Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add UID to client-go impersonation config #104483

Merged
merged 1 commit into from Sep 27, 2021
Merged

Add UID to client-go impersonation config #104483

merged 1 commit into from Sep 27, 2021

Conversation

margocrawf
Copy link
Contributor

What type of PR is this?

/kind feature

What this PR does / why we need it:

Introduces Impersonate-UID to client-go. My previous PR introduced the Impersonate-UID header, this PR makes it possible to specify the UID in your impersonation config on the client side in order to pass the Impersonate-UID header along with a request.

  • Updates ImpersonationConfig in rest/config.go to include UID
    attribute, and pass it through when copying the config
  • Updates ImpersonationConfig in transport/config.go to include UID
    attribute
  • In transport/round_tripper.go, Set the "Impersonate-Uid" header in
    requests based on the UID value in the config
  • Update auth_test.go integration test to specify a UID through the new
    rest.ImpersonationConfig field rather than manually setting the
    Impersonate-Uid header

Which issue(s) this PR fixes:

This is another piece of addressing #93699. It is a follow up to #99961.

Does this PR introduce a user-facing change?

client-go impersonation config can specify a UID to pass impersonated uid information through in requests.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 20, 2021
@k8s-ci-robot
Copy link
Contributor

Hi @margocrawf. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. area/test labels Aug 20, 2021
@k8s-ci-robot k8s-ci-robot added kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Aug 20, 2021
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@caesarxuchao
Copy link
Member

/assign @deads2k
/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 24, 2021
@enj
Copy link
Member

enj commented Sep 1, 2021

/ok-to-test
/assign
/priority important-longterm
/milestone v1.23

@k8s-ci-robot k8s-ci-robot added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 1, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Sep 1, 2021
enj
enj suggested changes Sep 1, 2021
View reviewed changes
Copy link
Member

@enj enj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically the same comment a bunch of times about field ordering to match the rest of the codebase.

staging/src/k8s.io/client-go/rest/config.go Outdated Show resolved Hide resolved
staging/src/k8s.io/client-go/rest/config.go Outdated Show resolved Hide resolved
staging/src/k8s.io/client-go/rest/transport.go Outdated Show resolved Hide resolved
staging/src/k8s.io/client-go/transport/config.go Outdated Show resolved Hide resolved
staging/src/k8s.io/client-go/transport/round_trippers.go Outdated Show resolved Hide resolved
staging/src/k8s.io/client-go/transport/round_trippers.go Outdated Show resolved Hide resolved
@enj enj added this to Needs Triage in SIG Auth Old Sep 13, 2021
@deads2k
Copy link
Contributor

deads2k commented Sep 14, 2021

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 14, 2021
@margocrawf
Copy link
Contributor Author

/assign @smarterclayton

@enj enj moved this from Needs Triage to In Review in SIG Auth Old Sep 24, 2021
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 24, 2021
@margocrawf
Introduces Impersonate-Uid to client-go.
d9ddfb2 
* Updates ImpersonationConfig in rest/config.go to include UID
  attribute, and pass it through when copying the config
* Updates ImpersonationConfig in transport/config.go to include UID
  attribute
* In transport/round_tripper.go, Set the "Impersonate-Uid" header in
  requests based on the UID value in the config
* Update auth_test.go integration test to specify a UID through the new
  rest.ImpersonationConfig field rather than manually setting the
  Impersonate-Uid header

Signed-off-by: Margo Crawford <margaretc@vmware.com>
@enj
Copy link
Member

enj commented Sep 24, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 24, 2021
@enj
Copy link
Member

enj commented Sep 24, 2021

/uncc johnSchnake krousey

@smarterclayton
Copy link
Contributor

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, margocrawf, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 27, 2021
@k8s-ci-robot k8s-ci-robot merged commit 48d844e into kubernetes:master Sep 27, 2021
SIG Auth Old automation moved this from In Review to Closed / Done Sep 27, 2021
@margocrawf margocrawf mentioned this pull request Oct 20, 2021
Merged
margocrawf added a commit to margocrawf/kubernetes that referenced this pull request Nov 5, 2021
@margocrawf
--as-uid flag in kubectl and kubeconfigs.
7e079f5 
This corresponds to previous work to allow impersonating UIDs:
* Introduce Impersonate-UID header: kubernetes#99961
* Add UID to client-go impersonation config kubernetes#104483

Signed-off-by: Margo Crawford <margaretc@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enj enj enj requested changes

Assignees

@smarterclayton smarterclayton

@enj enj

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG Auth Old
Closed / Done
Milestone
v1.23
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@margocrawf @k8s-ci-robot @k8s-triage-robot @caesarxuchao @enj @deads2k @smarterclayton