djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,366 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

1366 Commits

Author SHA1 Message Date
Monis Khan 6a9f57f83d
TestWhoAmI: support older clusters (CSR and impersonation) 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-23 10:15:17 -05:00
Monis Khan aa22047a0f
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-22 20:02:42 -05:00
Monis Khan abc941097c
Add WhoAmIRequest Aggregated Virtual REST API 
This change adds a new virtual aggregated API that can be used by
any user to echo back who they are currently authenticated as.  This
has general utility to end users and can be used in tests to
validate if authentication was successful.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-22 20:02:41 -05:00
Monis Khan 62630d6449
getAggregatedAPIServerScheme: move group version logic internally 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 11:10:54 -05:00
Mo Khan f228f022f5
Merge pull request #435 from enj/enj/c/bump_v0.20.4 
Bump Kube deps to v0.20.4
 2021-02-19 10:59:40 -05:00
Monis Khan 1c1decfaf1
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 10:33:10 -05:00
Monis Khan 7786c83b0d
Bump kube deps to v0.20.4 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 10:26:53 -05:00
Mo Khan 41b75e6977
Merge pull request #431 from enj/enj-patch-1 
concierge API service: update groupPriorityMinimum and versionPriority
 2021-02-19 08:48:06 -05:00
Mo Khan a54e1145a5
concierge API service: update groupPriorityMinimum and versionPriority 
Copy over values that I have seen used in the past.
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 07:47:38 -05:00
Matt Moyer 2b208807a6
Merge pull request #426 from mattmoyer/website-accessibility-tweaks 
Tweak website styles for accessibility.
 2021-02-17 17:28:03 -06:00
Matt Moyer 25f841d063
Tweak website styles for accessibility. 
Makes most of the fonts a bit bigger, increases contrast, fixes some nits about the spacing in numbered/bulletted lists, and adds some image alt texts.

Overall this improves our Lighthouse accessibility score from 71 to 95 and I think it's subjectively more readable.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-17 17:19:58 -06:00
Matt Moyer 93d4581721
Workaround a bad module version to fix Dependabot. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 17:05:33 -06:00
Matt Moyer 0a7c5b0604
Merge pull request #403 from mattmoyer/add-latest-generated-package 
Add "go.pinniped.dev/generated/latest" package that is not a nested module.
 2021-02-16 15:30:48 -06:00
Matt Moyer acbeb93f79
Don't lint generated code. 
This wasn't needed before because the other code wasn't in the main module and golangci-lint won't cross a module boundary.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 13:18:18 -06:00
Matt Moyer 6565265bee
Use new 'go.pinniped.dev/generated/latest' package. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 13:00:08 -06:00
Matt Moyer b42a34d822
Add generated client code for 'latest'. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 12:34:33 -06:00
Matt Moyer 3ce3403b95
Update ./hack/update.sh to add a "latest" package. 
This is just a copy of the newest Kubernetes version, but as a plain package and not a submodule.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 12:28:29 -06:00
Andrew Keesler fac571b51a
Merge pull request #410 from ankeesler/update-copyright 
generated: include 2021 in copyright
 2021-02-11 12:26:31 -05:00
Andrew Keesler c8b1f00107
generated: include 2021 in copyright 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-11 10:52:01 -05:00
Mo Khan f015ad5852
Merge pull request #405 from enj/enj/i/cluster_scope_concierge 
Cluster scope all concierge APIs
 2021-02-11 08:50:42 -05:00
Monis Khan b04fd46319
Update federation domain logic to use status subresource 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:10 -05:00
Monis Khan 4c304e4224
Assert all APIs have a status subresource 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:10 -05:00
Monis Khan 0a9f446893
Update credential issuer logic to use status subresource 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:10 -05:00
Monis Khan 96cec59236
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan 4faf724c2c
Make credential issuer status optional 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan de88ae2f61
Fix status related RBAC 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan dd3d1c8b1b
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan 2e9baf9fa6
Correctly generate status subresource for all CRDs 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan ac01186499
Use API service as owner ref for cluster scoped resources 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan 2eb01bd307
authncache: remove namespace concept 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan 741b8fe88d
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan d25c6d9d0a
Make kubebuilder CRDs cluster scoped 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan 89b00e3702
Declare war on namespaces 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:07 -05:00
Monis Khan d2480e6300
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:07 -05:00
Monis Khan 4205e3dedc
Make concierge APIs cluster scoped 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:07 -05:00
Matt Moyer ee80920ffd
Merge pull request #409 from mattmoyer/upgrade-debian 
Upgrade Debian base images from 10.7 to 10.8.
 2021-02-10 16:57:09 -06:00
Matt Moyer 45f4a0528c
Upgrade Debian base images from 10.7 to 10.8. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-10 15:57:16 -06:00
Andrew Keesler d0266cecdb
Merge pull request #390 from ankeesler/use-more-middleware 
Use middleware to mutate TokenCredentialRequest.Spec.Authenticator.APIGroup
 2021-02-10 16:38:54 -05:00
Andrew Keesler 0fc1f17866
internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 
This is a partial revert of 288d9c999e. For some reason it didn't occur to me
that we could do it this way earlier. Whoops.

This also contains a middleware update: mutation funcs can return an error now
and short-circuit the rest of the request/response flow. The idea here is that
if someone is configuring their kubeclient to use middleware, they are agreeing
to a narrow-er client contract by doing so (e.g., their TokenCredentialRequest's
must have an Spec.Authenticator.APIGroup set).

I also updated some internal/groupsuffix tests to be more realistic.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-10 15:53:44 -05:00
Andrew Keesler ae6503e972
internal/plog: add KObj() and KRef() 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-10 14:25:39 -05:00
Mo Khan 44b7679e9f
Merge pull request #407 from ankeesler/test-flake 
test/integration: make TestKubeCertAgent more stable
 2021-02-10 14:24:44 -05:00
Andrew Keesler 12d5b8959d
test/integration: make TestKubeCertAgent more stable 
I think the reason we were seeing flakes here is because the kube cert agent
pods had not reached a steady state even though our test assertions passed, so
the test would proceed immediately and run more assertions on top of a weird
state of the kube cert agent pods.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-10 12:08:34 -05:00
Andrew Keesler 5b076e7421
Merge pull request #404 from ankeesler/remove-deprecated-commands 
cmd/pinniped: delete get-kubeconfig + exchange-token
 2021-02-10 08:33:00 -05:00
Andrew Keesler 1ffe70bbea
cmd/pinniped: delete get-kubeconfig + exchange-token 
These were deprecated in v0.3.0.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-09 17:01:57 -05:00
Mo Khan cf735715f6
Merge pull request #394 from enj/enj/i/server_side_tcr_api_group 
Use server scheme to handle credential request API group changes
 2021-02-09 16:36:13 -05:00
Monis Khan 2679d27ced
Use server scheme to handle credential request API group changes 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-09 15:51:38 -05:00
Monis Khan 6b71b8d8ad
Revert server side token credential request API group changes 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-09 15:51:35 -05:00
Andrew Keesler 43da4ab2e0
SECURITY.md: follow established pattern 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-09 09:08:19 -05:00
Matt Moyer e4d8af6701
Merge pull request #399 from mattmoyer/upgrade-go 
Upgrade Go from 1.15.7 to 1.15.8.
 2021-02-08 18:17:17 -06:00
Matt Moyer d06c935c2c
Upgrade Go from 1.15.7 to 1.15.8. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-08 10:58:51 -06:00