Commit Graph

3539 Commits

Author SHA1 Message Date
Matt Moyer
3d293c96bc
Merge pull request #36 from mattmoyer/fix-expiration-handling
Fix expiration timestamp handling
2020-07-30 16:55:52 -05:00
Matt Moyer
02c17d875e Update the LoginRequest server to return an expiration timestamp.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 16:43:20 -05:00
Matt Moyer
076f8805d2 Update integration tests to assert a non-nil expiration timestamp.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 16:41:12 -05:00
Ryan Richard
5aebb76146 Make the PublisherController use informers
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-30 14:34:13 -07:00
Matt Moyer
ec6ec2abe9 Handle expiration and token fields in client package.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 16:25:59 -05:00
Matt Moyer
b59604b47c
Merge pull request #34 from mattmoyer/reduced-dependency-client
Reduce the dependencies of the ./pkg/client package.
2020-07-30 14:45:20 -05:00
Matt Moyer
66fe580e99 We need an extra "go test" command for the new pkg/client module.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 14:00:06 -05:00
Matt Moyer
a448b3474e Add some missing test cases for pkg/client.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 13:49:45 -05:00
Matt Moyer
04cacabc16 Convert pkg/client to depend only on stdlib.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 13:49:45 -05:00
Matt Moyer
3bc0389bab Add some missing assertions in pkg/client/client_test.go.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 13:49:45 -05:00
Matt Moyer
15bee7456c
Merge pull request #35 from mattmoyer/add-hack-test-script
Add ./hack/test-unit.sh.
2020-07-30 13:49:28 -05:00
Matt Moyer
8bdf05dae4 Add ./hack/test-unit.sh.
Our unit test command is going to get slighly more complex in a future revision. This should let us avoid having to sync the CI pipeline definition so many times.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 13:28:27 -05:00
Andrew Keesler
ee865fe97f
logindiscovery: add package documentation.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-30 11:18:49 -04:00
Andrew Keesler
9a859875a7
logindiscovery: add tests for conditional update and error cases
- Also add some log lines for better observability of behavior.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-30 10:39:15 -04:00
Ryan Richard
e0cac97084 More tests for the PublisherController
- Also, don't repeat `spec.Parallel()` because, according to the docs
  for the spec package, "options are inherited by subgroups and subspecs"
- Two tests are left pending to be filled in on the next commit
2020-07-29 18:18:42 -07:00
Andrew Keesler
a5f7de429d First commit of PublisherController
- Also upgrade go-client and api dependencies, and add controller-go as a dependency

Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-29 17:22:25 -07:00
Ryan Richard
aa90173891 Merge branch 'main' into discovery_doc 2020-07-29 13:56:21 -07:00
Andrew Keesler
409462e989 Remove the controller pkg because it was moved to another repo
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-29 13:53:40 -07:00
Ryan Richard
a8f3c62d37 Remove identity provider list from LoginDiscoveryConfig CRD
Because we're not going to need it for the current story

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-29 13:17:55 -07:00
Andrew Keesler
7ba43e0c3f More validations on the LoginDiscoveryConfig CRD
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-29 13:14:50 -07:00
Ryan Richard
43c3f1ab2e Minor test cleanup
- `Before` gives a nice place to call `require.New(t)` to make the assertion lines more terse
- Just delete the keys for testing when env vars are missing
2020-07-28 17:22:17 -07:00
Ryan Richard
b70f3aefe5 First draft of LoginDiscoveryConfig CRD 2020-07-28 16:55:50 -07:00
Matt Moyer
1e56ecfdb4
Merge pull request #32 from mattmoyer/fix-cli-bug
Fix a bug in placeholder-name CLI (wrong API version).
2020-07-28 16:22:25 -05:00
Matt Moyer
42616e7d8a Fix a bug in placeholder-name CLI (wrong API version).
This is kind of a subtle bug, but we were using the unversioned Kubernetes type package here, where we should have been using the v1beta1 version. They have the same fields, but they serialize to JSON differently.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 16:10:27 -05:00
Matt Moyer
271eb9b837
Merge pull request #30 from cfryanr/new_cli
Create a client CLI command
2020-07-28 15:29:13 -05:00
Matt Moyer
48433eb36b Add integration tests for the client package.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
aram price
bc4351f51a Add copyright, appease the linter 2020-07-28 15:15:59 -05:00
Matt Moyer
531954511b Extract a test library helper for ErrorWriter{}.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
a15a106fd3 Add a trailing newline to our CLI error output.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
b0d9db1bcc Implement client.ExchangeToken.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
1a349bb609 Add a context parameter so we can enforce a timeout for the token exchange.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
0ee4f0417d Use require.EqualError instead of require.Error.
The type signatures of these methods make them easy to mix up. `require.Error()` asserts that there is any non-nil error -- the last parameter is an optional human-readable message to log when the assertion fails. `require.EqualError()` asserts that there is a non-nil error _and_ that when you call `err.Error()`, the string matches the expected value. It also takes an additional optional parameter to specify the log message.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
ebe39c8663 Add a test for "failed to marshal response to stdout" error case.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
1e8463ac2d Use Go's favorite version of the word "marshal".
Again, no idea why but this word has two commonly accepted spelling and Go code seems to very consistently use the one with one "l".

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
a5dbc324f6 Use the "Err*" idiomatic naming for error variables/consts.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Ryan Richard
27cd82065b Add placeholder-name CLI
- main and unit tests for main
- client package to be done in a future commit

Signed-off-by: Aram Price <pricear@vmware.com>
2020-07-28 15:15:59 -05:00
Ryan Richard
9e44bc28d9 Change the name of the placeholder-name CLI to placeholder-name-server
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Andrew Keesler
0acb8c8d3c
internal-ize apiserver and registry packages
These shouldn't need to be imported outside this project.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-28 11:29:05 -04:00
Matt Moyer
ce71a5bac8
Merge pull request #29 from mattmoyer/increase-cert-ttl
Increase client cert TTL from 5m to 1h.
2020-07-27 14:56:08 -05:00
Ryan Richard
425e95bed4 Merge remote-tracking branch 'upstream/main' into main 2020-07-27 12:35:11 -07:00
Ryan Richard
418811ef19 Use consistent verify.sh with linting between all code repos 2020-07-27 12:33:34 -07:00
Ryan Richard
c9026cd150 Remove unused handlers package 2020-07-27 12:33:33 -07:00
Matt Moyer
63a5381968 Work around k8s 1.16 limitations of priorityClassName.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Matt Moyer
74a328de41 Fix linter error in certauthority.
The error was:
```
internal/certauthority/certauthority.go:68:15: err113: do not define dynamic errors, use wrapped static errors instead: "fmt.Errorf(\"expected CA to be a single certificate, found %d certificates\", certCount)" (goerr113)
		return nil, fmt.Errorf("expected CA to be a single certificate, found %d certificates", certCount)
		            ^
exit status 1
```

I'm not sure if I love this err113 linter.
2020-07-27 12:33:33 -07:00
Matt Moyer
8a313bc653 Update loginrequest/REST.Create to issue client certificates.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Matt Moyer
6dfae48b65 Add generated mock for loginrequest.CertIssuer interface.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Matt Moyer
8a8a278029 Extend the REST service to keep a CertIssuer.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Matt Moyer
f7b0cf8f8a Fix a bad assumption in library.NewClientConfigWithCertAndKey.
It turns out these fields are not meant to be base64 encoded, even though that's how they are in the kubeconfig.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Matt Moyer
69f766d41d Extend certauthority to support loading an existing CA.
I think we may still split this apart into multiple packages, but for now it works pretty well in both use cases.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Ryan Richard
5dea51c062 Int test for LoginRequest grants permissions to test user
- Dynamically grant RBAC permission to the test user to allow them
  to make read requests via the API
- Then use the credential returned from the LoginRequest to make a
  request back to the API server which should be successful
2020-07-27 12:33:33 -07:00