Commit Graph

1685 Commits

Author SHA1 Message Date
Ryan Richard
86c3f89b2e First draft of moving API server TLS cert generation to controllers
- Refactors the existing cert generation code into controllers
  which read and write a Secret containing the certs
- Does not add any new functionality yet, e.g. no new handling
  for cert expiration, and no leader election to allow for
  multiple servers running simultaneously
- This commit also doesn't add new tests for the cert generation
  code, but it should be more unit testable now as controllers
2020-08-09 10:04:05 -07:00
Ryan Richard
b00cec954e Pre-factor server.go
- No functional changes
- Move all the stuff about clients and controllers into the controller
  package
- Add more comments and organize the code more into more helper
  functions to make each function smaller
2020-08-07 14:49:04 -07:00
Matt Moyer
b379d5148c
Merge pull request #42 from mattmoyer/monorepo-deux
🚝Monorepo!🚝 (redux)
2020-08-06 21:07:50 -05:00
Matt Moyer
aecd005c60 Disable ./hack/verify-codegen.sh in CI since we don't have Docker available yet.
This seems fixable but not in a trivial way from what I could tell.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:52:28 -05:00
Matt Moyer
6dd331b21d Use Go's -short flag as a way to avoid running integration tests.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:44:14 -05:00
Matt Moyer
c4bbb64622 Fix latent linter issues.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:42:20 -05:00
Matt Moyer
7143058462 Update hack scripts to use new docker workflow.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
Matt Moyer
c5d5914866 Split up into multiple modules.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
Matt Moyer
af656d4b02 Our new directory structure is deeper, so expand this search.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
aram price
9e9868bd16 Add hack/module.sh script to run module tasks
The script knows `tidy`, `lint`, and `test`
2020-08-06 20:09:15 -05:00
Matt Moyer
cbe4c1b370 Pull placeholder-name-api back into this repo as a library.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
Matt Moyer
ad55f9e310 Pull placeholder-name-client-go back into this repo as a library.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 19:38:13 -05:00
Andrew Keesler
0b4590b237 Now that we have a testutil package, put ioutil.go into it
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-06 15:19:09 -07:00
Ryan Richard
f10c61f591 Add request logging to the create LoginRequest endpoint
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-06 15:14:30 -07:00
Andrew Keesler
31e6d8fbb1
Drop main module dependency on test module
I suppose we could solve this other ways, but this utility was
only used in one place right now, so it is easiest to copy it over.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-06 10:29:04 -04:00
Ryan Richard
dd278b46a8 Build with CGO_ENABLED=0 in Dockerfile
- Not strictly necessary at the moment because both our build layer
  and our run layer are based on alpine, but static linking our binary
  will help us later when we want to base our run image on something
  closer to scratch
2020-08-05 17:43:24 -07:00
Andrew Keesler
da5b509cc6 Stop using $PLACEHOLDER_NAME_TEST_INTEGRATION
Instead, make the integration tests a separate module. You can't run
these tests by accident because they will not run at all when you
`go test` from the top-level directory. You will need to `cd test`
before using `go test` in order to run the integration tests.

Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-05 14:15:45 -07:00
Matt Moyer
2b573d8642
Merge pull request #41 from mattmoyer/lint-cleanup
Clean up some lint errors that we missed before.
2020-08-05 09:48:19 -05:00
Matt Moyer
519484816d Clean up some lint errors that we missed before.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-05 09:26:50 -05:00
Ryan Richard
6da420d865
Merge pull request #40 from cfryanr/garbage_collection_bug
Garbage collection bug fix
2020-08-04 17:29:26 -07:00
Ryan Richard
f8567450ee Increase test timeout to avoid CI flakes 2020-08-04 17:28:16 -07:00
Ryan Richard
08961919b5 Fix a garbage collection bug
- Previously the golang code would create a Service and an APIService.
  The APIService would be given an owner reference which pointed to
  the namespace in which the app was installed.
- This prevented the app from being uninstalled. The namespace would
  refuse to delete, so `kapp delete` or `kubectl delete` would fail.
- The new approach is to statically define the Service and an APIService
  in the deployment.yaml, except for the caBundle of the APIService.
  Then the golang code will perform an update to add the caBundle at
  runtime.
- When the user uses `kapp deploy` or `kubectl apply` either tool will
  notice that the caBundle is not declared in the yaml and will
  therefore avoid editing that field.
- When the user uses `kapp delete` or `kubectl delete` either tool will
  destroy the objects because they are statically declared with names
  in the yaml, just like all of the other objects. There are no
  ownerReferences used, so nothing should prevent the namespace from
  being deleted.
- This approach also allows us to have less golang code to maintain.
- In the future, if our golang controllers want to dynamically add
  an Ingress or other objects, they can still do that. An Ingress
  would point to our statically defined Service as its backend.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-04 16:46:27 -07:00
Andrew Keesler
92939cf118 Indent pod template annotations correctly in deployment.yaml
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-04 14:52:08 -07:00
Andrew Keesler
fb843aa15b Indent pod template annotations correctly in deployment.yaml
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-04 14:34:10 -07:00
Andrew Keesler
7ce49bf89c Empty commit to trigger CI
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-04 13:14:49 -07:00
Ryan Richard
09571d1117
Merge pull request #33 from cfryanr/discovery_doc
Adding discovery document object
2020-08-04 10:01:20 -07:00
Matt Moyer
573202140d
Merge pull request #39 from mattmoyer/fix-certificate-group-field
Fix group identity encoding in client certificates.
2020-08-03 17:46:31 -05:00
Matt Moyer
fdbc30365d Use the correct field when encoding groups into the certificate.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-03 17:31:18 -05:00
Matt Moyer
b70c62a1b3 Add a test case to TestSuccessfulLoginRequest to verify access as group.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-03 17:29:55 -05:00
Andrew Keesler
2b9d2ca293
Merge remote-tracking branch 'upstream/main' into discovery_doc 2020-08-03 14:47:56 -04:00
Andrew Keesler
12120d7e8b
Force CI to run. 2020-08-03 14:45:39 -04:00
Ryan Richard
727a5883f2
Bring over ytt values.yaml update from discovery PR
- We are temporarily adding this change on the main branch so that CI works
  with the main branch and we can iterate on our changes on our PR branch.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-03 14:40:18 -04:00
Ryan Richard
ca80d87dcf
Use rest.Config for discovery URL instead of env var
- Why? Because the discovery URL is already there in the kubeconfig; let's
  not make our lives more complicated by passing it in via an env var.
- Also allow for ytt callers to not specify data.values.discovery_url - there
  are going to be a non-trivial number of installers of placeholder-name
  that want to use the server URL found in the cluster-info ConfigMap.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-03 14:36:08 -04:00
Andrew Keesler
e884cef1ef
Resolve SingularName TODO with comment
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-03 10:29:59 -04:00
Andrew Keesler
597408a977
Allow override of discovery URL via ConfigMap
Signed-off-by: Andrew Keesler <akeesler@vmware.com>

- Seems like the next step is to allow override of the CA bundle; I didn't
  do that here for simplicity of the commit, but seems like it is the right
  thing to do in the future.
2020-08-03 10:17:11 -04:00
Ryan Richard
548874a641 Move TestGetAPIResourceList to its own file
Because it is now testing multiple api types
2020-07-31 17:37:59 -07:00
Ryan Richard
cf56c67329 Move LoginDiscoveryConfig to the crds.placeholder.suzerain-io.github.io group
- Also includes bumping the api and client-go dependencies to the newer
  version which also moved LoginDiscoveryConfig to the
  crds.placeholder.suzerain-io.github.io group in the generated code
2020-07-31 17:22:12 -07:00
Ryan Richard
9fe82ec5f1 Merge remote-tracking branch 'upstream/main' into discovery_doc 2020-07-31 16:38:40 -07:00
Ryan Richard
2aa80e3576 More WIP for the publisher controller 2020-07-31 14:35:20 -07:00
aram price
0f248768a3
Merge pull request #37 from suzerain-io/update-api-and-client-go
Update -api and -client-go dependencies
2020-07-31 13:40:46 -07:00
Andrew Keesler
52546fad90 WIP: start on publisher controller integration 2020-07-31 12:08:07 -04:00
aram price
bd594e19ff Update -api and -client-go dependencies
- pulls in chage to make ExpirationTimestamp mandatory on
  LoginRequestCredential
2020-07-30 20:05:32 -07:00
Ryan Richard
2e05e032ee Merge remote-tracking branch 'upstream/main' into discovery_doc 2020-07-30 17:28:35 -07:00
Ryan Richard
733f80b7ae Apply filters to PublisherController
- Ask the controller package to only call the Sync() method for
  the specific objects in which this controller is interested
2020-07-30 17:16:09 -07:00
Andrew Keesler
ae7be3ea94
Merge pull request #31 from ankeesler/duplicate-header-definition
Consolidate duplicate header definitions
2020-07-30 18:01:49 -04:00
Andrew Keesler
a8dbdfd1c4 Consolidate duplicate header definitions
See 6dfae48b65.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-30 17:59:03 -04:00
Matt Moyer
3d293c96bc
Merge pull request #36 from mattmoyer/fix-expiration-handling
Fix expiration timestamp handling
2020-07-30 16:55:52 -05:00
Matt Moyer
02c17d875e Update the LoginRequest server to return an expiration timestamp.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 16:43:20 -05:00
Matt Moyer
076f8805d2 Update integration tests to assert a non-nil expiration timestamp.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-30 16:41:12 -05:00
Ryan Richard
5aebb76146 Make the PublisherController use informers
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-30 14:34:13 -07:00