Ryan Richard
b16e84d90a
Add another unit test for the LDAP client code
2021-05-21 12:44:01 -07:00
Margo Crawford
722aa72206
Integration test tests update functionality
2021-05-21 10:19:33 -07:00
Matt Moyer
2d0cb16239
Merge pull request #631 from mattmoyer/remove-openapi-codegen
...
Stop generating zz_generated.openapi.go files.
2021-05-21 12:19:09 -05:00
Margo Crawford
b4bb0db6e5
Refactor some shared code between load balancer and cluster ip creation
2021-05-21 09:57:46 -07:00
Matt Moyer
fd9d9b8c73
Stop generating zz_generated.openapi.go files.
...
It turns out we no longer need these and can skip this bit of code generation.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 11:16:59 -05:00
Matt Moyer
44f6fd4437
Merge pull request #630 from mattmoyer/20210521-dependency-updates
...
Upgrade Go module dependencies
2021-05-21 11:12:03 -05:00
Matt Moyer
f0d5923091
Downgrade k8s.io/kube-openapi back to a previous version.
...
9b07d72531...00de3ae54c
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:42:39 -05:00
Matt Moyer
85ebaa96d5
Upgrade k8s.io/kube-openapi dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:11:26 -05:00
Matt Moyer
cf5bc9f1b4
Upgrade k8s.io/utils dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:07:41 -05:00
Matt Moyer
0d02ba6af3
Upgrade k8s.io/gengo dependency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:07:00 -05:00
Matt Moyer
74a569fa82
Upgrade golang.org/x/* module dependencies.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:06:29 -05:00
Matt Moyer
01c0514057
Upgrade github.com/pkg/browser.
...
This some some kind of improvement on Windows.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 10:00:19 -05:00
Matt Moyer
0d42c1e9fe
Update to Kubernetes 1.21.1 runtime components.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-21 09:57:41 -05:00
Margo Crawford
4606f1d8bd
More error handling for cluster ip
2021-05-20 16:21:10 -07:00
Ryan Richard
1307c49212
Merge pull request #620 from vmware-tanzu/ldap_starttls
...
Support `StartTLS` for `LDAPIdentityProvider`s
2021-05-20 16:16:37 -07:00
Ryan Richard
b01665386d
Use latest container image of our fork of bitnami-docker-openldap
2021-05-20 15:49:34 -07:00
Margo Crawford
599d70d6dc
Wire generatedClusterIPServiceName through from NamesConfig
2021-05-20 14:11:35 -07:00
Ryan Richard
901ddd1870
Merge branch 'main' into ldap_starttls
2021-05-20 13:40:56 -07:00
Ryan Richard
8b549f66d4
Add integration test for LDAP StartTLS
2021-05-20 13:39:48 -07:00
Ryan Richard
4780c39640
Merge pull request #618 from vmware-tanzu/initial_ldap_group_support
...
Initial support for upstream LDAP group membership
2021-05-20 13:10:23 -07:00
Ryan Richard
7e76b66639
LDAP upstream watcher controller tries using both TLS and StartTLS
...
- Automatically try to fall back to using StartTLS when using TLS
doesn't work. Only complain when both don't work.
- Remember (in-memory) which one worked and keeping using that one
in the future (unless the pod restarts).
2021-05-20 12:46:33 -07:00
Ryan Richard
fff90ed2ca
Merge branch 'main' into initial_ldap_group_support
2021-05-20 12:36:04 -07:00
Margo Crawford
62651eddb0
Took care of some impersonation cluster ip related todos
2021-05-20 11:57:07 -07:00
Matt Moyer
ec25259901
Update impersonatorconfig controller to use new CredentialIssuer update helper.
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-05-20 12:26:07 -05:00
Matt Moyer
e4dd83887a
Merge remote-tracking branch 'origin/main' into credentialissuer-spec-api
2021-05-20 10:53:53 -05:00
Matt Moyer
562942cdbf
Merge pull request #627 from mattmoyer/use-informers-for-credentialissuer-updates
...
Create CredentialIssuer at install, not runtime.
2021-05-20 10:13:41 -05:00
Ryan Richard
025b37f839
upstreamldap.New() now supports a StartTLS config option
...
- This enhances our LDAP client code to make it possible to optionally
dial an LDAP server without TLS and then use StartTLS to upgrade
the connection to TLS.
- The controller for LDAPIdentityProviders is not using this option
yet. That will come in a future commit.
2021-05-19 17:17:44 -07:00
Margo Crawford
63c39454f6
WIP on impersonation clusterip service
2021-05-19 17:00:28 -07:00
Matt Moyer
657488fe90
Create CredentialIssuer at install, not runtime.
...
Previously, our controllers would automatically create a CredentialIssuer with a singleton name. The helpers we had for this also used "raw" client access and did not take advantage of the informer cache pattern.
With this change, the CredentialIssuer is always created at install time in the ytt YAML. The controllers now only update the existing CredentialIssuer status, and they do so using the informer cache as much as possible.
This change is targeted at only the kubecertagent controller to start. The impersonatorconfig controller will be updated in a following PR along with other changes.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-19 17:15:25 -05:00
Margo Crawford
9e61640c92
LoadBalancerIP updated dynamically
2021-05-19 14:16:15 -07:00
Ryan Richard
94d6b76958
Merge branch 'initial_ldap_group_support' into ldap_starttls
2021-05-19 13:12:56 -07:00
Ryan Richard
424c112bbc
Merge branch 'main' into initial_ldap_group_support
2021-05-19 13:12:17 -07:00
Margo Crawford
3bb95f1de2
Give kubeclient_test some default values for credentialissuer spec
2021-05-19 11:56:54 -07:00
Margo Crawford
0b66321902
Changes to make the linter pass
2021-05-19 11:05:35 -07:00
Matt Moyer
297a484948
Add more validation and update tests for impersonationProxy as pointer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-19 12:42:31 -05:00
Matt Moyer
13372a43e6
Update generated code from previous commit.
2021-05-19 11:41:35 -05:00
Matt Moyer
54e0b83146
Update API so that impersonationProxy spec is a pointer.
2021-05-19 11:41:17 -05:00
Margo Crawford
94c370ac85
Annotations for impersonation load balancer
2021-05-18 16:54:59 -07:00
Ryan Richard
b5063e59ab
Merge branch 'initial_ldap_group_support' into ldap_starttls
2021-05-18 16:39:59 -07:00
Ryan Richard
a6f95cfff1
Configure openldap to disallow non-TLS clients
...
- For testing purposes, we would like to ensure that when we connect
to the LDAP server we cannot accidentally avoid using TLS or StartTLS.
- Also enabled the openldap `memberOf` overlay in case we want to
support group search using `memberOf` in the future.
- This required changes to the docker.io/bitnami/openldap container
image, so we're using our own fork for now. Will submit a PR to
bitnami/openldap to see if they will accept it (or something similar)
upstream.
2021-05-18 16:38:12 -07:00
Margo Crawford
eaea3471ec
Validation for service type none and external endpoint none
...
Also added a few more test cases for provisioning a load balancer
2021-05-18 13:50:52 -07:00
Matt Moyer
4a785e73e6
WIP fixing impersonatorconfig tests
2021-05-18 14:54:04 -05:00
Margo Crawford
51f1a0ec13
WIP: not using impersonator.config just credentialissuer directly
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-18 12:16:27 -07:00
Matt Moyer
9af3cb1115
Change impersonation integration test to use CredentialIssuer spec
...
rather than a configmap
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-05-18 09:51:11 -07:00
Matt Moyer
18ccf11905
Update impersonatorconfig controller to use CredentialIssuer API instead of ConfigMap.
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-18 09:50:35 -07:00
Matt Moyer
1a131e64fe
Start deploying an initial CredentialIssuer in our install YAML.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-18 11:12:18 -05:00
Matt Moyer
e885114221
Add generated code from adding spec fields to CredentialIssuer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-18 11:12:18 -05:00
Matt Moyer
26da763962
Add spec fields to CredentialIssuer.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-18 11:12:18 -05:00
Matt Moyer
4a456446ff
Update doc comments for types_credentialissuer.go.tmpl.
...
Update to follow https://golang.org/doc/effective_go#commentary :
> The first sentence should be a one-sentence summary that starts with the name being declared.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-05-18 11:12:18 -05:00
Matt Moyer
efeb25b8eb
Merge pull request #619 from vmware-tanzu/dependabot/go_modules/github.com/creack/pty-1.1.12
...
Bump github.com/creack/pty from 1.1.11 to 1.1.12
2021-05-18 09:16:27 -05:00