Update wording for ActiveDirectoryIdentityProvider crd
This commit is contained in:
parent
8ea1bd3dfb
commit
00978c15f7
@ -46,7 +46,7 @@ type ActiveDirectoryIdentityProviderBind struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
||||||
// Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username
|
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
// of the user after a successful authentication. This would typically be the same attribute name used in
|
||||||
// Optional, when empty this defaults to "sAMAccountName".
|
// Optional, when empty this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
@ -64,7 +64,7 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
// in the user's list of groups after a successful authentication.
|
// in the user's list of groups after a successful authentication.
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
// Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
GroupName string `json:"groupName,omitempty"`
|
GroupName string `json:"groupName,omitempty"`
|
||||||
}
|
}
|
||||||
@ -72,20 +72,17 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
type ActiveDirectoryIdentityProviderUserSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
// E.g. "ou=users,dc=example,dc=com".
|
||||||
// Optional, when not specified it will search the whole directory tree.
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// Note that if your bind user only has permission to search a subtree, this must be specified.
|
|
||||||
// Search a subtree will also be faster.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur
|
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see
|
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
// Optional. When not specified, the default will be
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
@ -97,9 +94,8 @@ type ActiveDirectoryIdentityProviderUserSearch struct {
|
|||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
// "ou=groups,dc=example,dc=com".
|
||||||
// authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified,
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// the values of Filter and Attributes are ignored.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
@ -109,7 +105,9 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|||||||
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
// Optional. When not specified, the default will act as if the Filter were specified as
|
||||||
|
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
// This searches nested groups by default.
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
|
@ -88,18 +88,15 @@ spec:
|
|||||||
and must match the case of the attribute name returned by
|
and must match the case of the attribute name returned by
|
||||||
the ActiveDirectory server in the user's entry. E.g. "cn"
|
the ActiveDirectory server in the user's entry. E.g. "cn"
|
||||||
for common name. Distinguished names can be used by specifying
|
for common name. Distinguished names can be used by specifying
|
||||||
lower-case "dn". Optional. When not specified, the default
|
lower-case "dn". Optional. When not specified, this defaults
|
||||||
will act as if the GroupName were specified as "dn" (distinguished
|
to "sAMAccountName".
|
||||||
name).
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
||||||
When not specified, no group search will be performed and authenticated
|
Optional, when not specified it will be based on the result
|
||||||
users will not belong to any groups from the ActiveDirectory
|
of a query for the default naming context.
|
||||||
provider. Also, when not specified, the values of Filter and
|
|
||||||
Attributes are ignored.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the ActiveDirectory search filter which
|
||||||
@ -111,7 +108,8 @@ spec:
|
|||||||
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
Note that the dn (distinguished name) is not an attribute of
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
||||||
the default will act as if the Filter were specified as "member={}".
|
the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
This searches nested groups by default.
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
host:
|
host:
|
||||||
@ -146,33 +144,28 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
username:
|
username:
|
||||||
description: Username specifies the name of the attribute
|
description: Username specifies the name of the attribute
|
||||||
in the ActiveDirectory entry whose value shall become the
|
in Active Directory entry whose value shall become the username
|
||||||
username of the user after a successful authentication.
|
of the user after a successful authentication. This would
|
||||||
This would typically be the same attribute name used in
|
typically be the same attribute name used in Optional, when
|
||||||
Optional, when empty this defaults to "sAMAccountName".
|
empty this defaults to "sAMAccountName".
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
||||||
Optional, when not specified it will search the whole directory
|
Optional, when not specified it will be based on the result
|
||||||
tree. Note that if your bind user only has permission to search
|
of a query for the default naming context.
|
||||||
a subtree, this must be specified. Search a subtree will also
|
|
||||||
be faster.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the search filter which should be applied
|
||||||
should be applied when searching for users. The pattern "{}"
|
when searching for users. The pattern "{}" must occur in the
|
||||||
must occur in the filter at least once and will be dynamically
|
filter at least once and will be dynamically replaced by the
|
||||||
replaced by the username for which the search is being run.
|
username for which the search is being run. E.g. "mail={}" or
|
||||||
E.g. "mail={}" or "&(objectClass=person)(uid={})". For more
|
"&(objectClass=person)(uid={})". For more information about
|
||||||
information about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
LDAP filters, see https://ldap.com/ldap-filters. Note that the
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
dn (distinguished name) is not an attribute of an entry, so
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
"dn={}" cannot be used. Optional. When not specified, the default
|
||||||
the default will act as if the Filter were specified as the
|
will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
value from Attributes.Username appended by "={}". When the Attributes.Username
|
|
||||||
is set to "dn" then the Filter must be explicitly specified,
|
|
||||||
since the default value of "dn={}" would not work.
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
12
generated/1.17/README.adoc
generated
12
generated/1.17/README.adoc
generated
@ -798,8 +798,8 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified, the values of Filter and Attributes are ignored.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})". This searches nested groups by default.
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -817,7 +817,7 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -875,8 +875,8 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will search the whole directory tree. Note that if your bind user only has permission to search a subtree, this must be specified. Search a subtree will also be faster.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as the value from Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be explicitly specified, since the default value of "dn={}" would not work.
|
| *`filter`* __string__ | Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -894,7 +894,7 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`username`* __string__ | Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
| *`username`* __string__ | Username specifies the name of the attribute in Active Directory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
||||||
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ type ActiveDirectoryIdentityProviderBind struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
||||||
// Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username
|
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
// of the user after a successful authentication. This would typically be the same attribute name used in
|
||||||
// Optional, when empty this defaults to "sAMAccountName".
|
// Optional, when empty this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
@ -64,7 +64,7 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
// in the user's list of groups after a successful authentication.
|
// in the user's list of groups after a successful authentication.
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
// Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
GroupName string `json:"groupName,omitempty"`
|
GroupName string `json:"groupName,omitempty"`
|
||||||
}
|
}
|
||||||
@ -72,20 +72,17 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
type ActiveDirectoryIdentityProviderUserSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
// E.g. "ou=users,dc=example,dc=com".
|
||||||
// Optional, when not specified it will search the whole directory tree.
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// Note that if your bind user only has permission to search a subtree, this must be specified.
|
|
||||||
// Search a subtree will also be faster.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur
|
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see
|
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
// Optional. When not specified, the default will be
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
@ -97,9 +94,8 @@ type ActiveDirectoryIdentityProviderUserSearch struct {
|
|||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
// "ou=groups,dc=example,dc=com".
|
||||||
// authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified,
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// the values of Filter and Attributes are ignored.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
@ -109,7 +105,9 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|||||||
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
// Optional. When not specified, the default will act as if the Filter were specified as
|
||||||
|
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
// This searches nested groups by default.
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
|
@ -88,18 +88,15 @@ spec:
|
|||||||
and must match the case of the attribute name returned by
|
and must match the case of the attribute name returned by
|
||||||
the ActiveDirectory server in the user's entry. E.g. "cn"
|
the ActiveDirectory server in the user's entry. E.g. "cn"
|
||||||
for common name. Distinguished names can be used by specifying
|
for common name. Distinguished names can be used by specifying
|
||||||
lower-case "dn". Optional. When not specified, the default
|
lower-case "dn". Optional. When not specified, this defaults
|
||||||
will act as if the GroupName were specified as "dn" (distinguished
|
to "sAMAccountName".
|
||||||
name).
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
||||||
When not specified, no group search will be performed and authenticated
|
Optional, when not specified it will be based on the result
|
||||||
users will not belong to any groups from the ActiveDirectory
|
of a query for the default naming context.
|
||||||
provider. Also, when not specified, the values of Filter and
|
|
||||||
Attributes are ignored.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the ActiveDirectory search filter which
|
||||||
@ -111,7 +108,8 @@ spec:
|
|||||||
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
Note that the dn (distinguished name) is not an attribute of
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
||||||
the default will act as if the Filter were specified as "member={}".
|
the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
This searches nested groups by default.
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
host:
|
host:
|
||||||
@ -146,33 +144,28 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
username:
|
username:
|
||||||
description: Username specifies the name of the attribute
|
description: Username specifies the name of the attribute
|
||||||
in the ActiveDirectory entry whose value shall become the
|
in Active Directory entry whose value shall become the username
|
||||||
username of the user after a successful authentication.
|
of the user after a successful authentication. This would
|
||||||
This would typically be the same attribute name used in
|
typically be the same attribute name used in Optional, when
|
||||||
Optional, when empty this defaults to "sAMAccountName".
|
empty this defaults to "sAMAccountName".
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
||||||
Optional, when not specified it will search the whole directory
|
Optional, when not specified it will be based on the result
|
||||||
tree. Note that if your bind user only has permission to search
|
of a query for the default naming context.
|
||||||
a subtree, this must be specified. Search a subtree will also
|
|
||||||
be faster.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the search filter which should be applied
|
||||||
should be applied when searching for users. The pattern "{}"
|
when searching for users. The pattern "{}" must occur in the
|
||||||
must occur in the filter at least once and will be dynamically
|
filter at least once and will be dynamically replaced by the
|
||||||
replaced by the username for which the search is being run.
|
username for which the search is being run. E.g. "mail={}" or
|
||||||
E.g. "mail={}" or "&(objectClass=person)(uid={})". For more
|
"&(objectClass=person)(uid={})". For more information about
|
||||||
information about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
LDAP filters, see https://ldap.com/ldap-filters. Note that the
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
dn (distinguished name) is not an attribute of an entry, so
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
"dn={}" cannot be used. Optional. When not specified, the default
|
||||||
the default will act as if the Filter were specified as the
|
will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
value from Attributes.Username appended by "={}". When the Attributes.Username
|
|
||||||
is set to "dn" then the Filter must be explicitly specified,
|
|
||||||
since the default value of "dn={}" would not work.
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
12
generated/1.18/README.adoc
generated
12
generated/1.18/README.adoc
generated
@ -798,8 +798,8 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified, the values of Filter and Attributes are ignored.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})". This searches nested groups by default.
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -817,7 +817,7 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -875,8 +875,8 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will search the whole directory tree. Note that if your bind user only has permission to search a subtree, this must be specified. Search a subtree will also be faster.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as the value from Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be explicitly specified, since the default value of "dn={}" would not work.
|
| *`filter`* __string__ | Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -894,7 +894,7 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`username`* __string__ | Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
| *`username`* __string__ | Username specifies the name of the attribute in Active Directory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
||||||
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ type ActiveDirectoryIdentityProviderBind struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
||||||
// Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username
|
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
// of the user after a successful authentication. This would typically be the same attribute name used in
|
||||||
// Optional, when empty this defaults to "sAMAccountName".
|
// Optional, when empty this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
@ -64,7 +64,7 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
// in the user's list of groups after a successful authentication.
|
// in the user's list of groups after a successful authentication.
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
// Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
GroupName string `json:"groupName,omitempty"`
|
GroupName string `json:"groupName,omitempty"`
|
||||||
}
|
}
|
||||||
@ -72,20 +72,17 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
type ActiveDirectoryIdentityProviderUserSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
// E.g. "ou=users,dc=example,dc=com".
|
||||||
// Optional, when not specified it will search the whole directory tree.
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// Note that if your bind user only has permission to search a subtree, this must be specified.
|
|
||||||
// Search a subtree will also be faster.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur
|
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see
|
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
// Optional. When not specified, the default will be
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
@ -97,9 +94,8 @@ type ActiveDirectoryIdentityProviderUserSearch struct {
|
|||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
// "ou=groups,dc=example,dc=com".
|
||||||
// authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified,
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// the values of Filter and Attributes are ignored.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
@ -109,7 +105,9 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|||||||
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
// Optional. When not specified, the default will act as if the Filter were specified as
|
||||||
|
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
// This searches nested groups by default.
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
|
@ -88,18 +88,15 @@ spec:
|
|||||||
and must match the case of the attribute name returned by
|
and must match the case of the attribute name returned by
|
||||||
the ActiveDirectory server in the user's entry. E.g. "cn"
|
the ActiveDirectory server in the user's entry. E.g. "cn"
|
||||||
for common name. Distinguished names can be used by specifying
|
for common name. Distinguished names can be used by specifying
|
||||||
lower-case "dn". Optional. When not specified, the default
|
lower-case "dn". Optional. When not specified, this defaults
|
||||||
will act as if the GroupName were specified as "dn" (distinguished
|
to "sAMAccountName".
|
||||||
name).
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
||||||
When not specified, no group search will be performed and authenticated
|
Optional, when not specified it will be based on the result
|
||||||
users will not belong to any groups from the ActiveDirectory
|
of a query for the default naming context.
|
||||||
provider. Also, when not specified, the values of Filter and
|
|
||||||
Attributes are ignored.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the ActiveDirectory search filter which
|
||||||
@ -111,7 +108,8 @@ spec:
|
|||||||
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
Note that the dn (distinguished name) is not an attribute of
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
||||||
the default will act as if the Filter were specified as "member={}".
|
the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
This searches nested groups by default.
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
host:
|
host:
|
||||||
@ -146,33 +144,28 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
username:
|
username:
|
||||||
description: Username specifies the name of the attribute
|
description: Username specifies the name of the attribute
|
||||||
in the ActiveDirectory entry whose value shall become the
|
in Active Directory entry whose value shall become the username
|
||||||
username of the user after a successful authentication.
|
of the user after a successful authentication. This would
|
||||||
This would typically be the same attribute name used in
|
typically be the same attribute name used in Optional, when
|
||||||
Optional, when empty this defaults to "sAMAccountName".
|
empty this defaults to "sAMAccountName".
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
||||||
Optional, when not specified it will search the whole directory
|
Optional, when not specified it will be based on the result
|
||||||
tree. Note that if your bind user only has permission to search
|
of a query for the default naming context.
|
||||||
a subtree, this must be specified. Search a subtree will also
|
|
||||||
be faster.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the search filter which should be applied
|
||||||
should be applied when searching for users. The pattern "{}"
|
when searching for users. The pattern "{}" must occur in the
|
||||||
must occur in the filter at least once and will be dynamically
|
filter at least once and will be dynamically replaced by the
|
||||||
replaced by the username for which the search is being run.
|
username for which the search is being run. E.g. "mail={}" or
|
||||||
E.g. "mail={}" or "&(objectClass=person)(uid={})". For more
|
"&(objectClass=person)(uid={})". For more information about
|
||||||
information about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
LDAP filters, see https://ldap.com/ldap-filters. Note that the
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
dn (distinguished name) is not an attribute of an entry, so
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
"dn={}" cannot be used. Optional. When not specified, the default
|
||||||
the default will act as if the Filter were specified as the
|
will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
value from Attributes.Username appended by "={}". When the Attributes.Username
|
|
||||||
is set to "dn" then the Filter must be explicitly specified,
|
|
||||||
since the default value of "dn={}" would not work.
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
12
generated/1.19/README.adoc
generated
12
generated/1.19/README.adoc
generated
@ -798,8 +798,8 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified, the values of Filter and Attributes are ignored.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})". This searches nested groups by default.
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -817,7 +817,7 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -875,8 +875,8 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will search the whole directory tree. Note that if your bind user only has permission to search a subtree, this must be specified. Search a subtree will also be faster.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as the value from Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be explicitly specified, since the default value of "dn={}" would not work.
|
| *`filter`* __string__ | Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -894,7 +894,7 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`username`* __string__ | Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
| *`username`* __string__ | Username specifies the name of the attribute in Active Directory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
||||||
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ type ActiveDirectoryIdentityProviderBind struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
||||||
// Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username
|
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
// of the user after a successful authentication. This would typically be the same attribute name used in
|
||||||
// Optional, when empty this defaults to "sAMAccountName".
|
// Optional, when empty this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
@ -64,7 +64,7 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
// in the user's list of groups after a successful authentication.
|
// in the user's list of groups after a successful authentication.
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
// Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
GroupName string `json:"groupName,omitempty"`
|
GroupName string `json:"groupName,omitempty"`
|
||||||
}
|
}
|
||||||
@ -72,20 +72,17 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
type ActiveDirectoryIdentityProviderUserSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
// E.g. "ou=users,dc=example,dc=com".
|
||||||
// Optional, when not specified it will search the whole directory tree.
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// Note that if your bind user only has permission to search a subtree, this must be specified.
|
|
||||||
// Search a subtree will also be faster.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur
|
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see
|
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
// Optional. When not specified, the default will be
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
@ -97,9 +94,8 @@ type ActiveDirectoryIdentityProviderUserSearch struct {
|
|||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
// "ou=groups,dc=example,dc=com".
|
||||||
// authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified,
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// the values of Filter and Attributes are ignored.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
@ -109,7 +105,9 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|||||||
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
// Optional. When not specified, the default will act as if the Filter were specified as
|
||||||
|
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
// This searches nested groups by default.
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
|
@ -88,18 +88,15 @@ spec:
|
|||||||
and must match the case of the attribute name returned by
|
and must match the case of the attribute name returned by
|
||||||
the ActiveDirectory server in the user's entry. E.g. "cn"
|
the ActiveDirectory server in the user's entry. E.g. "cn"
|
||||||
for common name. Distinguished names can be used by specifying
|
for common name. Distinguished names can be used by specifying
|
||||||
lower-case "dn". Optional. When not specified, the default
|
lower-case "dn". Optional. When not specified, this defaults
|
||||||
will act as if the GroupName were specified as "dn" (distinguished
|
to "sAMAccountName".
|
||||||
name).
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
||||||
When not specified, no group search will be performed and authenticated
|
Optional, when not specified it will be based on the result
|
||||||
users will not belong to any groups from the ActiveDirectory
|
of a query for the default naming context.
|
||||||
provider. Also, when not specified, the values of Filter and
|
|
||||||
Attributes are ignored.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the ActiveDirectory search filter which
|
||||||
@ -111,7 +108,8 @@ spec:
|
|||||||
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
Note that the dn (distinguished name) is not an attribute of
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
||||||
the default will act as if the Filter were specified as "member={}".
|
the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
This searches nested groups by default.
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
host:
|
host:
|
||||||
@ -146,33 +144,28 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
username:
|
username:
|
||||||
description: Username specifies the name of the attribute
|
description: Username specifies the name of the attribute
|
||||||
in the ActiveDirectory entry whose value shall become the
|
in Active Directory entry whose value shall become the username
|
||||||
username of the user after a successful authentication.
|
of the user after a successful authentication. This would
|
||||||
This would typically be the same attribute name used in
|
typically be the same attribute name used in Optional, when
|
||||||
Optional, when empty this defaults to "sAMAccountName".
|
empty this defaults to "sAMAccountName".
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
||||||
Optional, when not specified it will search the whole directory
|
Optional, when not specified it will be based on the result
|
||||||
tree. Note that if your bind user only has permission to search
|
of a query for the default naming context.
|
||||||
a subtree, this must be specified. Search a subtree will also
|
|
||||||
be faster.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the search filter which should be applied
|
||||||
should be applied when searching for users. The pattern "{}"
|
when searching for users. The pattern "{}" must occur in the
|
||||||
must occur in the filter at least once and will be dynamically
|
filter at least once and will be dynamically replaced by the
|
||||||
replaced by the username for which the search is being run.
|
username for which the search is being run. E.g. "mail={}" or
|
||||||
E.g. "mail={}" or "&(objectClass=person)(uid={})". For more
|
"&(objectClass=person)(uid={})". For more information about
|
||||||
information about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
LDAP filters, see https://ldap.com/ldap-filters. Note that the
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
dn (distinguished name) is not an attribute of an entry, so
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
"dn={}" cannot be used. Optional. When not specified, the default
|
||||||
the default will act as if the Filter were specified as the
|
will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
value from Attributes.Username appended by "={}". When the Attributes.Username
|
|
||||||
is set to "dn" then the Filter must be explicitly specified,
|
|
||||||
since the default value of "dn={}" would not work.
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
12
generated/1.20/README.adoc
generated
12
generated/1.20/README.adoc
generated
@ -798,8 +798,8 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified, the values of Filter and Attributes are ignored.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the dn (distinguished name) of the user entry found as a result of the user search. E.g. "member={}" or "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})". This searches nested groups by default.
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-activedirectoryidentityprovidergroupsearchattributes[$$ActiveDirectoryIdentityProviderGroupSearchAttributes$$]__ | Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as the result of the group search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -817,7 +817,7 @@ ActiveDirectoryIdentityProvider describes the configuration of an upstream Micro
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
| *`groupName`* __string__ | GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name in the user's list of groups after a successful authentication. The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn". Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -875,8 +875,8 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will search the whole directory tree. Note that if your bind user only has permission to search a subtree, this must be specified. Search a subtree will also be faster.
|
| *`base`* __string__ | Base is the dn (distinguished name) that should be used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com". Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
| *`filter`* __string__ | Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will act as if the Filter were specified as the value from Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be explicitly specified, since the default value of "dn={}" would not work.
|
| *`filter`* __string__ | Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the username for which the search is being run. E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see https://ldap.com/ldap-filters. Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used. Optional. When not specified, the default will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
| *`attributes`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-idp-v1alpha1-activedirectoryidentityproviderusersearchattributes[$$ActiveDirectoryIdentityProviderUserSearchAttributes$$]__ | Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as the result of the user search.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
@ -894,7 +894,7 @@ Status of an Active Directory identity provider.
|
|||||||
[cols="25a,75a", options="header"]
|
[cols="25a,75a", options="header"]
|
||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`username`* __string__ | Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
| *`username`* __string__ | Username specifies the name of the attribute in Active Directory entry whose value shall become the username of the user after a successful authentication. This would typically be the same attribute name used in Optional, when empty this defaults to "sAMAccountName".
|
||||||
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
| *`uid`* __string__ | UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely identify the user within this ActiveDirectory provider after a successful authentication. Optional, when empty this defaults to "objectGUID".
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ type ActiveDirectoryIdentityProviderBind struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
||||||
// Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username
|
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
// of the user after a successful authentication. This would typically be the same attribute name used in
|
||||||
// Optional, when empty this defaults to "sAMAccountName".
|
// Optional, when empty this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
@ -64,7 +64,7 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
// in the user's list of groups after a successful authentication.
|
// in the user's list of groups after a successful authentication.
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
// Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
GroupName string `json:"groupName,omitempty"`
|
GroupName string `json:"groupName,omitempty"`
|
||||||
}
|
}
|
||||||
@ -72,20 +72,17 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
type ActiveDirectoryIdentityProviderUserSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
// E.g. "ou=users,dc=example,dc=com".
|
||||||
// Optional, when not specified it will search the whole directory tree.
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// Note that if your bind user only has permission to search a subtree, this must be specified.
|
|
||||||
// Search a subtree will also be faster.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur
|
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see
|
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
// Optional. When not specified, the default will be
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
@ -97,9 +94,8 @@ type ActiveDirectoryIdentityProviderUserSearch struct {
|
|||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
// "ou=groups,dc=example,dc=com".
|
||||||
// authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified,
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// the values of Filter and Attributes are ignored.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
@ -109,7 +105,9 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|||||||
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
// Optional. When not specified, the default will act as if the Filter were specified as
|
||||||
|
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
// This searches nested groups by default.
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
|
@ -88,18 +88,15 @@ spec:
|
|||||||
and must match the case of the attribute name returned by
|
and must match the case of the attribute name returned by
|
||||||
the ActiveDirectory server in the user's entry. E.g. "cn"
|
the ActiveDirectory server in the user's entry. E.g. "cn"
|
||||||
for common name. Distinguished names can be used by specifying
|
for common name. Distinguished names can be used by specifying
|
||||||
lower-case "dn". Optional. When not specified, the default
|
lower-case "dn". Optional. When not specified, this defaults
|
||||||
will act as if the GroupName were specified as "dn" (distinguished
|
to "sAMAccountName".
|
||||||
name).
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
used as the search base when searching for groups. E.g. "ou=groups,dc=example,dc=com".
|
||||||
When not specified, no group search will be performed and authenticated
|
Optional, when not specified it will be based on the result
|
||||||
users will not belong to any groups from the ActiveDirectory
|
of a query for the default naming context.
|
||||||
provider. Also, when not specified, the values of Filter and
|
|
||||||
Attributes are ignored.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the ActiveDirectory search filter which
|
||||||
@ -111,7 +108,8 @@ spec:
|
|||||||
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
Note that the dn (distinguished name) is not an attribute of
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
||||||
the default will act as if the Filter were specified as "member={}".
|
the default will act as if the Filter were specified as "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
This searches nested groups by default.
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
host:
|
host:
|
||||||
@ -146,33 +144,28 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
username:
|
username:
|
||||||
description: Username specifies the name of the attribute
|
description: Username specifies the name of the attribute
|
||||||
in the ActiveDirectory entry whose value shall become the
|
in Active Directory entry whose value shall become the username
|
||||||
username of the user after a successful authentication.
|
of the user after a successful authentication. This would
|
||||||
This would typically be the same attribute name used in
|
typically be the same attribute name used in Optional, when
|
||||||
Optional, when empty this defaults to "sAMAccountName".
|
empty this defaults to "sAMAccountName".
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
base:
|
base:
|
||||||
description: Base is the dn (distinguished name) that should be
|
description: Base is the dn (distinguished name) that should be
|
||||||
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
used as the search base when searching for users. E.g. "ou=users,dc=example,dc=com".
|
||||||
Optional, when not specified it will search the whole directory
|
Optional, when not specified it will be based on the result
|
||||||
tree. Note that if your bind user only has permission to search
|
of a query for the default naming context.
|
||||||
a subtree, this must be specified. Search a subtree will also
|
|
||||||
be faster.
|
|
||||||
type: string
|
type: string
|
||||||
filter:
|
filter:
|
||||||
description: Filter is the ActiveDirectory search filter which
|
description: Filter is the search filter which should be applied
|
||||||
should be applied when searching for users. The pattern "{}"
|
when searching for users. The pattern "{}" must occur in the
|
||||||
must occur in the filter at least once and will be dynamically
|
filter at least once and will be dynamically replaced by the
|
||||||
replaced by the username for which the search is being run.
|
username for which the search is being run. E.g. "mail={}" or
|
||||||
E.g. "mail={}" or "&(objectClass=person)(uid={})". For more
|
"&(objectClass=person)(uid={})". For more information about
|
||||||
information about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
LDAP filters, see https://ldap.com/ldap-filters. Note that the
|
||||||
Note that the dn (distinguished name) is not an attribute of
|
dn (distinguished name) is not an attribute of an entry, so
|
||||||
an entry, so "dn={}" cannot be used. Optional. When not specified,
|
"dn={}" cannot be used. Optional. When not specified, the default
|
||||||
the default will act as if the Filter were specified as the
|
will be '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
value from Attributes.Username appended by "={}". When the Attributes.Username
|
|
||||||
is set to "dn" then the Filter must be explicitly specified,
|
|
||||||
since the default value of "dn={}" would not work.
|
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
required:
|
required:
|
||||||
|
@ -46,7 +46,7 @@ type ActiveDirectoryIdentityProviderBind struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
||||||
// Username specifies the name of the attribute in the ActiveDirectory entry whose value shall become the username
|
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
// of the user after a successful authentication. This would typically be the same attribute name used in
|
||||||
// Optional, when empty this defaults to "sAMAccountName".
|
// Optional, when empty this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
@ -64,7 +64,7 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
// in the user's list of groups after a successful authentication.
|
// in the user's list of groups after a successful authentication.
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
// Optional. When not specified, this defaults to "sAMAccountName".
|
||||||
// +optional
|
// +optional
|
||||||
GroupName string `json:"groupName,omitempty"`
|
GroupName string `json:"groupName,omitempty"`
|
||||||
}
|
}
|
||||||
@ -72,20 +72,17 @@ type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
type ActiveDirectoryIdentityProviderUserSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
// E.g. "ou=users,dc=example,dc=com".
|
||||||
// Optional, when not specified it will search the whole directory tree.
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// Note that if your bind user only has permission to search a subtree, this must be specified.
|
|
||||||
// Search a subtree will also be faster.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for users. The pattern "{}" must occur
|
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about ActiveDirectory filters, see
|
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
// Optional. When not specified, the default will be
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={}))(sAMAccountType=805306368))'
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
@ -97,9 +94,8 @@ type ActiveDirectoryIdentityProviderUserSearch struct {
|
|||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
// "ou=groups,dc=example,dc=com".
|
||||||
// authenticated users will not belong to any groups from the ActiveDirectory provider. Also, when not specified,
|
// Optional, when not specified it will be based on the result of a query for the default naming context.
|
||||||
// the values of Filter and Attributes are ignored.
|
|
||||||
// +optional
|
// +optional
|
||||||
Base string `json:"base,omitempty"`
|
Base string `json:"base,omitempty"`
|
||||||
|
|
||||||
@ -109,7 +105,9 @@ type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|||||||
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
// "&(objectClass=groupOfNames)(member={})". For more information about ActiveDirectory filters, see
|
||||||
// https://ldap.com/ldap-filters.
|
// https://ldap.com/ldap-filters.
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
// Optional. When not specified, the default will act as if the Filter were specified as
|
||||||
|
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
||||||
|
// This searches nested groups by default.
|
||||||
// +optional
|
// +optional
|
||||||
Filter string `json:"filter,omitempty"`
|
Filter string `json:"filter,omitempty"`
|
||||||
|
|
||||||
|
1
go.mod
1
go.mod
@ -12,7 +12,6 @@ require (
|
|||||||
github.com/go-logr/stdr v0.4.0
|
github.com/go-logr/stdr v0.4.0
|
||||||
github.com/go-openapi/spec v0.20.3 // indirect
|
github.com/go-openapi/spec v0.20.3 // indirect
|
||||||
github.com/gofrs/flock v0.8.1
|
github.com/gofrs/flock v0.8.1
|
||||||
github.com/gofrs/uuid v3.2.0+incompatible
|
|
||||||
github.com/golang/mock v1.6.0
|
github.com/golang/mock v1.6.0
|
||||||
github.com/google/go-cmp v0.5.6
|
github.com/google/go-cmp v0.5.6
|
||||||
github.com/google/gofuzz v1.2.0
|
github.com/google/gofuzz v1.2.0
|
||||||
|
1
go.sum
1
go.sum
@ -554,7 +554,6 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
|
|||||||
github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
|
github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
|
||||||
github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
|
github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
|
||||||
github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||||
github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
|
|
||||||
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||||
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
|
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
|
||||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||||
|
Loading…
Reference in New Issue
Block a user