feat(kuma-cp) Admin User Token bootstrap

[jakubdyszkiewicz]

Summary

Bootstrap flow for Admin User Token.

We create Admin User Token for the user. The assumption is that if someone has access to Secrets, they have access to user token signing key and can do whatever they want, so we could just as well pregenerate this token for convenience.

Additionally, on Kubernetes, we will disable localhostIsAdmin setting once we switch to User Token as the default auth mechanism. We can do this since user can just access the secret directly using kubectl.
On Universal, we cannot do this, because it's expected that the user will extract it using kumactl / API. Therefore what we can do is to log a warning that it is recommended to disable this setting.

I'm considering logging bootstrap of Admin User Token is enabled... message only when Admin User Token is created, but I think it may be useful for every start of CP. What do you think?

Documentation

• API Server authentication kuma-website#554

Testing

• Unit tests
• E2E tests
• Manual testing on Universal
• Manual testing on Kubernetes

Backwards compatibility

• No backporting.

[codecov-commenter]

Codecov Report

Merging #2923 (da5d8a2) into master (7e40b0f) will increase coverage by 0.07%.
The diff coverage is 71.42%.

@@            Coverage Diff             @@
##           master    #2923      +/-   ##
==========================================
+ Coverage   52.21%   52.29%   +0.07%     
==========================================
  Files         912      913       +1     
  Lines       52736    52804      +68     
==========================================
+ Hits        27538    27612      +74     
+ Misses      23004    22993      -11     
- Partials     2194     2199       +5     

Impacted Files	Coverage Δ
test/framework/universal_cluster.go	0.00% <0.00%> (ø)
pkg/plugins/authn/api-server/tokens/plugin.go	66.66% <60.00%> (-3.34%)	⬇️
...s/authn/api-server/tokens/admin_token_bootstrap.go	82.69% <82.69%> (ø)
pkg/config/api-server/config.go	70.21% <100.00%> (+2.03%)	⬆️
pkg/core/bootstrap/bootstrap.go	65.20% <100.00%> (+0.51%)	⬆️
...ugins/authn/api-server/tokens/issuer/revocation.go	86.66% <100.00%> (+0.95%)	⬆️
pkg/core/resources/manager/cache.go	85.71% <0.00%> (ø)
api/observability/v1/mads.pb.go	35.56% <0.00%> (+1.03%)	⬆️
pkg/xds/generator/direct_access_proxy_generator.go	83.90% <0.00%> (+1.14%)	⬆️
pkg/mads/v1/client/client.go	43.75% <0.00%> (+2.50%)	⬆️
... and 4 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7e40b0f...da5d8a2. Read the comment docs.

[bartsmykla]

lgtm