djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,221 Commits 30 Branches 34 Tags 22 MiB
b8f56bd10b
Commit Graph

33 Commits

Author SHA1 Message Date
Margo Crawford
19d592566d
Merge branch 'main' into copyright-year 2021-01-06 09:03:13 -08:00
Margo Crawford
ea6ebd0226 Got pre-commit to check for correct copyright year 2021-01-05 15:53:14 -08:00
Andrew Keesler
53a185083c Hopefully triggering the precommit hook 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-01-05 14:15:46 -08:00
Andrew Keesler
40753d1454 Remove blockOwnerDeletion from the supervisor secrets 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-01-05 10:44:36 -08:00
Ryan Richard
116c8dd6c5 SupervisorSecretsController Syncs less often by adjusting its filters 
- Only watches Secrets of type
  "secrets.pinniped.dev/supervisor-csrf-signing-key"

Signed-off-by: Aram Price <pricear@vmware.com>
 2020-12-18 15:57:12 -08:00
Ryan Richard
23be766c8b Move const to file-of-use and replce dup string 
Signed-off-by: aram price <pricear@vmware.com>
 2020-12-18 15:14:51 -08:00
aram price
cff2dc1379 Reorder functions 2020-12-18 15:08:55 -08:00
Ryan Richard
fc250f98d0 Adjust func grouping 2020-12-18 14:58:39 -08:00
Aram Price
b3e428c9de Several more controllers Sync less often by adjusting their filters 
- JWKSWriterController
- JWKSObserverController
- FederationDomainSecretsController for HMAC keys
- FederationDomainSecretsController for state signature key
- FederationDomainSecretsController for state encryption key

Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-18 14:55:05 -08:00
aram price
187bd9060c All FederationDomain Secrets have distinct Types 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-17 17:07:38 -08:00
aram price
587cced768 Add extra type info where SecretType is used 2020-12-17 15:43:20 -08:00
Ryan Richard
50964c6677 Supervisor CSRF Secret has unique Type 
Signed-off-by: aram price <pricear@vmware.com>
 2020-12-17 15:30:26 -08:00
Aram Price
55483b726b More "op" and "opc" local variable renames 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-17 13:49:53 -08:00
Ryan Richard
b96d49df0f Rename all "op" and "opc" usages 
Signed-off-by: Aram Price <pricear@vmware.com>
 2020-12-17 11:34:49 -08:00
Andrew Keesler
04d54e622a
Only set single secret status field in FederationDomainSecretsController 
This implementation is janky because I wanted to make the smallest change
possible to try to get the code back to stable so we can release.

Also deep copy an object so we aren't mutating the cache.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-17 07:41:53 -05:00
Margo Crawford
196e43aa48 Rename off of main 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-12-16 14:27:09 -08:00
Andrew Keesler
35bb76ea82
Ensure labels are set correct on generated Supervisor secret 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-15 15:55:14 -05:00
Andrew Keesler
9d9040944a Secrets owned by Deployment have Controller: false 
- This is to prevent K8s internal Deployment controller from trying to
manage these objects

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-15 12:12:47 -08:00
Andrew Keesler
7320928235
Get rid of TODOs in code by punting on them 
We will do these later; they have been recorded in a work tracking record.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-15 09:58:46 -05:00
Andrew Keesler
82ae98d9d0
Set secret names on OIDCProvider status field 
We believe this API is more forwards compatible with future secrets management
use cases. The implementation is a cry for help, but I was trying to follow the
previously established pattern of encapsulating the secret generation
functionality to a single group of packages.

This commit makes a breaking change to the current OIDCProvider API, but that
OIDCProvider API was added after the latest release, so it is technically still
in development until we release, and therefore we can continue to thrash on it.

I also took this opportunity to make some things private that didn't need to be
public.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-15 09:13:01 -05:00
Andrew Keesler
60d4a7beac
Test more filters in SupervisorSecretsController (see 6e8d564013) 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-15 07:58:33 -05:00
aram price
e03e344dcd SecretHelper depends less on OIDCProvider 
This should allow the helper to be more generic so that it can be used
with the SupervisorSecretsController
 2020-12-14 19:35:45 -08:00
aram price
bf86bc3383 Rename for clarity 2020-12-14 18:36:56 -08:00
aram price
b799515f84 Pull symmetricsecrethelper package up to generator 
- rename symmetricsecrethelper.New => generator.NewSymmetricSecretHelper
 2020-12-14 17:41:02 -08:00
aram price
b1ee434ddf Rename in preparation for refactor 2020-12-14 16:44:27 -08:00
aram price
6e8d564013 Test filters in SupervisorSecretsController 2020-12-14 16:08:48 -08:00
Andrew Keesler
9c79adcb26 Rename and move some code to perpare for refactor 
Signed-off-by: aram price <pricear@vmware.com>
 2020-12-14 14:24:13 -08:00
Aram Price
5b7a86ecc1
Integration test for Supervisor secret controllers 
This forced us to add labels to the CSRF cookie secret, just as we do
for other Supervisor secrets. Yay tests.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-14 15:53:12 -05:00
Andrew Keesler
e3ea141bf3
Reuse helper filter in generic secret gen controller 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-14 10:37:27 -05:00
Andrew Keesler
b043dae149
Finish first implementation of generic secret generator controller 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-12-14 10:36:45 -05:00
aram price
3ca877f1df
WIP - preliminary OIDCProviderSecrets controller 
Tests not yet passing, controller is incomplete and expectations may be
incorrect.
 2020-12-13 17:37:49 -05:00
aram price
3e31668eb0
Refactor some utilitiy methods for sharing. 2020-12-13 17:37:48 -05:00
aram price
9e2213cbae
Rename for clarity 
- makes space for OIDCPrivder related controller
 2020-12-13 17:37:48 -05:00