)]}'
{"metropolis/node/kubernetes/authproxy/authproxy.go":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"type Service struct {"},{"line_number":23,"context_line":"\tKPKI       *pki.PKI"},{"line_number":24,"context_line":"\tId         *identity.Node"},{"line_number":25,"context_line":"\tk8sCA      *x509.Certificate"},{"line_number":26,"context_line":"\tserverCert tls.Certificate"},{"line_number":27,"context_line":"\tclientCert tls.Certificate"}],"source_content_type":"text/x-go","patch_set":3,"id":"89de8928_ff9a5246","line":24,"range":{"start_line":24,"start_character":1,"end_line":24,"end_character":3},"updated":"2022-02-01 15:12:10.000000000","message":"nit: By convention: `Node *identity.Node`","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"76a0adb4c9ffd944923f50a6baa7708ba3be032f","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"type Service struct {"},{"line_number":23,"context_line":"\tKPKI       *pki.PKI"},{"line_number":24,"context_line":"\tId         *identity.Node"},{"line_number":25,"context_line":"\tk8sCA      *x509.Certificate"},{"line_number":26,"context_line":"\tserverCert tls.Certificate"},{"line_number":27,"context_line":"\tclientCert tls.Certificate"}],"source_content_type":"text/x-go","patch_set":3,"id":"2db53ab1_a65a0653","line":24,"range":{"start_line":24,"start_character":1,"end_line":24,"end_character":3},"in_reply_to":"89de8928_ff9a5246","updated":"2022-02-01 16:39:20.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":19,"context_line":"\t\"source.monogon.dev/metropolis/pkg/supervisor\""},{"line_number":20,"context_line":")"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"type Service struct {"},{"line_number":23,"context_line":"\tKPKI       *pki.PKI"},{"line_number":24,"context_line":"\tId         *identity.Node"},{"line_number":25,"context_line":"\tk8sCA      *x509.Certificate"},{"line_number":26,"context_line":"\tserverCert tls.Certificate"},{"line_number":27,"context_line":"\tclientCert tls.Certificate"},{"line_number":28,"context_line":"}"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"func (s *Service) LoadKPKI(ctx context.Context) error {"},{"line_number":31,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, pki.APIServer)"},{"line_number":32,"context_line":"\tif err !\u003d nil {"}],"source_content_type":"text/x-go","patch_set":3,"id":"81baac8c_31170742","line":29,"range":{"start_line":22,"start_character":0,"end_line":29,"end_character":0},"updated":"2022-02-01 15:12:10.000000000","message":"Add some quick godocs to structure and its fields.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"76a0adb4c9ffd944923f50a6baa7708ba3be032f","unresolved":false,"context_lines":[{"line_number":19,"context_line":"\t\"source.monogon.dev/metropolis/pkg/supervisor\""},{"line_number":20,"context_line":")"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"type Service struct {"},{"line_number":23,"context_line":"\tKPKI       *pki.PKI"},{"line_number":24,"context_line":"\tId         *identity.Node"},{"line_number":25,"context_line":"\tk8sCA      *x509.Certificate"},{"line_number":26,"context_line":"\tserverCert tls.Certificate"},{"line_number":27,"context_line":"\tclientCert tls.Certificate"},{"line_number":28,"context_line":"}"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"func (s *Service) LoadKPKI(ctx context.Context) error {"},{"line_number":31,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, pki.APIServer)"},{"line_number":32,"context_line":"\tif err !\u003d nil {"}],"source_content_type":"text/x-go","patch_set":3,"id":"9da589f7_bc9511d3","line":29,"range":{"start_line":22,"start_character":0,"end_line":29,"end_character":0},"in_reply_to":"81baac8c_31170742","updated":"2022-02-01 16:39:20.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":27,"context_line":"\tclientCert tls.Certificate"},{"line_number":28,"context_line":"}"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"func (s *Service) LoadKPKI(ctx context.Context) error {"},{"line_number":31,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, pki.APIServer)"},{"line_number":32,"context_line":"\tif err !\u003d nil {"},{"line_number":33,"context_line":"\t\treturn fmt.Errorf(\"could not load certificate %q from PKI: %w\", pki.APIServer, err)"}],"source_content_type":"text/x-go","patch_set":3,"id":"5442e98e_cce655cb","line":30,"range":{"start_line":30,"start_character":18,"end_line":30,"end_character":26},"updated":"2022-02-01 15:12:10.000000000","message":"Needs godoc (exported function).","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"d7ab6d6537e5b138d83531baa72540c16db65288","unresolved":true,"context_lines":[{"line_number":27,"context_line":"\tclientCert tls.Certificate"},{"line_number":28,"context_line":"}"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"func (s *Service) LoadKPKI(ctx context.Context) error {"},{"line_number":31,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, pki.APIServer)"},{"line_number":32,"context_line":"\tif err !\u003d nil {"},{"line_number":33,"context_line":"\t\treturn fmt.Errorf(\"could not load certificate %q from PKI: %w\", pki.APIServer, err)"}],"source_content_type":"text/x-go","patch_set":3,"id":"864724fa_5e50112e","line":30,"range":{"start_line":30,"start_character":18,"end_line":30,"end_character":26},"in_reply_to":"5442e98e_cce655cb","updated":"2022-02-01 15:14:48.000000000","message":"Also, why don\u0027t we just do this on startup, ie. in Service.Run?","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"76a0adb4c9ffd944923f50a6baa7708ba3be032f","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\tclientCert tls.Certificate"},{"line_number":28,"context_line":"}"},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"func (s *Service) LoadKPKI(ctx context.Context) error {"},{"line_number":31,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, pki.APIServer)"},{"line_number":32,"context_line":"\tif err !\u003d nil {"},{"line_number":33,"context_line":"\t\treturn fmt.Errorf(\"could not load certificate %q from PKI: %w\", pki.APIServer, err)"}],"source_content_type":"text/x-go","patch_set":3,"id":"6661ccec_23f2723c","line":30,"range":{"start_line":30,"start_character":18,"end_line":30,"end_character":26},"in_reply_to":"864724fa_5e50112e","updated":"2022-02-01 16:39:20.000000000","message":"Leftover from some refactoring, now inlined.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":69,"context_line":"\tclientCert :\u003d req.TLS.VerifiedChains[0][0]"},{"line_number":70,"context_line":"\tclientIdentity, err :\u003d identity.VerifyUserInCluster(clientCert, s.Id.ClusterCA())"},{"line_number":71,"context_line":"\tif err !\u003d nil {"},{"line_number":72,"context_line":"\t\t// TODO: Return error"},{"line_number":73,"context_line":"\t\tpanic(err)"},{"line_number":74,"context_line":"\t}"},{"line_number":75,"context_line":"\t// Drop any X-Remote headers to prevent injection"}],"source_content_type":"text/x-go","patch_set":3,"id":"5eba5fae_617eb37f","line":72,"range":{"start_line":72,"start_character":2,"end_line":72,"end_character":23},"updated":"2022-02-01 15:12:10.000000000","message":"Please implement this, panicking here is likely a potentially trivial DoS vector.\n\nThis could be for example done by implementing VerifyPeerCertificate in tls.Config and erroring there if VerifyUserInCluster returns an error.\n\nYou could also implement an extra middleware handler that wraps ReverseProxy and does the check before passing a request over to the ReverseProxy (and eg. adds user identity annotations to the context for use by the ReverseProxy director itself, eg. reusing the PeerInfo structure from metropolis/node/core/rpc).","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"76a0adb4c9ffd944923f50a6baa7708ba3be032f","unresolved":false,"context_lines":[{"line_number":69,"context_line":"\tclientCert :\u003d req.TLS.VerifiedChains[0][0]"},{"line_number":70,"context_line":"\tclientIdentity, err :\u003d identity.VerifyUserInCluster(clientCert, s.Id.ClusterCA())"},{"line_number":71,"context_line":"\tif err !\u003d nil {"},{"line_number":72,"context_line":"\t\t// TODO: Return error"},{"line_number":73,"context_line":"\t\tpanic(err)"},{"line_number":74,"context_line":"\t}"},{"line_number":75,"context_line":"\t// Drop any X-Remote headers to prevent injection"}],"source_content_type":"text/x-go","patch_set":3,"id":"72ce433b_8348ec7e","line":72,"range":{"start_line":72,"start_character":2,"end_line":72,"end_character":23},"in_reply_to":"5eba5fae_617eb37f","updated":"2022-02-01 16:39:20.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":111,"context_line":"\t\t\tForceAttemptHTTP2:     true,"},{"line_number":112,"context_line":"\t\t\tMaxIdleConns:          100,"},{"line_number":113,"context_line":"\t\t\tIdleConnTimeout:       90 * time.Second,"},{"line_number":114,"context_line":"\t\t\tTLSHandshakeTimeout:   10 * time.Second,"},{"line_number":115,"context_line":"\t\t\tExpectContinueTimeout: 1 * time.Second,"},{"line_number":116,"context_line":"\t\t},"},{"line_number":117,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":3,"id":"6b67d7b0_f6a6e9c2","line":114,"range":{"start_line":114,"start_character":3,"end_line":114,"end_character":43},"updated":"2022-02-01 15:12:10.000000000","message":"What errors do we throw in case of backend timeouts? We should probably make sure they are clearly understandable by the user as being emitted by the authproxy while trying to reach the apiserver, instead of some generic \u0027timeout\u0027 error.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"fd75ca66f3c8294e40ad09c83dba05b529c9b196","unresolved":false,"context_lines":[{"line_number":111,"context_line":"\t\t\tForceAttemptHTTP2:     true,"},{"line_number":112,"context_line":"\t\t\tMaxIdleConns:          100,"},{"line_number":113,"context_line":"\t\t\tIdleConnTimeout:       90 * time.Second,"},{"line_number":114,"context_line":"\t\t\tTLSHandshakeTimeout:   10 * time.Second,"},{"line_number":115,"context_line":"\t\t\tExpectContinueTimeout: 1 * time.Second,"},{"line_number":116,"context_line":"\t\t},"},{"line_number":117,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":3,"id":"6c6ebeef_609035ed","line":114,"range":{"start_line":114,"start_character":3,"end_line":114,"end_character":43},"in_reply_to":"14aae9af_0e230e49","updated":"2022-02-02 13:19:58.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"6ded1e3845bdef30e28a93938612d10928d1bf8f","unresolved":true,"context_lines":[{"line_number":111,"context_line":"\t\t\tForceAttemptHTTP2:     true,"},{"line_number":112,"context_line":"\t\t\tMaxIdleConns:          100,"},{"line_number":113,"context_line":"\t\t\tIdleConnTimeout:       90 * time.Second,"},{"line_number":114,"context_line":"\t\t\tTLSHandshakeTimeout:   10 * time.Second,"},{"line_number":115,"context_line":"\t\t\tExpectContinueTimeout: 1 * time.Second,"},{"line_number":116,"context_line":"\t\t},"},{"line_number":117,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":3,"id":"14aae9af_0e230e49","line":114,"range":{"start_line":114,"start_character":3,"end_line":114,"end_character":43},"in_reply_to":"5fe4c68d_4415c49c","updated":"2022-02-02 10:50:17.000000000","message":"That\u0027s almost good enough. Could you make it slightly verbose about the fact that it\u0027s the authproxy saying that? The following should do the trick:\n\n  proxy.ErrorHandler \u003d func(w http.ResponseWriter, req *http.Request, err error) {\n  \tsupervisor.Logger(ctx).Infof(\"Proxy error: %v\", err)\n  \tw.WriteHeader(http.StatusBadGateway)\n        fmt.Fprintf(w, \"authproxy could not reach apiserver\")\n  }","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"76a0adb4c9ffd944923f50a6baa7708ba3be032f","unresolved":true,"context_lines":[{"line_number":111,"context_line":"\t\t\tForceAttemptHTTP2:     true,"},{"line_number":112,"context_line":"\t\t\tMaxIdleConns:          100,"},{"line_number":113,"context_line":"\t\t\tIdleConnTimeout:       90 * time.Second,"},{"line_number":114,"context_line":"\t\t\tTLSHandshakeTimeout:   10 * time.Second,"},{"line_number":115,"context_line":"\t\t\tExpectContinueTimeout: 1 * time.Second,"},{"line_number":116,"context_line":"\t\t},"},{"line_number":117,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":3,"id":"5fe4c68d_4415c49c","line":114,"range":{"start_line":114,"start_character":3,"end_line":114,"end_character":43},"in_reply_to":"6b67d7b0_f6a6e9c2","updated":"2022-02-01 16:39:20.000000000","message":"Currently it returns HTTP 502 which is a proxy error.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"}],"metropolis/node/kubernetes/pki/kubernetes.go":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":76,"context_line":"\t//   https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/#ca-reusage-and-conflicts"},{"line_number":77,"context_line":"\tAggregationCA             KubeCertificateName \u003d \"aggregation-ca\""},{"line_number":78,"context_line":"\tFrontProxyClient          KubeCertificateName \u003d \"front-proxy-client\""},{"line_number":79,"context_line":"\tMetropolisAuthProxyClient KubeCertificateName \u003d \"metropolis-auth-proxy-client\""},{"line_number":80,"context_line":")"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"const ("}],"source_content_type":"text/x-go","patch_set":3,"id":"41a72ab7_eac69373","line":79,"range":{"start_line":79,"start_character":1,"end_line":79,"end_character":26},"updated":"2022-02-01 15:12:10.000000000","message":"Godoc please. Especially how it relates to the aggregation CA.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"d53886b580a5125a9b0907922d8c78b4f48ee780","unresolved":false,"context_lines":[{"line_number":76,"context_line":"\t//   https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/#ca-reusage-and-conflicts"},{"line_number":77,"context_line":"\tAggregationCA             KubeCertificateName \u003d \"aggregation-ca\""},{"line_number":78,"context_line":"\tFrontProxyClient          KubeCertificateName \u003d \"front-proxy-client\""},{"line_number":79,"context_line":"\tMetropolisAuthProxyClient KubeCertificateName \u003d \"metropolis-auth-proxy-client\""},{"line_number":80,"context_line":")"},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"const ("}],"source_content_type":"text/x-go","patch_set":3,"id":"15fc3efd_d90a34d7","line":79,"range":{"start_line":79,"start_character":1,"end_line":79,"end_character":26},"in_reply_to":"41a72ab7_eac69373","updated":"2022-02-01 17:07:31.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"}],"metropolis/node/kubernetes/reconciler/resources_rbac.go":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":169,"context_line":"\t\t\t\t{"},{"line_number":170,"context_line":"\t\t\t\t\tAPIGroup: rbac.GroupName,"},{"line_number":171,"context_line":"\t\t\t\t\tKind:     \"User\","},{"line_number":172,"context_line":"\t\t\t\t\t// TODO(q3k): describe this name\u0027s contract, or unify with whatever creates this."},{"line_number":173,"context_line":"\t\t\t\t\tName: \"owner\","},{"line_number":174,"context_line":"\t\t\t\t},"},{"line_number":175,"context_line":"\t\t\t},"}],"source_content_type":"text/x-go","patch_set":3,"id":"efbdfb0d_c0eba325","line":172,"range":{"start_line":172,"start_character":5,"end_line":172,"end_character":86},"updated":"2022-02-01 15:12:10.000000000","message":"That\u0027s not relevant here.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"d53886b580a5125a9b0907922d8c78b4f48ee780","unresolved":false,"context_lines":[{"line_number":169,"context_line":"\t\t\t\t{"},{"line_number":170,"context_line":"\t\t\t\t\tAPIGroup: rbac.GroupName,"},{"line_number":171,"context_line":"\t\t\t\t\tKind:     \"User\","},{"line_number":172,"context_line":"\t\t\t\t\t// TODO(q3k): describe this name\u0027s contract, or unify with whatever creates this."},{"line_number":173,"context_line":"\t\t\t\t\tName: \"owner\","},{"line_number":174,"context_line":"\t\t\t\t},"},{"line_number":175,"context_line":"\t\t\t},"}],"source_content_type":"text/x-go","patch_set":3,"id":"a2405b68_a3076f5c","line":172,"range":{"start_line":172,"start_character":5,"end_line":172,"end_character":86},"in_reply_to":"efbdfb0d_c0eba325","updated":"2022-02-01 17:07:31.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"}],"metropolis/test/e2e/kubernetes_helpers.go":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"b42149449672cd52d220085be1235f922995e29f","unresolved":true,"context_lines":[{"line_number":32,"context_line":"\t\"source.monogon.dev/metropolis/test/launch/cluster\""},{"line_number":33,"context_line":")"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"// GetKubeClientSet gets a Kubeconfig from the debug API and creates a K8s"},{"line_number":36,"context_line":"// ClientSet using it. The identity used has the system:masters group and thus"},{"line_number":37,"context_line":"// has RBAC access to everything."},{"line_number":38,"context_line":"func GetKubeClientSet(cluster *cluster.Cluster, port uint16) (kubernetes.Interface, error) {"}],"source_content_type":"text/x-go","patch_set":3,"id":"dc13ca3a_d8e874e8","line":35,"range":{"start_line":35,"start_character":3,"end_line":35,"end_character":57},"updated":"2022-02-01 15:12:10.000000000","message":"Update comment.","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"d53886b580a5125a9b0907922d8c78b4f48ee780","unresolved":false,"context_lines":[{"line_number":32,"context_line":"\t\"source.monogon.dev/metropolis/test/launch/cluster\""},{"line_number":33,"context_line":")"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"// GetKubeClientSet gets a Kubeconfig from the debug API and creates a K8s"},{"line_number":36,"context_line":"// ClientSet using it. The identity used has the system:masters group and thus"},{"line_number":37,"context_line":"// has RBAC access to everything."},{"line_number":38,"context_line":"func GetKubeClientSet(cluster *cluster.Cluster, port uint16) (kubernetes.Interface, error) {"}],"source_content_type":"text/x-go","patch_set":3,"id":"1a496755_14456546","line":35,"range":{"start_line":35,"start_character":3,"end_line":35,"end_character":57},"in_reply_to":"dc13ca3a_d8e874e8","updated":"2022-02-01 17:07:31.000000000","message":"Done","commit_id":"3be86d4ac2c4b9db2dc839bb3c3fc2cdc2ab6b39"}]}