Ryan Richard
a084544f08
Add hasExternalLoadBalancerProvider to AKS/EKS capabilities files
2021-03-26 08:03:51 -07:00
Mo Khan
c2588cf035
Merge pull request #528 from enj/enj/i/impersonation-proxy-authz-user-extra
...
impersonation proxy: add RBAC to impersonate user extra and SAs
2021-03-26 00:37:24 -04:00
Monis Khan
2179c2879a
impersonation proxy: add RBAC to impersonate user extra and SAs
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-25 22:21:57 -04:00
Margo Crawford
b6e217e13a
Hardcode type "webhook" in concierge_impersonation_proxy_test.go
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-25 17:19:47 -07:00
Margo Crawford
6f2882b831
Explicitly set the correct authenticator for impersonator test
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-25 16:57:37 -07:00
Margo Crawford
cd6e48bfa8
Use a random password for the dex integration test user
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2021-03-25 15:12:17 -07:00
Margo Crawford
c0361645e2
Merge pull request #355 from vmware-tanzu/impersonation-proxy
...
Impersonation proxy
2021-03-25 13:19:18 -07:00
Margo Crawford
6bf8bfe9a8
Merge remote-tracking branch 'origin/main' into impersonation-proxy
2021-03-24 17:22:40 -07:00
Matt Moyer
ea130ea781
Merge pull request #525 from vmware-tanzu/microwavables-patch-1
...
Added kubeapps and vmware tanzu logos
2021-03-24 16:28:36 -07:00
Nanci Lancaster
03619fc878
Added kubeapps and vmware tanzu logos
...
these logos will be used for the adopters.md file
2021-03-24 18:03:57 -05:00
Matt Moyer
454348b2fd
Merge pull request #524 from mattmoyer/allow-prebuilt-cli-binaries-for-testing
...
Allow running CLI-related integration tests with pre-built binary.
2021-03-23 16:19:50 -07:00
Matt Moyer
cda8bd6e26
Allow running CLI-related integration tests with pre-built binary.
...
This allows setting `$PINNIPED_TEST_CLI` to point at an existing `pinniped` CLI binary instead of having the test build one on-the-fly. This is more efficient when you're running the tests across many clusters as we do in CI.
Building the CLI from scratch in our CI environment takes 1.5-2 minutes, so this change should save nearly that much time on every test job.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 17:19:09 -05:00
Matt Moyer
c0d32f10b2
Add some test debug logging when running the CLI.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 12:07:34 -05:00
Matt Moyer
ce5b05f912
Add some debug logging to measure how long the CLI build takes.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 12:06:35 -05:00
Matt Moyer
176fb6a139
Authenticators are no longer namespaced, so clean up these test logs.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 10:33:05 -05:00
Matt Moyer
9501168265
Simplify TestCLIGetKubeconfigStaticToken now that there's only a single table case.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-23 10:26:04 -05:00
Matt Moyer
2e79664f3d
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy
2021-03-23 09:05:13 -05:00
Andrew Keesler
e70788204b
Merge pull request #516 from ankeesler/cli-docs
...
Add CLI command for generating docs
2021-03-23 09:58:47 -04:00
Andrew Keesler
f6646eb2b7
cmd/pinniped: add generate-markdown-help for generating CLI doc
...
This command is hidden. We want to use this to generate our CLI reference docs
upon release.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-23 09:35:58 -04:00
Ryan Richard
75cfda0ffe
prepare-for-integration-tests.sh: Check Chrome and chromedriver versions
...
They usually need to match, or at least be close, so added some
code to help us remember to do that.
2021-03-22 16:54:22 -07:00
Andrew Keesler
bde54ef643
Merge remote-tracking branch 'main' into impersonation-proxy
2021-03-22 17:00:40 -04:00
Margo Crawford
d90398815b
Nothing in parallel in the impersonation proxy integration test
2021-03-22 10:48:09 -07:00
Margo Crawford
7683a98792
Unparallelize run all the verbs and port-forward tests
2021-03-22 09:45:51 -07:00
Margo Crawford
d7e9568137
Unparallelize a couple
2021-03-22 09:43:40 -07:00
Ryan Richard
904086cbec
fix a typo in some comments
2021-03-22 09:34:58 -07:00
Ryan Richard
c9b1982767
Merge branch 'main' into impersonation-proxy
2021-03-22 09:27:18 -07:00
Matt Moyer
f69d095a69
Merge pull request #515 from mattmoyer/bump-kube-deps-1.20.5
...
Upgrade Kubernetes runtime libraries to v1.20.5.
2021-03-22 08:30:53 -07:00
Matt Moyer
1e7f2c7735
Upgrade Kubernetes runtime libraries to v0.20.5.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-03-22 09:33:29 -05:00
Andrew Keesler
9af75d23fb
Merge pull request #514 from enj/enj/i/whoami_ctx
...
pinniped whoami: print correct cluster info when --kubeconfig-context is used
2021-03-22 09:22:45 -04:00
Margo Crawford
d0df2009ac
Merge pull request #498 from vmware-tanzu/impersonation-proxy-docs
...
Impersonation proxy docs
2021-03-19 16:13:58 -07:00
Monis Khan
964d4889c4
pinniped whoami: print correct cluster info when --kubeconfig-context is used
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-19 18:42:40 -04:00
Margo Crawford
a537287601
Regenerate cli.md based on output of help message
2021-03-19 14:34:35 -07:00
Margo Crawford
fdfc854f8c
Incorporating suggestions:
...
- a credential that is understood by -> a credential that can be used to
authenticate to
- This is more neutral to whether its going directly to k8s
or through the impersonation proxy
2021-03-19 14:06:20 -07:00
Margo Crawford
331fef8fae
Tweaked some wording, updated the cli page
2021-03-19 14:06:20 -07:00
Margo Crawford
4470d3d2d1
Fix broken links to architecture page
2021-03-19 14:06:20 -07:00
Margo Crawford
698bffc2ad
Naming changes
2021-03-19 14:06:20 -07:00
Margo Crawford
6ff3e42602
Add description of impersonation proxy strategy to docs
2021-03-19 14:06:20 -07:00
Ryan Richard
3e50b4e129
Add -sS to the curl command in concierge_impersonation_proxy_test.go
2021-03-19 13:23:28 -07:00
Ryan Richard
d856221f56
Edit some comments in concierge_impersonation_proxy_test.go
2021-03-19 13:19:17 -07:00
Monis Khan
f519f0cb09
impersonator: disallow clients from setting the X-Forwarded-For header
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-19 15:35:06 -04:00
Monis Khan
c03fe2d1fe
Use http2 for all non-upgrade requests
...
Instead of using the LongRunningFunc to determine if we can safely
use http2, follow the same logic as the aggregation proxy and only
use http2 when the request is not an upgrade.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-03-19 13:45:58 -04:00
Andrew Keesler
2749044625
test/integration: unparallelize impersonation kubectl test
...
Maybe this will cut down on flakes we see in CI?
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-19 13:31:28 -04:00
Andrew Keesler
f73c70d8f9
test/integration: use Ryan's 20x rule to harden simple access tests
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-19 13:18:10 -04:00
Andrew Keesler
ebd5e45fa6
test/integration: wait for convergence at end of impersonation test
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-19 12:54:37 -04:00
Andrew Keesler
6154883855
test/integration: add temporary debug 'kubectl attach' logging
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-19 10:42:11 -04:00
Andrew Keesler
ebe01a5aef
test/integration: catch early 'kubectl attach' return
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-19 09:59:24 -04:00
Andrew Keesler
28d00ce67b
Merge remote-tracking branch 'upstream/main' into impersonation-proxy
2021-03-18 20:13:49 -04:00
Mo Khan
50e4531215
Merge pull request #505 from enj/enj/i/jwt-go_cve
...
Move to github.com/form3tech-oss/jwt-go
2021-03-18 19:34:19 -04:00
Andrew Keesler
1a9922d050
test/integration: poll more quickly in f2a48aee
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-18 17:53:14 -04:00
Andrew Keesler
f2a48aee2b
test/integration: increase timeout to a minute to see if it helps
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-03-18 17:48:00 -04:00