ca-gip
Flexible groups
Without this patch, we are filtering LDAP groups and take a decision on what to expose.
This is a problem, as it removes the flexibility of rolebindings later.
We intend to expose custom role bindings for extra services (for example Kong), which requires teams to be entering a different model. In that case, the platform team creates a new cluster role, but the grantee of the role might come from a deployment tool, hence outside the operator.
I fixed it by first exposing the groups directly in the token provider. For that, I had to clean the token provider first, then fixing a few existing code's panics, cleaning the http handlers, adding more tests, simplifying auth, removing useless code, streamlining ldap requests, fixing the config validation, exposing errors into the main loop instead of silently ignoring them, and remove dependencies to rely more on standard library.
Then I focused on getting those groups into the token reviewer.
Finally, I modified the operator to be able to use the new groups from the project's spec.
This PR took the opportunity to clean up some code to make it more idiomatic, simplify the code, improving its logging.
It's a big PR, so I suggest you to review the code one commit at a time.
This might need a rebase, but I would like to know where we are heading with prs as NONE of the previous ones were merged
@jfhcagip While I appreciate the code style reviews, I think the biggest thing this PR needs is a fundamental review. Please review the principles of each of the commits here, and judge whether they are appropriate.