djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,683 Commits 30 Branches 34 Tags 22 MiB
e99e175ce2
Commit Graph

1683 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Richard
08c446a3e1 Use openssl to generate the test user password instead of /dev/urandom 
Because it's more portable across different operating systems and
it is already pre-installed on MacOS.
 2021-03-18 11:20:33 -07:00
Ryan Richard
bd8c243636 concierge_impersonation_proxy_test.go: small refactor 2021-03-18 10:46:27 -07:00
Ryan Richard
e4bf6e068f Add a comment to impersonator.go 2021-03-18 10:46:27 -07:00
Monis Khan
120e46b5f7
test/integration: fix race condition 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-18 11:27:52 -04:00
Andrew Keesler
257d69045d
Reuse internal/concierge/scheme 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-18 10:40:59 -04:00
Andrew Keesler
05a188d4cd
Merge remote-tracking branch 'upstream/main' into impersonation-proxy 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-18 10:36:28 -04:00
Monis Khan
205c22ddbe
impersonator config: catch panics when running impersonator 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-18 10:28:28 -04:00
Andrew Keesler
aa79bc7609
internal/concierge/impersonator: ensure log statement is printed 
When the frontend connection to our proxy is closed, the proxy falls through to
a panic(), which means the HTTP handler goroutine is killed, so we were not
seeing this log statement.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-18 10:14:11 -04:00
Andrew Keesler
a36914f5ca
Merge pull request #476 from ankeesler/whoami-cli 
cmd/pinniped: add whoami cli command
 2021-03-18 09:46:48 -04:00
Andrew Keesler
cc8f0b623c
test/integration: add pinniped whoami tests 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-18 08:56:35 -04:00
Andrew Keesler
de6837226e
cmd/pinniped: add whoami command 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-18 08:56:34 -04:00
Matt Moyer
3a32833306
Merge pull request #503 from mattmoyer/rework-restart-assertions-helper 
Rework integration test assertions for pod restarts.
 2021-03-17 14:38:39 -07:00
Matt Moyer
74df6d138b
Memoize library.IntegrationEnv so it's only constructed once per test. 
This is probably a good idea regardless, but it also avoids an infinite recursion from IntegrationEnv() -> assertNoRestartsDuringTest() -> NewKubeclient() -> IntegrationEnv() -> ...

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-17 13:37:48 -05:00
Matt Moyer
0dd2b358fb
Extend assertNoRestartsDuringTest to dump logs from containers that restarted. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-17 13:37:47 -05:00
Matt Moyer
6520c5a3a1
Extend library.DumpLogs() to dump logs from the previous container, if one exists. 
This is important in case the container has crashed and has been restarted.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-17 11:46:40 -05:00
Matt Moyer
5a43a5d53a
Remove library.AssertNoRestartsDuringTest and make that assertion implicit in library.IntegrationEnv. 
This means we (hopefully) can't forget to include these assertions in any integration test.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-17 11:18:10 -05:00
Margo Crawford
897340860b Small refactor to impersonation proxy integration test 2021-03-16 16:57:46 -07:00
Matt Moyer
4d2035ab2a
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy 2021-03-16 18:19:40 -05:00
Matt Moyer
d85135c12e
Merge pull request #501 from mattmoyer/deflake-get-category-test 
Improve the reliability of TestGetPinnipedCategory.
 2021-03-16 16:18:22 -07:00
Matt Moyer
30a392b900
Improve the reliability of TestGetPinnipedCategory. 
This test could flake in some rare scenarios. This change adds a bunch of retries, improves the debugging output if the tests fail, and puts all of the subtests in parallel which saves ~10s on my local machine.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-16 17:39:02 -05:00
Mo Khan
4ab3c64b70
Merge pull request #500 from mattmoyer/deflake-cert-rotation-test 
Make TestAPIServingCertificateAutoCreationAndRotation more reliable.
 2021-03-16 17:03:07 -04:00
Matt Moyer
2515b2d710
Make TestAPIServingCertificateAutoCreationAndRotation more reliable. 
This test has occasionally flaked because it only waited for the APIService GET to finish, but did not wait for the controller to successfully update the target object.

The new code should be more patient and allow the controller up to 10s to perform the expected action.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-16 15:14:24 -05:00
Matt Moyer
10a1e29e15
Merge branch 'main' of github.com:vmware-tanzu/pinniped into impersonation-proxy 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-16 14:35:07 -05:00
Matt Moyer
2319606cd2
Fix some nits from the previous commit that I accidentally merged before fixing. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-16 14:24:13 -05:00
Matt Moyer
10168ab2e7
Merge pull request #499 from vmware-tanzu/add-anon-auth-capability 
Describe "anonymousAuthenticationSupported" test cluster capability and add more managed cluster types.
 2021-03-16 12:21:47 -07:00
Matt Moyer
c5b784465b
Describe "anonymousAuthenticationSupported" test cluster capability and add more managed cluster types. 
This new capability describes whether a cluster is expected to allow anonymous requests (most do since k8s 1.6.x, but AKS has it disabled).

This commit also contains new capability YAML files for AKS and EKS, mostly to document publicly how we expect our tests to function in those environments.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-16 13:54:29 -05:00
Monis Khan
236dbdb2c4
impersonator: test UID impersonation and header canonicalization 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-16 13:00:51 -04:00
Ryan Richard
6887d0aca2 Repeat the method and url in the log line for the userinfo username 2021-03-15 17:12:03 -07:00
Margo Crawford
64e0dbb481 Sleep for 1 minute 10 seconds instead of a minute in timeout test 2021-03-15 16:33:47 -07:00
Ryan Richard
e47543233c Merge branch 'main' into impersonation-proxy 2021-03-15 16:28:25 -07:00
Ryan Richard
2460568be3 Add some debug logging 2021-03-15 16:26:51 -07:00
Ryan Richard
1b31489347 Add prepare-impersonator-on-kind.sh for manually starting impersonator 
It takes a lot of manual steps to get ready to manually test the
impersonation proxy on a kind cluster, which makes it error prone,
so encapsulate them into a script to make it easier.
 2021-03-15 16:26:51 -07:00
Ryan Richard
ab6452ace7 Remove linting from pre-commit because it is slow and messes up GoLand 
It seems to confusing committing in the GoLand IDE.
 2021-03-15 16:25:45 -07:00
Matt Moyer
c46aa1c29d
Merge pull request #490 from vmware-tanzu/dependabot/docker/golang-1.16.2 
Bump golang from 1.16.1 to 1.16.2
 2021-03-15 15:08:03 -07:00
Margo Crawford
939ea30030 Make all tests but disable test parallelized 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2021-03-15 14:34:41 -07:00
Andrew Keesler
efd973fa17 Test waiting for a minute and keeping connection open 
Signed-off-by: Margo Crawford <margaretc@vmware.com>
 2021-03-15 14:34:41 -07:00
Monis Khan
4f671f5dca
dynamiccert: unit test with DynamicServingCertificateController 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-15 17:23:37 -04:00
Ryan Richard
a5384a6e38 Merge branch 'main' into impersonation-proxy 2021-03-15 13:06:36 -07:00
dependabot[bot]
e64f2fe7fb
Bump golang from 1.16.1 to 1.16.2 
Bumps golang from 1.16.1 to 1.16.2.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-15 19:55:44 +00:00
Matt Moyer
035362f4d3
Merge pull request #494 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.8.0 
Bump k8s.io/klog/v2 from 2.6.0 to 2.8.0
 2021-03-15 12:54:46 -07:00
Ryan Richard
8065a8d2e6 TestKubeCertAgent waits for CredentialIssuer strategy to be successful 
At the end of the test, wait for the KubeClusterSigningCertificate
strategy on the CredentialIssuer to go back to being healthy, to avoid
polluting other integration tests which follow this one.
 2021-03-15 11:43:12 -07:00
Ryan Richard
e22ad6171a Fix a race detector warning by re-declaring err in a t.Cleanup() 2021-03-15 11:43:12 -07:00
dependabot[bot]
c2b0acf241
Bump k8s.io/klog/v2 from 2.6.0 to 2.8.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.6.0...v2.8.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-15 17:36:36 +00:00
Monis Khan
00694c9cb6
dynamiccert: split into serving cert and CA providers 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-15 12:24:07 -04:00
Matt Moyer
dc96f398da
Merge pull request #497 from mattmoyer/ignore-local-user-authenticator-coverage 
Ignore test coverage for local-user-authenticator.
 2021-03-15 08:46:28 -07:00
Matt Moyer
755a87cdbb
Ignore test coverage for local-user-authenticator. 
This should ignore coverage changes in this test-only component, using the syntax described here: https://docs.codecov.io/docs/ignoring-paths.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-15 10:43:17 -05:00
Matt Moyer
c538a4e8e8
Merge pull request #495 from mattmoyer/add-golangci-lint-to-pre-commit-hooks 
Add golangci-lint to .pre-commit-config.yaml.
 2021-03-15 08:23:09 -07:00
Matt Moyer
41949d8e07
Add golangci-lint to .pre-commit-config.yaml. 
This is the configuration for https://pre-commit.com/, which now also runs golangci-lint using the same version as CI (currently v1.33.0).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-03-15 10:20:59 -05:00
Monis Khan
4c162be8bf
impersonator: add comment about long running func 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-15 09:43:06 -04:00
Monis Khan
b530cef3b1
impersonator: encode proper API status on failure 
Signed-off-by: Monis Khan <mok@vmware.com>
 2021-03-13 20:25:23 -05:00