Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve JWTAuthenticator Status #1851

Merged
merged 12 commits into from
Feb 28, 2024
Merged

Improve JWTAuthenticator Status #1851

merged 12 commits into from
Feb 28, 2024

Conversation

benjaminapetersen
Copy link
Member

@benjaminapetersen benjaminapetersen commented Jan 25, 2024

Improving the status messages of the JWT Authenticator.

# .Status was previously an empty field.
# full success .Status now looks like this:
status:
  conditions:
  - lastTransitionTime: "2024-02-23T19:31:36Z"
    message: authenticator initialized
    observedGeneration: 1
    reason: Success
    status: "True"
    type: AuthenticatorValid
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: discovery performed successfully
    observedGeneration: 1
    reason: Success
    status: "True"
    type: DiscoveryURLValid
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: issuer is a valid URL
    observedGeneration: 1
    reason: Success
    status: "True"
    type: IssuerURLValid
  - lastTransitionTime: "2024-02-23T19:31:36Z"
    message: successfully fetched jwks
    observedGeneration: 1
    reason: Success
    status: "True"
    type: JWKSFetchValid
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: jwks_uri is a valid URL
    observedGeneration: 1
    reason: Success
    status: "True"
    type: JWKSURLValid
  - lastTransitionTime: "2024-02-23T19:31:36Z"
    message: the JWTAuthenticator is ready
    observedGeneration: 1
    reason: Success
    status: "True"
    type: Ready
  - lastTransitionTime: "2024-02-23T19:31:33Z"
    message: successfully parsed specified CA bundle
    observedGeneration: 1
    reason: Success
    status: "True"
    type: TLSConfigurationValid
  phase: Ready

Release note:

Adds meaningful .Status to JWTAuthenticator resource.  Improves validations.

@benjaminapetersen benjaminapetersen changed the title Improve JWTAuthenticator Status WIP: Improve JWTAuthenticator Status Jan 25, 2024
@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch from 6e9fd00 to 300f86f Compare January 31, 2024 16:44
@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch 3 times, most recently from 3505ab7 to 9005d3d Compare February 12, 2024 21:55
@benjaminapetersen benjaminapetersen changed the title WIP: Improve JWTAuthenticator Status Improve JWTAuthenticator Status Feb 12, 2024
@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch 2 times, most recently from 0ca59e8 to f84183e Compare February 12, 2024 22:13
Copy link

codecov bot commented Feb 12, 2024

Codecov Report

Attention: Patch coverage is 76.04167% with 92 lines in your changes are missing coverage. Please review.

Project coverage is 38.45%. Comparing base (f18d731) to head (f498cb3).

Files Patch % Lines
...ler/authenticator/jwtcachefiller/jwtcachefiller.go 84.22% 48 Missing and 2 partials ⚠️
test/testlib/client.go 0.00% 39 Missing ⚠️
internal/controllermanager/prepare_controllers.go 0.00% 3 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1851      +/-   ##
==========================================
+ Coverage   38.14%   38.45%   +0.31%     
==========================================
  Files         346      347       +1     
  Lines       43638    43959     +321     
==========================================
+ Hits        16646    16906     +260     
- Misses      26477    26540      +63     
+ Partials      515      513       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch from 7075321 to d8545ac Compare February 13, 2024 19:02
@cfryanr
Copy link
Member

cfryanr commented Feb 13, 2024

@benjaminapetersen Please don't forget to add integration test coverage for the new feature. You can probably add coverage to some of the existing integration tests. To see an example of similar coverage, look for usages of the WaitForFederationDomainStatusConditions test helper in the integration tests.

@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch 3 times, most recently from 181c2b8 to b22d4cb Compare February 15, 2024 17:15
@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch from b22d4cb to 199f057 Compare February 15, 2024 21:55
@benjaminapetersen
Copy link
Member Author

Pushed a fix for this failing integration test: https://ci.pinniped.dev/builds/2327880

test/testlib/client.go Outdated Show resolved Hide resolved
test/testlib/client.go Outdated Show resolved Hide resolved
@cfryanr
Copy link
Member

cfryanr commented Feb 20, 2024

@benjaminapetersen It seems like maybe you don't have the project's git hooks configured on your development workstation, because you did not update the copyright dates as enforced by the git hooks. Please see https://github.com/vmware-tanzu/pinniped/blob/main/CONTRIBUTING.md#pre-commit-hooks.

@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch from 90afd5c to 13360eb Compare February 26, 2024 20:08
@benjaminapetersen
Copy link
Member Author

Squashed.

@benjaminapetersen benjaminapetersen force-pushed the ben/status/jwt-authenticator branch from 13360eb to 73a20e2 Compare February 26, 2024 20:13
@cfryanr cfryanr force-pushed the ben/status/jwt-authenticator branch 2 times, most recently from 0eb7389 to c4c66a3 Compare February 27, 2024 19:02
benjaminapetersen and others added 12 commits February 27, 2024 15:45
- "Ready" condition & supporting conditions
- Legacy "Phase" for convenience
- Refactor newCachedJWTAuthenticator() func
  to improve ability to provide additional conditions
- Update JWTAuthenticator.Status type
- Update RBAC for SA to get/watch/update JWTAuthenticator.Status
- Update logger to plog, add tests for logs & statuses
- update Sync() to reduce enqueue when error is config/user managed, perhaps remove validateJWKSResponse()
- some format updates
- add timestamp to test
- fix order of expect,actual in some assertions
- remove some commented code no longer needed
- paired with changes to e2e_test.go, adds Status.Condition assertions
  around JWTAuthenticators
- Add test to verify timestamps are particularly updated
- Improve diff output in tests for actions
- Make jwtauthenticator status tests parallel
- Update copyright headers in multiple files
@cfryanr cfryanr force-pushed the ben/status/jwt-authenticator branch from c4c66a3 to f498cb3 Compare February 27, 2024 23:45
@cfryanr cfryanr enabled auto-merge February 27, 2024 23:56
@cfryanr cfryanr merged commit 9978144 into main Feb 28, 2024
38 checks passed
@cfryanr cfryanr deleted the ben/status/jwt-authenticator branch February 28, 2024 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants