Commit Graph

2743 Commits

Author SHA1 Message Date
Matt Moyer
6a0dc1e2bb
Fix an issue in TestE2EFullIntegration groups assertions.
The group claims read from the session cache file are loaded as `[]interface{}` (slice of empty interfaces) so when we previously did a `groups, _ := idTokenClaims[oidc.DownstreamGroupsClaim].([]string)`, then `groups` would always end up nil.

The solution I tried here was to convert the expected value to also be `[]interface{}` so that `require.Equal(t, ...)` does the right thing.

This bug only showed up in our acceptance environnment against Okta, since we don't have any other integration test coverage with IDPs that pass a groups claim.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-01-14 21:06:02 -06:00
Margo Crawford
b95f2c97b9
Merge pull request #333 from vmware-tanzu/groups-claim-parsing
groups claim parsing
2021-01-14 15:55:42 -08:00
Margo Crawford
d11a73c519 PR feedback-- omit empty groups, keep groups as nil until last minute
Also log keys and values for claims
2021-01-14 15:11:00 -08:00
Andrew Keesler
6fce1bd6bb
Allow arrays of type interface
and always set the groups claim to an
array in the downstream token

Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-14 17:21:41 -05:00
Margo Crawford
5e60c14ce7
internal/upstreamoidc: log claims from ID token and userinfo
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-14 16:47:39 -05:00
Andrew Keesler
434448a2f9
Merge pull request #331 from ankeesler/1-20-owner-ref-test
Update test/integration/kubeclient_test.go to work with Kube 1.20 GC behavior
2021-01-14 10:59:02 -05:00
Andrew Keesler
8a916ce8ae
test/integration: add test helper to avoid race conditions
We were seeing a race in this test code since the require.NoError() and
require.Eventually() would write to the same testing.T state on separate
goroutines. Hopefully this helper function should cover the cases when we want
to require.NoError() inside a require.Eventually() without causing a race.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Margo Crawford <margaretc@vmware.com>
Co-authored-by: Monis Khan <i@monis.app>
2021-01-14 10:19:35 -05:00
Andrew Keesler
a0546942b8
test/integration: skip part of test to avoid Kube 1.20 GC bug
See comment.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Margo Crawford <margaretc@vmware.com>
Co-authored-by: Monis Khan <i@monis.app>
2021-01-14 10:19:26 -05:00
Andrew Keesler
792bb98680
Revert "Temporarily disable max inflight checks for mutating requests"
This reverts commit 4a28d1f800.

This commit was originally made to fix a bug that caused TokenCredentialRequest
to become slow when the server was idle for an extended period of time. This was
to address a Kubernetes issue that was fixed in 1.19.5 and onward. We are now
running with Kubernetes 1.20, so we should be able to pick up this fix.
2021-01-13 11:12:09 -05:00
Andrew Keesler
3151ca92db
Merge pull request #322 from enj/enj/f/user_info_test
Wire in new env vars for user info testing
2021-01-12 11:51:46 -05:00
Monis Khan
3c3da9e75d
Wire in new env vars for user info testing
Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-12 11:23:25 -05:00
Mo Khan
3f08f2e11e
Merge pull request #318 from enj/enj/f/user_info_endpoint
Fetch claims from the user info endpoint if provided
2021-01-11 14:14:20 -05:00
Monis Khan
6fff179e39
Fetch claims from the user info endpoint if provided
Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-09 18:16:24 -05:00
Margo Crawford
3569076d3e
Merge pull request #317 from vmware-tanzu/kubernetes-1.20
Switching to Kubernetes 1.20
2021-01-08 15:31:48 -08:00
Margo Crawford
2686031ac1 Fixing documentation to reference 1.20 generated docs 2021-01-08 15:21:23 -08:00
Margo Crawford
9051342d6d Ignore lint error 2021-01-08 14:13:04 -08:00
Margo Crawford
6f04613aed Merge branch 'main' of github.com:vmware-tanzu/pinniped into kubernetes-1.20 2021-01-08 13:22:31 -08:00
Margo Crawford
326f10bbbf Resolving code review suggestions:
- set provideClusterInfo to true
- kubernetes library versions to 0.20.1
- version timestamps back to v0.0.0-00010101000000-000000000000
2021-01-08 10:21:59 -08:00
Mo Khan
6a9976742c
Merge pull request #316 from enj/enj/i/always_set_owner_ref
Always set an owner ref back to our deployment
2021-01-07 19:51:02 -05:00
Margo Crawford
1b770b01ae Fix failing kubeconfig unit test 2021-01-07 16:23:41 -08:00
Margo Crawford
5611212ea9 Changing references from 1.19 to 1.20 2021-01-07 15:25:47 -08:00
Margo Crawford
b8f56bd10b 1.20 Changes to the update script and Dockerfile 2021-01-07 13:20:25 -08:00
Monis Khan
bba0f3a230
Always set an owner ref back to our deployment
This change updates our clients to always set an owner ref when:

1. The operation is a create
2. The object does not already have an owner ref set

Signed-off-by: Monis Khan <mok@vmware.com>
2021-01-07 15:25:40 -05:00
Margo Crawford
9b8e4f4d5b
Merge pull request #315 from vmware-tanzu/kube-versions-1.20.0
Kubernetes 1.20.0 generated code
2021-01-07 10:47:52 -08:00
Margo Crawford
b7cd026bd6 Merge branch 'main' of github.com:vmware-tanzu/pinniped into kube-versions-1.20.0 2021-01-07 10:30:40 -08:00
Margo Crawford
553e25cbb7 Add generated/1.20 directory 2021-01-07 10:29:56 -08:00
Margo Crawford
988eee82cf
Merge pull request #314 from vmware-tanzu/kube-versions-1.20.0
Add kubernetes 1.20 to kube-versions.txt
2021-01-07 09:57:36 -08:00
Margo Crawford
da1bf06764 Add kubernetes 1.20 to kube-versions.txt 2021-01-07 09:51:45 -08:00
Andrew Keesler
13d17ba352
Merge pull request #312 from ankeesler/credential-issuer-test-timing
test/integration: fix intermittent failures on GKE
2021-01-06 14:58:06 -05:00
Andrew Keesler
3d8616e75f
test/integration: fix intermittent failures on GKE
See comment. This is at least a first step to make our GKE acceptance
environment greener. Previously, this test assumed that the Pinniped-under-test
had been deployed in (roughly) the last 10 minutes, which is not an assumption
that we make anywhere else in the integration test suite.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-06 12:09:11 -05:00
Margo Crawford
e7884d8793
Merge pull request #313 from vmware-tanzu/copyright-year
Copyright year validation in linter and pre-commit hook
2021-01-06 09:08:19 -08:00
Margo Crawford
19d592566d
Merge branch 'main' into copyright-year 2021-01-06 09:03:13 -08:00
Margo Crawford
afa140b6a6 Add more text explaining what copyright notice should look like 2021-01-05 16:06:59 -08:00
Margo Crawford
ea6ebd0226 Got pre-commit to check for correct copyright year 2021-01-05 15:53:14 -08:00
Andrew Keesler
53a185083c Hopefully triggering the precommit hook
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-05 14:15:46 -08:00
Margo Crawford
f1e177fee7 Copyright year precommit hook
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-05 14:02:28 -08:00
Andrew Keesler
75bc5bdc7e Linter allows range of years in copyright
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-05 13:35:09 -08:00
Margo Crawford
0d4588aa8d
Merge pull request #311 from vmware-tanzu/dont-block-owner-deletion
Remove blockOwnerDeletion from the supervisor secrets
2021-01-05 13:18:39 -08:00
Andrew Keesler
40753d1454 Remove blockOwnerDeletion from the supervisor secrets
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2021-01-05 10:44:36 -08:00
Andrew Keesler
dd3c990a51
Merge pull request #310 from vmware-tanzu/supervisor-demo
Supervisor demo
2021-01-05 09:57:53 -05:00
Andrew Keesler
ef74ba7238
Re-export arch diagram to embed images
I followed the steps in site/content/docs/img/README.md.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-05 08:44:10 -05:00
Andrew Keesler
b4415a05d0
I don't _think_ we need this picture anymore
See f25b4a3.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-05 08:36:26 -05:00
Margo Crawford
7817d15657 Remove image width constraint on architecture diagram 2021-01-04 17:08:47 -08:00
Margo Crawford
f25b4a3e12 De-duped architecture diagram references 2021-01-04 16:47:34 -08:00
Margo Crawford
8422659ee5 Fixed typos and issues with the demo code
- Also cleaned up some wording
2021-01-04 16:23:24 -08:00
Margo Crawford
ef828cf2e1
Add rough draft of supervisor demo
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-01-04 15:31:53 -05:00
Ryan Richard
546b8b5d25
Merge pull request #305 from vmware-tanzu/quiet-secrets-controllers
Sync Secret-watching controller less often by adjusting their filters to be more specific
2020-12-18 18:21:51 -08:00
Ryan Richard
a7f383f610
Merge branch 'main' into quiet-secrets-controllers 2020-12-18 18:20:54 -08:00
Ryan Richard
116c8dd6c5 SupervisorSecretsController Syncs less often by adjusting its filters
- Only watches Secrets of type
  "secrets.pinniped.dev/supervisor-csrf-signing-key"

Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-18 15:57:12 -08:00
Aram Price
1b5e8c3439 Upstream Watcher Controller Syncs less often by adjusting its filters
- Only watches Secrets of type "secrets.pinniped.dev/oidc-client"

Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-12-18 15:41:18 -08:00