-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce changes from master to sig-auth-acceptance branch #300
Introduce changes from master to sig-auth-acceptance branch #300
Conversation
f1f64b6
to
ee29cc5
Compare
7c1476a
to
5c0c8bc
Compare
5c0c8bc
to
96e75e7
Compare
96e75e7
to
c7e1aff
Compare
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
much smaller change than I thought it would be 👍
IssuerURL: config.IssuerURL, | ||
ClientID: config.ClientID, | ||
tokenAuthenticator, err := oidc.New(ctx, oidc.Options{ | ||
JWTAuthenticator: apiserver.JWTAuthenticator{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we remove the old options and just wire the new config, since we have the chance?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not quite what I had in mind. Keeping the legacy struct for legacy options is fine, and I think preferable.
Perhaps this is not for this PR (I'd rather we removed a610979
) but why don't we try to move https://github.com/kubernetes/kubernetes/blob/04434b7bf4f8afe258fed430f163102abe1a24d5/pkg/kubeapiserver/options/authentication.go#L719-L787 somewhere where we could import it - it's how most of the other functionality in that file is implemented and this TODO mentions that it might be preferable here, too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand. Let me remove the change.
Introducing the suggested change, is definitely another PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would you create a k/k issue and link it to this PR, please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you expect me to create an issue for? That we finally need to move that into one place instead of copying it across different places and that this PR is an example of why we need it?
f356040
to
a610979
Compare
a610979
to
0b4a724
Compare
0b4a724
to
c7e1aff
Compare
name: "should pass through", | ||
cfg: &identityheaders.AuthnHeaderConfig{}, | ||
req: func() *http.Request { | ||
req, err := http.NewRequest(http.MethodGet, "http://example.com", nil) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a set of chaining functions that construct a request as necessary
edit: does not have to be chaining
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't quite understand the benefit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removal of duplicated code + it's easier to write future unit tests
please squash the last two changes to where the code was originally introduced and let's merge this PR |
e42f4f4
to
027349e
Compare
What
Why