Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sdk/go): add kubernetes authentication provider #2703

Merged
merged 17 commits into from
Jan 24, 2024
Merged

feat(sdk/go): add kubernetes authentication provider #2703

merged 17 commits into from
Jan 24, 2024

Conversation

GeorgeMac
Copy link
Member

@GeorgeMac GeorgeMac commented Jan 23, 2024
edited
Loading

This adds a new AuthenticationProvider which automatically configures the client to use our Kubernetes authentication method.
With this provider configured, the client automatically authenticates using the Kubernetes method, by exchanging the service account token on the host with the target Flipt instance. It uses the default service account token path, which can be overridden. While the previously exchanged client token exists and is valid (not expired) within some configurable leeway, it uses the previously exchanged client token.
When the token draws close to expiry it exchanged it automatically for a new one. It does so by re-reading the service account token and exchanging with Flipt again. This is important, because Kubernetes will update the contents of that file, as its own service account tokens are automatically refreshed.

This PR additionally introduces k8s auth method to the matrix of methods used in the integration tests.
Doing so allows us to ensure the Go SDK works across the entire API with this authentication method.
To achieve this, there is a little thin JWKS provider implementation added that supports using its own CA.
This is to mimic how Kubernetes runs its own OIDC discovery mechanisms in-cluster.

@GeorgeMac GeorgeMac changed the title feat(sdk/go): add kubernetes client token provider feat(sdk/go): add kubernetes authentication provider Jan 23, 2024
@codecov Codecov
Copy link

codecov bot commented Jan 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (51a3d17) 73.02% compared to head (ce529fe) 73.02%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2703   +/-   ##
=======================================
  Coverage   73.02%   73.02%           
=======================================
  Files          85       85           
  Lines        8370     8370           
=======================================
  Hits         6112     6112           
  Misses       1880     1880           
  Partials      378      378

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

markphelps
markphelps reviewed Jan 23, 2024
View reviewed changes
Copy link
Collaborator

@markphelps markphelps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking great!

sdk/go/doc.go Show resolved Hide resolved
@GeorgeMac GeorgeMac marked this pull request as ready for review January 24, 2024 10:22
@GeorgeMac GeorgeMac requested a review from a team as a code owner January 24, 2024 10:22
@GeorgeMac
Copy link
Member Author

Something funny going on in actions land. The env var we generate for use in naming the upload artefacts is occassionally going missing 🤔 . Some builds it gets generated appropriately, sometimes not. I think something funny is going on in the actions environment.

@GeorgeMac
Copy link
Member Author

GeorgeMac commented Jan 24, 2024
edited
Loading

OK, I see this only appears to happen when the test itself fails because it steps over the env var setting.
Im going to reorder steps so this doesn't confuse in the future.

yquansah
yquansah approved these changes Jan 24, 2024
View reviewed changes
Copy link
Contributor

@yquansah yquansah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

build/testing/integration.go Show resolved Hide resolved
@GeorgeMac GeorgeMac requested a review from yquansah January 24, 2024 14:05
@markphelps markphelps added the needs docs Requires documentation updates label Jan 24, 2024
markphelps
markphelps approved these changes Jan 24, 2024
View reviewed changes
Copy link
Collaborator

@markphelps markphelps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great! mind updating the docs as well?

@GeorgeMac GeorgeMac merged commit 936e158 into main Jan 24, 2024
35 checks passed
@GeorgeMac GeorgeMac deleted the gm/sdk-go-k8s branch January 24, 2024 18:13
@markphelps markphelps removed the needs docs Requires documentation updates label May 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markphelps markphelps markphelps approved these changes

@yquansah yquansah Awaiting requested review from yquansah

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@GeorgeMac @markphelps @yquansah