Commit Graph

2692 Commits

Author SHA1 Message Date
Matt Moyer
7ce760a5dd
Register a second APIService for the login.pinniped.dev.
This is handled by a second instance of the APIServiceUpdaterController.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
af034befb0
Paramaterize the APIService name in apiServiceUpdaterController rather than hardcoding.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
a8487b78c9
Add some conversions to allow our REST handler to handle both old and new credential request APIs.
Eventually we could refactor to remove support for the old APIs, but they are so similar that a single implementation seems to handle both easily.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:23 -05:00
Matt Moyer
58bf93b10c
Add a new login.pinniped.dev API group with TokenCredentialRequest.
This is essentially meant to be be "v1alpha2" of the existing CredentialRequest API, but since we want to move API groups we can just start over at v1alpha1.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-17 09:52:22 -05:00
Andrew Keesler
f464e03380
Generate code against 1.17.11
We want to be able to run kind integration tests against the same
versions that we generate code against. There is no public
kindest/node image for 1.17.9, so let's update to the next 1.17.x
version where there is an image: 1.17.11.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-17 10:35:45 -04:00
Ryan Richard
efbe3a26c1
Merge pull request #111 from suzerain-io/contributor_guide_updates
Contributor guide updates
2020-09-16 16:48:26 -07:00
Andrew Keesler
4f59d9286c Update community meeting link to one which requires a host to be present
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-09-16 16:39:59 -07:00
Andrew Keesler
6c75de9334 Use public container images for codegen as as defaults when deploying
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-09-16 15:46:51 -07:00
Ryan Richard
f425eed07c Small edits to PR template file 2020-09-16 09:06:36 -07:00
Ryan Richard
7a975d98fb First draft of a PR template file. 2020-09-16 08:56:18 -07:00
Ryan Richard
635ecd7b1a Merge branch 'main' into contributor_guide_updates 2020-09-16 08:32:34 -07:00
dependabot[bot]
29305777bb
Bump golang from 1.15.1 to 1.15.2
Bumps golang from 1.15.1 to 1.15.2.

Signed-off-by: dependabot[bot] <support@github.com>
2020-09-16 14:59:35 +00:00
Andrew Keesler
6d0b83aabf
Merge pull request #113 from ankeesler/pinniped-copyright
Pinniped copyright
2020-09-16 10:58:40 -04:00
Andrew Keesler
6ba712d612
Fix copyright format in hack/header.txt 2020-09-16 10:42:26 -04:00
Andrew Keesler
eab5c2b86b
Save 2 lines by using inline-style comments for Copyright
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:35:19 -04:00
Andrew Keesler
e7b389ae6c
Update copyright to reference Pinniped contributors
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-16 10:05:51 -04:00
Ryan Richard
e51e51dfd4 Add link to public Pinniped Biweekly Community Meeting agenda/notes doc 2020-09-15 18:19:20 -07:00
Ryan Richard
cd0194cb68 Contributor guide updates 2020-09-15 17:59:40 -07:00
Ryan Richard
a73f14e03d Revert "Fake README update to test a change to the PR pipeline"
This reverts commit e3b8c3b611.
2020-09-15 16:43:04 -07:00
Ryan Richard
e3b8c3b611 Fake README update to test a change to the PR pipeline 2020-09-15 16:41:39 -07:00
Ryan Richard
da9f24cf30
Merge pull request #99 from ankeesler/arch-doc
doc/architecture.md and new overview diagram
2020-09-15 16:20:31 -07:00
Ryan Richard
67de7f5646 Further explain the webhook API in architecture.md 2020-09-15 16:18:48 -07:00
Ryan Richard
43c69ec339 Update the architecture diagram
- Also update the instructions for editing the documentation images
2020-09-15 16:07:09 -07:00
Ryan Richard
014fb518bc Change one usage of "external" back to "upstream" 2020-09-15 14:04:05 -07:00
Ryan Richard
321c6a5392 Merge remote-tracking branch 'origin/main' into arch-doc 2020-09-15 14:02:26 -07:00
Ryan Richard
db98f2810f
Merge pull request #98 from suzerain-io/get_kubeconfig_cli
Organize Pinniped CLI into subcommands; Add get-kubeconfig subcommand
2020-09-15 13:34:14 -07:00
Andrew Keesler
062dfa3e75
Merge pull request #100 from ankeesler/adopters-doc
ADOPTERS.md: add initial draft
2020-09-15 16:20:35 -04:00
Matt Moyer
1244a950e7
Merge pull request #108 from mattmoyer/cleanup-credential-request-api
Clean up CredentialRequest `types.go`.
2020-09-15 15:03:07 -05:00
Matt Moyer
8df910361c
Clean up CredentialRequest types.go.
Mostly cleaned up and added doc strings, but also removed unneeded protobuf tags.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:30:12 -05:00
Matt Moyer
37da441e96
Merge pull request #107 from mattmoyer/tidy-go-modules
Tidy go.mod/go.sum.
2020-09-15 14:29:39 -05:00
Matt Moyer
6faf224e20
Merge pull request #105 from mattmoyer/extend-readiness-check
Wait for informers to sync before we pass readiness check.
2020-09-15 14:27:42 -05:00
Matt Moyer
92372d20a9
Tidy go.mod/go.sum.
I accidentally missed this in bbef017989 and it's not currently part of our CI linting.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:14:44 -05:00
Matt Moyer
12f0997193
Wait for informers to sync before we pass readiness check.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 14:14:25 -05:00
Matt Moyer
e428877473
Merge pull request #106 from mattmoyer/fix-webhook-base64-encoding
Fix base64 encoding style in webhookcachefiller.
2020-09-15 14:12:02 -05:00
Ryan Richard
cecd691a84 Add demo instructions
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-15 12:10:20 -07:00
Matt Moyer
1c7b3c3072
Fix base64 encoding style in webhookcachefiller.
This was previously using the unpadded (raw) base64 encoder, which worked sometimes (if the CA happened to be a length that didn't require padding). The correct encoding is the `base64.StdEncoding` one that includes padding.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 13:54:19 -05:00
Matt Moyer
b1ea04b036
Merge pull request #83 from mattmoyer/add-idp-config-crd
Implement the initial version of a WebhookIdentityProvider CRD.
2020-09-15 12:53:31 -05:00
Andrew Keesler
36a66f4e8b
Merge pull request #104 from ankeesler/maintainers-doc
MAINTAINERS.md: add initial draft
2020-09-15 13:31:15 -04:00
Matt Moyer
b39160e4c4
Add some log output to TestCredentialIssuerConfig for troubleshooting.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:15:42 -05:00
Andrew Keesler
a22b414b58
MAINTAINERS.md: add initial draft
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-15 13:14:50 -04:00
Matt Moyer
8de046a561
Remove static webhook config options.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:34 -05:00
Matt Moyer
f7c9ae8ba3
Validate tokens using the new dynamic IDP cache instead of the static config.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:34 -05:00
Matt Moyer
75ea0f48d9
Add a controller to clean up stale entries in the idpcache.Cache.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
acfc5acfb2
Add a controller to fill the idpcache.Cache from WebhookIdentityProvider objects.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
6506a82b19
Add a cache of active IDPs, which implements authenticator.Token.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
66f4e62c6c
Add internal/mocks/mocktokenauthenticator generated mocks.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
80a23bd2fd
Rename "Webhook" to "TokenAuthenticator" in our REST handler and callers.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
2bdbac3e15
Move the ytt webhook config out into the CRD.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
5b9f2ec9fc
Give our controller access to all our CRD types.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:33 -05:00
Matt Moyer
fc220d5f79
Remove kubectl dry-run verify for now.
The dry-run fails now because we are trying to install a CRD and a custom resource (of that CRD type) in the same step.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-09-15 12:02:32 -05:00