From 0a31f45812fbebd8d55a375b9475c765e412d3f3 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 20 Sep 2021 12:47:39 -0700 Subject: [PATCH] Update the AdditionalPrinterColumns of the CRDs, and add a test for it --- ...go.tmpl => types_jwtauthenticator.go.tmpl} | 4 +- .../types_webhookauthenticator.go.tmpl | 3 +- .../v1alpha1/types_credentialissuer.go.tmpl | 2 + .../v1alpha1/types_federationdomain.go.tmpl | 5 +- ...cierge.pinniped.dev_jwtauthenticators.yaml | 6 + ...ge.pinniped.dev_webhookauthenticators.yaml | 3 + ...cierge.pinniped.dev_credentialissuers.yaml | 9 +- ...rvisor.pinniped.dev_federationdomains.yaml | 12 +- .../v1alpha1/types_jwtauthenticator.go} | 4 +- .../v1alpha1/types_webhookauthenticator.go | 3 +- .../config/v1alpha1/types_credentialissuer.go | 2 + .../config/v1alpha1/types_federationdomain.go | 5 +- ...cierge.pinniped.dev_jwtauthenticators.yaml | 6 + ...ge.pinniped.dev_webhookauthenticators.yaml | 3 + ...cierge.pinniped.dev_credentialissuers.yaml | 9 +- ...rvisor.pinniped.dev_federationdomains.yaml | 12 +- .../v1alpha1/types_jwtauthenticator.go} | 4 +- .../v1alpha1/types_webhookauthenticator.go} | 3 +- .../config/v1alpha1/types_credentialissuer.go | 2 + .../config/v1alpha1/types_federationdomain.go | 5 +- ...cierge.pinniped.dev_jwtauthenticators.yaml | 6 + ...ge.pinniped.dev_webhookauthenticators.yaml | 3 + ...cierge.pinniped.dev_credentialissuers.yaml | 9 +- ...rvisor.pinniped.dev_federationdomains.yaml | 12 +- ...types_jwt.go => types_jwtauthenticator.go} | 4 +- .../v1alpha1/types_webhookauthenticator.go} | 3 +- .../config/v1alpha1/types_credentialissuer.go | 2 + .../config/v1alpha1/types_federationdomain.go | 5 +- ...cierge.pinniped.dev_jwtauthenticators.yaml | 6 + ...ge.pinniped.dev_webhookauthenticators.yaml | 3 + ...cierge.pinniped.dev_credentialissuers.yaml | 9 +- ...rvisor.pinniped.dev_federationdomains.yaml | 12 +- .../authentication/v1alpha1/types_jwt.go | 83 ------------- .../v1alpha1/types_jwtauthenticator.go | 85 ++++++++++++++ .../authentication/v1alpha1/types_webhook.go | 55 --------- .../v1alpha1/types_webhookauthenticator.go | 56 +++++++++ .../config/v1alpha1/types_credentialissuer.go | 2 + .../config/v1alpha1/types_federationdomain.go | 5 +- ...cierge.pinniped.dev_jwtauthenticators.yaml | 6 + ...ge.pinniped.dev_webhookauthenticators.yaml | 3 + ...cierge.pinniped.dev_credentialissuers.yaml | 9 +- ...rvisor.pinniped.dev_federationdomains.yaml | 12 +- .../authentication/v1alpha1/types_jwt.go | 83 ------------- .../v1alpha1/types_jwtauthenticator.go | 85 ++++++++++++++ .../authentication/v1alpha1/types_webhook.go | 55 --------- .../v1alpha1/types_webhookauthenticator.go | 56 +++++++++ .../config/v1alpha1/types_credentialissuer.go | 2 + .../config/v1alpha1/types_federationdomain.go | 5 +- go.mod | 13 ++- go.sum | 21 +++- test/integration/kube_api_discovery_test.go | 109 ++++++++++++++++++ test/testlib/client.go | 8 ++ 52 files changed, 617 insertions(+), 312 deletions(-) rename apis/concierge/authentication/v1alpha1/{types_jwt.go.tmpl => types_jwtauthenticator.go.tmpl} (92%) rename generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go => apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go.tmpl (91%) rename generated/{1.18/apis/concierge/authentication/v1alpha1/types_jwt.go => 1.17/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go} (92%) rename apis/concierge/authentication/v1alpha1/types_webhook.go.tmpl => generated/1.17/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go (91%) rename generated/{1.17/apis/concierge/authentication/v1alpha1/types_jwt.go => 1.18/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go} (92%) rename generated/{1.19/apis/concierge/authentication/v1alpha1/types_webhook.go => 1.18/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go} (91%) rename generated/1.19/apis/concierge/authentication/v1alpha1/{types_jwt.go => types_jwtauthenticator.go} (92%) rename generated/{1.17/apis/concierge/authentication/v1alpha1/types_webhook.go => 1.19/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go} (91%) delete mode 100644 generated/1.20/apis/concierge/authentication/v1alpha1/types_jwt.go create mode 100644 generated/1.20/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go delete mode 100644 generated/1.20/apis/concierge/authentication/v1alpha1/types_webhook.go create mode 100644 generated/1.20/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go delete mode 100644 generated/latest/apis/concierge/authentication/v1alpha1/types_jwt.go create mode 100644 generated/latest/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go delete mode 100644 generated/latest/apis/concierge/authentication/v1alpha1/types_webhook.go create mode 100644 generated/latest/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go diff --git a/apis/concierge/authentication/v1alpha1/types_jwt.go.tmpl b/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go.tmpl similarity index 92% rename from apis/concierge/authentication/v1alpha1/types_jwt.go.tmpl rename to apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go.tmpl index 813460fa..0d22d7af 100644 --- a/apis/concierge/authentication/v1alpha1/types_jwt.go.tmpl +++ b/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go.tmpl @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -61,6 +61,8 @@ type JWTTokenClaims struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type JWTAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go b/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go.tmpl similarity index 91% rename from generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go rename to apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go.tmpl index 2bf626d2..2a66815d 100644 --- a/generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go +++ b/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go.tmpl @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type WebhookAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl index 49966390..9ad66dd4 100644 --- a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl +++ b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl @@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped,scope=Cluster +// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl b/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl index ecea1073..15e94f62 100644 --- a/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl +++ b/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -109,6 +109,9 @@ type FederationDomainStatus struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type FederationDomain struct { metav1.TypeMeta `json:",inline"` diff --git a/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 9f5ec0fc..bf656d1f 100644 --- a/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -24,6 +24,12 @@ spec: - jsonPath: .spec.issuer name: Issuer type: string + - jsonPath: .spec.audience + name: Audience + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 3ccd3216..10dcc7bd 100644 --- a/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -24,6 +24,9 @@ spec: - jsonPath: .spec.endpoint name: Endpoint type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml index 4014551f..6651a9c6 100644 --- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml @@ -18,7 +18,14 @@ spec: singular: credentialissuer scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.impersonationProxy.mode + name: ProxyMode + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: CredentialIssuer describes the configuration and status of the diff --git a/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml b/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml index 2b4af346..5fad1946 100644 --- a/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml @@ -18,7 +18,17 @@ spec: singular: federationdomain scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.issuer + name: Issuer + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: FederationDomain describes the configuration of an OIDC provider. diff --git a/generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go b/generated/1.17/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go similarity index 92% rename from generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go rename to generated/1.17/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go index 813460fa..0d22d7af 100644 --- a/generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go +++ b/generated/1.17/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -61,6 +61,8 @@ type JWTTokenClaims struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type JWTAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/concierge/authentication/v1alpha1/types_webhook.go.tmpl b/generated/1.17/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go similarity index 91% rename from apis/concierge/authentication/v1alpha1/types_webhook.go.tmpl rename to generated/1.17/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go index 2bf626d2..2a66815d 100644 --- a/apis/concierge/authentication/v1alpha1/types_webhook.go.tmpl +++ b/generated/1.17/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type WebhookAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go index 49966390..9ad66dd4 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped,scope=Cluster +// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go index ecea1073..15e94f62 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -109,6 +109,9 @@ type FederationDomainStatus struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type FederationDomain struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.17/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.17/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 9f5ec0fc..bf656d1f 100644 --- a/generated/1.17/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.17/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -24,6 +24,12 @@ spec: - jsonPath: .spec.issuer name: Issuer type: string + - jsonPath: .spec.audience + name: Audience + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.17/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.17/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 3ccd3216..10dcc7bd 100644 --- a/generated/1.17/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.17/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -24,6 +24,9 @@ spec: - jsonPath: .spec.endpoint name: Endpoint type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 4014551f..6651a9c6 100644 --- a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -18,7 +18,14 @@ spec: singular: credentialissuer scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.impersonationProxy.mode + name: ProxyMode + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: CredentialIssuer describes the configuration and status of the diff --git a/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 2b4af346..5fad1946 100644 --- a/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -18,7 +18,17 @@ spec: singular: federationdomain scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.issuer + name: Issuer + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: FederationDomain describes the configuration of an OIDC provider. diff --git a/generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go b/generated/1.18/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go similarity index 92% rename from generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go rename to generated/1.18/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go index 813460fa..0d22d7af 100644 --- a/generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go +++ b/generated/1.18/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -61,6 +61,8 @@ type JWTTokenClaims struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type JWTAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.19/apis/concierge/authentication/v1alpha1/types_webhook.go b/generated/1.18/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go similarity index 91% rename from generated/1.19/apis/concierge/authentication/v1alpha1/types_webhook.go rename to generated/1.18/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go index 2bf626d2..2a66815d 100644 --- a/generated/1.19/apis/concierge/authentication/v1alpha1/types_webhook.go +++ b/generated/1.18/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type WebhookAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go index 49966390..9ad66dd4 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped,scope=Cluster +// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go index ecea1073..15e94f62 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -109,6 +109,9 @@ type FederationDomainStatus struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type FederationDomain struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.18/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.18/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 9f5ec0fc..bf656d1f 100644 --- a/generated/1.18/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.18/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -24,6 +24,12 @@ spec: - jsonPath: .spec.issuer name: Issuer type: string + - jsonPath: .spec.audience + name: Audience + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.18/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.18/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 3ccd3216..10dcc7bd 100644 --- a/generated/1.18/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.18/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -24,6 +24,9 @@ spec: - jsonPath: .spec.endpoint name: Endpoint type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 4014551f..6651a9c6 100644 --- a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -18,7 +18,14 @@ spec: singular: credentialissuer scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.impersonationProxy.mode + name: ProxyMode + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: CredentialIssuer describes the configuration and status of the diff --git a/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 2b4af346..5fad1946 100644 --- a/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -18,7 +18,17 @@ spec: singular: federationdomain scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.issuer + name: Issuer + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: FederationDomain describes the configuration of an OIDC provider. diff --git a/generated/1.19/apis/concierge/authentication/v1alpha1/types_jwt.go b/generated/1.19/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go similarity index 92% rename from generated/1.19/apis/concierge/authentication/v1alpha1/types_jwt.go rename to generated/1.19/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go index 813460fa..0d22d7af 100644 --- a/generated/1.19/apis/concierge/authentication/v1alpha1/types_jwt.go +++ b/generated/1.19/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -61,6 +61,8 @@ type JWTTokenClaims struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type JWTAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go b/generated/1.19/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go similarity index 91% rename from generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go rename to generated/1.19/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go index 2bf626d2..2a66815d 100644 --- a/generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go +++ b/generated/1.19/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type WebhookAuthenticator struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go index 49966390..9ad66dd4 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped,scope=Cluster +// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go index ecea1073..15e94f62 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -109,6 +109,9 @@ type FederationDomainStatus struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type FederationDomain struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.19/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.19/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 9f5ec0fc..bf656d1f 100644 --- a/generated/1.19/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.19/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -24,6 +24,12 @@ spec: - jsonPath: .spec.issuer name: Issuer type: string + - jsonPath: .spec.audience + name: Audience + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.19/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.19/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 3ccd3216..10dcc7bd 100644 --- a/generated/1.19/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.19/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -24,6 +24,9 @@ spec: - jsonPath: .spec.endpoint name: Endpoint type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 4014551f..6651a9c6 100644 --- a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -18,7 +18,14 @@ spec: singular: credentialissuer scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.impersonationProxy.mode + name: ProxyMode + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: CredentialIssuer describes the configuration and status of the diff --git a/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 2b4af346..5fad1946 100644 --- a/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -18,7 +18,17 @@ spec: singular: federationdomain scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.issuer + name: Issuer + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: FederationDomain describes the configuration of an OIDC provider. diff --git a/generated/1.20/apis/concierge/authentication/v1alpha1/types_jwt.go b/generated/1.20/apis/concierge/authentication/v1alpha1/types_jwt.go deleted file mode 100644 index 813460fa..00000000 --- a/generated/1.20/apis/concierge/authentication/v1alpha1/types_jwt.go +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Status of a JWT authenticator. -type JWTAuthenticatorStatus struct { - // Represents the observations of the authenticator's current state. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` -} - -// Spec for configuring a JWT authenticator. -type JWTAuthenticatorSpec struct { - // Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is - // also used to validate the "iss" JWT claim. - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^https://` - Issuer string `json:"issuer"` - - // Audience is the required value of the "aud" JWT claim. - // +kubebuilder:validation:MinLength=1 - Audience string `json:"audience"` - - // Claims allows customization of the claims that will be mapped to user identity - // for Kubernetes access. - // +optional - Claims JWTTokenClaims `json:"claims"` - - // TLS configuration for communicating with the OIDC provider. - // +optional - TLS *TLSSpec `json:"tls,omitempty"` -} - -// JWTTokenClaims allows customization of the claims that will be mapped to user identity -// for Kubernetes access. -type JWTTokenClaims struct { - // Groups is the name of the claim which should be read to extract the user's - // group membership from the JWT token. When not specified, it will default to "groups". - // +optional - Groups string `json:"groups"` - - // Username is the name of the claim which should be read to extract the - // username from the JWT token. When not specified, it will default to "username". - // +optional - Username string `json:"username"` -} - -// JWTAuthenticator describes the configuration of a JWT authenticator. -// -// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid -// signature, existence of claims, etc.) and extract the username and groups from the token. -// -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster -// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` -// +kubebuilder:subresource:status -type JWTAuthenticator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec for configuring the authenticator. - Spec JWTAuthenticatorSpec `json:"spec"` - - // Status of the authenticator. - Status JWTAuthenticatorStatus `json:"status,omitempty"` -} - -// List of JWTAuthenticator objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type JWTAuthenticatorList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - - Items []JWTAuthenticator `json:"items"` -} diff --git a/generated/1.20/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go b/generated/1.20/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go new file mode 100644 index 00000000..0d22d7af --- /dev/null +++ b/generated/1.20/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go @@ -0,0 +1,85 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a JWT authenticator. +type JWTAuthenticatorStatus struct { + // Represents the observations of the authenticator's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a JWT authenticator. +type JWTAuthenticatorSpec struct { + // Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is + // also used to validate the "iss" JWT claim. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Issuer string `json:"issuer"` + + // Audience is the required value of the "aud" JWT claim. + // +kubebuilder:validation:MinLength=1 + Audience string `json:"audience"` + + // Claims allows customization of the claims that will be mapped to user identity + // for Kubernetes access. + // +optional + Claims JWTTokenClaims `json:"claims"` + + // TLS configuration for communicating with the OIDC provider. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// JWTTokenClaims allows customization of the claims that will be mapped to user identity +// for Kubernetes access. +type JWTTokenClaims struct { + // Groups is the name of the claim which should be read to extract the user's + // group membership from the JWT token. When not specified, it will default to "groups". + // +optional + Groups string `json:"groups"` + + // Username is the name of the claim which should be read to extract the + // username from the JWT token. When not specified, it will default to "username". + // +optional + Username string `json:"username"` +} + +// JWTAuthenticator describes the configuration of a JWT authenticator. +// +// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid +// signature, existence of claims, etc.) and extract the username and groups from the token. +// +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:subresource:status +type JWTAuthenticator struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the authenticator. + Spec JWTAuthenticatorSpec `json:"spec"` + + // Status of the authenticator. + Status JWTAuthenticatorStatus `json:"status,omitempty"` +} + +// List of JWTAuthenticator objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type JWTAuthenticatorList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []JWTAuthenticator `json:"items"` +} diff --git a/generated/1.20/apis/concierge/authentication/v1alpha1/types_webhook.go b/generated/1.20/apis/concierge/authentication/v1alpha1/types_webhook.go deleted file mode 100644 index 2bf626d2..00000000 --- a/generated/1.20/apis/concierge/authentication/v1alpha1/types_webhook.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Status of a webhook authenticator. -type WebhookAuthenticatorStatus struct { - // Represents the observations of the authenticator's current state. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` -} - -// Spec for configuring a webhook authenticator. -type WebhookAuthenticatorSpec struct { - // Webhook server endpoint URL. - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^https://` - Endpoint string `json:"endpoint"` - - // TLS configuration. - // +optional - TLS *TLSSpec `json:"tls,omitempty"` -} - -// WebhookAuthenticator describes the configuration of a webhook authenticator. -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster -// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` -// +kubebuilder:subresource:status -type WebhookAuthenticator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec for configuring the authenticator. - Spec WebhookAuthenticatorSpec `json:"spec"` - - // Status of the authenticator. - Status WebhookAuthenticatorStatus `json:"status,omitempty"` -} - -// List of WebhookAuthenticator objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type WebhookAuthenticatorList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - - Items []WebhookAuthenticator `json:"items"` -} diff --git a/generated/1.20/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go b/generated/1.20/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go new file mode 100644 index 00000000..2a66815d --- /dev/null +++ b/generated/1.20/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go @@ -0,0 +1,56 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a webhook authenticator. +type WebhookAuthenticatorStatus struct { + // Represents the observations of the authenticator's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a webhook authenticator. +type WebhookAuthenticatorSpec struct { + // Webhook server endpoint URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // TLS configuration. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// WebhookAuthenticator describes the configuration of a webhook authenticator. +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:subresource:status +type WebhookAuthenticator struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the authenticator. + Spec WebhookAuthenticatorSpec `json:"spec"` + + // Status of the authenticator. + Status WebhookAuthenticatorStatus `json:"status,omitempty"` +} + +// List of WebhookAuthenticator objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WebhookAuthenticatorList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []WebhookAuthenticator `json:"items"` +} diff --git a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go index 49966390..9ad66dd4 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped,scope=Cluster +// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go index ecea1073..15e94f62 100644 --- a/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/1.20/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -109,6 +109,9 @@ type FederationDomainStatus struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type FederationDomain struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.20/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.20/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 9f5ec0fc..bf656d1f 100644 --- a/generated/1.20/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.20/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -24,6 +24,12 @@ spec: - jsonPath: .spec.issuer name: Issuer type: string + - jsonPath: .spec.audience + name: Audience + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.20/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.20/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 3ccd3216..10dcc7bd 100644 --- a/generated/1.20/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.20/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -24,6 +24,9 @@ spec: - jsonPath: .spec.endpoint name: Endpoint type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date name: v1alpha1 schema: openAPIV3Schema: diff --git a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 4014551f..6651a9c6 100644 --- a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -18,7 +18,14 @@ spec: singular: credentialissuer scope: Cluster versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.impersonationProxy.mode + name: ProxyMode + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: CredentialIssuer describes the configuration and status of the diff --git a/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml b/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 2b4af346..5fad1946 100644 --- a/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml +++ b/generated/1.20/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -18,7 +18,17 @@ spec: singular: federationdomain scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .spec.issuer + name: Issuer + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: FederationDomain describes the configuration of an OIDC provider. diff --git a/generated/latest/apis/concierge/authentication/v1alpha1/types_jwt.go b/generated/latest/apis/concierge/authentication/v1alpha1/types_jwt.go deleted file mode 100644 index 813460fa..00000000 --- a/generated/latest/apis/concierge/authentication/v1alpha1/types_jwt.go +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Status of a JWT authenticator. -type JWTAuthenticatorStatus struct { - // Represents the observations of the authenticator's current state. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` -} - -// Spec for configuring a JWT authenticator. -type JWTAuthenticatorSpec struct { - // Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is - // also used to validate the "iss" JWT claim. - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^https://` - Issuer string `json:"issuer"` - - // Audience is the required value of the "aud" JWT claim. - // +kubebuilder:validation:MinLength=1 - Audience string `json:"audience"` - - // Claims allows customization of the claims that will be mapped to user identity - // for Kubernetes access. - // +optional - Claims JWTTokenClaims `json:"claims"` - - // TLS configuration for communicating with the OIDC provider. - // +optional - TLS *TLSSpec `json:"tls,omitempty"` -} - -// JWTTokenClaims allows customization of the claims that will be mapped to user identity -// for Kubernetes access. -type JWTTokenClaims struct { - // Groups is the name of the claim which should be read to extract the user's - // group membership from the JWT token. When not specified, it will default to "groups". - // +optional - Groups string `json:"groups"` - - // Username is the name of the claim which should be read to extract the - // username from the JWT token. When not specified, it will default to "username". - // +optional - Username string `json:"username"` -} - -// JWTAuthenticator describes the configuration of a JWT authenticator. -// -// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid -// signature, existence of claims, etc.) and extract the username and groups from the token. -// -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster -// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` -// +kubebuilder:subresource:status -type JWTAuthenticator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec for configuring the authenticator. - Spec JWTAuthenticatorSpec `json:"spec"` - - // Status of the authenticator. - Status JWTAuthenticatorStatus `json:"status,omitempty"` -} - -// List of JWTAuthenticator objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type JWTAuthenticatorList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - - Items []JWTAuthenticator `json:"items"` -} diff --git a/generated/latest/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go b/generated/latest/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go new file mode 100644 index 00000000..0d22d7af --- /dev/null +++ b/generated/latest/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go @@ -0,0 +1,85 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a JWT authenticator. +type JWTAuthenticatorStatus struct { + // Represents the observations of the authenticator's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a JWT authenticator. +type JWTAuthenticatorSpec struct { + // Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is + // also used to validate the "iss" JWT claim. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Issuer string `json:"issuer"` + + // Audience is the required value of the "aud" JWT claim. + // +kubebuilder:validation:MinLength=1 + Audience string `json:"audience"` + + // Claims allows customization of the claims that will be mapped to user identity + // for Kubernetes access. + // +optional + Claims JWTTokenClaims `json:"claims"` + + // TLS configuration for communicating with the OIDC provider. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// JWTTokenClaims allows customization of the claims that will be mapped to user identity +// for Kubernetes access. +type JWTTokenClaims struct { + // Groups is the name of the claim which should be read to extract the user's + // group membership from the JWT token. When not specified, it will default to "groups". + // +optional + Groups string `json:"groups"` + + // Username is the name of the claim which should be read to extract the + // username from the JWT token. When not specified, it will default to "username". + // +optional + Username string `json:"username"` +} + +// JWTAuthenticator describes the configuration of a JWT authenticator. +// +// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid +// signature, existence of claims, etc.) and extract the username and groups from the token. +// +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:subresource:status +type JWTAuthenticator struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the authenticator. + Spec JWTAuthenticatorSpec `json:"spec"` + + // Status of the authenticator. + Status JWTAuthenticatorStatus `json:"status,omitempty"` +} + +// List of JWTAuthenticator objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type JWTAuthenticatorList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []JWTAuthenticator `json:"items"` +} diff --git a/generated/latest/apis/concierge/authentication/v1alpha1/types_webhook.go b/generated/latest/apis/concierge/authentication/v1alpha1/types_webhook.go deleted file mode 100644 index 2bf626d2..00000000 --- a/generated/latest/apis/concierge/authentication/v1alpha1/types_webhook.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Status of a webhook authenticator. -type WebhookAuthenticatorStatus struct { - // Represents the observations of the authenticator's current state. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` -} - -// Spec for configuring a webhook authenticator. -type WebhookAuthenticatorSpec struct { - // Webhook server endpoint URL. - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^https://` - Endpoint string `json:"endpoint"` - - // TLS configuration. - // +optional - TLS *TLSSpec `json:"tls,omitempty"` -} - -// WebhookAuthenticator describes the configuration of a webhook authenticator. -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster -// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` -// +kubebuilder:subresource:status -type WebhookAuthenticator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec for configuring the authenticator. - Spec WebhookAuthenticatorSpec `json:"spec"` - - // Status of the authenticator. - Status WebhookAuthenticatorStatus `json:"status,omitempty"` -} - -// List of WebhookAuthenticator objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type WebhookAuthenticatorList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - - Items []WebhookAuthenticator `json:"items"` -} diff --git a/generated/latest/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go b/generated/latest/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go new file mode 100644 index 00000000..2a66815d --- /dev/null +++ b/generated/latest/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go @@ -0,0 +1,56 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a webhook authenticator. +type WebhookAuthenticatorStatus struct { + // Represents the observations of the authenticator's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a webhook authenticator. +type WebhookAuthenticatorSpec struct { + // Webhook server endpoint URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // TLS configuration. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// WebhookAuthenticator describes the configuration of a webhook authenticator. +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:subresource:status +type WebhookAuthenticator struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the authenticator. + Spec WebhookAuthenticatorSpec `json:"spec"` + + // Status of the authenticator. + Status WebhookAuthenticatorStatus `json:"status,omitempty"` +} + +// List of WebhookAuthenticator objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WebhookAuthenticatorList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []WebhookAuthenticator `json:"items"` +} diff --git a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go index 49966390..9ad66dd4 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct { // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped,scope=Cluster +// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go b/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go index ecea1073..15e94f62 100644 --- a/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go +++ b/generated/latest/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -1,4 +1,4 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package v1alpha1 @@ -109,6 +109,9 @@ type FederationDomainStatus struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped +// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status type FederationDomain struct { metav1.TypeMeta `json:",inline"` diff --git a/go.mod b/go.mod index fd014f01..1593d1f2 100644 --- a/go.mod +++ b/go.mod @@ -33,15 +33,16 @@ require ( golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/term v0.0.0-20210503060354-a79de5458b56 gopkg.in/square/go-jose.v2 v2.6.0 - k8s.io/api v0.22.1 - k8s.io/apimachinery v0.22.1 - k8s.io/apiserver v0.22.1 - k8s.io/client-go v0.22.1 - k8s.io/component-base v0.22.1 + k8s.io/api v0.22.2 + k8s.io/apiextensions-apiserver v0.22.2 + k8s.io/apimachinery v0.22.2 + k8s.io/apiserver v0.22.2 + k8s.io/client-go v0.22.2 + k8s.io/component-base v0.22.2 k8s.io/gengo v0.0.0-20210203185629-de9496dff47b k8s.io/klog/v2 v2.10.0 k8s.io/kube-aggregator v0.22.1 - k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 + k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a sigs.k8s.io/yaml v1.2.0 ) diff --git a/go.sum b/go.sum index 66f4b268..75367e27 100644 --- a/go.sum +++ b/go.sum @@ -1871,17 +1871,25 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -k8s.io/api v0.22.1 h1:ISu3tD/jRhYfSW8jI/Q1e+lRxkR7w9UwQEZ7FgslrwY= k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY= -k8s.io/apimachinery v0.22.1 h1:DTARnyzmdHMz7bFWFDDm22AM4pLWTQECMpRTFu2d2OM= +k8s.io/api v0.22.2 h1:M8ZzAD0V6725Fjg53fKeTJxGsJvRbk4TEm/fexHMtfw= +k8s.io/api v0.22.2/go.mod h1:y3ydYpLJAaDI+BbSe2xmGcqxiWHmWjkEeIbiwHvnPR8= +k8s.io/apiextensions-apiserver v0.22.2 h1:zK7qI8Ery7j2CaN23UCFaC1hj7dMiI87n01+nKuewd4= +k8s.io/apiextensions-apiserver v0.22.2/go.mod h1:2E0Ve/isxNl7tWLSUDgi6+cmwHi5fQRdwGVCxbC+KFA= k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= -k8s.io/apiserver v0.22.1 h1:Ul9Iv8OMB2s45h2tl5XWPpAZo1VPIJ/6N+MESeed7L8= +k8s.io/apimachinery v0.22.2 h1:ejz6y/zNma8clPVfNDLnPbleBo6MpoFy/HBiBqCouVk= +k8s.io/apimachinery v0.22.2/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400= -k8s.io/client-go v0.22.1 h1:jW0ZSHi8wW260FvcXHkIa0NLxFBQszTlhiAVsU5mopw= +k8s.io/apiserver v0.22.2 h1:TdIfZJc6YNhu2WxeAOWq1TvukHF0Sfx0+ln4XK9qnL4= +k8s.io/apiserver v0.22.2/go.mod h1:vrpMmbyjWrgdyOvZTSpsusQq5iigKNWv9o9KlDAbBHI= k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk= +k8s.io/client-go v0.22.2 h1:DaSQgs02aCC1QcwUdkKZWOeaVsQjYvWv8ZazcZ6JcHc= +k8s.io/client-go v0.22.2/go.mod h1:sAlhrkVDf50ZHx6z4K0S40wISNTarf1r800F+RlCF6U= k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= -k8s.io/component-base v0.22.1 h1:SFqIXsEN3v3Kkr1bS6rstrs1wd45StJqbtgbQ4nRQdo= +k8s.io/code-generator v0.22.2/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o= k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo= +k8s.io/component-base v0.22.2 h1:vNIvE0AIrLhjX8drH0BgCNJcR4QZxMXcJzBsDplDx9M= +k8s.io/component-base v0.22.2/go.mod h1:5Br2QhI9OTe79p+TzPe9JKNQYvEKbq9rTJDWllunGug= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20210203185629-de9496dff47b h1:bAU8IlrMA6KbP0dIg/sVSJn95pDCUHDZx0DpTGrf2v4= @@ -1895,8 +1903,9 @@ k8s.io/kube-aggregator v0.22.1 h1:hsntyWsnkLiL4ccmoKfqiUVyxnlnqtqPRMuq/mT2wGQ= k8s.io/kube-aggregator v0.22.1/go.mod h1:VbmI+8fUeCPkzSvarWTrlIGEgUGEGI/66SFajDQ0Pdc= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= -k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 h1:imL9YgXQ9p7xmPzHFm/vVd/cF78jad+n4wK1ABwYtMM= k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a h1:8dYfu/Fc9Gz2rNJKB9IQRGgQOh2clmRzNIPPY1xLY5g= +k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= diff --git a/test/integration/kube_api_discovery_test.go b/test/integration/kube_api_discovery_test.go index 2e73cd78..4ff99db9 100644 --- a/test/integration/kube_api_discovery_test.go +++ b/test/integration/kube_api_discovery_test.go @@ -4,13 +4,16 @@ package integration import ( + "context" "errors" "fmt" "strings" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/sets" @@ -399,3 +402,109 @@ func TestGetAPIResourceList(t *testing.T) { }) } } + +// safe to run in parallel with serial tests since it only reads CRDs, see main_test.go. +func TestCRDAdditionalPrinterColumns_Parallel(t *testing.T) { + // AdditionalPrinterColumns can be set on a CRD to make `kubectl get` return those columns in its table output. + // The main purpose of this test is to fail when we add a new CRD without considering which + // AdditionalPrinterColumns to set on it. This test will force us to consider it and make an explicit choice. + env := testlib.IntegrationEnv(t) + + ctx, cancelFunc := context.WithTimeout(context.Background(), time.Minute) + defer cancelFunc() + + // AdditionalPrinterColumns are not returned by the Kube discovery endpoints, + // so "discover" them in the CRD definitions instead. + apiExtensionsV1Client := testlib.NewAPIExtensionsV1Client(t) + crdList, err := apiExtensionsV1Client.CustomResourceDefinitions().List(ctx, metav1.ListOptions{}) + require.NoError(t, err) + + addSuffix := func(base string) string { + return base + "." + env.APIGroupSuffix + } + + // Since we're checking that AdditionalPrinterColumns exists on every CRD then we might as well also + // assert which fields are set as AdditionalPrinterColumns. + // Ideally, every CRD should show some kind of identifying info, some kind of status, and Age. + expectedColumnsPerCRDVersion := map[string]map[string][]apiextensionsv1.CustomResourceColumnDefinition{ + addSuffix("credentialissuers.config.concierge"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "ProxyMode", Type: "string", JSONPath: ".spec.impersonationProxy.mode"}, + // CredentialIssuers status is a list of strategies, each with its own status. Unfortunately, + // AdditionalPrinterColumns cannot show multiple results, e.g. a list of strategy types where + // the status is equal to Successful. See https://github.com/kubernetes/kubernetes/issues/67268. + // So we don't show any status as a AdditionalPrinterColumn at the moment. + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + addSuffix("webhookauthenticators.authentication.concierge"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "Endpoint", Type: "string", JSONPath: ".spec.endpoint"}, + // Note that WebhookAuthenticators have a status type, but no controller currently sets the status, so we don't show it. + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + addSuffix("jwtauthenticators.authentication.concierge"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "Issuer", Type: "string", JSONPath: ".spec.issuer"}, + {Name: "Audience", Type: "string", JSONPath: ".spec.audience"}, + // Note that JWTAuthenticators have a status type, but no controller currently sets the status, so we don't show it. + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + addSuffix("activedirectoryidentityproviders.idp.supervisor"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "Host", Type: "string", JSONPath: ".spec.host"}, + {Name: "Status", Type: "string", JSONPath: ".status.phase"}, + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + addSuffix("federationdomains.config.supervisor"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "Issuer", Type: "string", JSONPath: ".spec.issuer"}, + {Name: "Status", Type: "string", JSONPath: ".status.status"}, + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + addSuffix("ldapidentityproviders.idp.supervisor"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "Host", Type: "string", JSONPath: ".spec.host"}, + {Name: "Status", Type: "string", JSONPath: ".status.phase"}, + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + addSuffix("oidcidentityproviders.idp.supervisor"): { + "v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{ + {Name: "Issuer", Type: "string", JSONPath: ".spec.issuer"}, + {Name: "Status", Type: "string", JSONPath: ".status.phase"}, + {Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"}, + }, + }, + } + + actualPinnipedCRDCount := 0 + expectedPinnipedCRDCount := 7 // the current number of CRDs that we ship as part of Pinniped + + for _, crd := range crdList.Items { + if !strings.Contains(crd.Spec.Group, env.APIGroupSuffix) { + continue // skip non-Pinniped CRDs + } + + // Found a Pinniped CRD, so let's check it for AdditionalPrinterColumns. + actualPinnipedCRDCount++ + + for _, version := range crd.Spec.Versions { + expectedColumns, ok := expectedColumnsPerCRDVersion[crd.Name][version.Name] + assert.Truef(t, ok, + "should have found an expected AdditionalPrinterColumns for CRD %q version %q: "+ + "please make sure that some useful AdditionalPrinterColumns are defined on the CRD and update this test's expectations", + crd.Name, version.Name) + assert.Equalf(t, expectedColumns, version.AdditionalPrinterColumns, + "CRD %q version %q had unexpected AdditionalPrinterColumns", crd.Name, version.Name) + } + } + + // Make sure that the logic of this test did not accidentally skip a CRD that it should have interrogated. + require.Equal(t, expectedPinnipedCRDCount, actualPinnipedCRDCount, + "did not find expected number of Pinniped CRDs to check for additionalPrinterColumns") +} diff --git a/test/testlib/client.go b/test/testlib/client.go index d75f37d9..02acc86f 100644 --- a/test/testlib/client.go +++ b/test/testlib/client.go @@ -26,6 +26,8 @@ import ( "k8s.io/client-go/tools/clientcmd" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" + auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1" @@ -102,6 +104,12 @@ func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface { return aggregatorclient.NewForConfigOrDie(NewClientConfig(t)) } +func NewAPIExtensionsV1Client(t *testing.T) apiextensionsv1.ApiextensionsV1Interface { + t.Helper() + + return apiextensionsv1.NewForConfigOrDie(NewClientConfig(t)) +} + func newClientConfigWithOverrides(t *testing.T, overrides *clientcmd.ConfigOverrides) *rest.Config { t.Helper()