Commit Graph

2128 Commits

Author SHA1 Message Date
Andrew Keesler
eab5c2b86b
Save 2 lines by using inline-style comments for Copyright
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:35:19 -04:00
Andrew Keesler
e7b389ae6c
Update copyright to reference Pinniped contributors
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:05:51 -04:00
Ryan Richard
e51e51dfd4 Add link to public Pinniped Biweekly Community Meeting agenda/notes doc 2020-09-15 18:19:20 -07:00
Ryan Richard
cd0194cb68 Contributor guide updates 2020-09-15 17:59:40 -07:00
Ryan Richard
a73f14e03d Revert "Fake README update to test a change to the PR pipeline"
This reverts commit e3b8c3b611.
2020-09-15 16:43:04 -07:00
Ryan Richard
e3b8c3b611 Fake README update to test a change to the PR pipeline 2020-09-15 16:41:39 -07:00
Ryan Richard
da9f24cf30
Merge pull request #99 from ankeesler/arch-doc
doc/architecture.md and new overview diagram
2020-09-15 16:20:31 -07:00
Ryan Richard
67de7f5646 Further explain the webhook API in architecture.md 2020-09-15 16:18:48 -07:00
Ryan Richard
43c69ec339 Update the architecture diagram
- Also update the instructions for editing the documentation images
2020-09-15 16:07:09 -07:00
Ryan Richard
014fb518bc Change one usage of "external" back to "upstream" 2020-09-15 14:04:05 -07:00
Ryan Richard
321c6a5392 Merge remote-tracking branch 'origin/main' into arch-doc 2020-09-15 14:02:26 -07:00
Ryan Richard
db98f2810f
Merge pull request #98 from suzerain-io/get_kubeconfig_cli
Organize Pinniped CLI into subcommands; Add get-kubeconfig subcommand
2020-09-15 13:34:14 -07:00
Andrew Keesler
062dfa3e75
Merge pull request #100 from ankeesler/adopters-doc
ADOPTERS.md: add initial draft
2020-09-15 16:20:35 -04:00
Matt Moyer
1244a950e7
Merge pull request #108 from mattmoyer/cleanup-credential-request-api
Clean up CredentialRequest `types.go`.
2020-09-15 15:03:07 -05:00
Matt Moyer
8df910361c
Clean up CredentialRequest types.go.
Mostly cleaned up and added doc strings, but also removed unneeded protobuf tags.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:30:12 -05:00
Matt Moyer
37da441e96
Merge pull request #107 from mattmoyer/tidy-go-modules
Tidy go.mod/go.sum.
2020-09-15 14:29:39 -05:00
Matt Moyer
6faf224e20
Merge pull request #105 from mattmoyer/extend-readiness-check
Wait for informers to sync before we pass readiness check.
2020-09-15 14:27:42 -05:00
Matt Moyer
92372d20a9
Tidy go.mod/go.sum.
I accidentally missed this in bbef017989 and it's not currently part of our CI linting.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:14:44 -05:00
Matt Moyer
12f0997193
Wait for informers to sync before we pass readiness check.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:14:25 -05:00
Matt Moyer
e428877473
Merge pull request #106 from mattmoyer/fix-webhook-base64-encoding
Fix base64 encoding style in webhookcachefiller.
2020-09-15 14:12:02 -05:00
Ryan Richard
cecd691a84 Add demo instructions
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-15 12:10:20 -07:00
Matt Moyer
1c7b3c3072
Fix base64 encoding style in webhookcachefiller.
This was previously using the unpadded (raw) base64 encoder, which worked sometimes (if the CA happened to be a length that didn't require padding). The correct encoding is the `base64.StdEncoding` one that includes padding.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 13:54:19 -05:00
Matt Moyer
b1ea04b036
Merge pull request #83 from mattmoyer/add-idp-config-crd
Implement the initial version of a WebhookIdentityProvider CRD.
2020-09-15 12:53:31 -05:00
Andrew Keesler
36a66f4e8b
Merge pull request #104 from ankeesler/maintainers-doc
MAINTAINERS.md: add initial draft
2020-09-15 13:31:15 -04:00
Matt Moyer
b39160e4c4
Add some log output to TestCredentialIssuerConfig for troubleshooting.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:15:42 -05:00
Andrew Keesler
a22b414b58
MAINTAINERS.md: add initial draft
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-15 13:14:50 -04:00
Matt Moyer
8de046a561
Remove static webhook config options.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:34 -05:00
Matt Moyer
f7c9ae8ba3
Validate tokens using the new dynamic IDP cache instead of the static config.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:34 -05:00
Matt Moyer
75ea0f48d9
Add a controller to clean up stale entries in the idpcache.Cache.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
acfc5acfb2
Add a controller to fill the idpcache.Cache from WebhookIdentityProvider objects.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
6506a82b19
Add a cache of active IDPs, which implements authenticator.Token.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
66f4e62c6c
Add internal/mocks/mocktokenauthenticator generated mocks.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
80a23bd2fd
Rename "Webhook" to "TokenAuthenticator" in our REST handler and callers.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
2bdbac3e15
Move the ytt webhook config out into the CRD.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
5b9f2ec9fc
Give our controller access to all our CRD types.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
fc220d5f79
Remove kubectl dry-run verify for now.
The dry-run fails now because we are trying to install a CRD and a custom resource (of that CRD type) in the same step.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:32 -05:00
Matt Moyer
3344b5b86a
Expect the WebhookIdentityProvider CRD to be installed.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 11:44:24 -05:00
Matt Moyer
557fd0df26
Define the WebhookIdentityProvider CRD.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 11:44:23 -05:00
Matt Moyer
9bb3d4ef28
Add .gitattributes as a hint to the GitHub diff viewer.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 11:44:23 -05:00
Ryan Richard
4ced58b5b7 Add help/usage units for CLI exchange-credential subcommand 2020-09-15 09:05:40 -07:00
Andrew Keesler
831df90c93
test/integration: add integration test for pinniped cli 2020-09-15 11:00:38 -04:00
Andrew Keesler
82ef9e4806
cmd/pinniped/cmd: fix some linting errors
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-15 11:00:00 -04:00
Andrew Keesler
879d847ffb
cmd/pinniped/cmd: add get-kubeconfig cli tests
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-15 10:04:25 -04:00
Ryan Richard
4379d2772c CLI get-kubeconfig command reads kubeconfig and CredentialIssuerConfig 2020-09-14 19:07:18 -07:00
Matt Moyer
21187bc28a
Merge pull request #103 from mattmoyer/add-controller-utils
Add new controller.SimpleFilter and controller.NoOpFilter utilities.
2020-09-14 13:59:32 -05:00
aram price
9bad0d52f7
Merge pull request #102 from mattmoyer/prefactor-test-helpers
Prefactor some test helpers prior to the IDP CRD PR.
2020-09-14 11:38:05 -07:00
Matt Moyer
92fabf43b3
Add new controller.SimpleFilter and controller.NoOpFilter utilities.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-14 13:25:16 -05:00
Matt Moyer
7d8c28a9dc
Extract testutil.TLSTestServer so it can be reused elsewhere.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-14 13:23:12 -05:00
Matt Moyer
bbef017989
Add a testlogger util package for testing go-logr.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-14 13:23:06 -05:00
Andrew Keesler
7515af639a
ADOPTERS.md: add initial draft
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-14 10:46:05 -04:00