djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,956 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

1956 Commits

Author SHA1 Message Date
Ryan Richard 6887d0aca2 Repeat the method and url in the log line for the userinfo username 2021-03-15 17:12:03 -07:00
Margo Crawford 64e0dbb481 Sleep for 1 minute 10 seconds instead of a minute in timeout test 2021-03-15 16:33:47 -07:00
Ryan Richard e47543233c Merge branch 'main' into impersonation-proxy 2021-03-15 16:28:25 -07:00
Ryan Richard 2460568be3 Add some debug logging 2021-03-15 16:26:51 -07:00
Ryan Richard 1b31489347 Add prepare-impersonator-on-kind.sh for manually starting impersonator 
It takes a lot of manual steps to get ready to manually test the
impersonation proxy on a kind cluster, which makes it error prone,
so encapsulate them into a script to make it easier.
 2021-03-15 16:26:51 -07:00
Ryan Richard ab6452ace7 Remove linting from pre-commit because it is slow and messes up GoLand 
It seems to confusing committing in the GoLand IDE.
 2021-03-15 16:25:45 -07:00
Matt Moyer c46aa1c29d
Merge pull request #490 from vmware-tanzu/dependabot/docker/golang-1.16.2 
Bump golang from 1.16.1 to 1.16.2
 2021-03-15 15:08:03 -07:00
Margo Crawford 939ea30030 Make all tests but disable test parallelized 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-15 14:34:41 -07:00
Andrew Keesler efd973fa17 Test waiting for a minute and keeping connection open 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-03-15 14:34:41 -07:00
Monis Khan 4f671f5dca
dynamiccert: unit test with DynamicServingCertificateController 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-15 17:23:37 -04:00
Ryan Richard a5384a6e38 Merge branch 'main' into impersonation-proxy 2021-03-15 13:06:36 -07:00
dependabot[bot] e64f2fe7fb
Bump golang from 1.16.1 to 1.16.2 
Bumps golang from 1.16.1 to 1.16.2.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-15 19:55:44 +00:00
Matt Moyer 035362f4d3
Merge pull request #494 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.8.0 
Bump k8s.io/klog/v2 from 2.6.0 to 2.8.0
 2021-03-15 12:54:46 -07:00
Ryan Richard 8065a8d2e6 TestKubeCertAgent waits for CredentialIssuer strategy to be successful 
At the end of the test, wait for the KubeClusterSigningCertificate
strategy on the CredentialIssuer to go back to being healthy, to avoid
polluting other integration tests which follow this one.
 2021-03-15 11:43:12 -07:00
Ryan Richard e22ad6171a Fix a race detector warning by re-declaring `err` in a t.Cleanup() 2021-03-15 11:43:12 -07:00
dependabot[bot] c2b0acf241
Bump k8s.io/klog/v2 from 2.6.0 to 2.8.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.6.0...v2.8.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-15 17:36:36 +00:00
Monis Khan 00694c9cb6
dynamiccert: split into serving cert and CA providers 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-15 12:24:07 -04:00
Matt Moyer dc96f398da
Merge pull request #497 from mattmoyer/ignore-local-user-authenticator-coverage 
Ignore test coverage for local-user-authenticator.
 2021-03-15 08:46:28 -07:00
Matt Moyer 755a87cdbb
Ignore test coverage for local-user-authenticator. 
This should ignore coverage changes in this test-only component, using the syntax described here: https://docs.codecov.io/docs/ignoring-paths.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-15 10:43:17 -05:00
Matt Moyer c538a4e8e8
Merge pull request #495 from mattmoyer/add-golangci-lint-to-pre-commit-hooks 
Add golangci-lint to .pre-commit-config.yaml.
 2021-03-15 08:23:09 -07:00
Matt Moyer 41949d8e07
Add golangci-lint to .pre-commit-config.yaml. 
This is the configuration for https://pre-commit.com/, which now also runs golangci-lint using the same version as CI (currently v1.33.0).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-15 10:20:59 -05:00
Monis Khan 4c162be8bf
impersonator: add comment about long running func 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-15 09:43:06 -04:00
Monis Khan b530cef3b1
impersonator: encode proper API status on failure 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-13 20:25:23 -05:00
Ryan Richard c82f568b2c certauthority.go: Refactor issuing client versus server certs 
We were previously issuing both client certs and server certs with
both extended key usages included. Split the Issue*() methods into
separate methods for issuing server certs versus client certs so
they can have different extended key usages tailored for each use
case.

Also took the opportunity to clean up the parameters of the Issue*()
methods and New() methods to more closely match how we prefer to call
them. We were always only passing the common name part of the
pkix.Name to New(), so now the New() method just takes the common name
as a string. When making a server cert, we don't need to set the
deprecated common name field, so remove that param. When making a client
cert, we're always making it in the format expected by the Kube API
server, so just accept the username and group as parameters directly.
 2021-03-12 16:09:37 -08:00
Monis Khan 5e4746e96b
impersonator: match kube API server long running func 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-12 16:36:37 -05:00
Matt Moyer 077aa8a42e
Fix a copy-paste typo in the ImpersonationProxyInfo JSON field name. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-12 13:24:05 -06:00
Margo Crawford d509e7012e Add eventually loop to port-forward test 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-12 10:44:11 -08:00
Monis Khan 8c0bafd5be
impersonator: prep work for future SA token support 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-12 10:47:07 -05:00
Monis Khan 12b13b1ea5
impersonator: wire in genericapiserver.Config 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-12 10:47:07 -05:00
Andrew Keesler 5b1dc0abdf
test/integration: add some more debugging to kubectl impersonation test 
I think this is nondeterministic...

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-12 10:45:36 -05:00
Andrew Keesler 253e0f8e9a
test/integration: TestImpersonationProxy/websocket_client passes on my machine now 
I'm kinda surprised this is working with our current implementation of the
impersonator, but regardless this seems like a step forward.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-12 09:54:59 -05:00
Ryan Richard 87f2899047 impersonator_test.go: small refactor of previous commit 2021-03-11 17:24:52 -08:00
Ryan Richard 6ddf4c04e6 impersonator_test.go: Test failed and anonymous auth 2021-03-11 17:11:38 -08:00
Ryan Richard 1d68841c78 impersonator_test.go: Test one more thing and small refactors 2021-03-11 16:44:08 -08:00
Ryan Richard f77c92560f Rewrite impersonator_test.go, add missing argument to IssuePEM() 
The impersonator_test.go unit test now starts the impersonation
server and makes real HTTP requests against it using client-go.
It is backed by a fake Kube API server.

The CA IssuePEM() method was missing the argument to allow a slice
of IP addresses to be passed in.
 2021-03-11 16:27:16 -08:00
Ryan Richard c12a23725d Fix lint errors from a previous commit 2021-03-11 16:21:40 -08:00
Matt Moyer d5beba354b
Merge pull request #487 from vmware-tanzu/dependabot/docker/golang-1.16.1 
Bump golang from 1.16.0 to 1.16.1
 2021-03-11 16:12:07 -08:00
Andrew Keesler 71712b2d00 Add test for http2 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-03-11 15:49:49 -08:00
dependabot[bot] ad3f04a982
Bump golang from 1.16.0 to 1.16.1 
Bumps golang from 1.16.0 to 1.16.1.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-11 22:25:17 +00:00
Matt Moyer a52455504f
Capitalize "Concierge" in these error messages as well, for consistency. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-11 16:24:20 -06:00
Matt Moyer 4f154100ff
Remove "--concierge-mode" flag from "pinniped login [...]" commands. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-11 16:24:20 -06:00
Matt Moyer d2d9b1e49e
Stop outputting "--concierge-mode" from "pinniped get kubeconfig". 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-11 16:13:29 -06:00
Matt Moyer c9ce067a0e
Captialize "API" in this error message. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-11 16:11:46 -06:00
Pablo Schuhmacher 1af25552a0
Update ROADMAP.md 2021-03-11 13:58:34 -08:00
Matt Moyer a64786a728
Fix TestCLIGetKubeconfigStaticToken for new CLI log output. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-11 15:48:04 -06:00
Monis Khan 2d28d1da19
Implement all optional methods in dynamic certs provider 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-11 16:24:08 -05:00
Matt Moyer 78fdc59d2d
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy 2021-03-11 14:56:11 -06:00
Ryan Richard 29d7f406f7 Test double impersonation as the cluster admin 2021-03-11 12:53:27 -08:00
Matt Moyer 3449b896d6
Merge pull request #488 from mattmoyer/add-retries-for-supervisor-discovery-tests 
Add retries to TestSupervisorTLSTerminationWithSNI and TestSupervisorOIDCDiscovery.
 2021-03-11 12:22:22 -08:00
Margo Crawford 22ca2da1ff
test/integration: add "kubectl attach" test to TestImpersonationProxy 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-11 15:10:16 -05:00