Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v14] Run integration tests on proto changes #46241

Merged
merged 1 commit into from
Sep 4, 2024
Merged

[v14] Run integration tests on proto changes #46241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/unit-tests-integrations.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ on:
- '/go.mod'
- '/go.sum'
- 'integrations/**'
- 'api/proto/**'
- 'proto/**'
- 'api/types/**'
- 'gen/**'
- 'lib/tbot/**'
Expand Down
14 changes: 14 additions & 0 deletions integrations/operator/crdgen/testdata/golden/resources.teleport.dev_githubconnectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,20 @@ spec:
client_id:
description: ClientID is the Github OAuth app client ID.
type: string
client_redirect_settings:
description: ClientRedirectSettings defines which client redirect
URLs are allowed for non-browser SSO logins other than the standard
localhost ones.
nullable: true
properties:
allowed_https_hostnames:
description: a list of hostnames allowed for https client redirect
URLs
items:
type: string
nullable: true
type: array
type: object
client_secret:
description: ClientSecret is the Github OAuth app client secret.
type: string
Expand Down
14 changes: 14 additions & 0 deletions integrations/operator/crdgen/testdata/golden/resources.teleport.dev_oidcconnectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,20 @@ spec:
description: ClientID is the id of the authentication client (Teleport
Auth server).
type: string
client_redirect_settings:
description: ClientRedirectSettings defines which client redirect
URLs are allowed for non-browser SSO logins other than the standard
localhost ones.
nullable: true
properties:
allowed_https_hostnames:
description: a list of hostnames allowed for https client redirect
URLs
items:
type: string
nullable: true
type: array
type: object
client_secret:
description: ClientSecret is used to authenticate the client.
type: string
Expand Down
98 changes: 98 additions & 0 deletions integrations/operator/crdgen/testdata/golden/resources.teleport.dev_provisiontokens.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,16 @@ spec:
must be accessible over HTTPS at this hostname and the certificate
must be trusted by the Auth Server.
type: string
enterprise_slug:
description: EnterpriseSlug allows the slug of a GitHub Enterprise
organisation to be included in the expected issuer of the OIDC
tokens. This is for compatibility with the `include_enterprise_slug`
option in GHE. This field should be set to the slug of your
enterprise if this is enabled. If this is not enabled, then
this field must be left empty. This field cannot be specified
if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise
for more information about customised issuer values.
type: string
type: object
gitlab:
description: GitLab allows the configuration of options specific to
Expand All @@ -192,20 +202,38 @@ spec:
must match one allow rule to use this token.
items:
properties:
ci_config_ref_uri:
type: string
ci_config_sha:
type: string
deployment_tier:
type: string
environment:
type: string
environment_protected:
type: boolean
namespace_path:
type: string
pipeline_source:
type: string
project_path:
type: string
project_visibility:
type: string
ref:
type: string
ref_protected:
type: boolean
ref_type:
type: string
sub:
type: string
user_email:
type: string
user_id:
type: string
user_login:
type: string
type: object
nullable: true
type: array
Expand Down Expand Up @@ -235,6 +263,19 @@ spec:
type: object
nullable: true
type: array
static_jwks:
description: StaticJWKS is the configuration specific to the `static_jwks`
type.
nullable: true
properties:
jwks:
type: string
type: object
type:
description: 'Type controls which behavior should be used for
validating the Kubernetes Service Account token. Support values:
- `in_cluster` - `static_jwks` If unset, this defaults to `in_cluster`.'
type: string
type: object
roles:
description: Roles is a list of roles associated with the token, that
Expand All @@ -244,6 +285,32 @@ spec:
type: string
nullable: true
type: array
spacelift:
description: Spacelift allows the configuration of options specific
to the "spacelift" join method.
nullable: true
properties:
allow:
description: Allow is a list of Rules, nodes using this token
must match one allow rule to use this token.
items:
properties:
caller_id:
type: string
caller_type:
type: string
scope:
type: string
space_id:
type: string
type: object
nullable: true
type: array
hostname:
description: Hostname is the hostname of the Spacelift tenant
that tokens will originate from. E.g `example.app.spacelift.io`
type: string
type: object
suggested_agent_matcher_labels:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
Expand All @@ -261,6 +328,37 @@ spec:
set when using this token to enroll themselves in the cluster. Currently,
only node-join scripts create a configuration according to the suggestion.
type: object
tpm:
description: TPM allows the configuration of options specific to the
"tpm" join method.
nullable: true
properties:
allow:
description: Allow is a list of Rules, the presented delegated
identity must match one allow rule to permit joining.
items:
properties:
description:
type: string
ek_certificate_serial:
type: string
ek_public_hash:
type: string
type: object
nullable: true
type: array
ekcert_allowed_cas:
description: EKCertAllowedCAs is a list of CA certificates that
will be used to validate TPM EKCerts. When specified, joining
TPMs must present an EKCert signed by one of the specified CAs.
TPMs that do not present an EKCert will be not permitted to
join. When unspecified, TPMs will be allowed to join with either
an EKCert or an EKPubHash.
items:
type: string
nullable: true
type: array
type: object
type: object
status:
description: TeleportProvisionTokenStatus defines the observed state of
Expand Down
10 changes: 8 additions & 2 deletions integrations/operator/crdgen/testdata/golden/resources.teleport.dev_roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -993,6 +993,10 @@ spec:
description: CreateDatabaseUser enabled automatic database user
creation.
type: boolean
create_db_user_mode:
description: CreateDatabaseUserMode allows users to be automatically
created on a database when not set to off.
x-kubernetes-int-or-string: true
create_desktop_user:
description: CreateDesktopUser allows users to be automatically
created on a Windows desktop
Expand All @@ -1018,7 +1022,6 @@ spec:
device_trust_mode:
description: DeviceTrustMode is the device authorization mode
used for the resources associated with the role. See DeviceTrust.Mode.
Reserved for future use, not yet used by Teleport.
type: string
disconnect_expired_cert:
description: DisconnectExpiredCert sets disconnect clients on
Expand Down Expand Up @@ -2186,6 +2189,10 @@ spec:
description: CreateDatabaseUser enabled automatic database user
creation.
type: boolean
create_db_user_mode:
description: CreateDatabaseUserMode allows users to be automatically
created on a database when not set to off.
x-kubernetes-int-or-string: true
create_desktop_user:
description: CreateDesktopUser allows users to be automatically
created on a Windows desktop
Expand All @@ -2211,7 +2218,6 @@ spec:
device_trust_mode:
description: DeviceTrustMode is the device authorization mode
used for the resources associated with the role. See DeviceTrust.Mode.
Reserved for future use, not yet used by Teleport.
type: string
disconnect_expired_cert:
description: DisconnectExpiredCert sets disconnect clients on
Expand Down
14 changes: 14 additions & 0 deletions integrations/operator/crdgen/testdata/golden/resources.teleport.dev_samlconnectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,20 @@ spec:
description: Cert is the identity provider certificate PEM. IDP signs
<Response> responses using this certificate.
type: string
client_redirect_settings:
description: ClientRedirectSettings defines which client redirect
URLs are allowed for non-browser SSO logins other than the standard
localhost ones.
nullable: true
properties:
allowed_https_hostnames:
description: a list of hostnames allowed for https client redirect
URLs
items:
type: string
nullable: true
type: array
type: object
display:
description: Display controls how this connector is displayed.
type: string
Expand Down
Loading
Loading