-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
⚠️ Envtest refactor, support for 1.20+ API servers (secure serving) #1486
⚠️ Envtest refactor, support for 1.20+ API servers (secure serving) #1486
Commits on Jun 1, 2021
-
Envtest secure serving by default, 1.20 flags
This introduces secure serving by default, transparently switching configs to connect to secure endpoints. Similarly, the insecure endpoints are now disabled by default -- they must be explicitly disabled if you want to use them (note that this will only work on API servers <=1.19). This also turns on flags around the tokenrequest endpoint which are required to be on in 1.20, and have been available for all the versions that we currently support (back to 1.16). There's a whole new set of control plane APIs for provisioning users, and the old "just get a single account" APIs of the internal package are mostly deprecated. The default `Environment.Config` is *NOT* deprecated however -- this is intended to continue working as normal in order to avoid breaking everyone and to keep things in envtest working easily -- most tests will be fine with an admin user. For users that want RBAC, individual users may be provisioned with the ControlPlane.AddUser method.
Configuration menu - View commit details
-
Copy full SHA for b0ed0a9 - Browse repository at this point
Copy the full SHA b0ed0a9View commit details -
This adds a full test suite for TinyCA, which was missing before, and is especially needed with the new envtest client cert generation.
Configuration menu - View commit details
-
Copy full SHA for 848bc88 - Browse repository at this point
Copy the full SHA 848bc88View commit details -
Unify process.BinPathFinder with envtest's logic
Previously, envtest had separate logic that overrode testing/process.BinPathFinder, mainly because the latter used to be in a separate module. Since they're now in the same module and BinPathFinder is internal, we can just unify the logic and remove some of our hacks.
Configuration menu - View commit details
-
Copy full SHA for e8204ec - Browse repository at this point
Copy the full SHA e8204ecView commit details -
Tests for testing/controlplane components
This adds fairly comprehensive tests for the control plane components, which either didn't exist before the refactor or existed very loosely in the form of general integration tests.
Configuration menu - View commit details
-
Copy full SHA for c0ca959 - Browse repository at this point
Copy the full SHA c0ca959View commit details -
Expose some internal types/funcs in envtest
This exposes a few pieces of the new APIs in internal/testing as public in envtest. These types are effectively part of public APIs (they're referenced by public methods or fields of APIServer, ControlPlane, etc), so we should let users name them.
Configuration menu - View commit details
-
Copy full SHA for e1a570b - Browse repository at this point
Copy the full SHA e1a570bView commit details -
Ensure testing ControlPlane is restartable
This makes sure that you can start a ControlPlane after stopping it. This preserves existing functionality. Note that the ability to re-use users or keep data around is *not* preserved -- use a fixed CertDir if you want this.
Configuration menu - View commit details
-
Copy full SHA for 6fd12aa - Browse repository at this point
Copy the full SHA 6fd12aaView commit details -
The only place I've seen lll complain much is flag help, error messsages, and such, which aren't really a problem when they're long. Other stuff like complexity is probably best left to review, IMO.
Configuration menu - View commit details
-
Copy full SHA for e77a2fc - Browse repository at this point
Copy the full SHA e77a2fcView commit details