ContainerImage.Pinniped

Author	SHA1	Message	Date
Andrew Keesler	b3cdc438ce	internal/concierge/impersonator: reuse kube bearertoken.Authenticator Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-18 10:13:24 -05:00
Andrew Keesler	eb19980110	internal/concierge/impersonator: set user extra impersonation headers Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-16 09:26:47 -05:00
Andrew Keesler	c7905c6638	internal/concierge/impersonator: fail if impersonation headers set If someone has already set impersonation headers in their request, then we should fail loudly so the client knows that its existing impersonation headers will not work. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-16 08:15:50 -05:00
Andrew Keesler	fdd8ef5835	internal/concierge/impersonator: handle custom login API group Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-16 07:55:09 -05:00
Andrew Keesler	6512ab1351	internal/concierge/impersonator: don't care about namespace Concierge APIs are no longer namespaced (see `f015ad5852`). Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-15 17:11:59 -05:00
Ryan Richard	5cd60fa5f9	Move starting/stopping impersonation proxy server to a new controller - Watch a configmap to read the configuration of the impersonation proxy and reconcile it. - Implements "auto" mode by querying the API for control plane nodes. - WIP: does not create a load balancer or proper TLS certificates yet. Those will come in future commits. Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-02-11 17:25:52 -08:00
Andrew Keesler	9b87906a30	Merge remote-tracking branch 'upstream/main' into impersonation-proxy Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-11 11:03:33 -05:00
Ryan Richard	268ca5b7f6	Add config structs in impersonator package Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-02-09 13:44:19 -08:00
Andrew Keesler	8697488126	internal/concierge/impersonator: use kubeconfig from kubeclient Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-09 15:28:56 -05:00
Andrew Keesler	812f5084a1	internal/concierge/impersonator: don't mutate ServeHTTP() req I added that test helper to create an http.Request since I wanted to properly initialize the http.Request's context. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-09 13:25:32 -05:00
Matt Moyer	64aff7b983	Only log user ID, not user name/groups. Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-02-03 09:31:30 -08:00
Margo Crawford	b6abb022f6	Add initial implementation of impersonation proxy. Signed-off-by: Margo Crawford <margaretc@vmware.com> Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-03 09:31:13 -08:00

1 2

62 Commits