v0.29.0 to develop

Session refresh hotfix to develop

This allows you to set up a local listener that deals with the OAuth2 authorization callback.

This will be used to verify the existence of a link between the GCP project and the namespace.

Behaviour of ValidateGCPServiceAccountEmail was changed to only accept user-managed service accounts and  ProjectIDFromGCPEmail did not yet have a test.

Previous message was incomplete and could be confusing.

Clarify invalid namespace error message

By also return the required link type, the function can be more generally used to check the required preconditions.

No longer mixing different channels, which made it very unclear what happened. By buffering the channels and doing best-effort sending to these channels, we prevent goroutines infinitely hanging on sending on a channel. It is possible that a channel ends up with an unread message after WaitForAuthorizationCode has returned, but that will be cleaned up by the GC.

The somewhat complex system of having a callback function is needed to be able to pass any server errors while creating the link to the user in the redirect.

It's not yet ready for public use.

It's unused.

This makes it possible to have different linter versions locally
and makes sure "make lint" always runs with the version specified
in the Makefile.

By running the linter as the current user instead of the root user,
the files created (in the cache and module storage) are also owned
by the user, so that they can still be used when running go as the
current user.

This to avoid confusion with the RedirectURL used in the OAuth spec.

GCP Linking

The example did not work because an API key cannot be used for the used API calls.

Remove GCP BETA notice and some minor comment changes

Otherwise cancelling the OAuth process results in a lame text-only page.

Also redirect errors in getting token to the custom result page

Co-authored-by: Joris Coenen <jpcoenen@users.noreply.github.com>

…ice-error

Add server errors for taken service accounts

We should aim not to return these errors to the user, but when
they do occur, a little bit extra context is very welcome for
these already vague errors.

To prevent these errors to be returned to the user, input should
be validated before sending it to GCP.

Co-authored-by: Floris van der Grinten <floris@grinten.com>

Add a message to GCP errors without a message

Run linter in Docker

…eAccountEmail

This better reflects what the function does.

Rename ValidateGCPServiceAccountEmail to ValidateGCPUserManagedServic…