391202c253
Merge pull request #517 from mattmoyer/deflake-supervisor-oidc-discovery-test
...
Tweak some assertions in TestSupervisorOIDCDiscovery.
2021-03-29 07:35:58 -07:00
95bb4c4be5
Fix concierge_impersonation_proxy_test.go on AKS
...
Also send the correct instance of `t` into a helper function which
makes assertions.
2021-03-26 19:32:46 -07:00
d52f500b83
Merge pull request #531 from mattmoyer/remove-test-dumplogs-helper
...
Remove library.DumpLogs test helper.
2021-03-26 18:58:07 -04:00
defad3cdd7
Remove library.DumpLogs test helper.
...
We had this code that printed out pod logs when certain tests failed, but it is a bit cumbersome. We're removing it because we added a CI task that exports all pod logs after every CI run, which accomplishes the same thing and provides us a bunch more data.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-26 16:43:02 -05:00
c6d7724b67
In TestImpersonationProxy, instead of failing in this case just skip the test.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-26 16:28:33 -05:00
3359311228
concierge_impersonation_proxy_test.go: fix typo in previous commit
2021-03-26 09:49:49 -07:00
7e16619146
concierge_impersonation_proxy_test.go: handle TKGS test clusters
...
Handle any test cluster which supports load balancers but should
not automatically start the impersonator, e.g. TKGS clusters.
2021-03-26 09:28:42 -07:00
a084544f08
Add hasExternalLoadBalancerProvider to AKS/EKS capabilities files
2021-03-26 08:03:51 -07:00
c2588cf035
Merge pull request #528 from enj/enj/i/impersonation-proxy-authz-user-extra
...
impersonation proxy: add RBAC to impersonate user extra and SAs
2021-03-26 00:37:24 -04:00
2179c2879a
impersonation proxy: add RBAC to impersonate user extra and SAs
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-25 22:21:57 -04:00
b6e217e13a
Hardcode type "webhook" in concierge_impersonation_proxy_test.go
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-25 17:19:47 -07:00
6f2882b831
Explicitly set the correct authenticator for impersonator test
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-25 16:57:37 -07:00
cd6e48bfa8
Use a random password for the dex integration test user
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-25 15:12:17 -07:00
c0361645e2
Merge pull request #355 from vmware-tanzu/impersonation-proxy
...
Impersonation proxy
2021-03-25 13:19:18 -07:00
6bf8bfe9a8
Merge remote-tracking branch 'origin/main' into impersonation-proxy
2021-03-24 17:22:40 -07:00
ea130ea781
Merge pull request #525 from vmware-tanzu/microwavables-patch-1
...
Added kubeapps and vmware tanzu logos
2021-03-24 16:28:36 -07:00
03619fc878
Added kubeapps and vmware tanzu logos
...
these logos will be used for the adopters.md file
2021-03-24 18:03:57 -05:00
454348b2fd
Merge pull request #524 from mattmoyer/allow-prebuilt-cli-binaries-for-testing
...
Allow running CLI-related integration tests with pre-built binary.
2021-03-23 16:19:50 -07:00
cda8bd6e26
Allow running CLI-related integration tests with pre-built binary.
...
This allows setting `$PINNIPED_TEST_CLI` to point at an existing `pinniped` CLI binary instead of having the test build one on-the-fly. This is more efficient when you're running the tests across many clusters as we do in CI.
Building the CLI from scratch in our CI environment takes 1.5-2 minutes, so this change should save nearly that much time on every test job.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 17:19:09 -05:00
c0d32f10b2
Add some test debug logging when running the CLI.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 12:07:34 -05:00
ce5b05f912
Add some debug logging to measure how long the CLI build takes.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 12:06:35 -05:00
176fb6a139
Authenticators are no longer namespaced, so clean up these test logs.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 10:33:05 -05:00
9501168265
Simplify TestCLIGetKubeconfigStaticToken now that there's only a single table case.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 10:26:04 -05:00
2e79664f3d
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy
2021-03-23 09:05:13 -05:00
e70788204b
Merge pull request #516 from ankeesler/cli-docs
...
Add CLI command for generating docs
2021-03-23 09:58:47 -04:00
f6646eb2b7
cmd/pinniped: add generate-markdown-help for generating CLI doc
...
This command is hidden. We want to use this to generate our CLI reference docs
upon release.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-23 09:35:58 -04:00
75cfda0ffe
prepare-for-integration-tests.sh: Check Chrome and chromedriver versions
...
They usually need to match, or at least be close, so added some
code to help us remember to do that.
2021-03-22 16:54:22 -07:00
bde54ef643
Merge remote-tracking branch 'main' into impersonation-proxy
2021-03-22 17:00:40 -04:00
d90398815b
Nothing in parallel in the impersonation proxy integration test
2021-03-22 10:48:09 -07:00
7683a98792
Unparallelize run all the verbs and port-forward tests
2021-03-22 09:45:51 -07:00
d7e9568137
Unparallelize a couple
2021-03-22 09:43:40 -07:00
904086cbec
fix a typo in some comments
2021-03-22 09:34:58 -07:00
5e95c25d4f
Tweak some assertions in TestSupervisorOIDCDiscovery.
...
We've seen some test flakes caused by this test. Some small changes:
- Use a 30s timeout for each iteration of the test loop (so each iteration needs to check or fail more quickly).
- Log a bit more during the checks so we can diagnose what's going on.
- Increase the overall timeout from one minute to five minutes
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-22 11:33:02 -05:00
c9b1982767
Merge branch 'main' into impersonation-proxy
2021-03-22 09:27:18 -07:00
f69d095a69
Merge pull request #515 from mattmoyer/bump-kube-deps-1.20.5
...
Upgrade Kubernetes runtime libraries to v1.20.5.
2021-03-22 08:30:53 -07:00
1e7f2c7735
Upgrade Kubernetes runtime libraries to v0.20.5.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-22 09:33:29 -05:00
9af75d23fb
Merge pull request #514 from enj/enj/i/whoami_ctx
...
pinniped whoami: print correct cluster info when --kubeconfig-context is used
2021-03-22 09:22:45 -04:00
d0df2009ac
Merge pull request #498 from vmware-tanzu/impersonation-proxy-docs
...
Impersonation proxy docs
2021-03-19 16:13:58 -07:00
964d4889c4
pinniped whoami: print correct cluster info when --kubeconfig-context is used
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-19 18:42:40 -04:00
a537287601
Regenerate cli.md based on output of help message
2021-03-19 14:34:35 -07:00
fdfc854f8c
Incorporating suggestions:
...
- a credential that is understood by -> a credential that can be used to
authenticate to
- This is more neutral to whether its going directly to k8s
or through the impersonation proxy
2021-03-19 14:06:20 -07:00
331fef8fae
Tweaked some wording, updated the cli page
2021-03-19 14:06:20 -07:00
4470d3d2d1
Fix broken links to architecture page
2021-03-19 14:06:20 -07:00
698bffc2ad
Naming changes
2021-03-19 14:06:20 -07:00
6ff3e42602
Add description of impersonation proxy strategy to docs
2021-03-19 14:06:20 -07:00
3e50b4e129
Add -sS to the curl command in concierge_impersonation_proxy_test.go
2021-03-19 13:23:28 -07:00
d856221f56
Edit some comments in concierge_impersonation_proxy_test.go
2021-03-19 13:19:17 -07:00
f519f0cb09
impersonator: disallow clients from setting the X-Forwarded-For header
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-19 15:35:06 -04:00
c03fe2d1fe
Use http2 for all non-upgrade requests
...
Instead of using the LongRunningFunc to determine if we can safely
use http2, follow the same logic as the aggregation proxy and only
use http2 when the request is not an upgrade.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-19 13:45:58 -04:00
2749044625
test/integration: unparallelize impersonation kubectl test
...
Maybe this will cut down on flakes we see in CI?
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-19 13:31:28 -04:00
Matt Moyer