Some code fixes and getting proper restricted kubeconfig structs #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ct#775) This PR adds SBOM information to README as well as [CLOMonitor](https://github.com/cncf/clomonitor) exemption configuration. This resolves nephio-project#551 and nephio-project#546
…rkflow Hardening codeql workflow
|
Other PRs will follow for fixing:
|
nephio-project#779 Main change here was to remove the use of the replace directive for porch in the go.mod files. Update the import paths. Minor code updates. Update the other dependencies to satisfy the existing codebase.
PrimalPimmy
force-pushed
the
spire-fixes
branch
3 times, most recently
from
26c7d74
to
2880aa9
Compare
Change approval controller PR Get to hit the api directly instead of reading from local cache. Adjust the reque duration to prevent race condition. During debugging the approval delay issue reported [here](nephio-project#462) it became apparent that the packagerev being fetched was a cached version which didn't get updated for quite some time. To circumvent this, we are retrieving the PR using the apiReader interface which bypasses the local cache and hits the k8s api directly.
Co-authored-by: Rado Chmiel <r.chmiel@partner.samsung.com>
…ephio-project#525) Solves nephio-project#493 These changes will ensure we have nf deploy fn to apply de dupulication logic to NF Deploy Param Ref 1. Changes to Add Dependency to check if it already exist before adding. Thanks @gvbalaji for the code snippet in chat. 2. Added test cases to handle dependency, if same file is present multiple times. Its not in our use case, but its better to add that too. 3. Added changes to pipeline tests to ensure, if I run the NF Deploy Fn multiples after that, it doesn't break the idempotency principle.
Update pkgrev.get to use api Reader to bypass cache Additional logging Update kyaml versions to sync with porch version
PrimalPimmy
force-pushed
the
spire-fixes
branch
from
6f975bb
to
4e618c3
Compare
There were some build fails that slipped trough tests resulting in broken build. Enabling 'always_run' as those are not long-running, just to be on safe side.
Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> minor fix Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Cluster reconciler Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Cluster reconciler Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> sending bundle to remote cluster Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Test Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Spire auth inside reconciler Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Vault authentication and fetching kubeconfig Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Some testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing-3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing-3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Mid testing-3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Refactoring Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Kubeconfig test Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Removed found Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> log testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> log testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> log testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid-3 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid-4 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid-5 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Getting svid-6 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Vault addr and patch configmap Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Vault addr and patch configmap Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Restricted Kubeconfig Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> configmap perms Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> server addr Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Struct to yaml Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Struct to yaml Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Reverting changes Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> yaml indent fixing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> yaml indent fixing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> yaml indent fixing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Some cleanup Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Some cleanup Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Debugging Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Debugging Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Debugging Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Debugging Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> vault storage change Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Added kubeconfig change Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> module testing Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> revert module change Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Vault JWT role detect Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Vault JWT role detect Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com> Vault JWT role detect-2 Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>
Signed-off-by: PrimalPimmy <prashant20.pm@gmail.com>
Signed-off-by: PrimalPimmy <prashant20.pm@gmail.com>
Signed-off-by: PrimalPimmy <prashant20.pm@gmail.com>
PrimalPimmy
force-pushed
the
spire-fixes
branch
from
b1b3497
to
60bb4c8
Compare
Signed-off-by: PrimalPimmy <prashant20.pm@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR involves improving the process of generating restricted kubeconfigs for the spire-server to pick up