djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8afbb4eb4f
ContainerImage.Pinniped/internal
History
Monis Khan 8b4ed86071
certs_expirer: be specific about what secret to delete 
This change fixes a race that can occur because we have multiple
writers with no leader election lock.

1. TestAPIServingCertificateAutoCreationAndRotation/automatic
   expires the current serving certificate
2. CertsExpirerController 1 deletes expired serving certificate
3. CertsExpirerController 2 starts deletion of expired serving
   certificate but has not done so yet
4. CertsManagerController 1 creates new serving certificate
5. TestAPIServingCertificateAutoCreationAndRotation/automatic
   records the new serving certificate
6. CertsExpirerController 2 finishes deletion, and thus deletes the
   newly created serving certificate instead of the old one
7. CertsManagerController 2 creates new serving certificate
8. TestAPIServingCertificateAutoCreationAndRotation/automatic keeps
   running and eventually times out because it is expecting the
   serving certificate created by CertsManagerController 2 to match
   the value it recorded from CertsManagerController 1 (which will
   never happen since that certificate was incorrectly deleted).

Signed-off-by: Monis Khan <mok@vmware.com>
2021-07-28 09:56:05 -04:00
..
apiserviceref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
authenticators More LDAP WIP: started controller and LDAP server connection code 2021-04-09 18:49:43 -07:00
certauthority dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
clusterhost Introduce clusterhost package to determine whether a cluster has control plane nodes 2021-02-09 11:16:01 -08:00
concierge impersonator: always authorize every request 2021-06-14 12:53:09 -04:00
config Remove references to impersonationConfigMap. 2021-05-26 15:24:59 -05:00
constable Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
controller certs_expirer: be specific about what secret to delete 2021-07-28 09:56:05 -04:00
controllerlib Fix bad test package name 2021-06-22 11:23:19 -04:00
controllermanager Switch impersonatorconfig to all singleton queues. 2021-05-26 12:54:40 -05:00
crud Supervisor storage garbage collection controller enabled in production 2020-12-11 15:21:34 -08:00
deploymentref Use API service as owner ref for cluster scoped resources 2021-02-10 21:52:08 -05:00
downward internal/downward: add support for (optional) pod name 2020-12-11 11:49:27 -05:00
dynamiccert Fix bad test package name 2021-06-22 11:23:19 -04:00
endpointaddr Add endpointaddr pkg for parsing host+port inputs. 2021-05-25 16:17:26 -05:00
execcredcache Add CLI caching of cluster-specific credentials. 2021-04-08 14:12:34 -05:00
fositestorage Use a custom type for our static CLI client (smaller change). 2021-06-15 15:31:48 -05:00
fositestoragei More adjustments based on PR feedback 2021-04-27 16:54:26 -07:00
groupsuffix Add WhoAmIRequest Aggregated Virtual REST API 2021-02-22 20:02:41 -05:00
here Save 2 lines by using inline-style comments for Copyright 2020-09-16 10:35:19 -04:00
httputil Adjust our securityheader pkg to support form_post. 2021-07-09 12:08:43 -05:00
issuer dynamiccert: split into serving cert and CA providers 2021-03-15 12:24:07 -04:00
kubeclient internal/kubeclient: match plog level with klog level 2021-04-21 16:25:08 -04:00
mocks Initial support for upstream LDAP group membership 2021-05-17 11:10:26 -07:00
oidc Fix form_post CSS styling in Firefox and Safari. 2021-07-28 08:09:20 -05:00
ownerref internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
plog WIP on new plog 2021-04-21 09:02:45 -07:00
registry credentialrequest: use safer approximation for ExpirationTimestamp 2021-06-23 11:07:00 -04:00
secret All controller unit tests should not cancel context until test is over 2021-03-04 17:26:01 -08:00
testutil Add custom response_mode=form_post HTML template. 2021-07-09 12:08:43 -05:00
upstreamldap In LDAP, do not log username until we know the user exists. 2021-05-28 16:57:48 -05:00
upstreamoidc Upgrade to github.com/coreos/go-oidc v3.0.0. 2021-01-21 12:08:14 -06:00
valuelesscontext valuelesscontext: make unit tests more clear 2021-04-30 10:43:29 -04:00