Commit Graph

1367 Commits

Author SHA1 Message Date
Mo Khan
e74dd47b1d
Merge pull request #439 from enj/enj/f/whoami_api
Add WhoAmIRequest Aggregated Virtual REST API
2021-02-23 10:40:38 -05:00
Monis Khan
6a9f57f83d
TestWhoAmI: support older clusters (CSR and impersonation)
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-23 10:15:17 -05:00
Monis Khan
aa22047a0f
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-22 20:02:42 -05:00
Monis Khan
abc941097c
Add WhoAmIRequest Aggregated Virtual REST API
This change adds a new virtual aggregated API that can be used by
any user to echo back who they are currently authenticated as.  This
has general utility to end users and can be used in tests to
validate if authentication was successful.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-22 20:02:41 -05:00
Monis Khan
62630d6449
getAggregatedAPIServerScheme: move group version logic internally
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 11:10:54 -05:00
Mo Khan
f228f022f5
Merge pull request #435 from enj/enj/c/bump_v0.20.4
Bump Kube deps to v0.20.4
2021-02-19 10:59:40 -05:00
Monis Khan
1c1decfaf1
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 10:33:10 -05:00
Monis Khan
7786c83b0d
Bump kube deps to v0.20.4
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 10:26:53 -05:00
Mo Khan
41b75e6977
Merge pull request #431 from enj/enj-patch-1
concierge API service: update groupPriorityMinimum and versionPriority
2021-02-19 08:48:06 -05:00
Mo Khan
a54e1145a5
concierge API service: update groupPriorityMinimum and versionPriority
Copy over values that I have seen used in the past.
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-19 07:47:38 -05:00
Matt Moyer
2b208807a6
Merge pull request #426 from mattmoyer/website-accessibility-tweaks
Tweak website styles for accessibility.
2021-02-17 17:28:03 -06:00
Matt Moyer
25f841d063
Tweak website styles for accessibility.
Makes most of the fonts a bit bigger, increases contrast, fixes some nits about the spacing in numbered/bulletted lists, and adds some image alt texts.

Overall this improves our Lighthouse accessibility score from 71 to 95 and I think it's subjectively more readable.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-17 17:19:58 -06:00
Matt Moyer
93d4581721
Workaround a bad module version to fix Dependabot.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 17:05:33 -06:00
Matt Moyer
0a7c5b0604
Merge pull request #403 from mattmoyer/add-latest-generated-package
Add "go.pinniped.dev/generated/latest" package that is not a nested module.
2021-02-16 15:30:48 -06:00
Matt Moyer
acbeb93f79
Don't lint generated code.
This wasn't needed before because the other code wasn't in the main module and golangci-lint won't cross a module boundary.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 13:18:18 -06:00
Matt Moyer
6565265bee
Use new 'go.pinniped.dev/generated/latest' package.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 13:00:08 -06:00
Matt Moyer
b42a34d822
Add generated client code for 'latest'.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 12:34:33 -06:00
Matt Moyer
3ce3403b95
Update ./hack/update.sh to add a "latest" package.
This is just a copy of the newest Kubernetes version, but as a plain package and not a submodule.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-16 12:28:29 -06:00
Andrew Keesler
fac571b51a
Merge pull request #410 from ankeesler/update-copyright
generated: include 2021 in copyright
2021-02-11 12:26:31 -05:00
Andrew Keesler
c8b1f00107
generated: include 2021 in copyright
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-11 10:52:01 -05:00
Mo Khan
f015ad5852
Merge pull request #405 from enj/enj/i/cluster_scope_concierge
Cluster scope all concierge APIs
2021-02-11 08:50:42 -05:00
Monis Khan
b04fd46319
Update federation domain logic to use status subresource
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:10 -05:00
Monis Khan
4c304e4224
Assert all APIs have a status subresource
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:10 -05:00
Monis Khan
0a9f446893
Update credential issuer logic to use status subresource
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:10 -05:00
Monis Khan
96cec59236
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:09 -05:00
Monis Khan
4faf724c2c
Make credential issuer status optional
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:09 -05:00
Monis Khan
de88ae2f61
Fix status related RBAC
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:09 -05:00
Monis Khan
dd3d1c8b1b
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:09 -05:00
Monis Khan
2e9baf9fa6
Correctly generate status subresource for all CRDs
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:08 -05:00
Monis Khan
ac01186499
Use API service as owner ref for cluster scoped resources
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:08 -05:00
Monis Khan
2eb01bd307
authncache: remove namespace concept
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:08 -05:00
Monis Khan
741b8fe88d
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:08 -05:00
Monis Khan
d25c6d9d0a
Make kubebuilder CRDs cluster scoped
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:08 -05:00
Monis Khan
89b00e3702
Declare war on namespaces
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:07 -05:00
Monis Khan
d2480e6300
Generated
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:07 -05:00
Monis Khan
4205e3dedc
Make concierge APIs cluster scoped
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-10 21:52:07 -05:00
Matt Moyer
ee80920ffd
Merge pull request #409 from mattmoyer/upgrade-debian
Upgrade Debian base images from 10.7 to 10.8.
2021-02-10 16:57:09 -06:00
Matt Moyer
45f4a0528c
Upgrade Debian base images from 10.7 to 10.8.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2021-02-10 15:57:16 -06:00
Andrew Keesler
d0266cecdb
Merge pull request #390 from ankeesler/use-more-middleware
Use middleware to mutate TokenCredentialRequest.Spec.Authenticator.APIGroup
2021-02-10 16:38:54 -05:00
Andrew Keesler
0fc1f17866
internal/groupsuffix: mutate TokenCredentialRequest's Authenticator
This is a partial revert of 288d9c999e. For some reason it didn't occur to me
that we could do it this way earlier. Whoops.

This also contains a middleware update: mutation funcs can return an error now
and short-circuit the rest of the request/response flow. The idea here is that
if someone is configuring their kubeclient to use middleware, they are agreeing
to a narrow-er client contract by doing so (e.g., their TokenCredentialRequest's
must have an Spec.Authenticator.APIGroup set).

I also updated some internal/groupsuffix tests to be more realistic.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-10 15:53:44 -05:00
Andrew Keesler
ae6503e972
internal/plog: add KObj() and KRef()
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-10 14:25:39 -05:00
Mo Khan
44b7679e9f
Merge pull request #407 from ankeesler/test-flake
test/integration: make TestKubeCertAgent more stable
2021-02-10 14:24:44 -05:00
Andrew Keesler
12d5b8959d
test/integration: make TestKubeCertAgent more stable
I think the reason we were seeing flakes here is because the kube cert agent
pods had not reached a steady state even though our test assertions passed, so
the test would proceed immediately and run more assertions on top of a weird
state of the kube cert agent pods.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-10 12:08:34 -05:00
Andrew Keesler
5b076e7421
Merge pull request #404 from ankeesler/remove-deprecated-commands
cmd/pinniped: delete get-kubeconfig + exchange-token
2021-02-10 08:33:00 -05:00
Andrew Keesler
1ffe70bbea
cmd/pinniped: delete get-kubeconfig + exchange-token
These were deprecated in v0.3.0.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-09 17:01:57 -05:00
Mo Khan
cf735715f6
Merge pull request #394 from enj/enj/i/server_side_tcr_api_group
Use server scheme to handle credential request API group changes
2021-02-09 16:36:13 -05:00
Monis Khan
2679d27ced
Use server scheme to handle credential request API group changes
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 15:51:38 -05:00
Monis Khan
6b71b8d8ad
Revert server side token credential request API group changes
Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 15:51:35 -05:00
Andrew Keesler
43da4ab2e0
SECURITY.md: follow established pattern
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2021-02-09 09:08:19 -05:00
Matt Moyer
e4d8af6701
Merge pull request #399 from mattmoyer/upgrade-go
Upgrade Go from 1.15.7 to 1.15.8.
2021-02-08 18:17:17 -06:00