Commit Graph

16 Commits

Author SHA1 Message Date
Ryan Richard
94f20e57b1 Concierge controllers add labels to all created resources 2020-10-15 10:14:23 -07:00
Andrew Keesler
6c555f94e3
internal/provider -> internal/dynamiccert
3 main reasons:
- The cert and key that we store in this object are not always used for TLS.
- The package name "provider" was a little too generic.
- dynamiccert.Provider reads more go-ish than provider.DynamicCertProvider.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-23 08:29:35 -04:00
Ryan Richard
6989e5da63 Merge branch 'main' into rename_stuff 2020-09-18 16:39:58 -07:00
Ryan Richard
80a520390b Rename many of resources that are created in Kubernetes by Pinniped
New resource naming conventions:
- Do not repeat the Kind in the name,
  e.g. do not call it foo-cluster-role-binding, just call it foo
- Names will generally start with a prefix to identify our component,
  so when a user lists all objects of that kind, they can tell to which
  component it is related,
  e.g. `kubectl get configmaps` would list one named "pinniped-config"
- It should be possible for an operator to make the word "pinniped"
  mostly disappear if they choose, by specifying the app_name in
  values.yaml, to the extent that is practical (but not from APIService
  names because those are hardcoded in golang)
- Each role/clusterrole and its corresponding binding have the same name
- Pinniped resource names that must be known by the server golang code
  are passed to the code at run time via ConfigMap, rather than
  hardcoded in the golang code. This also allows them to be prepended
  with the app_name from values.yaml while creating the ConfigMap.
- Since the CLI `get-kubeconfig` command cannot guess the name of the
  CredentialIssuerConfig resource in advance anymore, it lists all
  CredentialIssuerConfig in the app's namespace and returns an error
  if there is not exactly one found, and then uses that one regardless
  of its name
2020-09-18 15:56:50 -07:00
Matt Moyer
2d4d7e588a
Add Go vanity import paths.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-18 14:56:24 -05:00
Matt Moyer
8c9c1e206d
Update module/package names to match GitHub org switch.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 12:56:54 -05:00
Andrew Keesler
eab5c2b86b
Save 2 lines by using inline-style comments for Copyright
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:35:19 -04:00
Andrew Keesler
e7b389ae6c
Update copyright to reference Pinniped contributors
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:05:51 -04:00
Andrew Keesler
19c671a60a
cmd/local-user-authenticator: go back to use TokenReview structs
So I looked into other TokenReview webhook implementations, and most
of them just use the json stdlib package to unmarshal/marshal
TokenReview payloads. I'd say let's follow that pattern, even though
it leads to extra fields in the JSON payload (these are not harmful).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 16:12:43 -04:00
Andrew Keesler
17d40b7a73
cmd/local-user-authenticator: protect against nil-body
I saw this while reading other TokenReview code.
2020-09-11 16:11:42 -04:00
Andrew Keesler
4e40c0320e
cmd/local-user-authenticator: use v1beta1 everywhere
See 63f5416b2 for a previous time where we decided to use the v1beta1
TokenReview API.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 16:11:42 -04:00
Andrew Keesler
a3dbb309d0
cmd/local-user-authenticator: check for invalid TokenReview type meta
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-11 16:11:42 -04:00
Ryan Richard
c436f84b3d Fix a nil dereference crash in rest.go 2020-09-11 13:08:54 -07:00
Ryan Richard
22bf24b775 Fix a unit test failure that only happens on golang 1.15
- Use the SAN field when creating a test cert or else the corresponding
  unit tests will fail when run with golang 1.15
2020-09-10 18:50:34 -07:00
Ryan Richard
6deaa0fb1a Fix lint errors 2020-09-10 18:34:18 -07:00
Ryan Richard
b7bdb7f3b1 Rename test-webhook to local-user-authenticator
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-10 15:20:02 -07:00