a4d34edf4f
chore: bump kubernetes deps to v1.31.1 ( #1467 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-10-10 17:32:24 +00:00
3e3904a017
chore: update to go 1.23 ( #1446 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-10-10 06:52:17 -04:00
5df2fd9a1c
feat: make proxy and proxy-init image configurable ( #1443 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-09-04 13:24:50 -07:00
6fbc03440f
fix: update authority url in confidential client ( #1436 )
2024-08-13 17:48:58 -07:00
75a8022c62
chore: bump msgraph to v1.45.0 ( #1370 )
...
Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-08-01 11:14:39 -07:00
fcb1e3f7a5
release: update manifest and helm charts for v1.3.0 ( #1367 )
...
Co-authored-by: aramase <aramase@users.noreply.github.com>
2024-06-04 15:19:37 -04:00
2a3942e506
chore: bump k8s deps to v1.29.4 and controller-runtime to v0.17.3 ( #1292 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-05-02 16:44:37 -04:00
9b60b5240f
release: update manifest and helm charts for v1.2.2 ( #1326 )
...
Co-authored-by: aramase <aramase@users.noreply.github.com>
2024-04-17 16:20:31 -04:00
917896b0c0
release: update manifest and helm charts for v1.2.1 ( #1279 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2024-03-05 10:18:05 -08:00
1039167e86
release: update manifest and helm charts for v1.2.0 ( #1156 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-10-24 21:57:11 +00:00
9d068e114b
fix: prepend proxy sidecar container to prevent application container restarts ( #1108 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Co-authored-by: Oleksii Sheludchenko <oleksii.sheludchenko@gmail.com>
2023-09-08 19:38:53 +00:00
37dc12fdf6
refactor: remove err return and add unit tests for handle errors ( #1091 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-08-25 15:22:26 -07:00
41f2e5ecfd
test: add unit test for proxy ( #1092 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com>
2023-08-24 05:01:48 +00:00
4a889b7324
fix: disallow injecting proxy sidecar in pods with `hostNetwork: true` ( #1090 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-08-23 16:11:55 -07:00
a5fc57dd72
chore: update msgraph-sdk-go and deps to `v1.x.x` ( #1008 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-06-26 17:08:03 +00:00
7adaa45a87
chore: use `github.com/Azure/azure-sdk-for-go/sdk/azcore/to` instead of `autorest/to` ( #947 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-05-10 20:29:51 +00:00
656a0335f1
release: update manifest and helm charts for v1.1.0 ( #935 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-05-08 12:24:16 -07:00
8ad5106670
refactor: use odataerrors and azcore response error ( #929 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-05-05 13:52:47 -07:00
284fc80bf0
feat: Migrate to `sdk/resourcemanager/**/arm**` from `services/**/mgmt/**` ( #926 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-05-04 12:07:35 -07:00
2e1d89a5df
feat: set security capabilities for azwi-proxy ( #829 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-04-12 18:22:35 +00:00
348c89a509
chore: update msgraphsdk to `v0.61.0` and k8s deps to `v1.26` ( #832 )
...
* chore: update otel to v0.37.0 and update metrics
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* update msgraph-beta-sdk-go to `msgraph-sdk-go/v0.61.0`
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* chore: update golangci-lint to v1.52.2
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* fix lint errors
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* update k8s deps to v1.26
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* rm main module from test dep
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
---------
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-04-11 16:34:01 -04:00
ac76c8b375
chore: use goimports for import grouping ( #809 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-03-28 09:35:35 -07:00
9893baf454
release: update manifest and helm charts for v1.0.0 ( #810 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-03-27 15:46:31 -04:00
b0a9152fb0
release: update manifest and helm charts for v1.0.0-rc.0 ( #807 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-03-21 14:32:34 -07:00
a2c807bfc6
feat: set `reinvocationPolicy: IfNeeded` for webhook ( #794 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-03-15 22:23:51 +00:00
8a7e5b31a3
fix: remove unnecessary rbac permissions for mwh ( #782 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-03-08 19:38:56 +00:00
e5e3b2a8fa
feat: add graceful shutdown for proxy server ( #776 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-03-06 14:04:31 -05:00
a8fe94e086
release: update manifest and helm charts for v1.0.0-beta.0 ( #770 )
...
Co-authored-by: aramase <aramase@users.noreply.github.com>
2023-03-01 15:46:37 -05:00
8f241bd6d2
release: update manifest and helm charts for v1.0.0-alpha.0 ( #740 )
...
Co-authored-by: aramase <aramase@users.noreply.github.com>
2023-02-08 18:17:59 +00:00
48230a83e8
chore: complete migration to mlog and drop logrus ( #729 )
...
Signed-off-by: Monis Khan <mok@microsoft.com>
2023-02-04 08:46:59 +00:00
9ba3fff0a7
chore: move to mlog.New and drop klog and logr as direct deps ( #722 )
...
Signed-off-by: Monis Khan <mok@microsoft.com>
2023-01-27 14:25:39 -05:00
216db84ec4
chore: remove arc wiring and drop --arc-cluster flag from webhook ( #723 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-01-26 19:07:53 -05:00
8c37dc1d8b
feat: remove pod/service account labeled check in webhook ( #720 )
...
With the objectselector set in mwh, only pods that have the label
`azure.workload.identity/use: "true"` will be sent to the webhook for
mutation. We no longer need the check for pod/service account labeled.
This also changes the default behavior when service account is not
found; the mutation is done with the defaults and client id env var will
be empty.
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-01-26 20:01:26 +00:00
653d013a70
feat: update webhook failure policy to Fail and set objectSelector ( #695 )
...
- Sets failurePolicy to Fail
- Added `azure.workload.identity/use: "true"` label in objectSelector
- Regenerated helm charts and manifests
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-01-24 23:46:23 +00:00
0befda9763
feat: migrate proxy and webhook to mlog ( #707 )
...
This is the minimal change required to migrate to mlog with a new
--log-level flag. A future change will migrate from logr.Logger to
mlog.Logger.
This change does not migrate azwi to mlog because many of the logrus
calls use the unstructured APIs. That will be a future change.
Signed-off-by: Monis Khan <mok@microsoft.com>
2023-01-24 15:11:07 -05:00
8372568b1b
fix: use generate name in logs if pod name is empty ( #706 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2023-01-18 00:48:51 +00:00
03e849e487
fix: explicitly set runAsNonRoot to false ( #697 ) ( #698 )
2023-01-13 11:09:27 -08:00
9e27154155
release: update manifest and helm charts for v0.15.0 ( #672 )
...
Co-authored-by: aramase <aramase@users.noreply.github.com>
2022-12-13 23:13:02 +00:00
7e807f7e5c
fix: use HasSuffix check for generating scope ( #660 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-12-09 15:21:57 -05:00
b52c7f96f8
feat: mutate pods based on pod label ( #653 )
...
* feat: mutate pods based on pod label
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* feat: add warning for pods missing labels
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* test: add e2e test for validating mutation with labelled pod
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* add warnings as part of audit annotations
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* update error message and admission response
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* update e2e to check for warning
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-12-07 23:41:09 +00:00
c4c898f4f1
fix: remove `UPDATE` operation from mutatingwebhookconfiguration ( #652 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-12-07 18:30:57 +00:00
79cc91ba14
feat: Fallback to `AZURE_CLIENT_ID` env var if no `client_id` query param in token request ( #628 )
...
* feat: Fallback to `AZURE_CLIENT_ID` env var if no `client_id` query param in token request
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* test: add e2e test for validating proxy fallback to AZURE_CLIENT_ID
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-11-10 02:01:00 +00:00
c4a69ecd9d
fix: set expires_in the proxy token response ( #630 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-11-09 20:42:14 +00:00
0198270274
release: update manifest and helm charts for v0.14.0 ( #603 )
...
Co-authored-by: enj <enj@users.noreply.github.com>
2022-10-20 18:53:31 +00:00
712b5a17df
fix: remove trim suffix from resource_id in proxy ( #594 )
...
ref: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/747
For MSAL (v2.0 endpoint) asking an access token for a resource that accepts a v1.0 access token, Azure AD parses the desired audience
from the requested scope by taking everything before the last slash and using it as the resource identifier.
For example, if the scope is "https://vault.azure.net/.default ", the resource identifier is "https://vault.azure.net ".
If the scope is "http://database.windows.net//.default ", the resource identifier is "http://database.windows.net/ ".
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-10-17 13:05:17 -07:00
c8527f3cb6
chore: update golangci-lint to v1.49.0 ( #565 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-09-22 09:23:35 -07:00
d08f46167b
release: update manifest and helm charts for v0.13.0 ( #545 )
...
* release: update manifest and helm charts for v0.13.0
* review feedback
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Co-authored-by: aramase <aramase@users.noreply.github.com>
Co-authored-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-08-30 13:08:37 -07:00
eb5c173d4f
refactor: update msal-go-sdk and use NewCredFromAssertionCallback ( #529 )
...
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-08-15 15:59:20 -07:00
d5ffd3fd59
chore: update to go 1.19 ( #531 )
...
* chore: update to go 1.19
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* chore: bump golangci-lint to v1.48.0
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* chore: remove ioutil and run gofmt
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
* chore: use 1.19 to pin minor version
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
2022-08-15 22:13:28 +00:00
8644a217f0
release: update manifest and helm charts for v0.12.0 ( #509 )
...
Co-authored-by: aramase <aramase@users.noreply.github.com>
2022-07-26 18:52:49 +00:00
Anish Ramasekar
Guilhem Lettron
github-actions[bot]
Mo Khan
Danek Duvall