniped metrics through Prometheus Integration|Exploring/Ongoing| + + From e98c6dfdd8a58c6b6832f5c51217615140062b1f Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Thu, 11 Mar 2021 13:18:15 -0600 Subject: [PATCH 3/3] Add retries to TestSupervisorTLSTerminationWithSNI and TestSupervisorOIDCDiscovery. These tests occasionally flake because of a conflict error such as: ``` supervisor_discovery_test.go:105: Error Trace: supervisor_discovery_test.go:587 supervisor_discovery_test.go:105 Error: Received unexpected error: Operation cannot be fulfilled on federationdomains.config.supervisor.pinniped.dev "test-oidc-provider-lvjfw": the object has been modified; please apply your changes to the latest version and try again Test: TestSupervisorOIDCDiscovery ``` These retries should improve the reliability of the tests. Signed-off-by: Matt Moyer --- test/integration/supervisor_discovery_test.go | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/test/integration/supervisor_discovery_test.go b/test/integration/supervisor_discovery_test.go index a9140133..8712a316 100644 --- a/test/integration/supervisor_discovery_test.go +++ b/test/integration/supervisor_discovery_test.go @@ -24,6 +24,7 @@ import ( k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/util/retry" "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1" pinnipedclientset "go.pinniped.dev/generated/latest/client/supervisor/clientset/versioned" @@ -181,11 +182,15 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { // Update the config to with a new .spec.tls.secretName. certSecretName1update := "integration-test-cert-1-update" - federationDomain1LatestVersion, err := pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Get(ctx, federationDomain1.Name, metav1.GetOptions{}) - require.NoError(t, err) - federationDomain1LatestVersion.Spec.TLS = &v1alpha1.FederationDomainTLSSpec{SecretName: certSecretName1update} - _, err = pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Update(ctx, federationDomain1LatestVersion, metav1.UpdateOptions{}) - require.NoError(t, err) + require.NoError(t, retry.RetryOnConflict(retry.DefaultRetry, func() error { + federationDomain1LatestVersion, err := pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Get(ctx, federationDomain1.Name, metav1.GetOptions{}) + if err != nil { + return err + } + federationDomain1LatestVersion.Spec.TLS = &v1alpha1.FederationDomainTLSSpec{SecretName: certSecretName1update} + _, err = pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Update(ctx, federationDomain1LatestVersion, metav1.UpdateOptions{}) + return err + })) // The the endpoints should fail with TLS errors again. requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuer1) @@ -579,13 +584,16 @@ func editFederationDomainIssuerName( ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - mostRecentVersion, err := client.ConfigV1alpha1().FederationDomains(ns).Get(ctx, existingFederationDomain.Name, metav1.GetOptions{}) - require.NoError(t, err) - - mostRecentVersion.Spec.Issuer = newIssuerName - updated, err := client.ConfigV1alpha1().FederationDomains(ns).Update(ctx, mostRecentVersion, metav1.UpdateOptions{}) - require.NoError(t, err) - + var updated *v1alpha1.FederationDomain + require.NoError(t, retry.RetryOnConflict(retry.DefaultRetry, func() error { + mostRecentVersion, err := client.ConfigV1alpha1().FederationDomains(ns).Get(ctx, existingFederationDomain.Name, metav1.GetOptions{}) + if err != nil { + return err + } + mostRecentVersion.Spec.Issuer = newIssuerName + updated, err = client.ConfigV1alpha1().FederationDomains(ns).Update(ctx, mostRecentVersion, metav1.UpdateOptions{}) + return err + })) return updated }