djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,413 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

1413 Commits

Author SHA1 Message Date
Monis Khan 62630d6449
getAggregatedAPIServerScheme: move group version logic internally 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 11:10:54 -05:00
Mo Khan f228f022f5
Merge pull request #435 from enj/enj/c/bump_v0.20.4 
Bump Kube deps to v0.20.4
 2021-02-19 10:59:40 -05:00
Monis Khan 1c1decfaf1
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 10:33:10 -05:00
Monis Khan 7786c83b0d
Bump kube deps to v0.20.4 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 10:26:53 -05:00
Mo Khan 41b75e6977
Merge pull request #431 from enj/enj-patch-1 
concierge API service: update groupPriorityMinimum and versionPriority
 2021-02-19 08:48:06 -05:00
Mo Khan a54e1145a5
concierge API service: update groupPriorityMinimum and versionPriority 
Copy over values that I have seen used in the past.
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-19 07:47:38 -05:00
Matt Moyer 2b208807a6
Merge pull request #426 from mattmoyer/website-accessibility-tweaks 
Tweak website styles for accessibility.
 2021-02-17 17:28:03 -06:00
Matt Moyer 25f841d063
Tweak website styles for accessibility. 
Makes most of the fonts a bit bigger, increases contrast, fixes some nits about the spacing in numbered/bulletted lists, and adds some image alt texts.

Overall this improves our Lighthouse accessibility score from 71 to 95 and I think it's subjectively more readable.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-17 17:19:58 -06:00
Matt Moyer 93d4581721
Workaround a bad module version to fix Dependabot. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 17:05:33 -06:00
Matt Moyer 0a7c5b0604
Merge pull request #403 from mattmoyer/add-latest-generated-package 
Add "go.pinniped.dev/generated/latest" package that is not a nested module.
 2021-02-16 15:30:48 -06:00
Matt Moyer acbeb93f79
Don't lint generated code. 
This wasn't needed before because the other code wasn't in the main module and golangci-lint won't cross a module boundary.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 13:18:18 -06:00
Matt Moyer 6565265bee
Use new 'go.pinniped.dev/generated/latest' package. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 13:00:08 -06:00
Matt Moyer b42a34d822
Add generated client code for 'latest'. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 12:34:33 -06:00
Matt Moyer 3ce3403b95
Update ./hack/update.sh to add a "latest" package. 
This is just a copy of the newest Kubernetes version, but as a plain package and not a submodule.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-16 12:28:29 -06:00
Andrew Keesler fac571b51a
Merge pull request #410 from ankeesler/update-copyright 
generated: include 2021 in copyright
 2021-02-11 12:26:31 -05:00
Andrew Keesler c8b1f00107
generated: include 2021 in copyright 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-11 10:52:01 -05:00
Mo Khan f015ad5852
Merge pull request #405 from enj/enj/i/cluster_scope_concierge 
Cluster scope all concierge APIs
 2021-02-11 08:50:42 -05:00
Monis Khan b04fd46319
Update federation domain logic to use status subresource 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:10 -05:00
Monis Khan 4c304e4224
Assert all APIs have a status subresource 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:10 -05:00
Monis Khan 0a9f446893
Update credential issuer logic to use status subresource 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:10 -05:00
Monis Khan 96cec59236
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan 4faf724c2c
Make credential issuer status optional 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan de88ae2f61
Fix status related RBAC 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan dd3d1c8b1b
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:09 -05:00
Monis Khan 2e9baf9fa6
Correctly generate status subresource for all CRDs 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan ac01186499
Use API service as owner ref for cluster scoped resources 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan 2eb01bd307
authncache: remove namespace concept 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan 741b8fe88d
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan d25c6d9d0a
Make kubebuilder CRDs cluster scoped 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:08 -05:00
Monis Khan 89b00e3702
Declare war on namespaces 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:07 -05:00
Monis Khan d2480e6300
Generated 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:07 -05:00
Monis Khan 4205e3dedc
Make concierge APIs cluster scoped 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-10 21:52:07 -05:00
Matt Moyer ee80920ffd
Merge pull request #409 from mattmoyer/upgrade-debian 
Upgrade Debian base images from 10.7 to 10.8.
 2021-02-10 16:57:09 -06:00
Matt Moyer 45f4a0528c
Upgrade Debian base images from 10.7 to 10.8. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-10 15:57:16 -06:00
Andrew Keesler d0266cecdb
Merge pull request #390 from ankeesler/use-more-middleware 
Use middleware to mutate TokenCredentialRequest.Spec.Authenticator.APIGroup
 2021-02-10 16:38:54 -05:00
Andrew Keesler 0fc1f17866
internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 
This is a partial revert of 288d9c999e. For some reason it didn't occur to me
that we could do it this way earlier. Whoops.

This also contains a middleware update: mutation funcs can return an error now
and short-circuit the rest of the request/response flow. The idea here is that
if someone is configuring their kubeclient to use middleware, they are agreeing
to a narrow-er client contract by doing so (e.g., their TokenCredentialRequest's
must have an Spec.Authenticator.APIGroup set).

I also updated some internal/groupsuffix tests to be more realistic.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-10 15:53:44 -05:00
Andrew Keesler ae6503e972
internal/plog: add KObj() and KRef() 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-10 14:25:39 -05:00
Mo Khan 44b7679e9f
Merge pull request #407 from ankeesler/test-flake 
test/integration: make TestKubeCertAgent more stable
 2021-02-10 14:24:44 -05:00
Andrew Keesler 12d5b8959d
test/integration: make TestKubeCertAgent more stable 
I think the reason we were seeing flakes here is because the kube cert agent
pods had not reached a steady state even though our test assertions passed, so
the test would proceed immediately and run more assertions on top of a weird
state of the kube cert agent pods.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-10 12:08:34 -05:00
Andrew Keesler 5b076e7421
Merge pull request #404 from ankeesler/remove-deprecated-commands 
cmd/pinniped: delete get-kubeconfig + exchange-token
 2021-02-10 08:33:00 -05:00
Andrew Keesler 1ffe70bbea
cmd/pinniped: delete get-kubeconfig + exchange-token 
These were deprecated in v0.3.0.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-09 17:01:57 -05:00
Mo Khan cf735715f6
Merge pull request #394 from enj/enj/i/server_side_tcr_api_group 
Use server scheme to handle credential request API group changes
 2021-02-09 16:36:13 -05:00
Monis Khan 2679d27ced
Use server scheme to handle credential request API group changes 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-09 15:51:38 -05:00
Monis Khan 6b71b8d8ad
Revert server side token credential request API group changes 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-09 15:51:35 -05:00
Andrew Keesler 43da4ab2e0
SECURITY.md: follow established pattern 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-02-09 09:08:19 -05:00
Matt Moyer e4d8af6701
Merge pull request #399 from mattmoyer/upgrade-go 
Upgrade Go from 1.15.7 to 1.15.8.
 2021-02-08 18:17:17 -06:00
Matt Moyer d06c935c2c
Upgrade Go from 1.15.7 to 1.15.8. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-02-08 10:58:51 -06:00
Mo Khan 9399b5d800
Merge pull request #395 from enj/enj/i/remove_multierror 
Remove multierror package and migrate callers to k8s.io/apimachinery/pkg/util/errors.NewAggregate
 2021-02-05 15:14:25 -05:00
Monis Khan 05a471fdf9
Migrate callers to k8s.io/apimachinery/pkg/util/errors.NewAggregate 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-05 12:56:05 -05:00
Monis Khan 81d4e50f94
Remove multierror package 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-02-05 12:55:18 -05:00