ContainerImage.Pinniped/generated/1.19/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml


---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.4.0
  creationTimestamp: null
  name: ldapidentityproviders.idp.supervisor.pinniped.dev
spec:
  group: idp.supervisor.pinniped.dev
  names:
    categories:
    - pinniped
    - pinniped-idp
    - pinniped-idps
    kind: LDAPIdentityProvider
    listKind: LDAPIdentityProviderList
    plural: ldapidentityproviders
    singular: ldapidentityprovider
  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.host
      name: Host
      type: string
    - jsonPath: .status.phase
      name: Status
      type: string
    - jsonPath: .metadata.creationTimestamp
      name: Age
      type: date
    name: v1alpha1
    schema:
      openAPIV3Schema:
        description: LDAPIdentityProvider describes the configuration of an upstream
          Lightweight Directory Access Protocol (LDAP) identity provider.
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: Spec for configuring the identity provider.
            properties:
              bind:
                description: Bind contains the configuration for how to provide access
                  credentials during an initial bind to the LDAP server to be allowed
                  to perform searches and binds to validate a user's credentials during
                  a user's authentication attempt.
                properties:
                  secretName:
                    description: SecretName contains the name of a namespace-local
                      Secret object that provides the username and password for an
                      LDAP bind user. This account will be used to perform LDAP searches.
                      The Secret should be of type "kubernetes.io/basic-auth" which
                      includes "username" and "password" keys. The username value
                      should be the full DN of your bind account, e.g. "cn=bind-account,ou=users,dc=example,dc=com".
                    minLength: 1
                    type: string
                required:
                - secretName
                type: object
              host:
                description: 'Host is the hostname of this LDAP identity provider,
                  i.e., where to connect. For example: ldap.example.com:636.'
                minLength: 1
                type: string
              tls:
                description: TLS contains the connection settings for how to establish
                  the connection to the Host.
                properties:
                  certificateAuthorityData:
                    description: X.509 Certificate Authority (base64-encoded PEM bundle)
                      to trust when connecting to the LDAP provider. If omitted, a
                      default set of system roots will be trusted.
                    type: string
                type: object
              userSearch:
                description: UserSearch contains the configuration for searching for
                  a user by name in the LDAP provider.
                properties:
                  attributes:
                    description: Attributes specifies how the user's information should
                      be read from the LDAP entry which was found as the result of
                      the user search.
                    properties:
                      uniqueID:
                        description: UniqueID specifies the name of the attribute
                          in the LDAP entry which whose value shall be used to uniquely
                          identify the user within this LDAP provider after a successful
                          authentication. E.g. "uidNumber" or "objectGUID".
                        minLength: 1
                        type: string
                      username:
                        description: Username specifies the name of attribute in the
                          LDAP entry which whose value shall become the username of
                          the user after a successful authentication. This would typically
                          be the same attribute name used in the user search filter.
                          E.g. "mail" or "uid" or "userPrincipalName".
                        minLength: 1
                        type: string
                    type: object
                  base:
                    description: Base is the DN that should be used as the search
                      base when searching for users. E.g. "ou=users,dc=example,dc=com".
                    minLength: 1
                    type: string
                  filter:
                    description: Filter is the LDAP search filter which should be
                      applied when searching for users. The pattern "{}" must occur
                      in the filter and will be dynamically replaced by the username
                      for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})".
                      For more information about LDAP filters, see https://ldap.com/ldap-filters.
                      Optional. When not specified, the default will act as if the
                      Filter were specified as the value from Attributes.Username
                      appended by "={}".
                    type: string
                type: object
            required:
            - host
            type: object
          status:
            description: Status of the identity provider.
            properties:
              phase:
                default: Pending
                description: Phase summarizes the overall status of the LDAPIdentityProvider.
                enum:
                - Pending
                - Ready
                - Error
                type: string
            type: object
        required:
        - spec
        type: object
    served: true
    storage: true
    subresources:
      status: {}
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []
Add stub LDAP API type and integration test The goal here was to start on an integration test to get us closer to the red test that we want so we can start working on LDAP. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2021-04-06 17:10:01 +00:00
			`---`
			`apiVersion: apiextensions.k8s.io/v1`
			`kind: CustomResourceDefinition`
			`metadata:`
			`annotations:`
			`controller-gen.kubebuilder.io/version: v0.4.0`
			`creationTimestamp: null`
			`name: ldapidentityproviders.idp.supervisor.pinniped.dev`
			`spec:`
			`group: idp.supervisor.pinniped.dev`
			`names:`
			`categories:`
			`- pinniped`
			`- pinniped-idp`
			`- pinniped-idps`
			`kind: LDAPIdentityProvider`
			`listKind: LDAPIdentityProviderList`
			`plural: ldapidentityproviders`
			`singular: ldapidentityprovider`
			`scope: Namespaced`
			`versions:`
			`- additionalPrinterColumns:`
			`- jsonPath: .spec.host`
			`name: Host`
			`type: string`
			`- jsonPath: .status.phase`
			`name: Status`
			`type: string`
			`- jsonPath: .metadata.creationTimestamp`
			`name: Age`
			`type: date`
			`name: v1alpha1`
			`schema:`
			`openAPIV3Schema:`
			`description: LDAPIdentityProvider describes the configuration of an upstream`
			`Lightweight Directory Access Protocol (LDAP) identity provider.`
			`properties:`
			`apiVersion:`
			`description: 'APIVersion defines the versioned schema of this representation`
			`of an object. Servers should convert recognized schemas to the latest`
			`internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'`
			`type: string`
			`kind:`
			`description: 'Kind is a string value representing the REST resource this`
			`object represents. Servers may infer this from the endpoint the client`
			`submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'`
			`type: string`
			`metadata:`
			`type: object`
			`spec:`
			`description: Spec for configuring the identity provider.`
			`properties:`
Start to fill out LDAPIdentityProvider's fields and TestSupervisorLogin - Add some fields to LDAPIdentityProvider that we will need to be able to search for users during login - Enhance TestSupervisorLogin to test logging in using an upstream LDAP identity provider. Part of this new test is skipped for now because we haven't written the corresponding production code to make it pass yet. - Some refactoring and enhancement to env.go and the corresponding env vars to support the new upstream LDAP provider integration tests. - Use docker.io/bitnami/openldap for our test LDAP server instead of our own fork now that they have fixed the bug that we reported. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2021-04-07 19:56:09 +00:00			`bind:`
			`description: Bind contains the configuration for how to provide access`
			`credentials during an initial bind to the LDAP server to be allowed`
			`to perform searches and binds to validate a user's credentials during`
			`a user's authentication attempt.`
			`properties:`
			`secretName:`
			`description: SecretName contains the name of a namespace-local`
			`Secret object that provides the username and password for an`
			`LDAP bind user. This account will be used to perform LDAP searches.`
			`The Secret should be of type "kubernetes.io/basic-auth" which`
			`includes "username" and "password" keys. The username value`
			`should be the full DN of your bind account, e.g. "cn=bind-account,ou=users,dc=example,dc=com".`
			`minLength: 1`
			`type: string`
			`required:`
			`- secretName`
			`type: object`
Add stub LDAP API type and integration test The goal here was to start on an integration test to get us closer to the red test that we want so we can start working on LDAP. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2021-04-06 17:10:01 +00:00			`host:`
			`description: 'Host is the hostname of this LDAP identity provider,`
			`i.e., where to connect. For example: ldap.example.com:636.'`
			`minLength: 1`
			`type: string`
Start to fill out LDAPIdentityProvider's fields and TestSupervisorLogin - Add some fields to LDAPIdentityProvider that we will need to be able to search for users during login - Enhance TestSupervisorLogin to test logging in using an upstream LDAP identity provider. Part of this new test is skipped for now because we haven't written the corresponding production code to make it pass yet. - Some refactoring and enhancement to env.go and the corresponding env vars to support the new upstream LDAP provider integration tests. - Use docker.io/bitnami/openldap for our test LDAP server instead of our own fork now that they have fixed the bug that we reported. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2021-04-07 19:56:09 +00:00			`tls:`
			`description: TLS contains the connection settings for how to establish`
			`the connection to the Host.`
			`properties:`
			`certificateAuthorityData:`
			`description: X.509 Certificate Authority (base64-encoded PEM bundle)`
			`to trust when connecting to the LDAP provider. If omitted, a`
			`default set of system roots will be trusted.`
			`type: string`
			`type: object`
			`userSearch:`
			`description: UserSearch contains the configuration for searching for`
			`a user by name in the LDAP provider.`
			`properties:`
			`attributes:`
			`description: Attributes specifies how the user's information should`
			`be read from the LDAP entry which was found as the result of`
			`the user search.`
			`properties:`
			`uniqueID:`
			`description: UniqueID specifies the name of the attribute`
			`in the LDAP entry which whose value shall be used to uniquely`
			`identify the user within this LDAP provider after a successful`
			`authentication. E.g. "uidNumber" or "objectGUID".`
			`minLength: 1`
			`type: string`
			`username:`
			`description: Username specifies the name of attribute in the`
			`LDAP entry which whose value shall become the username of`
			`the user after a successful authentication. This would typically`
			`be the same attribute name used in the user search filter.`
			`E.g. "mail" or "uid" or "userPrincipalName".`
			`minLength: 1`
			`type: string`
			`type: object`
			`base:`
			`description: Base is the DN that should be used as the search`
			`base when searching for users. E.g. "ou=users,dc=example,dc=com".`
			`minLength: 1`
			`type: string`
			`filter:`
			`description: Filter is the LDAP search filter which should be`
			`applied when searching for users. The pattern "{}" must occur`
			`in the filter and will be dynamically replaced by the username`
			`for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})".`
			`For more information about LDAP filters, see https://ldap.com/ldap-filters.`
			`Optional. When not specified, the default will act as if the`
			`Filter were specified as the value from Attributes.Username`
			`appended by "={}".`
			`type: string`
			`type: object`
Add stub LDAP API type and integration test The goal here was to start on an integration test to get us closer to the red test that we want so we can start working on LDAP. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2021-04-06 17:10:01 +00:00			`required:`
			`- host`
			`type: object`
			`status:`
			`description: Status of the identity provider.`
			`properties:`
			`phase:`
			`default: Pending`
			`description: Phase summarizes the overall status of the LDAPIdentityProvider.`
			`enum:`
			`- Pending`
			`- Ready`
			`- Error`
			`type: string`
			`type: object`
			`required:`
			`- spec`
			`type: object`
			`served: true`
			`storage: true`
			`subresources:`
			`status: {}`
			`status:`
			`acceptedNames:`
			`kind: ""`
			`plural: ""`
			`conditions: []`
			`storedVersions: []`