ContainerImage.Pinniped

Author	SHA1	Message	Date
Matt Moyer	36bc679142	Add diagnostic logging to "pinniped get kubeconfig". These stderr logs should help clarify all the autodetection logic that's happening in a particular run. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-05 15:52:17 -06:00
Matt Moyer	c4f6fd5b3c	Add a bit nicer assertion helper in testutil/testlogger. This makes output that's easier to copy-paste into the test. We could also make it ignore the order of key/value pairs in the future. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-05 15:49:45 -06:00
Matt Moyer	52f58477b8	Wait for the ELB to become available _before_ starting the kubectl command. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-05 09:32:49 -06:00
Matt Moyer	d848499176	Close this HTTP response body in TestE2EFullIntegration. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-05 08:45:25 -06:00
Matt Moyer	c3b7d21037	Be less picky about what error code is returned here. The thing we're waiting for is mostly that DNS is resolving, the ELB is listening, and connections are making it to the proxy. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-05 08:40:29 -06:00
Matt Moyer	832bc2726e	Merge pull request #477 from vmware-tanzu/dependabot/go_modules/github.com/google/go-cmp-0.5.5 Bump github.com/google/go-cmp from 0.5.4 to 0.5.5	2021-03-05 08:20:51 -06:00
dependabot[bot]	3833ba0430	Bump github.com/google/go-cmp from 0.5.4 to 0.5.5 Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.4 to 0.5.5. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.4...v0.5.5) Signed-off-by: dependabot[bot] <support@github.com>	2021-03-05 05:59:54 +00:00
Ryan Richard	ec133b9743	Resolve some new linter errors	2021-03-04 17:44:01 -08:00
Ryan Richard	d8c6894cbc	All controller unit tests should not cancel context until test is over All controller unit tests were accidentally using a timeout context for the informers, instead of a cancel context which stays alive until each test is completely finished. There is no reason to risk unpredictable behavior of a timeout being reached during an individual test, even though with the previous 3 second timeout it could only be reached on a machine which is running orders of magnitude slower than usual, since each test usually runs in about 100-300 ms. Unfortunately, sometimes our CI workers might get that slow. This sparked a review of other usages of timeout contexts in other tests, and all of them were increased to a minimum value of 1 minute, under the rule of thumb that our tests will be more reliable on slow machines if they "pass fast and fail slow".	2021-03-04 17:26:01 -08:00
Ryan Richard	b102aa8991	In unit test, wait for obj from informer instead of resource version In impersonator_config_test.go, instead of waiting for the resource version to appear in the informers, wait for the actual object to appear. This is an attempt to resolve flaky failures that only happen in CI, but it also cleans up the test a bit by avoiding inventing fake resource version numbers all over the test. Signed-off-by: Monis Khan <mok@vmware.com>	2021-03-04 17:26:01 -08:00
Ryan Richard	9eb97e2683	Use Eventually when making tls connections and avoid resource version 0 - Use `Eventually` when making tls connections because the production code's handling of starting and stopping the TLS server port has some async behavior. - Don't use resource version "0" because that has special meaning in the informer libraries.	2021-03-04 17:26:01 -08:00
Matt Moyer	fea626b654	Remove this proxy-related test code that we ended up not needing. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 17:19:59 -06:00
Matt Moyer	16163b989b	Use regular http.Client in this test. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 17:18:24 -06:00
Matt Moyer	165fce67af	Use the unversioned REST client for this check. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 16:23:39 -06:00
Matt Moyer	6a8f377781	Fix a linter warning. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 16:16:03 -06:00
Matt Moyer	d24cf4b8a7	Go back to testing entirely through the proxy, but add a retry loop during the first connection. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 16:05:56 -06:00
Matt Moyer	34e15f03c3	Simplify const declarations in flag_types.go. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 15:21:50 -06:00
Matt Moyer	274e6281a8	Whoops, missed these fixes in test/library/env.go. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 15:21:49 -06:00
Matt Moyer	7146cb3880	Remove old debug-make-impersonation-token command. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 15:02:42 -06:00
Matt Moyer	9dfbe60253	Do the kubeconfig proxy environment injection, but actually render back out the YAML. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 14:41:20 -06:00
Matt Moyer	1734280a19	Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy	2021-03-04 12:38:00 -06:00
Matt Moyer	9a0f75980d	Set a special proxy environment just for the "pinniped login oidc" command in the E2E test. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 12:35:29 -06:00
Matt Moyer	ddd1d29e5d	Fix "pinniped get kubeconfig" strategy detection to pick the _first_ working strategy. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 12:24:57 -06:00
Matt Moyer	03f09c6870	Allow TestE2EFullIntegration to run on clusters where only the impersonation proxy works (again). This time, don't use the Squid proxy if the cluster supports real external load balancers (as in EKS/GKE/AKS). Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-04 12:04:52 -06:00
Matt Moyer	f99c186c55	Merge pull request #475 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.6.0 Bump k8s.io/klog/v2 from 2.5.0 to 2.6.0	2021-03-04 10:04:08 -06:00
dependabot[bot]	14b8def320	Bump k8s.io/klog/v2 from 2.5.0 to 2.6.0 Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.5.0 to 2.6.0. - [Release notes](https://github.com/kubernetes/klog/releases) - [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes/klog/compare/v2.5.0...v2.6.0) Signed-off-by: dependabot[bot] <support@github.com>	2021-03-04 06:10:36 +00:00
Ryan Richard	5697adc36a	Revert "Allow TestE2EFullIntegration to run on clusters where only the impersonation proxy works." This reverts commit `7c9aff3278`.	2021-03-03 17:24:10 -08:00
Ryan Richard	9c1c760f56	Always clean up the ConfigMap at the end of the impersonator int test Signed-off-by: Margo Crawford <margaretc@vmware.com>	2021-03-03 16:23:07 -08:00
Ryan Richard	48f2ae9eb4	Fix a typo in concierge_impersonation_proxy_test.go	2021-03-03 15:18:01 -08:00
Matt Moyer	7c9aff3278	Allow TestE2EFullIntegration to run on clusters where only the impersonation proxy works. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-03 17:05:46 -06:00
Ryan Richard	58607c7e81	Update `TestCredentialIssuer` int test to ignore ImpersonationProxy type	2021-03-03 14:19:24 -08:00
Ryan Richard	1b3103c9b5	Remove a nolint comment to satisfy the version of the linter used in CI	2021-03-03 13:37:03 -08:00
Ryan Richard	666c0b0e18	Use CredentialIssuer for URL/CA discovery in impersonator int test	2021-03-03 12:53:41 -08:00
Ryan Richard	f0fc84c922	Add new allowed values to field validations on CredentialIssuer The new values are used by the impersonation proxy's status.	2021-03-03 12:53:41 -08:00
Ryan Richard	7b7901af36	Add `-timeout 0` when describing how to run integration tests Because otherwise `go test` will panic/crash your test if it takes longer than 10 minutes, which is an annoying way for an integration test to fail since it skips all of the t.Cleanup's.	2021-03-03 12:53:41 -08:00
Ryan Richard	57453773ea	CONTRIBUTING.md: remove mention of Tilt, since it isn't working well	2021-03-03 12:53:41 -08:00
Matt Moyer	f4fcb9bde6	Sort CredentialIssuer strategies in preferred order. This updates our issuerconfig.UpdateStrategy to sort strategies according to a weighted preference. The TokenCredentialRequest API strategy is preffered, followed by impersonation proxy, followed by any other unknown types. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2021-03-03 14:03:27 -06:00
Margo Crawford	0799a538dc	change FromString to Parse so TargetPort parses correctly	2021-03-03 11:12:37 -08:00
Mo Khan	4f700d4811	Merge pull request #473 from enj/enj/r/oidc_discovery_json oidc discovery: encode metadata once and reuse	2021-03-03 14:12:33 -05:00
Monis Khan	d7edc41c24	oidc discovery: encode metadata once and reuse Signed-off-by: Monis Khan <mok@vmware.com>	2021-03-03 13:37:43 -05:00
Ryan Richard	333a3ab4c2	impersonator_config_test.go: Add another unit test	2021-03-03 09:37:08 -08:00
Ryan Richard	730092f39c	impersonator_config.go: refactor to clean up cert name handling	2021-03-03 09:22:35 -08:00
Ryan Richard	d3599c541b	Fill in the `frontend` field of CredentialIssuer status for impersonator	2021-03-02 16:52:23 -08:00
Ryan Richard	454f35ccd6	Edit a comment on a type and run codegen	2021-03-02 16:52:23 -08:00
Margo Crawford	27daf0a2fe	Increase timeout for creating load balancer in impersonation proxy test	2021-03-02 15:49:30 -08:00
Ryan Richard	8bf03257f4	Add new impersonation-related constants to api types and run codegen	2021-03-02 15:28:13 -08:00
Ryan Richard	1ad2c38509	Impersonation controller updates CredentialIssuer on every call to Sync - This commit does not include the updates that we plan to make to the `status.strategies[].frontend` field of the CredentialIssuer. That will come in a future commit.	2021-03-02 15:28:13 -08:00
Ryan Richard	84cc42b2ca	Remove `tls` field from the impersonator config - Decided that we're not going to implement this now, although we may decide to add it in the future	2021-03-02 15:28:13 -08:00
Margo Crawford	4c68050706	Allow all headers besides impersonation-* through impersonation proxy	2021-03-02 15:01:13 -08:00
Matt Moyer	aa826a1579	Merge pull request #472 from mattmoyer/deflake-getpinnipedcategory-test Make TestGetPinnipedCategory and TestKubeClientOwnerRef tests more resilient.	2021-03-02 16:42:23 -06:00

... 3 4 5 6 7 ...

1715 Commits