ContainerImage.Pinniped

Author	SHA1	Message	Date
Monis Khan	aa22047a0f	Generated Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-22 20:02:42 -05:00
Monis Khan	abc941097c	Add WhoAmIRequest Aggregated Virtual REST API This change adds a new virtual aggregated API that can be used by any user to echo back who they are currently authenticated as. This has general utility to end users and can be used in tests to validate if authentication was successful. Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-22 20:02:41 -05:00
Monis Khan	62630d6449	getAggregatedAPIServerScheme: move group version logic internally Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-19 11:10:54 -05:00
Mo Khan	f228f022f5	Merge pull request #435 from enj/enj/c/bump_v0.20.4 Bump Kube deps to v0.20.4	2021-02-19 10:59:40 -05:00
Monis Khan	1c1decfaf1	Generated Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-19 10:33:10 -05:00
Monis Khan	7786c83b0d	Bump kube deps to v0.20.4 Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-19 10:26:53 -05:00
Mo Khan	41b75e6977	Merge pull request #431 from enj/enj-patch-1 concierge API service: update groupPriorityMinimum and versionPriority	2021-02-19 08:48:06 -05:00
Mo Khan	a54e1145a5	concierge API service: update groupPriorityMinimum and versionPriority Copy over values that I have seen used in the past. Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-19 07:47:38 -05:00
Matt Moyer	2b208807a6	Merge pull request #426 from mattmoyer/website-accessibility-tweaks Tweak website styles for accessibility.	2021-02-17 17:28:03 -06:00
Matt Moyer	25f841d063	Tweak website styles for accessibility. Makes most of the fonts a bit bigger, increases contrast, fixes some nits about the spacing in numbered/bulletted lists, and adds some image alt texts. Overall this improves our Lighthouse accessibility score from 71 to 95 and I think it's subjectively more readable. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-17 17:19:58 -06:00
Matt Moyer	93d4581721	Workaround a bad module version to fix Dependabot. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-16 17:05:33 -06:00
Matt Moyer	0a7c5b0604	Merge pull request #403 from mattmoyer/add-latest-generated-package Add "go.pinniped.dev/generated/latest" package that is not a nested module.	2021-02-16 15:30:48 -06:00
Matt Moyer	acbeb93f79	Don't lint generated code. This wasn't needed before because the other code wasn't in the main module and golangci-lint won't cross a module boundary. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-16 13:18:18 -06:00
Matt Moyer	6565265bee	Use new 'go.pinniped.dev/generated/latest' package. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-16 13:00:08 -06:00
Matt Moyer	b42a34d822	Add generated client code for 'latest'. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-16 12:34:33 -06:00
Matt Moyer	3ce3403b95	Update ./hack/update.sh to add a "latest" package. This is just a copy of the newest Kubernetes version, but as a plain package and not a submodule. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-16 12:28:29 -06:00
Andrew Keesler	fac571b51a	Merge pull request #410 from ankeesler/update-copyright generated: include 2021 in copyright	2021-02-11 12:26:31 -05:00
Andrew Keesler	c8b1f00107	generated: include 2021 in copyright Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-11 10:52:01 -05:00
Mo Khan	f015ad5852	Merge pull request #405 from enj/enj/i/cluster_scope_concierge Cluster scope all concierge APIs	2021-02-11 08:50:42 -05:00
Monis Khan	b04fd46319	Update federation domain logic to use status subresource Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:10 -05:00
Monis Khan	4c304e4224	Assert all APIs have a status subresource Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:10 -05:00
Monis Khan	0a9f446893	Update credential issuer logic to use status subresource Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:10 -05:00
Monis Khan	96cec59236	Generated Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:09 -05:00
Monis Khan	4faf724c2c	Make credential issuer status optional Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:09 -05:00
Monis Khan	de88ae2f61	Fix status related RBAC Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:09 -05:00
Monis Khan	dd3d1c8b1b	Generated Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:09 -05:00
Monis Khan	2e9baf9fa6	Correctly generate status subresource for all CRDs Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:08 -05:00
Monis Khan	ac01186499	Use API service as owner ref for cluster scoped resources Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:08 -05:00
Monis Khan	2eb01bd307	authncache: remove namespace concept Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:08 -05:00
Monis Khan	741b8fe88d	Generated Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:08 -05:00
Monis Khan	d25c6d9d0a	Make kubebuilder CRDs cluster scoped Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:08 -05:00
Monis Khan	89b00e3702	Declare war on namespaces Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:07 -05:00
Monis Khan	d2480e6300	Generated Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:07 -05:00
Monis Khan	4205e3dedc	Make concierge APIs cluster scoped Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-10 21:52:07 -05:00
Matt Moyer	ee80920ffd	Merge pull request #409 from mattmoyer/upgrade-debian Upgrade Debian base images from 10.7 to 10.8.	2021-02-10 16:57:09 -06:00
Matt Moyer	45f4a0528c	Upgrade Debian base images from 10.7 to 10.8. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-10 15:57:16 -06:00
Andrew Keesler	d0266cecdb	Merge pull request #390 from ankeesler/use-more-middleware Use middleware to mutate TokenCredentialRequest.Spec.Authenticator.APIGroup	2021-02-10 16:38:54 -05:00
Andrew Keesler	0fc1f17866	internal/groupsuffix: mutate TokenCredentialRequest's Authenticator This is a partial revert of `288d9c999e`. For some reason it didn't occur to me that we could do it this way earlier. Whoops. This also contains a middleware update: mutation funcs can return an error now and short-circuit the rest of the request/response flow. The idea here is that if someone is configuring their kubeclient to use middleware, they are agreeing to a narrow-er client contract by doing so (e.g., their TokenCredentialRequest's must have an Spec.Authenticator.APIGroup set). I also updated some internal/groupsuffix tests to be more realistic. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-10 15:53:44 -05:00
Andrew Keesler	ae6503e972	internal/plog: add KObj() and KRef() Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-10 14:25:39 -05:00
Mo Khan	44b7679e9f	Merge pull request #407 from ankeesler/test-flake test/integration: make TestKubeCertAgent more stable	2021-02-10 14:24:44 -05:00
Andrew Keesler	12d5b8959d	test/integration: make TestKubeCertAgent more stable I think the reason we were seeing flakes here is because the kube cert agent pods had not reached a steady state even though our test assertions passed, so the test would proceed immediately and run more assertions on top of a weird state of the kube cert agent pods. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-10 12:08:34 -05:00
Andrew Keesler	5b076e7421	Merge pull request #404 from ankeesler/remove-deprecated-commands cmd/pinniped: delete get-kubeconfig + exchange-token	2021-02-10 08:33:00 -05:00
Andrew Keesler	1ffe70bbea	cmd/pinniped: delete get-kubeconfig + exchange-token These were deprecated in v0.3.0. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-09 17:01:57 -05:00
Mo Khan	cf735715f6	Merge pull request #394 from enj/enj/i/server_side_tcr_api_group Use server scheme to handle credential request API group changes	2021-02-09 16:36:13 -05:00
Monis Khan	2679d27ced	Use server scheme to handle credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-09 15:51:38 -05:00
Monis Khan	6b71b8d8ad	Revert server side token credential request API group changes Signed-off-by: Monis Khan <mok@vmware.com>	2021-02-09 15:51:35 -05:00
Andrew Keesler	43da4ab2e0	SECURITY.md: follow established pattern Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2021-02-09 09:08:19 -05:00
Matt Moyer	e4d8af6701	Merge pull request #399 from mattmoyer/upgrade-go Upgrade Go from 1.15.7 to 1.15.8.	2021-02-08 18:17:17 -06:00
Matt Moyer	d06c935c2c	Upgrade Go from 1.15.7 to 1.15.8. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-02-08 10:58:51 -06:00
Mo Khan	9399b5d800	Merge pull request #395 from enj/enj/i/remove_multierror Remove multierror package and migrate callers to k8s.io/apimachinery/pkg/util/errors.NewAggregate	2021-02-05 15:14:25 -05:00

1 2 3 4 5 ...

1365 Commits