2cdc3defb7
Use here.Doc() in a few more places that were begging for it
2020-09-11 18:15:24 -07:00
da7c981f14
Organize Pinniped CLI into subcommands; Add get-kubeconfig subcommand
...
- Add flag parsing and help messages for root command,
`exchange-credential` subcommand, and new `get-kubeconfig` subcommand
- The new `get-kubeconfig` subcommand is a work in progress in this
commit
- Also add here.Doc() and here.Docf() to enable nice heredocs in
our code
2020-09-11 17:56:05 -07:00
19c671a60a
cmd/local-user-authenticator: go back to use TokenReview structs
...
So I looked into other TokenReview webhook implementations, and most
of them just use the json stdlib package to unmarshal/marshal
TokenReview payloads. I'd say let's follow that pattern, even though
it leads to extra fields in the JSON payload (these are not harmful).
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 16:12:43 -04:00
17d40b7a73
cmd/local-user-authenticator: protect against nil-body
...
I saw this while reading other TokenReview code.
2020-09-11 16:11:42 -04:00
4e40c0320e
cmd/local-user-authenticator: use v1beta1 everywhere
...
See 63f5416b2
2020-09-11 16:11:42 -04:00
a3dbb309d0
cmd/local-user-authenticator: check for invalid TokenReview type meta
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 16:11:42 -04:00
c436f84b3d
Fix a nil dereference crash in rest.go
2020-09-11 13:08:54 -07:00
f685cd228f
More integration test script updates
...
- Don't need to `cd test` anymore before running the integration
tests because it's not a separate Go module anymore
2020-09-11 08:43:53 -07:00
63f9db72e8
Improvements and simplifications to prepare-for-integration-tests.sh
2020-09-11 08:19:49 -07:00
004cfe380d
doc/contributing.md: add a tiny blurb about integration tests
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 10:29:21 -04:00
b1d9665b03
Merge pull request #90 from suzerain-io/easy_demo
...
Add <20 minutes Pinniped demo
2020-09-11 10:26:20 -04:00
4fa7e1bd76
hack/prepare-for-integration-tests.sh: use log helper
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 10:09:22 -04:00
22bf24b775
Fix a unit test failure that only happens on golang 1.15
...
- Use the SAN field when creating a test cert or else the corresponding
unit tests will fail when run with golang 1.15
2020-09-10 18:50:34 -07:00
6deaa0fb1a
Fix lint errors
2020-09-10 18:34:18 -07:00
4fe609a043
Remove mentions of uninstall tests and other repos from prepare-for-integration-tests.sh
2020-09-10 17:36:22 -07:00
e6cb2f8220
Assert on specific expected username and groups in integration tests
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-09-10 17:10:27 -07:00
b7bdb7f3b1
Rename `test-webhook` to `local-user-authenticator`
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 15:20:02 -07:00
9baea83066
Improve the parsing of headers in test-webhook
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 15:00:53 -07:00
56be4a6761
Add more logging to test-webhook's endpoint
...
- Also correct the webhook url setting in prepare-for-integration-tests.sh
- Change the bcrypt count to 10, because 16 is way too slow on old laptops
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-09-10 13:37:25 -07:00
b506ac5823
Port integration test setup script from CI repo
...
I also started updating the script to deploy the test-webhook instead of
doing TMC stuff. I think the script should live in this repo so that
Pinniped contributors only need to worry about one repo for running
integration tests.
There are a bunch of TODOs in the script, but I figured this was a good
checkpoint. The script successfully runs on my machine and sets up the
test-webhook and pinniped on a local kind cluster. The integration tests
are failing because of some issue with pinniped talking to the test-webhook,
but this is step in the right direction.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 11:30:15 -04:00
fec31b71c0
deploy-test-webhook/README.md: add another tool needed for the demo
...
The other diffs in this comment were dictated by pre-commit.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 09:50:17 -04:00
89d01b84f8
deploy/README.md: fix markdown link to test webhook README.md
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 09:33:46 -04:00
fc3b4e9ae1
hack/test-unit.sh: remove this alias to cut down on scripts
...
This script was basically an alias for `./hack/module.sh unittest`. We even
tell people to run the unit tests via module.sh in our contributing doc.
Let's ditch it - the best line of (shell code) is the one you don't write.
An analagous change was made in CI to use module.sh in place of test-unit.sh.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 09:26:18 -04:00
2565f67824
Create a deployment for `test-webhook`
...
- For now, build the test-webhook binary in the same container image as
the pinniped-server binary, to make it easier to distribute
- Also fix lots of bugs from the first draft of the test-webhook's
`/authenticate` implementation from the previous commit
- Add a detailed README for the new deploy-test-webhook directory
2020-09-09 19:06:39 -07:00
3ee7a0d881
cmd/test-webhook: first draft of webhook
...
The webhook still needs to be updated to auto generate its
certificates.
We decided not to give this webhook its own go module for now since
this webhook only pulled in one more dependency, and it is a
dependency that we will most likely need in the future.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-09 15:27:30 -04:00
7207041c37
Merge pull request #91 from mattmoyer/prefactor-api-resource-test
...
Refactor GetAPIResourceList test a bit to prep for IDP CRD changes.
2020-09-09 10:46:13 -05:00
7f9cb43ffa
Refactor GetAPIResourceList test a bit to prep for IDP CRD changes.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-09 10:24:41 -05:00
20b21e8639
Prefactor: Move updating of APIService to a separate controller
...
- The certs manager controller, along with its sibling certs expirer
and certs observer controllers, are generally useful for any process
that wants to create its own CA and TLS certs, but only if the
updating of the APIService is not included in those controllers
- So that functionality for updating APIServices is moved to a new
controller which watches the same Secret which is used by those
other controllers
- Also parameterize `NewCertsManagerController` with the service name
and the CA common name to make the controller more reusable
2020-09-08 16:36:49 -07:00
3d09afbfb3
Merge pull request #88 from mattmoyer/add-replica-count-param
...
Add a ytt template value for replica count.
2020-09-08 11:54:11 -05:00
b0315e5e9f
Add a ytt template value for replica count.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-08 11:36:32 -05:00
f8f16fadb9
Merge pull request #69 from ankeesler/pod-anti-affinity
...
Add pod anti-affinity to make our HA deployment more HA
2020-09-08 11:01:55 -04:00
ba53218711
Merge pull request #84 from suzerain-io/dependabot/docker/golang-1.15.1
...
Bump golang from 1.15.0 to 1.15.1
2020-09-08 09:33:03 -05:00
1415fcc6dc
Add pod anti-affinity to make our HA deployment more HA
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-08 10:08:34 -04:00
ab82b2ea64
Merge pull request #86 from suzerain-io/dependabot/go_modules/github.com/golangci/golangci-lint-1.31.0
...
Bump github.com/golangci/golangci-lint from 1.30.0 to 1.31.0
2020-09-08 08:40:52 -05:00
1dcba155a2
Merge pull request #85 from suzerain-io/dependabot/go_modules/github.com/go-logr/logr-0.2.1
...
Bump github.com/go-logr/logr from 0.2.0 to 0.2.1
2020-09-08 08:37:17 -05:00
9c8d30fa86
Bump github.com/golangci/golangci-lint from 1.30.0 to 1.31.0
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.30.0 to 1.31.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.30.0...v1.31.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-09-08 06:07:24 +00:00
1d004a7326
Bump github.com/go-logr/logr from 0.2.0 to 0.2.1
...
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr ) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/go-logr/logr/releases )
- [Commits](https://github.com/go-logr/logr/compare/v0.2.0...v0.2.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-09-07 05:49:14 +00:00
a2e8b2aa0c
Bump golang from 1.15.0 to 1.15.1
...
Bumps golang from 1.15.0 to 1.15.1.
Signed-off-by: dependabot[bot] <support@github.com>
2020-09-02 06:03:19 +00:00
3e4816c811
Merge pull request #82 from mattmoyer/add-crd-generation
...
Generate CRD YAML using controller-tools, update doc strings.
2020-08-31 17:18:28 -05:00
8e5912e4c2
Update precommit hook config to ignore generated files and fix whitespace.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-31 16:41:22 -05:00
2959b54e7b
Generate CRD YAML using controller-tools, update doc strings.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-31 16:38:48 -05:00
f49317d7e4
Add some generated API documentation. ( #81 )
...
Add some generated API documentation using https://github.com/elastic/crd-ref-docs which is now packaged in the codegen image.
2020-08-31 11:27:39 -05:00
2546d3f823
Merge pull request #79 from suzerain-io/dependabot/go_modules/github.com/golang/mock-1.4.4
...
Bump github.com/golang/mock from 1.4.3 to 1.4.4
2020-08-28 17:33:18 -05:00
0c5d38090e
Bump github.com/golang/mock from 1.4.3 to 1.4.4
...
Bumps [github.com/golang/mock](https://github.com/golang/mock ) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/golang/mock/releases )
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml )
- [Commits](https://github.com/golang/mock/compare/v1.4.3...v1.4.4 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-28 22:21:11 +00:00
cd00aad610
Merge pull request #78 from suzerain-io/dependabot/go_modules/github.com/google/go-cmp-0.5.2
...
Bump github.com/google/go-cmp from 0.5.0 to 0.5.2
2020-08-28 17:18:03 -05:00
eb4b2b1ecd
Merge pull request #80 from suzerain-io/dependabot/go_modules/k8s.io/klog/v2-2.3.0
...
Bump k8s.io/klog/v2 from 2.2.0 to 2.3.0
2020-08-28 17:17:42 -05:00
b5f7ff2e33
Bump k8s.io/klog/v2 from 2.2.0 to 2.3.0
...
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/kubernetes/klog/releases )
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md )
- [Commits](https://github.com/kubernetes/klog/compare/v2.2.0...v2.3.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-28 22:03:22 +00:00
21fd807037
Bump github.com/google/go-cmp from 0.5.0 to 0.5.2
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.0...v0.5.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-28 22:03:10 +00:00
b0d99abf22
Merge pull request #77 from mattmoyer/monorepo-part-three
...
Pull controller-go back into this repository as `internal/controllerlib`.
Co-authored-by: Monis Khan <mok@vmware.com>
2020-08-28 16:30:18 -05:00
0135d8b6c3
Fix a flake in kubecertauthority_test.go.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-28 16:13:43 -05:00
Ryan Richard