This repository has been archived by the owner on Oct 12, 2023. It is now read-only.
fix: update unassigning identities in e2e #695
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chewong
reviewed
Jul 20, 2020
chewong
approved these changes
Jul 21, 2020
|
Let's merge #687 before retesting so we can check out the MIC logs |
BinHan0
added a commit
to bowu24/aad-pod-identity
that referenced
this pull request
Dec 7, 2020
* chore: make cloud config configurable in helm chart (Azure#598) * chore: make cloud config configurable in helm chart * Address PR comments * doc: add `--subscription` parameter to az cli commands (Azure#602) This ensure we use expected subscription in multiple subs environment. * feat: re-initialize MIC cloud client when cloud config is updated (Azure#590) * feat: re-initialize MIC cloud client when cloud config is updated * Fix race condition in unit test * Bump fsnotify to the latest release * Address PR comments * ci: set up nightly build and test against master (Azure#609) * add mic pod exception to deployment (Azure#611) * Move exception to a different yaml (Azure#615) * Code clean up (Azure#597) Fix typos Fix swallowed errors Report Metrics reporter errors Remove unused/dead code Properly goimports/gofmt files Rename stats.StatsType to stats.Type Add lint to CI Update golangci-lint to v1.27 Bump go version to 1.14.2, auto update minor versions in Docker Fix: Azure#571 * feat: make update user msi calls retriable (Azure#601) * feat: make update user msi calls retriable * Add stats support if an error occurs when updating user msi * Add e2e test case * Address PR comments * Add an additional test case * Apply linting rule * docs: reduce ambiguity in demo and role assignment docs (Azure#620) * add support information to readme (Azure#623) * Support multiple identities in Helm chart (Azure#457) * Support multiple azure identity and azure identity binding resources * bump chart version * remove redundant if condition * Merge branch 'master' into support-multiple-identities * Add 'Upgrading' section to chart's README.md file * update current chart version in README * Validate azureIdentities list length * Fix backtick Co-authored-by: Amir Schwartz <amschwar@microsoft.com> Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com> * update docs for pod-identity exception (Azure#624) * chore: change status code returned from NMI for errors (Azure#625) * chore: change status code returned from NMI for errors * s/mimics/mimic * ci: disable CI against master branch when merging PRs (Azure#627) * ci: disable CI against master branch when merging PRs * Add nightly build & test signal badge * change to 404 instead if no azure identity found (Azure#629) * chore: set context timeout for tests (Azure#630) * set context timeout for tests * remove gatekeeper test from PR * chore: update helm charts, docs for release 1.6.1 (Azure#631) * update helm charts, docs for release 1.6.1 * Review feedback * add aks add-on exception in kube-system (Azure#634) * Acquire an token with the certificate of service principal (Azure#517) * acquire an token with the certificate of service principal * allow users specify aad endpoint * Fix unit test failure * fix lint issues * fix lint issue missing a newline * update for unit test * more docs for this feature Co-authored-by: Guoqing Geng <hellokangning@hotmail.com> Co-authored-by: Guoqing Geng <gugeng@microsoft.com> * update base image with debian base (Azure#641) * add debian base * install wget during probe test * test: new test framework for aad-pod-identity (Azure#640) * test: new test framework for aad-pod-identity * Address PR comments * update typed namespacedname case for sp example (Azure#649) * update node selector label to kubernetes.io/os (Azure#652) * chore: disable crd-install when using Helm 3 (Azure#642) * test: convert e2e test cases from old to new framework (part 1) (Azure#650) * feat: make NMI listen only on localhost (Azure#658) * make NMI listen only on localhost * deprecate hostIP * add semver compare to helm chart * doc: list components prometheus enpoints (Azure#660) * test: convert e2e test cases from old to new framework (part 2) (Azure#656) * check rules for iptables (Azure#663) * test: convert e2e test cases from old to new framework (part 3) (Azure#662) * test: convert e2e test cases from old to new framework (part 3) * Address PR comment * test: convert e2e test cases from old to new framework (part 4) (Azure#664) * add default known types to scheme (Azure#668) * Remove unused cert volumes from mic deployment (Azure#670) * test: convert e2e test cases from old to new framework (part 5) (Azure#667) * Handle MSI auth requests by ResourceID (Azure#540) * Handle MSI auth requests by ResourceID Filter identities by either ClientID or by ResourceID, depending on which was specified when authenticating. Neither is required but they are mutually exclusive. * Validate auth with ResourceID in e2e test Add a check in the end-to-end tests that we can authenticate with a ResourceID. * Make linters happy Signed-off-by: Carolyn Van Slyck <carolyn.vanslyck@microsoft.com> Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com> * refactor: better error messages and handling (Azure#666) * refactor: better error messages and handling * Address PR comments * refactor: remove old test framework and rename e2e_new to e2e (Azure#680) * doc: add helm upgrade guide and known issues (Azure#683) * add helm upgrade guide and know issues * Review feedback * feat: trigger MIC sync when a pod label changes (Azure#682) * fix: check if identity exists before assign in e2e (Azure#693) * check if identity exists before assign in e2e * e2e: add nil check for assign and unassign * add e2e tests with resource id (Azure#696) * ci: add soak testing as part of nightly build & test and remove Jenkinsfile (Azure#687) * ci: add soak testing as part of nightly build & test and remove Jenkinsfile * Address PR comments * fix: update unassigning identities in e2e (Azure#695) * update unassigning identities in e2e * switch to using bool * fix: set max pods and assign empty map for system-assigned identity cleanup (Azure#697) * configure max pods for e2e cluster configs * assign empty map to VM/VMSS user-assigned identity before updating system-assigned identity Co-authored-by: Ernest Wong <chuwon@microsoft.com> Co-authored-by: Ernest Wong <chuwon@microsoft.com> * ci: do not overwrite REGISTRY environment variable if it is defined (Azure#699) * fix: assign empty struct to user-assigned identities when enabling system-assigned identity (Azure#701) * docs: add requirements to PR template and test standard to CONTRIBUTING.md (Azure#706) * ci: add code coverage as part of CI (Azure#705) * update default http probe port at deploy to 8085 (Azure#708) * update manifests and helm chart for 1.6.2 (Azure#709) * docs: fix broken test standard link in GitHub Pull Request template (Azure#710) * add certs volume for non-rbac manifests (Azure#713) * test: add e2e test for block-instance-metadata (Azure#715) * test: add aks as part of pr and nightly test (Azure#717) * fix: use single quotes when performing string comparsion in ADO (Azure#719) * ci: download the correct version of kubectl in e2e according to cluster version (Azure#721) * chore: add deploy manifests and helm charts to staging dir (Azure#736) * add deploy manifests to staging dir * promote rbac.authorization.k8s.io to v1 * promote rbac.authorization.k8s.io to v1 Co-authored-by: Ernest Wong <chuwon@microsoft.com> * add release namespace to chart manifests (Azure#741) * fix: fix miscellaneous linting problem in the codebase (Azure#733) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * chore: remove privileged: true for NMI daemonset (Azure#745) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * add load test pipeline to nightly job (Azure#744) build images for load tests * ci: install aad-pod-identity in kube-system namespace (Azure#747) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * test: skip backward compatibility test case for aks clusters (Azure#755) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * Update to go1.15 (Azure#751) Rev go to latest version * Fixed typo (Azure#757) Fixed typo for azureIdentityBinding * Fixed Grammar (Azure#758) Guiding Principals --> Guiding Principles * ci: bump golangci-lint to v1.30.0 (Azure#759) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * Report original error from getPodListRetry (Azure#762) * ci: do not install / uninstall pod identity deployment in soak test (Azure#763) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * update pr github template (Azure#765) * initialize klog flags for NMI (Azure#767) * fix: ensure stats collector doesn't aggregate stats from multiple runs (Azure#750) * fix: ensure stats collector doesn't aggregate stats from multiple runs Signed-off-by: Ernest Wong <chuwon@microsoft.com> * Address PR comments Signed-off-by: Ernest Wong <chuwon@microsoft.com> * ci: fix e2e failure in nightly test pipeline (Azure#772) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * feat: throttling - honor retry after header (Azure#742) * throttling: honor retry after header * add unit tests * docs: automate role assignments and improve troubleshooting guide (Azure#754) * docs: automate role assignments and improve troubleshooting guide Signed-off-by: Ernest Wong <chuwon@microsoft.com> * feat: reconcile identity assignment on Azure (Azure#734) * feat: reconcile identity assignment on Azure Signed-off-by: Ernest Wong <chuwon@microsoft.com> * Address PR comments Signed-off-by: Ernest Wong <chuwon@microsoft.com> * set dnspolicy to clusterfirstwithhostnet for NMI (Azure#776) * chore: Add imagePullSecretes to the Helm chart (Azure#774) * Add imagePullSecretes to the Helm chart Signed-off-by: Armin <armin@coralic.nl> * Use name - value instead of only value Signed-off-by: Armin <armin@coralic.nl> * Remove unused end statement Signed-off-by: Armin <armin@coralic.nl> Co-authored-by: Ernest Wong <chuwon@microsoft.com> * Expose metrics port (Azure#777) * add user managed identity support to helm charts (Azure#781) * chore: bump debian-base to v2.1.3 and debian-iptables to v12.1.2 (Azure#783) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * docs: add doc for deleting/recreating identity with same name (Azure#786) * add doc for deleting/recreating identity with same name * Review feedback * chore: add logs for ignored pods (Azure#785) * add logs for ignored pods * Review feedback * ci: fix image not found error in soak tests (Azure#787) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * docs: add best practices documentation (Azure#779) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * update pod cidr to non-host traffic for NMI (Azure#790) * test: cleanup pods before removing ns and refactor "eventually" calls (Azure#791) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * test: s/1.15.0/1.15 & exclude existing identities when updating (Azure#793) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * test: move identity unassignment to eventually block (Azure#796) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * update manifests and helm chart for v1.6.3 (Azure#797) * docs: initial layout for static site (Azure#801) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * Set theme jekyll-theme-cayman * Revert "Set theme jekyll-theme-cayman" (Azure#802) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * ci: include image scanning as part of CI & set non-root user in Dockerfile (Azure#803) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * remove aks cluster version in e2e (Azure#808) * fix: ensure backward compability of identityvalidator image (Azure#809) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * fix: decrease length of RG name to allow cluster creation in eastus2euap (Azure#810) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * docs: update website theme to docsy (Azure#828) * Updated website config * fix: fix various config issues Signed-off-by: Ernest Wong <chuwon@microsoft.com> * Update _index.html * Update _index.html Co-authored-by: phillipgibson <12676206+phillipgibson@users.noreply.github.com> * docs: update invalid URLs in website (Azure#832) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * fix: remove extra indentation in crd.yaml (Azure#833) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * chore: make runAsUser conditional for MIC in helm (Azure#844) * test: health check with podIP from the busybox container (Azure#840) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * feat: support JSON logging format (Azure#839) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * fix: account for 150+ identity assignment and unassignment (Azure#847) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * disable aad-pod-identity by default for kubenet (Azure#842) * ci: add gosec as part of linting (Azure#850) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * chore: remove --ignore-unfixed for trivy (Azure#854) * feat: add auxiliary tenant ids for service principal (Azure#843) * docs: fix casing of "priorityClassName" parameters in README.md (Azure#856) * docs: add docs for various topics (Azure#858) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * fix: s/cluster resource group/node resource group (Azure#862) Signed-off-by: Ernest Wong <chuwon@microsoft.com> * docs: add docs for configuring in custom cloud (Azure#863) * docs: fix broken links and typo (Azure#864) * release: update manifest and helm charts for v1.7.0 (Azure#866) * merge repo * change * change Co-authored-by: Ernest Wong <chuwon@microsoft.com> Co-authored-by: hbc <me@hbc.rocks> Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com> Co-authored-by: Jonas-Taha El Sesiy <github@elsesiy.com> Co-authored-by: amirschw <24677563+amirschw@users.noreply.github.com> Co-authored-by: Amir Schwartz <amschwar@microsoft.com> Co-authored-by: Guoqing Geng <hellokangning@gmail.com> Co-authored-by: Guoqing Geng <hellokangning@hotmail.com> Co-authored-by: Guoqing Geng <gugeng@microsoft.com> Co-authored-by: hbc <bcxxxxxx@gmail.com> Co-authored-by: Quentin Bisson <quentin.bisson@gmail.com> Co-authored-by: Carolyn Van Slyck <carolyn.vanslyck@microsoft.com> Co-authored-by: Paul Kelso <Paul.Kelso@microsoft.com> Co-authored-by: David Schneider <dsbrng25b@gmail.com> Co-authored-by: Armin Coralic <armin@coralic.nl> Co-authored-by: Mickaël Canévet <mickael.canevet@camptocamp.com> Co-authored-by: marchenm <39064752+marchenm@users.noreply.github.com> Co-authored-by: phillipgibson <12676206+phillipgibson@users.noreply.github.com> Co-authored-by: Alexander Zaytsev <alexzaytsev2019@gmail.com>
statbit
pushed a commit
to adobe-platform/aad-pod-identity
that referenced
this pull request
Sep 30, 2021
* update unassigning identities in e2e * switch to using bool
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Issue Fixed:
Notes for Reviewers: