Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update 0.6 branch with new namespaced user info field #747

Merged
merged 6 commits into from
Aug 20, 2024
Merged

Update 0.6 branch with new namespaced user info field #747

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1ecf00d
add a namespaced field
modulitos Aug 16, 2024
c076692
retain original field
modulitos Aug 19, 2024
8ec9d2b
update to sig.k8s.io namespace
modulitos Aug 20, 2024
43042b9
cleanup to use composite literals
modulitos Aug 20, 2024
9ebe7b8
create new release 0.6.25
modulitos Aug 20, 2024
4bd0616
Revert "create new release 0.6.25"
modulitos Aug 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pkg/server/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,7 @@ func (h *handler) authenticateEndpoint(w http.ResponseWriter, req *http.Request)
userExtra["sessionName"] = authenticationv1beta1.ExtraValue{identity.SessionName}
userExtra["accessKeyId"] = authenticationv1beta1.ExtraValue{identity.AccessKeyID}
userExtra["principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
userExtra["sigs.k8s.io/aws-iam-authenticator/principalId"] = authenticationv1beta1.ExtraValue{identity.UserID}
}

json.NewEncoder(w).Encode(authenticationv1beta1.TokenReview{
Expand Down
110 changes: 60 additions & 50 deletions pkg/server/server_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -500,11 +500,12 @@ func TestAuthenticateVerifierRoleMapping(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{"ABCDEF"},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {"ABCDEF"},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -543,11 +544,12 @@ func TestAuthenticateVerifierRoleMappingCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:role/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -590,11 +592,12 @@ func TestAuthenticateVerifierUserMapping(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -633,11 +636,12 @@ func TestAuthenticateVerifierUserMappingCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
[]string{"sys:admin", "listers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -676,11 +680,12 @@ func TestAuthenticateVerifierAccountMappingForUser(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -719,11 +724,12 @@ func TestAuthenticateVerifierAccountMappingForUserCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:user/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:user/Test"},
"canonicalArn": {"arn:aws:iam::0123456789012:user/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -762,11 +768,12 @@ func TestAuthenticateVerifierAccountMappingForRole(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -805,11 +812,12 @@ func TestAuthenticateVerifierAccountMappingForRoleCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:Test",
nil,
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/Test"},
"sessionName": authenticationv1beta1.ExtraValue{"TestSession"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"Test"},
"arn": {"arn:aws:iam::0123456789012:assumed-role/Test/extra"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/Test"},
"sessionName": {"TestSession"},
"accessKeyId": {""},
"principalId": {"Test"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"Test"},
}))
validateMetrics(t, validateOpts{success: 1})
}
Expand Down Expand Up @@ -853,11 +861,12 @@ func TestAuthenticateVerifierNodeMapping(t *testing.T) {
"aws-iam-authenticator:0123456789012:TestNodeRole",
[]string{"system:nodes", "system:bootstrappers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
"arn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": {"i-0c6f21bf1f24f9708"},
"accessKeyId": {""},
"principalId": {"TestNodeRole"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"},
}))
validateMetrics(t, validateOpts{success: 1})

Expand Down Expand Up @@ -898,11 +907,12 @@ func TestAuthenticateVerifierNodeMappingCRD(t *testing.T) {
"aws-iam-authenticator:0123456789012:TestNodeRole",
[]string{"system:nodes", "system:bootstrappers"},
map[string]authenticationv1beta1.ExtraValue{
"arn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": authenticationv1beta1.ExtraValue{"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": authenticationv1beta1.ExtraValue{"i-0c6f21bf1f24f9708"},
"accessKeyId": authenticationv1beta1.ExtraValue{""},
"principalId": authenticationv1beta1.ExtraValue{"TestNodeRole"},
"arn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"canonicalArn": {"arn:aws:iam::0123456789012:role/TestNodeRole"},
"sessionName": {"i-0c6f21bf1f24f9708"},
"accessKeyId": {""},
"principalId": {"TestNodeRole"},
"sigs.k8s.io/aws-iam-authenticator/principalId": {"TestNodeRole"},
}))
validateMetrics(t, validateOpts{success: 1})

Expand Down
2 changes: 1 addition & 1 deletion version.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.6.24
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks we have the convention to cut release in a separate PR, not sure if it can work if we do it together with other changes

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank for the heads up - I removed the change from the PR.

Once this PR is merged, I'll send a separate PR to bump the version again.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR to only bump the version: #748

0.6.25