djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,015 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

111 Commits

Author SHA1 Message Date
Matt Moyer 83f418e7f2
Upgrade k8s.io/klog/v2 to v2.9.0. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-28 12:53:37 -05:00
Matt Moyer 87c7e89b13
Upgrade github.com/ory/fosite to v0.40.2. 
This required a weird hack because some of the Fosite tests (or a transitive dependency of them) depends on a newer version of gRPC that's incompatible with the Kubernetes runtime version we use. It wasn't as simple as just replacing the gRPC module with an older version, because in the latest versions of gRPC, they split out the "examples" packages into their own module. This new module name doesn't exist at the old version.

Ultimately, the workaround was to make a fake "examples" module locally. This module can be empty because we never actually depend on that code (it's only used in transitive dependency tests).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-28 12:53:37 -05:00
dependabot[bot] f89f2281d8
Bump github.com/google/go-cmp from 0.5.5 to 0.5.6 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.5 to 0.5.6.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.5...v0.5.6)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-25 05:51:17 +00:00
Matt Moyer fd9d9b8c73
Stop generating zz_generated.openapi.go files. 
It turns out we no longer need these and can skip this bit of code generation.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 11:16:59 -05:00
Matt Moyer f0d5923091
Downgrade k8s.io/kube-openapi back to a previous version. 
9b07d72531...00de3ae54c

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:42:39 -05:00
Matt Moyer 85ebaa96d5
Upgrade k8s.io/kube-openapi dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:11:26 -05:00
Matt Moyer cf5bc9f1b4
Upgrade k8s.io/utils dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:07:41 -05:00
Matt Moyer 0d02ba6af3
Upgrade k8s.io/gengo dependency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:07:00 -05:00
Matt Moyer 74a569fa82
Upgrade golang.org/x/* module dependencies. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:06:29 -05:00
Matt Moyer 01c0514057
Upgrade github.com/pkg/browser. 
This some some kind of improvement on Windows.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 10:00:19 -05:00
Matt Moyer 0d42c1e9fe
Update to Kubernetes 1.21.1 runtime components. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-21 09:57:41 -05:00
dependabot[bot] f595e81dbb
Bump github.com/creack/pty from 1.1.11 to 1.1.12 
Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/creack/pty/releases)
- [Commits](https://github.com/creack/pty/compare/v1.1.11...v1.1.12)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-18 05:56:45 +00:00
Ryan Richard 6723ed9fd8 Add end-to-end integration test for CLI-based LDAP login 2021-05-11 13:55:46 -07:00
Ryan Richard c176d15aa7 Add Supervisor upstream LDAP login to the Pinniped CLI 
- Also enhance prepare-supervisor-on-kind.sh to allow setup of
  a working LDAP upstream IDP.
 2021-04-19 17:59:46 -07:00
Ryan Richard 8d75825635 Merge branch 'main' into initial_ldap 2021-04-14 17:47:26 -07:00
Matt Moyer 38f3ea3f2f
Upgrade to client-go and apimachinery from Kubernetes 1.21. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-09 13:00:49 -05:00
Andrew Keesler 4ab704b7de
ldap: add initial stub upstream LDAP connection package 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-04-09 11:38:53 -04:00
Matt Moyer bea75bb7ac
Upgrade to prereleased Kubernetes v1.20.5++ dependencies. 
These commits include security fixes (CVE-2021-3121) for code generated by github.com/gogo/protobuf.
We expect this fix to also land in v1.20.6, but we don't want to wait for it.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-31 12:53:41 -05:00
Ryan Richard c9b1982767 Merge branch 'main' into impersonation-proxy 2021-03-22 09:27:18 -07:00
Matt Moyer 1e7f2c7735
Upgrade Kubernetes runtime libraries to v0.20.5. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-22 09:33:29 -05:00
Andrew Keesler 28d00ce67b
Merge remote-tracking branch 'upstream/main' into impersonation-proxy 2021-03-18 20:13:49 -04:00
Monis Khan d162cb9adf
Move to github.com/form3tech-oss/jwt-go 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-18 16:56:04 -04:00
Ryan Richard a5384a6e38 Merge branch 'main' into impersonation-proxy 2021-03-15 13:06:36 -07:00
dependabot[bot] c2b0acf241
Bump k8s.io/klog/v2 from 2.6.0 to 2.8.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.6.0...v2.8.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-15 17:36:36 +00:00
Ryan Richard c12a23725d Fix lint errors from a previous commit 2021-03-11 16:21:40 -08:00
Matt Moyer 78fdc59d2d
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy 2021-03-11 14:56:11 -06:00
Ryan Richard d13bb07b3e Add integration test for using WhoAmIRequest through impersonator 2021-03-10 16:57:15 -08:00
Margo Crawford 24396b6af1 Use gorilla websocket library so squid proxy works 2021-03-10 16:03:52 -08:00
Ryan Richard 0b300cbe42 Use TokenCredentialRequest instead of base64 token with impersonator 
To make an impersonation request, first make a TokenCredentialRequest
to get a certificate. That cert will either be issued by the Kube
API server's CA or by a new CA specific to the impersonator. Either
way, you can then make a request to the impersonator and present
that client cert for auth and the impersonator will accept it and
make the impesonation call on your behalf.

The impersonator http handler now borrows some Kube library code
to handle request processing. This will allow us to more closely
mimic the behavior of a real API server, e.g. the client cert
auth will work exactly like the real API server.

Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-10 10:30:06 -08:00
Margo Crawford c853707889 Added integration test for using websockets via the impersonation proxy 
Tested that this test passed when using the kube api server directly,
so it's just the impersonation proxy that must be improved.
 2021-03-09 17:00:30 -08:00
dependabot[bot] b2be83ee45
Bump github.com/ory/fosite from 0.38.0 to 0.39.0 
Bumps [github.com/ory/fosite](https://github.com/ory/fosite) from 0.38.0 to 0.39.0.
- [Release notes](https://github.com/ory/fosite/releases)
- [Changelog](https://github.com/ory/fosite/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ory/fosite/compare/v0.38.0...v0.39.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-09 05:50:01 +00:00
dependabot[bot] 3833ba0430
Bump github.com/google/go-cmp from 0.5.4 to 0.5.5 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.4 to 0.5.5.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.4...v0.5.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-05 05:59:54 +00:00
dependabot[bot] 14b8def320
Bump k8s.io/klog/v2 from 2.5.0 to 2.6.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.5.0...v2.6.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-04 06:10:36 +00:00
dependabot[bot] da6d69d807
Bump github.com/golang/mock from 1.4.4 to 1.5.0 
Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.4.4 to 1.5.0.
- [Release notes](https://github.com/golang/mock/releases)
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang/mock/compare/v1.4.4...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-01 11:44:26 -06:00
dependabot[bot] 04ef7c5456
Bump github.com/ory/fosite from 0.36.0 to 0.38.0 
Bumps [github.com/ory/fosite](https://github.com/ory/fosite) from 0.36.0 to 0.38.0.
- [Release notes](https://github.com/ory/fosite/releases)
- [Changelog](https://github.com/ory/fosite/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ory/fosite/compare/v0.36.0...v0.38.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-01 11:44:26 -06:00
dependabot[bot] f05c3092b5
Bump github.com/go-openapi/spec from 0.19.9 to 0.20.3 
Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.19.9 to 0.20.3.
- [Release notes](https://github.com/go-openapi/spec/releases)
- [Commits](https://github.com/go-openapi/spec/compare/v0.19.9...v0.20.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-01 11:44:26 -06:00
Matt Moyer a31c24e5a0
Bump a bunch of minor dependencies. 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.6.1...v1.7.0)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Commits](https://github.com/go-logr/logr/compare/v0.3.0...v0.4.0)

Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.4.0...v2.5.0)

Bumps [github.com/go-logr/stdr](https://github.com/go-logr/stdr) from 0.2.0 to 0.4.0.
- [Release notes](https://github.com/go-logr/stdr/releases)
- [Commits](https://github.com/go-logr/stdr/compare/v0.2.0...v0.4.0)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3)

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-24 17:37:29 -06:00
Monis Khan 7786c83b0d
Bump kube deps to v0.20.4 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 10:26:53 -05:00
Matt Moyer 93d4581721
Workaround a bad module version to fix Dependabot. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 17:05:33 -06:00
Matt Moyer 6565265bee
Use new 'go.pinniped.dev/generated/latest' package. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 13:00:08 -06:00
Matt Moyer b42a34d822
Add generated client code for 'latest'. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 12:34:33 -06:00
Monis Khan efe1fa89fe Allow multiple Pinnipeds to work on same cluster 
Yes, this is a huge commit.

The middleware allows you to customize the API groups of all of the
*.pinniped.dev API groups.

Some notes about other small things in this commit:
- We removed the internal/client package in favor of pkg/conciergeclient. The
  two packages do basically the same thing. I don't think we use the former
  anymore.
- We re-enabled cluster-scoped owner assertions in the integration tests.
  This code was added in internal/ownerref. See a0546942 for when this
  assertion was removed.
- Note: the middlware code is in charge of restoring the GV of a request object,
  so we should never need to write mutations that do that.
- We updated the supervisor secret generation to no longer manually set an owner
  reference to the deployment since the middleware code now does this. I think we
  still need some way to make an initial event for the secret generator
  controller, which involves knowing the namespace and the name of the generated
  secret, so I still wired the deployment through. We could use a namespace/name
  tuple here, but I was lazy.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2021-02-02 15:18:41 -08:00
Matt Moyer 8358c26107
Upgrade github.com/oleiade/reflections to v1.0.1. 
This project overwrote the v1.0.0 tag with a different commit ID, which has caused issues with the Go module sum DB (which accurately detected the issue).

This has been one of the reasons why Dependabot is not updating our Go dependencies.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-01-27 13:49:30 -06:00
Matt Moyer 04c4cd9534
Upgrade to github.com/coreos/go-oidc v3.0.0. 
See https://github.com/coreos/go-oidc/releases/tag/v3.0.0 for release notes.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-01-21 12:08:14 -06:00
Margo Crawford 326f10bbbf Resolving code review suggestions: 
- set provideClusterInfo to true
- kubernetes library versions to 0.20.1
- version timestamps back to v0.0.0-00010101000000-000000000000
 2021-01-08 10:21:59 -08:00
Margo Crawford 5611212ea9 Changing references from 1.19 to 1.20 2021-01-07 15:25:47 -08:00
Matt Moyer c7931bc6d5
Remove our main module dependency on golangci-lint. 
We will still pin this in CI via an image dependency.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-17 17:01:32 -06:00
Matt Moyer 421c17c421
Update all modules. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-17 16:31:08 -06:00
Matt Moyer dfbb5b60de
Remove `pinniped get-kubeconfig` CLI subcommand. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-12-15 12:28:03 -06:00
Ryan Richard f38c150f6a Finished tests for pkce storage and added it to kubestorage 
- Also fixed some lint errors with v1.33.0 of the linter

Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2020-12-01 14:53:22 -08:00