JWTAuthenticator distributed claims resolution honors tls config #1129
Conversation
| NotBefore: jwt.NewNumericDate(time.Now().Add(-time.Hour)), | ||
| IssuedAt: jwt.NewNumericDate(time.Now().Add(-time.Hour)), | ||
| } | ||
| mux.Handle("/claim_source", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
There was a problem hiding this comment.
This test feels pretty awkward but I can't declare mux.Handle("/claim_source", ... later (once the groups claim name and groups value are known) because it's not allowed to be redeclared for each test.
I thought about spinning up an entire new test server in each test but that also gets awkward because currently we need to know the issuer name in the test table and it also just feels kinda wasteful.
Codecov Report
@@ Coverage Diff @@
## main #1129 +/- ##
==========================================
+ Coverage 79.70% 79.72% +0.02%
==========================================
Files 136 136
Lines 10060 10054 -6
==========================================
- Hits 8018 8016 -2
+ Misses 1770 1767 -3
+ Partials 272 271 -1
Continue to review full report at Codecov.
|
Kube 1.23 introduced a new field on the OIDC Authenticator which allows us to pass in a client with our own TLS config. See kubernetes/kubernetes#106141. Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf
force-pushed
the
jwt-authenticator-client-field
branch
from
2a324b6
to
0b72f70
Compare
Kube 1.23 introduced a new field on the OIDC Authenticator which
allows us to pass in a client with our own TLS config. See
kubernetes/kubernetes#106141.
Signed-off-by: Margo Crawford margaretc@vmware.com
Release note: