Some code fixes and getting proper restricted kubeconfig structs #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ct#775) This PR adds SBOM information to README as well as [CLOMonitor](https://github.com/cncf/clomonitor) exemption configuration. This resolves nephio-project#551 and nephio-project#546
…rkflow Hardening codeql workflow
|
Other PRs will follow for fixing:
|
nephio-project#779 Main change here was to remove the use of the replace directive for porch in the go.mod files. Update the import paths. Minor code updates. Update the other dependencies to satisfy the existing codebase.
PrimalPimmy
force-pushed
the
spire-fixes
branch
3 times, most recently
from
26c7d74 to
2880aa9
Compare
Change approval controller PR Get to hit the api directly instead of reading from local cache. Adjust the reque duration to prevent race condition. During debugging the approval delay issue reported [here](nephio-project#462) it became apparent that the packagerev being fetched was a cached version which didn't get updated for quite some time. To circumvent this, we are retrieving the PR using the apiReader interface which bypasses the local cache and hits the k8s api directly.
Co-authored-by: Rado Chmiel <[email protected]>
…ephio-project#525) Solves nephio-project#493 These changes will ensure we have nf deploy fn to apply de dupulication logic to NF Deploy Param Ref 1. Changes to Add Dependency to check if it already exist before adding. Thanks @gvbalaji for the code snippet in chat. 2. Added test cases to handle dependency, if same file is present multiple times. Its not in our use case, but its better to add that too. 3. Added changes to pipeline tests to ensure, if I run the NF Deploy Fn multiples after that, it doesn't break the idempotency principle.
Update pkgrev.get to use api Reader to bypass cache Additional logging Update kyaml versions to sync with porch version
PrimalPimmy
force-pushed
the
spire-fixes
branch
from
6f975bb to
4e618c3
Compare
There were some build fails that slipped trough tests resulting in broken build. Enabling 'always_run' as those are not long-running, just to be on safe side.
Signed-off-by: PrimalPimmy <[email protected]> minor fix Signed-off-by: PrimalPimmy <[email protected]> Cluster reconciler Signed-off-by: PrimalPimmy <[email protected]> Cluster reconciler Signed-off-by: PrimalPimmy <[email protected]> sending bundle to remote cluster Signed-off-by: PrimalPimmy <[email protected]> Test Signed-off-by: PrimalPimmy <[email protected]> Spire auth inside reconciler Signed-off-by: PrimalPimmy <[email protected]> Vault authentication and fetching kubeconfig Signed-off-by: PrimalPimmy <[email protected]> Some testing Signed-off-by: PrimalPimmy <[email protected]> Mid testing Signed-off-by: PrimalPimmy <[email protected]> Mid testing Signed-off-by: PrimalPimmy <[email protected]> Mid testing Signed-off-by: PrimalPimmy <[email protected]> Mid testing-2 Signed-off-by: PrimalPimmy <[email protected]> Mid testing-2 Signed-off-by: PrimalPimmy <[email protected]> Mid testing-2 Signed-off-by: PrimalPimmy <[email protected]> Mid testing-3 Signed-off-by: PrimalPimmy <[email protected]> Mid testing-3 Signed-off-by: PrimalPimmy <[email protected]> Mid testing-3 Signed-off-by: PrimalPimmy <[email protected]> Refactoring Signed-off-by: PrimalPimmy <[email protected]> Kubeconfig test Signed-off-by: PrimalPimmy <[email protected]> Removed found Signed-off-by: PrimalPimmy <[email protected]> log testing Signed-off-by: PrimalPimmy <[email protected]> log testing Signed-off-by: PrimalPimmy <[email protected]> log testing Signed-off-by: PrimalPimmy <[email protected]> Getting svid Signed-off-by: PrimalPimmy <[email protected]> Getting svid-2 Signed-off-by: PrimalPimmy <[email protected]> Getting svid-2 Signed-off-by: PrimalPimmy <[email protected]> Getting svid-3 Signed-off-by: PrimalPimmy <[email protected]> Getting svid-4 Signed-off-by: PrimalPimmy <[email protected]> Getting svid-5 Signed-off-by: PrimalPimmy <[email protected]> Getting svid-6 Signed-off-by: PrimalPimmy <[email protected]> Vault addr and patch configmap Signed-off-by: PrimalPimmy <[email protected]> Vault addr and patch configmap Signed-off-by: PrimalPimmy <[email protected]> Restricted Kubeconfig Signed-off-by: PrimalPimmy <[email protected]> configmap perms Signed-off-by: PrimalPimmy <[email protected]> server addr Signed-off-by: PrimalPimmy <[email protected]> Struct to yaml Signed-off-by: PrimalPimmy <[email protected]> Struct to yaml Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> Reverting changes Signed-off-by: PrimalPimmy <[email protected]> yaml indent fixing Signed-off-by: PrimalPimmy <[email protected]> yaml indent fixing Signed-off-by: PrimalPimmy <[email protected]> yaml indent fixing Signed-off-by: PrimalPimmy <[email protected]> Some cleanup Signed-off-by: PrimalPimmy <[email protected]> Some cleanup Signed-off-by: PrimalPimmy <[email protected]> Debugging Signed-off-by: PrimalPimmy <[email protected]> Debugging Signed-off-by: PrimalPimmy <[email protected]> Debugging Signed-off-by: PrimalPimmy <[email protected]> Debugging Signed-off-by: PrimalPimmy <[email protected]> vault storage change Signed-off-by: PrimalPimmy <[email protected]> Added kubeconfig change Signed-off-by: PrimalPimmy <[email protected]> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <[email protected]> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <[email protected]> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <[email protected]> Spire-agent conf, vault testing Signed-off-by: PrimalPimmy <[email protected]> module testing Signed-off-by: PrimalPimmy <[email protected]> revert module change Signed-off-by: PrimalPimmy <[email protected]> Vault JWT role detect Signed-off-by: PrimalPimmy <[email protected]> Vault JWT role detect Signed-off-by: PrimalPimmy <[email protected]> Vault JWT role detect-2 Signed-off-by: PrimalPimmy <[email protected]>
Signed-off-by: PrimalPimmy <[email protected]>
Signed-off-by: PrimalPimmy <[email protected]>
Signed-off-by: PrimalPimmy <[email protected]>
PrimalPimmy
force-pushed
the
spire-fixes
branch
from
b1b3497 to
60bb4c8
Compare
Signed-off-by: PrimalPimmy <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR involves improving the process of generating restricted kubeconfigs for the spire-server to pick up