Rancher release/v2.8 #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add all exempt namespaces for psc in rke1 local cluster automation
removing unnecessary structs from git.go since we are not mocking things anymore merging methods in download.go and separating concerns improved readability in repo.go
removing mocking unit-testing with real values separating concerns
removed mocked tests at git_test.go replaced the previously mocked tests with a real git repository at download_test.go replaced preivous tests from downloads_test.go at utils_test.go
Changed hard coded values for plumbing.HEAD Changed capitalized error messages to the proper standard Code beauty improvement at BuildOrGetIndex on repo.go
…_repo_update [Flaky-test] updating functionalities for cluster_repo_test
…k-v0.4.0-rc6 Bump Rancher-Webhook to v0.4.0-rc6
Re-implementation of catalogv2 with go-git
[2.8] uuid-unmigration: when an error happens, make sure it is actually logged
Decomission rdns server
…gap-python-nodes removing explicit check for exact registry name from assertions
…stem_upgrade_version Bump CATTLE_SYSTEM_UPGRADE_CONTROLLER_CHART_VERSION to 103.0.0+up0.6.0
Adding ssh test to allow check for CPU usage
Co-authored-by: Markus Walker <[email protected]> Co-authored-by: Daniel Newman <[email protected]>
Added clarifications for ClusterName field
…scale-clusters [v2.8] Add support for deleting clusters and scaling RKE2/K3S machinepools
Bump rancher webhook to v0.4.0-rc7
…re removing an etcd member" This reverts commit ae854de.
Update load config
[2.8] Move the steve names test extension to the v1 test client as a method
Bump system agent to v0.3.4
Update README.md for 2.7 latest to 2.7.9.
…r-readmes [v2.8] Refactor provisioning READMEs
…ken-fix Fixed unchecked errors, that could cause problems with cleanup. Token fix for the main config file.
fix test to work with rancher envs without cert
…ade HA last stage to use the initial generated configuration dir. Update upgrade HA support OS matrix Jenkinsfiles to use scm and its URL string.
Remove SECURITY.md
…te-all-pods [2.8] requiring all healthy pods when deploying a cluster
[2.8] Update Provisioning Input & Release Upgrade fields' tags and Support OS & Upgrade HA Jenkinsfiles
Adding 2.8 version to GH action update README
…dme-2023-11-02-18-25-28 [release/v2.8] update README with latest/stable
Test suite uses local cluster for all validations.
…rovider-aws [2.8] adding out-of-tree cloud provider automation support for aws during provisioning, RKE2
SamuZad
pushed a commit
that referenced
this pull request
Nov 6, 2023
Squashed commit of the following: commit 5b32df697c26963959bb9ee3089c50192651cd4c Author: Nicholas Flynt <[email protected]> Date: Thu Aug 17 11:59:35 2023 -0400 Turns out the token.userPrincipal.UID is not normally set commit 064526fbff91245275200ab3cad72c8a7da89c58 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 17 11:12:17 2023 -0400 Pull token fields from the ldap attributes instead of the old user commit e33bba9e11a5c4cb1a2b8bc9507d58a45f3dfc2f Author: Nicholas Flynt <[email protected]> Date: Thu Aug 17 10:11:57 2023 -0400 Outdent returns to make drone happy commit 6c084dfdf51cf99a1a2ee998e826933a4aa504f2 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 17 09:01:45 2023 -0400 Squashed commit of the following: commit 3db22eb13d5b70335c7543921e062e3feaf343a3 Merge: 80392070c 552fb842b Author: Nicholas Flynt <[email protected]> Date: Thu Aug 17 08:57:01 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit 80392070cea1a91f808c12bb5a5c16c358945eca Author: Nicholas Flynt <[email protected]> Date: Thu Aug 17 08:56:53 2023 -0400 tiny, tiny fix to logging commit 552fb842b326d40890a104ee67ebcf2a2fcbd711 Merge: ea68517 99a1814 Author: nflynt <[email protected]> Date: Thu Aug 17 07:39:00 2023 -0400 Merge pull request rancher#30 from crobby/migrationreview31 Outdent else blocks to make lint happy commit 99a1814 Author: Chad Roberts <[email protected]> Date: Thu Aug 17 05:00:47 2023 -0400 Outdent else blocks to make lint happy commit ea68517 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 20:28:14 2023 -0400 Apply exponential retry logic to GRB and Token migrations Also, like *RTBs, these are considered non-fatal if a permanent error of some sort occurs. We continue to migrate the user anyway. commit 4a2ae0b Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 19:24:42 2023 -0400 For CRTB/PRTBs, rework error handling to gracefully retry In particular, this treats internal errors (usually related to webhook timeouts) as transient, and retries them with a little bit of exponential backoff. Furthermore, after reviewing some scenarios with Michael, we've decided to consider non-internal errors from the webhook as non-fatal in terms of continuing to process the individual user. There are a few situations where old bindings to disabled templates would otherwise block users from migrating, and this permits those to have a better chance of overall success. commit 35d647c Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 16:58:50 2023 -0400 When merging user tokens, copy over all relevant principal fields These aren't used for anything that I'm aware of, so this is really more just for consistency, since we want the two to be fully paired. commit f3e8094 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 16:52:15 2023 -0400 Cleanup error handling, consider AD retrieval to be a harder error commit 90f2ec1 Merge: ffcec58 b56138b Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 16:13:28 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit ffcec58 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 16:13:10 2023 -0400 ... once. Add the DN-based principal once. commit b56138b Merge: 78a66e0 bfb7176 Author: nflynt <[email protected]> Date: Wed Aug 16 15:47:45 2023 -0400 Merge pull request rancher#29 from crobby/migrationreview25 Store skipped/missing user count in configmap and do not store the actual list on the authconfig object commit 78a66e0 Merge: edf3535 df507b5 Author: nflynt <[email protected]> Date: Wed Aug 16 15:47:24 2023 -0400 Merge pull request rancher#28 from crobby/migrationreview24 Remove unnecessary json marshal/unmarshal commit edf3535 Merge: b93e6d0 12020af Author: nflynt <[email protected]> Date: Wed Aug 16 15:47:10 2023 -0400 Merge pull request rancher#27 from crobby/migrationreview23 Give the job pod a chance to come up before tailing the log commit b93e6d0 Merge: a2c2acb 58a0a1d Author: nflynt <[email protected]> Date: Wed Aug 16 15:46:52 2023 -0400 Merge pull request rancher#26 from crobby/migrationreview22 Now using AuthConfig annotation as source of truth to block login during migration commit a2c2acb Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 15:46:06 2023 -0400 Rework allowed user migration to handle duplicates and missing users commit bfb7176 Author: Chad Roberts <[email protected]> Date: Wed Aug 16 14:38:22 2023 -0400 Store skipped/missing user count in configmap and do not store the actual list on the authconfig object commit df507b5 Author: Chad Roberts <[email protected]> Date: Wed Aug 16 13:38:39 2023 -0400 Remove unnecessary json marshal/unmarshal commit 12020af Author: Chad Roberts <[email protected]> Date: Wed Aug 16 13:01:18 2023 -0400 Give the job pod a chance to come up before tailing the log commit 58a0a1d Author: Chad Roberts <[email protected]> Date: Wed Aug 16 12:50:57 2023 -0400 Now using AuthConfig annotation as source of truth to block login during migration commit 3ef3fb0 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 12:27:23 2023 -0400 Wait to do the AuthConfig principals until after updating users This kicks off some rancher-side tasks based on the updated list, and we'd really like to make sure that those user changes have been made in advance just for sanity purposes. commit b29bfb8 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 12:25:30 2023 -0400 When collecting duplicates, we need to track the workunit index commit df0307e Author: Nicholas Flynt <[email protected]> Date: Wed Aug 16 09:23:47 2023 -0400 Have the dry run guard writing new principal IDs This is mostly just to make the code clearer and more obvious. The safety is redundant, as the dry run also blocks making changes to the user object later. commit 59bafdf Merge: 2dd5250 2473062 Author: nflynt <[email protected]> Date: Wed Aug 16 09:12:08 2023 -0400 Merge pull request rancher#25 from crobby/migrationreview21 Append copy of user rather than pointer to duplicate list commit 2473062 Author: Chad Roberts <[email protected]> Date: Wed Aug 16 08:00:41 2023 -0400 append copy of user rather than pointer to duplicate list commit 2dd5250 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 16:48:34 2023 -0400 Explicitly check to see if AD is disabled, and exit success in this case commit 4a3aa80 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 16:00:25 2023 -0400 Actually *use* the final migration status commit 255ef68 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 15:36:19 2023 -0400 Add uuid-unmigration script, prevent AD logins during execution Squashed commit of the following: commit c2bb101b0b5ff0c62ad83033dc6a2d23b5fbc1df Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 15:13:12 2023 -0400 Add a generic failure status, defer restoring logins on failure states commit f9c039835df885c3268ee3fbe2f5e11213a3d690 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 13:21:29 2023 -0400 Permit retries (with backoff) when opening the LDAP connection Previously we were considering a failure during open (initial or otherwise) to be a hard, script-ending, permanent failure. That's frankly a bit silly, networks can be tempermental, so this fixes that somewhat. Notably, I can't seem to find any way to check the status of the connection on the lConn object, so we're tracking that manually using a tiny little state object. If there's a cleaner way to inspect this state I am all ears, but I don't think it's a majorly big deal. (Elsewhere in Rancher we don't try to share the ldap connection generally, but here it is a big performance boost, so it is worth the extra trouble.) commit b293d6216fc6d05fbdc0becb802519c488178f36 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 12:54:43 2023 -0400 Rework token logic to mirror *RTBs This both collects and processes tokens that the old logic would have missed, and is also considerably more efficient, now needing to scan the list of workunits and the list of tokens just once. commit fcd2b34c0a8659a14e80578046d3d7f971249489 Merge: 005f102 3bdea12 Author: nflynt <[email protected]> Date: Tue Aug 15 12:12:36 2023 -0400 Merge pull request rancher#24 from crobby/migrationreview17 Fixing names to make ci happy commit 3bdea12 Author: Chad Roberts <[email protected]> Date: Tue Aug 15 12:09:22 2023 -0400 Fixing names to make ci happy commit 005f102 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 12:01:31 2023 -0400 Missing users are Infof, not Errorf commit 540e494 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 11:10:27 2023 -0400 Don't create/update the configmap object in dry run mode What part of "dry run" did we forget, hrm? commit 9ced565 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 11:00:51 2023 -0400 If the config map is not found, it's fine. (Panic otherwise.) commit 80ea848 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 10:53:30 2023 -0400 Add logic to migrate list of allowed users commit c12dcef Merge: 33f494a ce1feb4 Author: nflynt <[email protected]> Date: Tue Aug 15 09:25:53 2023 -0400 Merge pull request rancher#23 from crobby/migrationreview14 Another round of updates commit 33f494a Merge: b897e47 e944b57 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 09:13:15 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit b897e47 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 15 09:12:51 2023 -0400 Rework CRTB,PRTB collection, add GRB migration logic commit ce1feb4 Author: Chad Roberts <[email protected]> Date: Tue Aug 15 07:15:24 2023 -0400 Echoing the set options at the end of the banner commit 089412c Author: Chad Roberts <[email protected]> Date: Tue Aug 15 06:44:43 2023 -0400 Adding additional information to README commit a7c9484 Author: Chad Roberts <[email protected]> Date: Tue Aug 15 06:38:19 2023 -0400 Include agent image location in banner commit 8854263 Author: Chad Roberts <[email protected]> Date: Mon Aug 14 16:31:44 2023 -0400 Mirror script status to authconfig commit 5bc29d5 Author: Chad Roberts <[email protected]> Date: Mon Aug 14 12:50:13 2023 -0400 Update script status codes commit e944b57 Merge: 14c5f72 80e928b Author: nflynt <[email protected]> Date: Mon Aug 14 11:36:58 2023 -0400 Merge pull request rancher#22 from crobby/migrationreview13 More updates commit 14c5f72 Merge: a3e85de 516bdeb Author: Nicholas Flynt <[email protected]> Date: Mon Aug 14 11:36:03 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit a3e85de Author: Nicholas Flynt <[email protected]> Date: Mon Aug 14 11:35:46 2023 -0400 Break out migration logic into a bunch of smaller files commit 80e928b Author: Chad Roberts <[email protected]> Date: Mon Aug 14 10:51:39 2023 -0400 Use configmap cache instead of client commit 516bdeb Merge: a899779 f8369c8 Author: nflynt <[email protected]> Date: Mon Aug 14 10:13:56 2023 -0400 Merge pull request rancher#21 from crobby/migrationreview12 Display banner before doing version check commit f8369c8 Author: Chad Roberts <[email protected]> Date: Mon Aug 14 10:12:31 2023 -0400 Display banner before doing version check commit a899779 Author: nflynt <[email protected]> Date: Mon Aug 14 10:08:24 2023 -0400 Update cleanup/ad-guid-README.md Co-authored-by: Michael Bolot <[email protected]> commit 4d09212 Merge: c110ae9 92483fa Author: nflynt <[email protected]> Date: Mon Aug 14 09:58:56 2023 -0400 Merge pull request rancher#19 from crobby/migrationreview9 Removing unused error type check commit 92483fa Author: Chad Roberts <[email protected]> Date: Mon Aug 14 09:51:18 2023 -0400 Removing unused error type check commit c110ae9 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 19:51:16 2023 -0400 goimports the things commit 7691146 Merge: 44d2375 6453484 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 19:19:39 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit 6453484 Merge: baf84bf 50286a2 Author: nflynt <[email protected]> Date: Thu Aug 10 19:19:32 2023 -0400 Merge pull request rancher#18 from crobby/migrationreview7 Fixing error checking commit 44d2375 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 19:13:58 2023 -0400 Use wait's exponential backoff primitive instead of manual sleeps commit 50286a2 Author: Chad Roberts <[email protected]> Date: Thu Aug 10 16:27:48 2023 -0400 Fixing error checking commit baf84bf Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 15:39:13 2023 -0400 Only yell if the user is doing a non-dry-run on v2.7.5 commit eed1416 Merge: 9a71e38 ad00983 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 15:36:53 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit 9a71e38 Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 15:36:08 2023 -0400 Cleanup timeout messaging, lower job start timeout to 5 minutes I misunderstood the bash logic when I first extended that to one hour. 5 minutes for an agent download is somewhat more sensible. commit ad00983 Merge: 4e18baa 344a05d Author: nflynt <[email protected]> Date: Thu Aug 10 15:34:29 2023 -0400 Merge pull request rancher#17 from crobby/migrationreview6 Additional changes after review commit 344a05d Author: Chad Roberts <[email protected]> Date: Thu Aug 10 14:16:55 2023 -0400 Adding version check for v2.7.5 before doing anything commit 682444d Author: Chad Roberts <[email protected]> Date: Thu Aug 10 13:50:05 2023 -0400 Fix-up README for updated usage commit 4e18baa Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 14:54:15 2023 -0400 Spawn relevant resources in the cattle-system namespace commit f96eb3a Author: Nicholas Flynt <[email protected]> Date: Thu Aug 10 14:12:33 2023 -0400 Move the YAML configuration file into the bash script This dodges the whole "fetch it from a weird URL" thing, and also makes the script a self-contained single file, which is much nicer for support to deal with. commit 275f42b Merge: 4c98764 b99cab4 Author: nflynt <[email protected]> Date: Thu Aug 10 11:16:41 2023 -0400 Merge pull request rancher#16 from crobby/migrationreview5 More post review updates commit b99cab4 Author: Chad Roberts <[email protected]> Date: Thu Aug 10 09:53:57 2023 -0400 Fixing up handling of command line options and args commit 4f6da40 Author: Chad Roberts <[email protected]> Date: Thu Aug 10 07:49:20 2023 -0400 Fixing up LdapFoundDuplicateGUID name commit 9f577f6 Author: Chad Roberts <[email protected]> Date: Thu Aug 10 07:31:20 2023 -0400 Adding percentage done indicator to status config map commit 43f19e4 Author: Chad Roberts <[email protected]> Date: Thu Aug 10 07:06:02 2023 -0400 Adding lists of special status users to configmap commit fa9979e Author: Chad Roberts <[email protected]> Date: Thu Aug 10 06:33:46 2023 -0400 Adding rancher-cleanup label to all cleanup objects commit 4c98764 Merge: 2d59ac6 c301303 Author: nflynt <[email protected]> Date: Wed Aug 9 17:38:29 2023 -0400 Merge pull request rancher#15 from crobby/migrationreview4 Post review updates commit c301303 Author: Chad Roberts <[email protected]> Date: Wed Aug 9 17:33:39 2023 -0400 Updated isGUID function commit 2d59ac6 Merge: c0cdc07 86330c6 Author: nflynt <[email protected]> Date: Wed Aug 9 17:14:48 2023 -0400 Merge pull request rancher#14 from crobby/migrationreview3 Migration review updates 3 commit c0cdc07 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 17:12:22 2023 -0400 Log if we need to skip a CRTB/PRTB due to the user not existing This feels like the safer option versus applying permissions that none of the users we've collected actually have, even with the GUID/DN matching. This situation should be relatively uncommon, as Rancher usually cleans these up when users are deleted, but with the GUID duplicate bug I'm not sure how successful that will have been in practice. Best to be safe (and noisy) commit 86330c6 Author: Chad Roberts <[email protected]> Date: Wed Aug 9 17:09:05 2023 -0400 Updating SA permissions for nonResourceURLs commit 4ae2d58 Author: Chad Roberts <[email protected]> Date: Wed Aug 9 12:12:19 2023 -0400 Seeding README, adding script banner commit f8c941b Author: Chad Roberts <[email protected]> Date: Wed Aug 9 11:20:10 2023 -0400 Token collection checking userID and now setting userID and label for token updates commit e742102 Author: Chad Roberts <[email protected]> Date: Wed Aug 9 11:03:04 2023 -0400 Adding additional dry-run logging information commit dc46114 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 16:57:02 2023 -0400 Rework CRTB/PRTB collection to check usernames, run through list once There are still nested for loops in here, but they are a bit more hidden :P commit ad32ccd Merge: ccb0b84 cb98c12 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 12:52:25 2023 -0400 Merge branch 'uuid-unmigration' of github.com:nflynt/rancher into uuid-unmigration commit ccb0b84 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 12:50:27 2023 -0400 Break out the user modification flow into separate functions This mostly cleans up the main loop, but it also separates concerns and makes the smaller bits of logic easier to find and follow. commit aa41893 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 12:19:08 2023 -0400 Move user principal printing into its respective utility function commit ef909ab Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 12:12:05 2023 -0400 Respect the adConfig's UserObjectClass when performing a GUID lookup This is for parity with the auth provider; most AD configurations shouldn't have changed this from the default. commit 3963205 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 11:44:10 2023 -0400 Consider multiple users with the same GUID as a hard error This shouldn't be possible in practice, so it almost certainly indicates either a configuration error, or something wrong on the AD side of things. Either way we will refuse to process any user that trips this logic, and complain about it quite loudly. commit 0cebb89 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 11:27:24 2023 -0400 We don't need the scope, so simplify -> getExternalId commit da7ef22 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 11:11:41 2023 -0400 Start the scaledContext. Don't give it managers it doesn't need commit a60b144 Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 10:34:25 2023 -0400 Remove the ratelimiting exception. Prefer safety over speed We need to check the performance ramifications of this during testing, but considering that we will almost certainly be iterating over hundreds of users, we should probably let k8s itself rate limit us so we don't overwhelm whatever is running the control plane. That might otherwise be a nasty situation, especially for stuff like AKS and GKE. commit 16715df Author: Nicholas Flynt <[email protected]> Date: Wed Aug 9 10:32:57 2023 -0400 For bonus safety, redundantly check for dryRun here The logic up top should make this check unnecessary, but we want to be extra certain that in dryRun mode no changes are made, so we'll explicitly guard on it every time. This protects the code less from itself, and more from future modifications. commit cb98c12 Merge: e17d56f 4d2f735 Author: nflynt <[email protected]> Date: Wed Aug 9 10:20:06 2023 -0400 Merge pull request rancher#13 from crobby/migrationreview2 More updates based on review comments commit 4d2f735 Author: Chad Roberts <[email protected]> Date: Tue Aug 8 10:17:38 2023 -0400 More updates based on review comments commit e17d56f Author: Nicholas Flynt <[email protected]> Date: Mon Aug 7 16:38:59 2023 -0400 EscapeUUID -> escapeUUID commit 139ce3c Author: Nicholas Flynt <[email protected]> Date: Mon Aug 7 16:37:34 2023 -0400 Relocate environment variable use to the agent-specific code path commit 795c94b Author: Nicholas Flynt <[email protected]> Date: Mon Aug 7 16:33:13 2023 -0400 Remove unnecessary namespace from cluster role definitions commit 01ea868 Author: Nicholas Flynt <[email protected]> Date: Mon Aug 7 16:30:53 2023 -0400 One minute is *awfully optimistic.* Let's be more realistic commit b9d4487 Merge: 17250da 0efbb02 Author: nflynt <[email protected]> Date: Mon Aug 7 16:21:42 2023 -0400 Merge pull request rancher#12 from crobby/migrationreview Update based on review comments commit 0efbb02 Author: Chad Roberts <[email protected]> Date: Mon Aug 7 15:55:46 2023 -0400 Update based on review comments commit 17250da Author: Nicholas Flynt <[email protected]> Date: Mon Aug 7 10:29:05 2023 -0400 Don't hide the migration script from windows agents ... which in hindsight are probably somewhat likely to be using the Active Directory auth provider. commit cadf021 Merge: 9b8fd58 3926f7b Author: nflynt <[email protected]> Date: Mon Aug 7 08:18:10 2023 -0400 Merge pull request rancher#11 from crobby/migrateimports Fixing imports commit 3926f7b Author: Chad Roberts <[email protected]> Date: Sat Aug 5 07:45:25 2023 -0400 Fixing imports commit 9b8fd58 Merge: de38ffe 26dd505 Author: nflynt <[email protected]> Date: Fri Aug 4 17:10:43 2023 -0400 Merge pull request rancher#10 from crobby/dntokens Fix tokens going to local principal commit 26dd505 Author: Chad Roberts <[email protected]> Date: Fri Aug 4 17:08:20 2023 -0400 Fix tokens going to local principal commit de38ffe Author: Nicholas Flynt <[email protected]> Date: Fri Aug 4 15:36:12 2023 -0400 Cleanup debug/info logs somewhat commit 1581b5d Merge: 5dfcda0 29c87eb Author: nflynt <[email protected]> Date: Fri Aug 4 14:56:22 2023 -0400 Merge pull request rancher#9 from crobby/linter2 More cleaning up lint commit 29c87eb Author: Chad Roberts <[email protected]> Date: Fri Aug 4 14:54:40 2023 -0400 More cleaning up lint commit 5dfcda0 Merge: a119663 d37ef2f Author: nflynt <[email protected]> Date: Fri Aug 4 14:49:55 2023 -0400 Merge pull request rancher#8 from crobby/linter Cleaning up lint commit d37ef2f Author: Chad Roberts <[email protected]> Date: Fri Aug 4 14:47:44 2023 -0400 Cleaning up lint commit a119663 Author: Nicholas Flynt <[email protected]> Date: Fri Aug 4 14:38:46 2023 -0400 Add an option to automatically delete missing-guid users This is only available when running the standalone script. At Rancher startup this option is set to false, so missing users will be logged instead and require manual intervention. commit 60f31f8 Merge: 7e620d5 9d82578 Author: nflynt <[email protected]> Date: Fri Aug 4 13:22:56 2023 -0400 Merge pull request rancher#7 from crobby/0805-migration Update migration start logic so an automated run will only happen if another run has not completed commit 9d82578 Author: Chad Roberts <[email protected]> Date: Fri Aug 4 12:12:56 2023 -0400 Update migration start logic so an automated run will only happen if another run has not completed commit 7e620d5 Merge: 30c9f64 6c352a5 Author: nflynt <[email protected]> Date: Fri Aug 4 11:26:52 2023 -0400 Merge pull request rancher#4 from crobby/migrateatstart Add guid migration to rancher startup commit 30c9f64 Merge: b9aa392 72895b4 Author: nflynt <[email protected]> Date: Fri Aug 4 11:10:58 2023 -0400 Merge pull request rancher#5 from crobby/0803-migration Make sure annotations/labels are not nil commit 72895b4 Author: Chad Roberts <[email protected]> Date: Thu Aug 3 16:58:56 2023 -0400 Make sure annotations/labels are not nil commit b9aa392 Merge: 79762cb 7546cdf Author: nflynt <[email protected]> Date: Fri Aug 4 10:43:30 2023 -0400 Merge pull request rancher#6 from crobby/0804-migration Fix crtb, prtb collection and add token collection/migration commit 7546cdf Author: Chad Roberts <[email protected]> Date: Fri Aug 4 08:59:54 2023 -0400 Fix crtb, prtb collection and add token collection/migration commit 79762cb Author: Nicholas Flynt <[email protected]> Date: Thu Aug 3 18:00:53 2023 -0400 Collect CRTBs and PRTBs in a single pass commit b6b6085 Merge: 3de5aa3 b3acab9 Author: nflynt <[email protected]> Date: Thu Aug 3 11:44:13 2023 -0400 Merge pull request rancher#3 from crobby/0802-2migration Adding annotation/labels for migrated objects also blocking login while migration is active commit b3acab9 Author: Chad Roberts <[email protected]> Date: Thu Aug 3 11:37:16 2023 -0400 Update role for SA commit 673e765 Author: Chad Roberts <[email protected]> Date: Thu Aug 3 09:33:45 2023 -0400 Blocking login while migration is running commit 6c352a5 Author: Chad Roberts <[email protected]> Date: Wed Aug 2 13:42:33 2023 -0400 Add guid migration to rancher startup commit 840c5a7 Author: Chad Roberts <[email protected]> Date: Wed Aug 2 12:20:41 2023 -0400 Adding annotation/labels for migrated objects commit 3de5aa3 Merge: 5dc7bd7 04ea1ce Author: nflynt <[email protected]> Date: Wed Aug 2 09:57:48 2023 -0400 Merge pull request #2 from crobby/0802migration Fix status function and use user copies in workUnit slices commit 04ea1ce Author: Chad Roberts <[email protected]> Date: Tue Aug 1 18:02:19 2023 -0400 Fixing status function and using copies of users in workUnit slices commit 5dc7bd7 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 1 16:29:15 2023 -0400 Skip over configmap updates for now, just to get the script running commit ac3afe6 Author: Nicholas Flynt <[email protected]> Date: Tue Aug 1 16:19:52 2023 -0400 Massively overhaul main loop, check for and handle duplicate users This is largely untested because I'm having some trouble with the configmaps code, but I wanted to get this committed before I start troubleshooting commit 5295f8f Merge: 29f9332 552e73f Author: nflynt <[email protected]> Date: Tue Aug 1 08:58:41 2023 -0400 Merge pull request #1 from crobby/tokenunmigrate Additional unmigration functionality commit 552e73f Author: Chad Roberts <[email protected]> Date: Mon Jul 31 13:22:26 2023 -0400 Additional unmigration functionality commit 29f9332 Author: Nicholas Flynt <[email protected]> Date: Mon Jul 31 17:30:10 2023 -0400 Actually perform the GUID -> DN migration on the happy path And it works too! Thank goodness. Now we mostly need to clean up the logic and handle a few dozen edge cases. commit 62a6747 Author: Nicholas Flynt <[email protected]> Date: Mon Jul 31 12:53:43 2023 -0400 Cleanup the logs a bit, flatten the central logic with early exits commit ac20a2c Author: Nicholas Flynt <[email protected]> Date: Mon Jul 31 09:58:54 2023 -0400 Switch to using the scaledContext for everything Since it can do all the lookups we need, it seems silly to setup and use two different interfaces to the same underlying datastore. The UnstructuredClient is the only way we can read AD configuration right now, and we need that info, so let's stick to that method. commit 18b39d3 Author: Nicholas Flynt <[email protected]> Date: Fri Jul 28 17:38:27 2023 -0400 First pass at migration scaffolding, enough to do GUID -> DN lookups There is still much work to do, but at the very least we can read the relevant auth configuration details from k8s and use those details to make LDAP queries, and that's nearly all of what we need to perform the migration.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.