Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add UID to client-go impersonation config #104483

Merged
merged 1 commit into from Sep 27, 2021
Merged

Conversation

@margocrawf
Copy link
Contributor

@margocrawf margocrawf commented Aug 20, 2021

What type of PR is this?

/kind feature

What this PR does / why we need it:

Introduces Impersonate-UID to client-go. My previous PR introduced the Impersonate-UID header, this PR makes it possible to specify the UID in your impersonation config on the client side in order to pass the Impersonate-UID header along with a request.

  • Updates ImpersonationConfig in rest/config.go to include UID
    attribute, and pass it through when copying the config
  • Updates ImpersonationConfig in transport/config.go to include UID
    attribute
  • In transport/round_tripper.go, Set the "Impersonate-Uid" header in
    requests based on the UID value in the config
  • Update auth_test.go integration test to specify a UID through the new
    rest.ImpersonationConfig field rather than manually setting the
    Impersonate-Uid header

Which issue(s) this PR fixes:

This is another piece of addressing #93699. It is a follow up to #99961.

Does this PR introduce a user-facing change?

client-go impersonation config can specify a UID to pass impersonated uid information through in requests.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:


@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Aug 20, 2021

Hi @margocrawf. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Loading

@k8s-triage-robot
Copy link

@k8s-triage-robot k8s-triage-robot commented Aug 20, 2021

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

Loading

@caesarxuchao
Copy link
Member

@caesarxuchao caesarxuchao commented Aug 24, 2021

/assign @deads2k
/triage accepted

Loading

@enj
Copy link
Member

@enj enj commented Sep 1, 2021

/ok-to-test
/assign
/priority important-longterm
/milestone v1.23

Loading

Copy link
Member

@enj enj left a comment

Basically the same comment a bunch of times about field ordering to match the rest of the codebase.

Loading

staging/src/k8s.io/client-go/rest/config.go Outdated Show resolved Hide resolved
Loading
staging/src/k8s.io/client-go/rest/config.go Outdated Show resolved Hide resolved
Loading
staging/src/k8s.io/client-go/rest/transport.go Outdated Show resolved Hide resolved
Loading
staging/src/k8s.io/client-go/transport/config.go Outdated Show resolved Hide resolved
Loading
staging/src/k8s.io/client-go/transport/round_trippers.go Outdated Show resolved Hide resolved
Loading
staging/src/k8s.io/client-go/transport/round_trippers.go Outdated Show resolved Hide resolved
Loading
@deads2k
Copy link
Contributor

@deads2k deads2k commented Sep 7, 2021

after Mo's comments, this looks plausible to me. Ping me on slack once updated.

Loading

@enj enj added this to Needs Triage in SIG Auth Sep 13, 2021
@deads2k
Copy link
Contributor

@deads2k deads2k commented Sep 14, 2021

/lgtm
/approve

Loading

@margocrawf
Copy link
Contributor Author

@margocrawf margocrawf commented Sep 15, 2021

/assign @smarterclayton

Loading

@enj enj moved this from Needs Triage to In Review in SIG Auth Sep 24, 2021
@k8s-ci-robot k8s-ci-robot removed the lgtm label Sep 24, 2021
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
@enj
Copy link
Member

@enj enj commented Sep 24, 2021

/lgtm

Loading

@enj
Copy link
Member

@enj enj commented Sep 24, 2021

/uncc johnSchnake krousey

Loading

@smarterclayton
Copy link
Contributor

@smarterclayton smarterclayton commented Sep 27, 2021

/approve

Loading

@k8s-ci-robot
Copy link
Contributor

@k8s-ci-robot k8s-ci-robot commented Sep 27, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, margocrawf, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Loading

@k8s-ci-robot k8s-ci-robot merged commit 48d844e into kubernetes:master Sep 27, 2021
13 of 15 checks passed
Loading
SIG Auth automation moved this from In Review to Closed / Done Sep 27, 2021
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Oct 19, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Oct 19, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Oct 19, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Oct 19, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Oct 20, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Nov 5, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
margocrawf added a commit to margocrawf/kubernetes that referenced this issue Nov 5, 2021
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment