Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce an option to disable admin kubeconfig endpoints #6246

Merged
merged 2 commits into from
Oct 4, 2023
Merged

Introduce an option to disable admin kubeconfig endpoints #6246

merged 2 commits into from
Oct 4, 2023

Conversation

ahmedwaleedmalik
Copy link
Member

@ahmedwaleedmalik ahmedwaleedmalik commented Oct 4, 2023
edited

What this PR does / why we need it:
This PR does the following things:

  1. For API, disable admin kubeconfig endpoints when DisableAdminKubeconfig is enabled in KubermaticSettings
  2. For the frontend, the option to disable admin kubeconfig feature from the admin panel.

Which issue(s) this PR fixes:

Fixes #6245

What type of PR is this?

/kind feature

Special notes for your reviewer:

Does this PR introduce a user-facing change? Then add your Release Note here:

Support for disabling admin kubeconfig endpoint

Documentation:

https://github.com/kubermatic/docs/pull/1530

@ahmedwaleedmalik ahmedwaleedmalik self-assigned this Oct 4, 2023
@kubermatic-bot kubermatic-bot added kind/feature Categorizes issue or PR as related to a new feature. docs/none Denotes a PR that doesn't need documentation (changes). release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. sig/api Denotes a PR or issue as being assigned to SIG API. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 4, 2023
@kubermatic-bot kubermatic-bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. docs/tbd Denotes a PR that needs documentation (change) that will be done later. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. docs/none Denotes a PR that doesn't need documentation (changes). labels Oct 4, 2023
@ahmedwaleedmalik ahmedwaleedmalik changed the title Introduce an option to disable admin kubeconfig endpoints WIP: Introduce an option to disable admin kubeconfig endpoints Oct 4, 2023
@kubermatic-bot kubermatic-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 4, 2023
@ahmedwaleedmalik ahmedwaleedmalik added the sig/ui Denotes a PR or issue as being assigned to SIG UI. label Oct 4, 2023
@kubermatic-bot kubermatic-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 4, 2023
@ahmedwaleedmalik
Copy link
Member Author

ahmedwaleedmalik commented Oct 4, 2023
edited

Requires #6247 to be merged first.

@ahmedwaleedmalik ahmedwaleedmalik force-pushed the disable-admin-kubeconfig branch 2 times, most recently from 8ed2168 to a5ea875 Compare October 4, 2023 12:51
@ahmedwaleedmalik ahmedwaleedmalik changed the title WIP: Introduce an option to disable admin kubeconfig endpoints Introduce an option to disable admin kubeconfig endpoints Oct 4, 2023
@kubermatic-bot kubermatic-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 4, 2023
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: f645745a46d7cfb8cc299892cce32dd6ff090fbf

@pkprzekwas
Copy link
Contributor

/test pre-dashboard-web-integration-tests-ce

@ahmedwaleedmalik
Minor refactor
59a26f3 
Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
@kubermatic-bot kubermatic-bot removed the lgtm Indicates that a PR is ready to be merged. label Oct 4, 2023
@ahmedwaleedmalik
Copy link
Member Author

/cherry-pick release/v2.23

@kubermatic-bot
Copy link
Contributor

@ahmedwaleedmalik: once the present PR merges, I will cherry-pick it on top of release/v2.23 in a new PR and assign it to you.

In response to this:

/cherry-pick release/v2.23

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ahmedwaleedmalik
Copy link
Member Author

/cherry-pick release/v2.22

@kubermatic-bot
Copy link
Contributor

@ahmedwaleedmalik: once the present PR merges, I will cherry-pick it on top of release/v2.22 in a new PR and assign it to you.

In response to this:

/cherry-pick release/v2.22

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@pkprzekwas
Copy link
Contributor

/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Oct 4, 2023
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: cd327dbbe79e18866a2d9f5c66cd313ce8caa4f1

@ahmedwaleedmalik
Copy link
Member Author

/approve

Since it's already LGTM'd by the API and UI owners as well.

@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahmedwaleedmalik, Waseem826

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 4, 2023
@kubermatic-bot kubermatic-bot merged commit 00d894e into kubermatic:main Oct 4, 2023
14 checks passed
@kubermatic-bot kubermatic-bot added this to the KKP 2.24 milestone Oct 4, 2023
@kubermatic-bot
Copy link
Contributor

@ahmedwaleedmalik: #6246 failed to apply on top of branch "release/v2.23":

Applying: Support for disabling admin kubeconfig endpoint
Using index info to reconstruct a base tree...
M	modules/api/cmd/kubermatic-api/swagger.json
M	modules/api/go.mod
M	modules/api/pkg/api/v2/types.go
M	modules/api/pkg/handler/routes_v1.go
M	modules/api/pkg/handler/v1/admin/settings.go
M	modules/api/pkg/test/e2e/utils/apiclient/models/global_settings.go
M	modules/web/src/app/settings/admin/defaults/component.ts
M	modules/web/src/app/settings/admin/defaults/template.html
M	modules/web/src/app/shared/entity/settings.ts
Falling back to patching base and 3-way merge...
Auto-merging modules/web/src/app/shared/entity/settings.ts
Auto-merging modules/web/src/app/settings/admin/defaults/template.html
CONFLICT (content): Merge conflict in modules/web/src/app/settings/admin/defaults/template.html
Auto-merging modules/web/src/app/settings/admin/defaults/component.ts
Auto-merging modules/api/pkg/test/e2e/utils/apiclient/models/global_settings.go
Auto-merging modules/api/pkg/handler/v1/admin/settings.go
Auto-merging modules/api/pkg/handler/routes_v1.go
CONFLICT (content): Merge conflict in modules/api/pkg/handler/routes_v1.go
Auto-merging modules/api/pkg/api/v2/types.go
Auto-merging modules/api/go.mod
CONFLICT (content): Merge conflict in modules/api/go.mod
Auto-merging modules/api/cmd/kubermatic-api/swagger.json
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Support for disabling admin kubeconfig endpoint
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release/v2.23

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kubermatic-bot
Copy link
Contributor

@ahmedwaleedmalik: #6246 failed to apply on top of branch "release/v2.22":

Applying: Support for disabling admin kubeconfig endpoint
Using index info to reconstruct a base tree...
M	modules/api/cmd/kubermatic-api/swagger.json
M	modules/api/go.mod
M	modules/api/pkg/api/v2/types.go
M	modules/api/pkg/handler/common/kubeconfig.go
M	modules/api/pkg/handler/routes_v1.go
M	modules/api/pkg/handler/v1/admin/settings.go
M	modules/api/pkg/handler/v2/cluster/kubeconfig.go
M	modules/api/pkg/handler/v2/routes_v2.go
M	modules/api/pkg/test/e2e/utils/apiclient/models/global_settings.go
M	modules/web/src/app/settings/admin/defaults/component.ts
M	modules/web/src/app/settings/admin/defaults/template.html
M	modules/web/src/app/shared/entity/settings.ts
M	modules/web/src/test/services/settings-mock.ts
Falling back to patching base and 3-way merge...
Auto-merging modules/web/src/test/services/settings-mock.ts
Auto-merging modules/web/src/app/shared/entity/settings.ts
CONFLICT (content): Merge conflict in modules/web/src/app/shared/entity/settings.ts
Auto-merging modules/web/src/app/settings/admin/defaults/template.html
CONFLICT (content): Merge conflict in modules/web/src/app/settings/admin/defaults/template.html
Auto-merging modules/web/src/app/settings/admin/defaults/component.ts
CONFLICT (content): Merge conflict in modules/web/src/app/settings/admin/defaults/component.ts
Auto-merging modules/api/pkg/test/e2e/utils/apiclient/models/global_settings.go
CONFLICT (content): Merge conflict in modules/api/pkg/test/e2e/utils/apiclient/models/global_settings.go
Auto-merging modules/api/pkg/handler/v2/routes_v2.go
Auto-merging modules/api/pkg/handler/v2/cluster/kubeconfig.go
Auto-merging modules/api/pkg/handler/v1/admin/settings.go
Auto-merging modules/api/pkg/handler/routes_v1.go
CONFLICT (content): Merge conflict in modules/api/pkg/handler/routes_v1.go
Auto-merging modules/api/pkg/handler/common/kubeconfig.go
Auto-merging modules/api/pkg/api/v2/types.go
Auto-merging modules/api/go.mod
CONFLICT (content): Merge conflict in modules/api/go.mod
Auto-merging modules/api/cmd/kubermatic-api/swagger.json
CONFLICT (content): Merge conflict in modules/api/cmd/kubermatic-api/swagger.json
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Support for disabling admin kubeconfig endpoint
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release/v2.22

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ahmedwaleedmalik ahmedwaleedmalik deleted the disable-admin-kubeconfig branch October 4, 2023 14:08
ahmedwaleedmalik added a commit to ahmedwaleedmalik/dashboard that referenced this pull request Oct 5, 2023
@ahmedwaleedmalik
Introduce an option to disable admin kubeconfig endpoints (kubermatic…
20cc953 
…#6246)

* Support for disabling admin kubeconfig endpoint

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

* Minor refactor

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

---------

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
@ahmedwaleedmalik ahmedwaleedmalik mentioned this pull request Oct 5, 2023
Merged
ahmedwaleedmalik added a commit to ahmedwaleedmalik/dashboard that referenced this pull request Oct 5, 2023
@ahmedwaleedmalik
Introduce an option to disable admin kubeconfig endpoints (kubermatic…
c26037c 
…#6246)

* Support for disabling admin kubeconfig endpoint

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

* Minor refactor

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

---------

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
@ahmedwaleedmalik ahmedwaleedmalik mentioned this pull request Oct 5, 2023
Merged
kubermatic-bot pushed a commit that referenced this pull request Oct 5, 2023
@ahmedwaleedmalik
[release/v2.22] Introduce an option to disable admin kubeconfig endpo…
4837dc1 
…ints (#6250)

* Introduce an option to disable admin kubeconfig endpoints (#6246)

* Support for disabling admin kubeconfig endpoint

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

* Minor refactor

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

---------

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

* Remove linting changes

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

---------

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
kubermatic-bot pushed a commit that referenced this pull request Oct 5, 2023
@ahmedwaleedmalik
[release/v2.23] Introduce an option to disable admin kubeconfig endpo…
bfc5295 
…ints (#6249)

* Introduce an option to disable admin kubeconfig endpoints (#6246)

* Support for disabling admin kubeconfig endpoint

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

* Minor refactor

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

---------

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

* Update codegen

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>

---------

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
@kubermatic-bot kubermatic-bot added docs/provided Denotes a PR that has a valid documentation reference. and removed docs/tbd Denotes a PR that needs documentation (change) that will be done later. labels Oct 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkprzekwas pkprzekwas pkprzekwas left review comments

@Waseem826 Waseem826 Awaiting requested review from Waseem826

Assignees

@pkprzekwas pkprzekwas

@Waseem826 Waseem826

@ahmedwaleedmalik ahmedwaleedmalik

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. docs/provided Denotes a PR that has a valid documentation reference. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api Denotes a PR or issue as being assigned to SIG API. sig/ui Denotes a PR or issue as being assigned to SIG UI. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
KKP 2.24
Development

Successfully merging this pull request may close these issues.

Disabling non-oidc kubeconfig endpoints if oidc kubeconfig is enabled
4 participants
@ahmedwaleedmalik @kubermatic-bot @pkprzekwas @Waseem826