Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve JWTAuthenticator Status #1851

Merged
merged 12 commits into from
Feb 28, 2024
Merged

Improve JWTAuthenticator Status #1851

merged 12 commits into from
Feb 28, 2024

Conversation

benjaminapetersen
Copy link
Member

@benjaminapetersen benjaminapetersen commented Jan 25, 2024
edited
Loading

Improving the status messages of the JWT Authenticator.

# .Status was previously an empty field.
# full success .Status now looks like this:
status:
  conditions:
  - lastTransitionTime: "2024-02-23T19:31:36Z"
    message: authenticator initialized
    observedGeneration: 1
    reason: Success
    status: "True"
    type: AuthenticatorValid
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: discovery performed successfully
    observedGeneration: 1
    reason: Success
    status: "True"
    type: DiscoveryURLValid
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: issuer is a valid URL
    observedGeneration: 1
    reason: Success
    status: "True"
    type: IssuerURLValid
  - lastTransitionTime: "2024-02-23T19:31:36Z"
    message: successfully fetched jwks
    observedGeneration: 1
    reason: Success
    status: "True"
    type: JWKSFetchValid
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: jwks_uri is a valid URL
    observedGeneration: 1
    reason: Success
    status: "True"
    type: JWKSURLValid
  - lastTransitionTime: "2024-02-23T19:31:36Z"
    message: the JWTAuthenticator is ready
    observedGeneration: 1
    reason: Success
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: successfully parsed specified CA bundle
    observedGeneration: 1
    reason: Success
    status: "True"
    type: TLSConfigurationValid
  phase: Ready

Release note:

Adds meaningful .Status to JWTAuthenticator resource.  Improves validations.

@benjaminapetersen benjaminapetersen changed the title Improve JWTAuthenticator Status WIP: Improve JWTAuthenticator Status Jan 25, 2024
@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch 3 times, most recently from 3505ab7 to 9005d3d Compare February 12, 2024 21:55
@benjaminapetersen benjaminapetersen changed the title WIP: Improve JWTAuthenticator Status Improve JWTAuthenticator Status Feb 12, 2024
@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch 2 times, most recently from 0ca59e8 to f84183e Compare February 12, 2024 22:13
@codecov Codecov
Copy link

codecov bot commented Feb 12, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 76.04167% with 92 lines in your changes are missing coverage. Please review.

Project coverage is 38.45%. Comparing base (f18d731) to head (f498cb3).

Files Patch % Lines
...ler/authenticator/jwtcachefiller/jwtcachefiller.go 84.22% 48 Missing and 2 partials ⚠️
test/testlib/client.go 0.00% 39 Missing ⚠️
internal/controllermanager/prepare_controllers.go 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1851      +/-   ##
==========================================
+ Coverage   38.14%   38.45%   +0.31%     
==========================================
  Files         346      347       +1     
  Lines       43638    43959     +321     
==========================================
+ Hits        16646    16906     +260     
- Misses      26477    26540      +63     
+ Partials      515      513       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cfryanr
Copy link
Member

cfryanr commented Feb 13, 2024

@benjaminapetersen Please don't forget to add integration test coverage for the new feature. You can probably add coverage to some of the existing integration tests. To see an example of similar coverage, look for usages of the WaitForFederationDomainStatusConditions test helper in the integration tests.

@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch 3 times, most recently from 181c2b8 to b22d4cb Compare February 15, 2024 17:15
@benjaminapetersen
Copy link
Member Author

Pushed a fix for this failing integration test: https://ci.pinniped.dev/builds/2327880

cfryanr
cfryanr reviewed Feb 20, 2024
View reviewed changes
test/testlib/client.go Outdated Show resolved Hide resolved
cfryanr
cfryanr reviewed Feb 20, 2024
View reviewed changes
test/testlib/client.go Outdated Show resolved Hide resolved
@cfryanr
Copy link
Member

cfryanr commented Feb 20, 2024

@benjaminapetersen It seems like maybe you don't have the project's git hooks configured on your development workstation, because you did not update the copyright dates as enforced by the git hooks. Please see https://github.com/vmware-tanzu/pinniped/blob/main/CONTRIBUTING.md#pre-commit-hooks.

@benjaminapetersen
Copy link
Member Author

Squashed.

@cfryanr cfryanr force-pushed the ben/status/jwt-authenticator branch 2 times, most recently from 0eb7389 to c4c66a3 Compare February 27, 2024 19:02
benjaminapetersen and others added 12 commits February 27, 2024 15:45
@benjaminapetersen @cfryanr
Add .Status to JWTAuthenticator with Conditions,Phase
a4447fa 
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
@benjaminapetersen @cfryanr
ldap upstream watcher: rename local var for clarity
fd14a57
@benjaminapetersen @cfryanr
extract status comparison test helpers
4763934
@benjaminapetersen @cfryanr
Improve jwtcachefiller tests
084c311 
- some format updates
- add timestamp to test
- fix order of expect,actual in some assertions
- remove some commented code no longer needed
@benjaminapetersen @cfryanr
fix comment in testlib/client.go
09bd51f
@benjaminapetersen @cfryanr
add WaitForJWTAuthenticatorStatusPhase() integration helper
1a633ad
@benjaminapetersen @cfryanr
Add integration tests for JWTAuthenticators
73e4d31 
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
@benjaminapetersen @cfryanr
Update copyright year in modified files
1c7e704
@benjaminapetersen @cfryanr
Add Status & tests for jwks key fetching
42acf8d
@benjaminapetersen @cfryanr
Update jwk authenticator status integration tests
868ff9e
@benjaminapetersen @cfryanr
Update jwtauthenticator unit tests to check actions
e8482ab 
- Add test to verify timestamps are particularly updated
- Improve diff output in tests for actions
- Make jwtauthenticator status tests parallel
- Update copyright headers in multiple files
@cfryanr
wait for JWTAuthenticator to be phase=ready in supervisor warnings test
f498cb3
@cfryanr cfryanr merged commit 9978144 into main Feb 28, 2024
38 checks passed
@cfryanr cfryanr deleted the ben/status/jwt-authenticator branch February 28, 2024 00:41
@benjaminapetersen benjaminapetersen mentioned this pull request Mar 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfryanr cfryanr cfryanr approved these changes

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benjaminapetersen @cfryanr @vmwclabot