10 Commits

Author	SHA1	Message	Date
Brad Davidson	6c544a4679	Add jitter to client config retry ... Also: * Replaces labeled for/continue RETRY loops with wait helpers for improved readability * Pulls secrets and nodes from cache for node password verification * Migrate nodepassword tests to wrangler mocks for better code reuse Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-11-16 09:53:28 -08:00
Hussein Galal	af50e1b096	Update to v1.28.0-k3s1 (#8199) ... * Update to v1.28.0 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update golang to v1.20.7 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more changes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update wrangler Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update wrangler Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix nodepassword test Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix nodepassword test Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * disable CGO before running golangci-lint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * execlude CGO Enabled checks Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Ignore reapply change error with logging Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update google api client Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	2023-08-23 00:09:31 +03:00
Brad Davidson	45d8c1a1a2	Soft-fail on node password verification if the secret cannot be created ... Allows nodes to join the cluster during a webhook outage. This also enhances auditability by creating Kubernetes events for the deferred verification. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-06-05 15:31:04 -07:00
Brad Davidson	239021e759	Consistently use constant-time comparison of password hashes ... As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-05-09 13:54:50 -07:00
Derek Nola	06d81cb936	Replace deprecated ioutil package (#6230) ... * Replace ioutil package * check integration test null pointer * Remove rotate retries Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-10-07 17:36:57 -07:00
Brad Davidson	0bf7c09569	Don't print password conversion rate ... Avoids divide-by-zero when the password file is empty Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-04-06 15:55:45 -07:00
Luther Monson	9a849b1bb7	[master] changing package to k3s-io (#4846) ... * changing package to k3s-io Signed-off-by: Luther Monson <luther.monson@gmail.com> Co-authored-by: Derek Nola <derek.nola@suse.com>	2022-03-02 15:47:27 -08:00
Brad Davidson	dc14f370c4	Update wrangler to v0.8.5 ... Required to support apiextensions.v1 as v1beta1 has been deleted. Also update helm-controller and dynamiclistener to track wrangler versions. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-08-20 18:47:16 -07:00
Derek Nola	21c8a33647	Introduction of Integration Tests (#3695) ... * Commit of new etcd snapshot integration tests. * Updated integration github action to not run on doc changes. * Update Drone runner to only run unit tests Signed-off-by: dereknola <derek.nola@suse.com>	2021-07-26 09:59:33 -07:00
Erik Wilson	92d04355f4	Use secrets for node-passwd entries and cleanup	2020-11-05 09:48:53 -07:00