djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,671 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

1671 Commits

Author SHA1 Message Date
Andrew Keesler a3dbb309d0
cmd/local-user-authenticator: check for invalid TokenReview type meta 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-11 16:11:42 -04:00
Ryan Richard c436f84b3d Fix a nil dereference crash in rest.go 2020-09-11 13:08:54 -07:00
Ryan Richard f685cd228f More integration test script updates 
- Don't need to `cd test` anymore before running the integration
  tests because it's not a separate Go module anymore
 2020-09-11 08:43:53 -07:00
Ryan Richard 63f9db72e8 Improvements and simplifications to prepare-for-integration-tests.sh 2020-09-11 08:19:49 -07:00
Andrew Keesler 004cfe380d
doc/contributing.md: add a tiny blurb about integration tests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-11 10:29:21 -04:00
Andrew Keesler b1d9665b03
Merge pull request #90 from suzerain-io/easy_demo 
Add <20 minutes Pinniped demo
 2020-09-11 10:26:20 -04:00
Andrew Keesler 4fa7e1bd76
hack/prepare-for-integration-tests.sh: use log helper 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-11 10:09:22 -04:00
Ryan Richard 22bf24b775 Fix a unit test failure that only happens on golang 1.15 
- Use the SAN field when creating a test cert or else the corresponding
  unit tests will fail when run with golang 1.15
 2020-09-10 18:50:34 -07:00
Ryan Richard 6deaa0fb1a Fix lint errors 2020-09-10 18:34:18 -07:00
Ryan Richard 4fe609a043 Remove mentions of uninstall tests and other repos from prepare-for-integration-tests.sh 2020-09-10 17:36:22 -07:00
Andrew Keesler e6cb2f8220 Assert on specific expected username and groups in integration tests 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-09-10 17:10:27 -07:00
Ryan Richard b7bdb7f3b1 Rename `test-webhook` to `local-user-authenticator` 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-10 15:20:02 -07:00
Ryan Richard 9baea83066 Improve the parsing of headers in test-webhook 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-10 15:00:53 -07:00
Andrew Keesler 56be4a6761 Add more logging to test-webhook's endpoint 
- Also correct the webhook url setting in prepare-for-integration-tests.sh
- Change the bcrypt count to 10, because 16 is way too slow on old laptops

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-09-10 13:37:25 -07:00
Andrew Keesler b506ac5823
Port integration test setup script from CI repo 
I also started updating the script to deploy the test-webhook instead of
doing TMC stuff. I think the script should live in this repo so that
Pinniped contributors only need to worry about one repo for running
integration tests.

There are a bunch of TODOs in the script, but I figured this was a good
checkpoint. The script successfully runs on my machine and sets up the
test-webhook and pinniped on a local kind cluster. The integration tests
are failing because of some issue with pinniped talking to the test-webhook,
but this is step in the right direction.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-10 11:30:15 -04:00
Andrew Keesler fec31b71c0
deploy-test-webhook/README.md: add another tool needed for the demo 
The other diffs in this comment were dictated by pre-commit.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-10 09:50:17 -04:00
Andrew Keesler 89d01b84f8
deploy/README.md: fix markdown link to test webhook README.md 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-10 09:33:46 -04:00
Andrew Keesler fc3b4e9ae1
hack/test-unit.sh: remove this alias to cut down on scripts 
This script was basically an alias for `./hack/module.sh unittest`. We even
tell people to run the unit tests via module.sh in our contributing doc.
Let's ditch it - the best line of (shell code) is the one you don't write.

An analagous change was made in CI to use module.sh in place of test-unit.sh.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-10 09:26:18 -04:00
Ryan Richard 2565f67824 Create a deployment for `test-webhook` 
- For now, build the test-webhook binary in the same container image as
  the pinniped-server binary, to make it easier to distribute
- Also fix lots of bugs from the first draft of the test-webhook's
  `/authenticate` implementation from the previous commit
- Add a detailed README for the new deploy-test-webhook directory
 2020-09-09 19:06:39 -07:00
Ryan Richard 3ee7a0d881
cmd/test-webhook: first draft of webhook 
The webhook still needs to be updated to auto generate its
certificates.

We decided not to give this webhook its own go module for now since
this webhook only pulled in one more dependency, and it is a
dependency that we will most likely need in the future.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-09 15:27:30 -04:00
Matt Moyer 7207041c37
Merge pull request #91 from mattmoyer/prefactor-api-resource-test 
Refactor GetAPIResourceList test a bit to prep for IDP CRD changes.
 2020-09-09 10:46:13 -05:00
Matt Moyer 7f9cb43ffa
Refactor GetAPIResourceList test a bit to prep for IDP CRD changes. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-09 10:24:41 -05:00
Ryan Richard 20b21e8639 Prefactor: Move updating of APIService to a separate controller 
- The certs manager controller, along with its sibling certs expirer
  and certs observer controllers, are generally useful for any process
  that wants to create its own CA and TLS certs, but only if the
  updating of the APIService is not included in those controllers
- So that functionality for updating APIServices is moved to a new
  controller which watches the same Secret which is used by those
  other controllers
- Also parameterize `NewCertsManagerController` with the service name
  and the CA common name to make the controller more reusable
 2020-09-08 16:36:49 -07:00
Matt Moyer 3d09afbfb3
Merge pull request #88 from mattmoyer/add-replica-count-param 
Add a ytt template value for replica count.
 2020-09-08 11:54:11 -05:00
Matt Moyer b0315e5e9f Add a ytt template value for replica count. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-08 11:36:32 -05:00
Andrew Keesler f8f16fadb9
Merge pull request #69 from ankeesler/pod-anti-affinity 
Add pod anti-affinity to make our HA deployment more HA
 2020-09-08 11:01:55 -04:00
Matt Moyer ba53218711
Merge pull request #84 from suzerain-io/dependabot/docker/golang-1.15.1 
Bump golang from 1.15.0 to 1.15.1
 2020-09-08 09:33:03 -05:00
Andrew Keesler 1415fcc6dc
Add pod anti-affinity to make our HA deployment more HA 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-08 10:08:34 -04:00
Matt Moyer ab82b2ea64
Merge pull request #86 from suzerain-io/dependabot/go_modules/github.com/golangci/golangci-lint-1.31.0 
Bump github.com/golangci/golangci-lint from 1.30.0 to 1.31.0
 2020-09-08 08:40:52 -05:00
Matt Moyer 1dcba155a2
Merge pull request #85 from suzerain-io/dependabot/go_modules/github.com/go-logr/logr-0.2.1 
Bump github.com/go-logr/logr from 0.2.0 to 0.2.1
 2020-09-08 08:37:17 -05:00
dependabot[bot] 9c8d30fa86
Bump github.com/golangci/golangci-lint from 1.30.0 to 1.31.0 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.30.0 to 1.31.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.30.0...v1.31.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-08 06:07:24 +00:00
dependabot[bot] 1d004a7326
Bump github.com/go-logr/logr from 0.2.0 to 0.2.1 
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Commits](https://github.com/go-logr/logr/compare/v0.2.0...v0.2.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-07 05:49:14 +00:00
dependabot[bot] a2e8b2aa0c
Bump golang from 1.15.0 to 1.15.1 
Bumps golang from 1.15.0 to 1.15.1.

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-02 06:03:19 +00:00
Matt Moyer 3e4816c811
Merge pull request #82 from mattmoyer/add-crd-generation 
Generate CRD YAML using controller-tools, update doc strings.
 2020-08-31 17:18:28 -05:00
Matt Moyer 8e5912e4c2 Update precommit hook config to ignore generated files and fix whitespace. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-31 16:41:22 -05:00
Matt Moyer 2959b54e7b Generate CRD YAML using controller-tools, update doc strings. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-31 16:38:48 -05:00
Matt Moyer f49317d7e4
Add some generated API documentation. (#81) 
Add some generated API documentation using https://github.com/elastic/crd-ref-docs which is now packaged in the codegen image.
 2020-08-31 11:27:39 -05:00
Matt Moyer 2546d3f823
Merge pull request #79 from suzerain-io/dependabot/go_modules/github.com/golang/mock-1.4.4 
Bump github.com/golang/mock from 1.4.3 to 1.4.4
 2020-08-28 17:33:18 -05:00
dependabot[bot] 0c5d38090e
Bump github.com/golang/mock from 1.4.3 to 1.4.4 
Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/golang/mock/releases)
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang/mock/compare/v1.4.3...v1.4.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-08-28 22:21:11 +00:00
Matt Moyer cd00aad610
Merge pull request #78 from suzerain-io/dependabot/go_modules/github.com/google/go-cmp-0.5.2 
Bump github.com/google/go-cmp from 0.5.0 to 0.5.2
 2020-08-28 17:18:03 -05:00
Matt Moyer eb4b2b1ecd
Merge pull request #80 from suzerain-io/dependabot/go_modules/k8s.io/klog/v2-2.3.0 
Bump k8s.io/klog/v2 from 2.2.0 to 2.3.0
 2020-08-28 17:17:42 -05:00
dependabot[bot] b5f7ff2e33
Bump k8s.io/klog/v2 from 2.2.0 to 2.3.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.2.0...v2.3.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-08-28 22:03:22 +00:00
dependabot[bot] 21fd807037
Bump github.com/google/go-cmp from 0.5.0 to 0.5.2 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.0...v0.5.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-08-28 22:03:10 +00:00
Matt Moyer b0d99abf22
Merge pull request #77 from mattmoyer/monorepo-part-three 
Pull controller-go back into this repository as `internal/controllerlib`.

Co-authored-by: Monis Khan <mok@vmware.com>
 2020-08-28 16:30:18 -05:00
Matt Moyer 0135d8b6c3 Fix a flake in kubecertauthority_test.go. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 16:13:43 -05:00
Matt Moyer ecf67862e2 Empty commit to trigger CI. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 14:55:07 -05:00
Matt Moyer aeee2cf05e Fix some linter complaints in controllerlib. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 14:54:50 -05:00
Ryan Richard f0c400235a
Add memory request to pinniped deployment 
- We are not setting an upper limit because Kubernetes might randomly
  decide to unschedule our pod in ways that we can't anticipate in
  advance, causing very hard to reproduce production bugs.
- We noticed that our app currently uses ~30 MB of memory when idle,
  and ~35 MB of memory under some load. So a memory request of 128
  MB should be reasonable.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-08-28 15:19:16 -04:00
Matt Moyer 7848332d47 Remove `.netrc` trick from Dockerfile. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 13:07:47 -05:00
Matt Moyer 1fcf95af01 Convert the controllerlib tests to use the same structure as our other integration tests. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 13:07:47 -05:00