Update the AdditionalPrinterColumns of the CRDs, and add a test for it
This commit is contained in:
parent
43ba6ba686
commit
0a31f45812
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -61,6 +61,8 @@ type JWTTokenClaims struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type JWTAuthenticator struct {
|
type JWTAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type WebhookAuthenticator struct {
|
type WebhookAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct {
|
|||||||
// +genclient:nonNamespaced
|
// +genclient:nonNamespaced
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type CredentialIssuer struct {
|
type CredentialIssuer struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -109,6 +109,9 @@ type FederationDomainStatus struct {
|
|||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped
|
// +kubebuilder:resource:categories=pinniped
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type FederationDomain struct {
|
type FederationDomain struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -24,6 +24,12 @@ spec:
|
|||||||
- jsonPath: .spec.issuer
|
- jsonPath: .spec.issuer
|
||||||
name: Issuer
|
name: Issuer
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .spec.audience
|
||||||
|
name: Audience
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -24,6 +24,9 @@ spec:
|
|||||||
- jsonPath: .spec.endpoint
|
- jsonPath: .spec.endpoint
|
||||||
name: Endpoint
|
name: Endpoint
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -18,7 +18,14 @@ spec:
|
|||||||
singular: credentialissuer
|
singular: credentialissuer
|
||||||
scope: Cluster
|
scope: Cluster
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.impersonationProxy.mode
|
||||||
|
name: ProxyMode
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: CredentialIssuer describes the configuration and status of the
|
description: CredentialIssuer describes the configuration and status of the
|
||||||
|
@ -18,7 +18,17 @@ spec:
|
|||||||
singular: federationdomain
|
singular: federationdomain
|
||||||
scope: Namespaced
|
scope: Namespaced
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.issuer
|
||||||
|
name: Issuer
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.status
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: FederationDomain describes the configuration of an OIDC provider.
|
description: FederationDomain describes the configuration of an OIDC provider.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -61,6 +61,8 @@ type JWTTokenClaims struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type JWTAuthenticator struct {
|
type JWTAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type WebhookAuthenticator struct {
|
type WebhookAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct {
|
|||||||
// +genclient:nonNamespaced
|
// +genclient:nonNamespaced
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type CredentialIssuer struct {
|
type CredentialIssuer struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -109,6 +109,9 @@ type FederationDomainStatus struct {
|
|||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped
|
// +kubebuilder:resource:categories=pinniped
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type FederationDomain struct {
|
type FederationDomain struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -24,6 +24,12 @@ spec:
|
|||||||
- jsonPath: .spec.issuer
|
- jsonPath: .spec.issuer
|
||||||
name: Issuer
|
name: Issuer
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .spec.audience
|
||||||
|
name: Audience
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -24,6 +24,9 @@ spec:
|
|||||||
- jsonPath: .spec.endpoint
|
- jsonPath: .spec.endpoint
|
||||||
name: Endpoint
|
name: Endpoint
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -18,7 +18,14 @@ spec:
|
|||||||
singular: credentialissuer
|
singular: credentialissuer
|
||||||
scope: Cluster
|
scope: Cluster
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.impersonationProxy.mode
|
||||||
|
name: ProxyMode
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: CredentialIssuer describes the configuration and status of the
|
description: CredentialIssuer describes the configuration and status of the
|
||||||
|
@ -18,7 +18,17 @@ spec:
|
|||||||
singular: federationdomain
|
singular: federationdomain
|
||||||
scope: Namespaced
|
scope: Namespaced
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.issuer
|
||||||
|
name: Issuer
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.status
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: FederationDomain describes the configuration of an OIDC provider.
|
description: FederationDomain describes the configuration of an OIDC provider.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -61,6 +61,8 @@ type JWTTokenClaims struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type JWTAuthenticator struct {
|
type JWTAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type WebhookAuthenticator struct {
|
type WebhookAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct {
|
|||||||
// +genclient:nonNamespaced
|
// +genclient:nonNamespaced
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type CredentialIssuer struct {
|
type CredentialIssuer struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -109,6 +109,9 @@ type FederationDomainStatus struct {
|
|||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped
|
// +kubebuilder:resource:categories=pinniped
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type FederationDomain struct {
|
type FederationDomain struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -24,6 +24,12 @@ spec:
|
|||||||
- jsonPath: .spec.issuer
|
- jsonPath: .spec.issuer
|
||||||
name: Issuer
|
name: Issuer
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .spec.audience
|
||||||
|
name: Audience
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -24,6 +24,9 @@ spec:
|
|||||||
- jsonPath: .spec.endpoint
|
- jsonPath: .spec.endpoint
|
||||||
name: Endpoint
|
name: Endpoint
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -18,7 +18,14 @@ spec:
|
|||||||
singular: credentialissuer
|
singular: credentialissuer
|
||||||
scope: Cluster
|
scope: Cluster
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.impersonationProxy.mode
|
||||||
|
name: ProxyMode
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: CredentialIssuer describes the configuration and status of the
|
description: CredentialIssuer describes the configuration and status of the
|
||||||
|
@ -18,7 +18,17 @@ spec:
|
|||||||
singular: federationdomain
|
singular: federationdomain
|
||||||
scope: Namespaced
|
scope: Namespaced
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.issuer
|
||||||
|
name: Issuer
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.status
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: FederationDomain describes the configuration of an OIDC provider.
|
description: FederationDomain describes the configuration of an OIDC provider.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -61,6 +61,8 @@ type JWTTokenClaims struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type JWTAuthenticator struct {
|
type JWTAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -33,6 +33,7 @@ type WebhookAuthenticatorSpec struct {
|
|||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type WebhookAuthenticator struct {
|
type WebhookAuthenticator struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct {
|
|||||||
// +genclient:nonNamespaced
|
// +genclient:nonNamespaced
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type CredentialIssuer struct {
|
type CredentialIssuer struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -109,6 +109,9 @@ type FederationDomainStatus struct {
|
|||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped
|
// +kubebuilder:resource:categories=pinniped
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type FederationDomain struct {
|
type FederationDomain struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -24,6 +24,12 @@ spec:
|
|||||||
- jsonPath: .spec.issuer
|
- jsonPath: .spec.issuer
|
||||||
name: Issuer
|
name: Issuer
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .spec.audience
|
||||||
|
name: Audience
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -24,6 +24,9 @@ spec:
|
|||||||
- jsonPath: .spec.endpoint
|
- jsonPath: .spec.endpoint
|
||||||
name: Endpoint
|
name: Endpoint
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -18,7 +18,14 @@ spec:
|
|||||||
singular: credentialissuer
|
singular: credentialissuer
|
||||||
scope: Cluster
|
scope: Cluster
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.impersonationProxy.mode
|
||||||
|
name: ProxyMode
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: CredentialIssuer describes the configuration and status of the
|
description: CredentialIssuer describes the configuration and status of the
|
||||||
|
@ -18,7 +18,17 @@ spec:
|
|||||||
singular: federationdomain
|
singular: federationdomain
|
||||||
scope: Namespaced
|
scope: Namespaced
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.issuer
|
||||||
|
name: Issuer
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.status
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: FederationDomain describes the configuration of an OIDC provider.
|
description: FederationDomain describes the configuration of an OIDC provider.
|
||||||
|
@ -1,83 +0,0 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// Status of a JWT authenticator.
|
|
||||||
type JWTAuthenticatorStatus struct {
|
|
||||||
// Represents the observations of the authenticator's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring a JWT authenticator.
|
|
||||||
type JWTAuthenticatorSpec struct {
|
|
||||||
// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
|
|
||||||
// also used to validate the "iss" JWT claim.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Issuer string `json:"issuer"`
|
|
||||||
|
|
||||||
// Audience is the required value of the "aud" JWT claim.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Audience string `json:"audience"`
|
|
||||||
|
|
||||||
// Claims allows customization of the claims that will be mapped to user identity
|
|
||||||
// for Kubernetes access.
|
|
||||||
// +optional
|
|
||||||
Claims JWTTokenClaims `json:"claims"`
|
|
||||||
|
|
||||||
// TLS configuration for communicating with the OIDC provider.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTTokenClaims allows customization of the claims that will be mapped to user identity
|
|
||||||
// for Kubernetes access.
|
|
||||||
type JWTTokenClaims struct {
|
|
||||||
// Groups is the name of the claim which should be read to extract the user's
|
|
||||||
// group membership from the JWT token. When not specified, it will default to "groups".
|
|
||||||
// +optional
|
|
||||||
Groups string `json:"groups"`
|
|
||||||
|
|
||||||
// Username is the name of the claim which should be read to extract the
|
|
||||||
// username from the JWT token. When not specified, it will default to "username".
|
|
||||||
// +optional
|
|
||||||
Username string `json:"username"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTAuthenticator describes the configuration of a JWT authenticator.
|
|
||||||
//
|
|
||||||
// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid
|
|
||||||
// signature, existence of claims, etc.) and extract the username and groups from the token.
|
|
||||||
//
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type JWTAuthenticator struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the authenticator.
|
|
||||||
Spec JWTAuthenticatorSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the authenticator.
|
|
||||||
Status JWTAuthenticatorStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of JWTAuthenticator objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type JWTAuthenticatorList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []JWTAuthenticator `json:"items"`
|
|
||||||
}
|
|
85
generated/1.20/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go
generated
Normal file
85
generated/1.20/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go
generated
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// Status of a JWT authenticator.
|
||||||
|
type JWTAuthenticatorStatus struct {
|
||||||
|
// Represents the observations of the authenticator's current state.
|
||||||
|
// +patchMergeKey=type
|
||||||
|
// +patchStrategy=merge
|
||||||
|
// +listType=map
|
||||||
|
// +listMapKey=type
|
||||||
|
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Spec for configuring a JWT authenticator.
|
||||||
|
type JWTAuthenticatorSpec struct {
|
||||||
|
// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
|
||||||
|
// also used to validate the "iss" JWT claim.
|
||||||
|
// +kubebuilder:validation:MinLength=1
|
||||||
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
|
Issuer string `json:"issuer"`
|
||||||
|
|
||||||
|
// Audience is the required value of the "aud" JWT claim.
|
||||||
|
// +kubebuilder:validation:MinLength=1
|
||||||
|
Audience string `json:"audience"`
|
||||||
|
|
||||||
|
// Claims allows customization of the claims that will be mapped to user identity
|
||||||
|
// for Kubernetes access.
|
||||||
|
// +optional
|
||||||
|
Claims JWTTokenClaims `json:"claims"`
|
||||||
|
|
||||||
|
// TLS configuration for communicating with the OIDC provider.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// JWTTokenClaims allows customization of the claims that will be mapped to user identity
|
||||||
|
// for Kubernetes access.
|
||||||
|
type JWTTokenClaims struct {
|
||||||
|
// Groups is the name of the claim which should be read to extract the user's
|
||||||
|
// group membership from the JWT token. When not specified, it will default to "groups".
|
||||||
|
// +optional
|
||||||
|
Groups string `json:"groups"`
|
||||||
|
|
||||||
|
// Username is the name of the claim which should be read to extract the
|
||||||
|
// username from the JWT token. When not specified, it will default to "username".
|
||||||
|
// +optional
|
||||||
|
Username string `json:"username"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// JWTAuthenticator describes the configuration of a JWT authenticator.
|
||||||
|
//
|
||||||
|
// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid
|
||||||
|
// signature, existence of claims, etc.) and extract the username and groups from the token.
|
||||||
|
//
|
||||||
|
// +genclient
|
||||||
|
// +genclient:nonNamespaced
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
|
// +kubebuilder:subresource:status
|
||||||
|
type JWTAuthenticator struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// Spec for configuring the authenticator.
|
||||||
|
Spec JWTAuthenticatorSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the authenticator.
|
||||||
|
Status JWTAuthenticatorStatus `json:"status,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// List of JWTAuthenticator objects.
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
type JWTAuthenticatorList struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ListMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
Items []JWTAuthenticator `json:"items"`
|
||||||
|
}
|
@ -1,55 +0,0 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// Status of a webhook authenticator.
|
|
||||||
type WebhookAuthenticatorStatus struct {
|
|
||||||
// Represents the observations of the authenticator's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring a webhook authenticator.
|
|
||||||
type WebhookAuthenticatorSpec struct {
|
|
||||||
// Webhook server endpoint URL.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Endpoint string `json:"endpoint"`
|
|
||||||
|
|
||||||
// TLS configuration.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// WebhookAuthenticator describes the configuration of a webhook authenticator.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type WebhookAuthenticator struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the authenticator.
|
|
||||||
Spec WebhookAuthenticatorSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the authenticator.
|
|
||||||
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of WebhookAuthenticator objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WebhookAuthenticatorList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []WebhookAuthenticator `json:"items"`
|
|
||||||
}
|
|
56
generated/1.20/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go
generated
Normal file
56
generated/1.20/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go
generated
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// Status of a webhook authenticator.
|
||||||
|
type WebhookAuthenticatorStatus struct {
|
||||||
|
// Represents the observations of the authenticator's current state.
|
||||||
|
// +patchMergeKey=type
|
||||||
|
// +patchStrategy=merge
|
||||||
|
// +listType=map
|
||||||
|
// +listMapKey=type
|
||||||
|
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Spec for configuring a webhook authenticator.
|
||||||
|
type WebhookAuthenticatorSpec struct {
|
||||||
|
// Webhook server endpoint URL.
|
||||||
|
// +kubebuilder:validation:MinLength=1
|
||||||
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
|
Endpoint string `json:"endpoint"`
|
||||||
|
|
||||||
|
// TLS configuration.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// WebhookAuthenticator describes the configuration of a webhook authenticator.
|
||||||
|
// +genclient
|
||||||
|
// +genclient:nonNamespaced
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
|
// +kubebuilder:subresource:status
|
||||||
|
type WebhookAuthenticator struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// Spec for configuring the authenticator.
|
||||||
|
Spec WebhookAuthenticatorSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the authenticator.
|
||||||
|
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// List of WebhookAuthenticator objects.
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
type WebhookAuthenticatorList struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ListMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
Items []WebhookAuthenticator `json:"items"`
|
||||||
|
}
|
@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct {
|
|||||||
// +genclient:nonNamespaced
|
// +genclient:nonNamespaced
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type CredentialIssuer struct {
|
type CredentialIssuer struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -109,6 +109,9 @@ type FederationDomainStatus struct {
|
|||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped
|
// +kubebuilder:resource:categories=pinniped
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type FederationDomain struct {
|
type FederationDomain struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -24,6 +24,12 @@ spec:
|
|||||||
- jsonPath: .spec.issuer
|
- jsonPath: .spec.issuer
|
||||||
name: Issuer
|
name: Issuer
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .spec.audience
|
||||||
|
name: Audience
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -24,6 +24,9 @@ spec:
|
|||||||
- jsonPath: .spec.endpoint
|
- jsonPath: .spec.endpoint
|
||||||
name: Endpoint
|
name: Endpoint
|
||||||
type: string
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
name: v1alpha1
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
|
@ -18,7 +18,14 @@ spec:
|
|||||||
singular: credentialissuer
|
singular: credentialissuer
|
||||||
scope: Cluster
|
scope: Cluster
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.impersonationProxy.mode
|
||||||
|
name: ProxyMode
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: CredentialIssuer describes the configuration and status of the
|
description: CredentialIssuer describes the configuration and status of the
|
||||||
|
@ -18,7 +18,17 @@ spec:
|
|||||||
singular: federationdomain
|
singular: federationdomain
|
||||||
scope: Namespaced
|
scope: Namespaced
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.issuer
|
||||||
|
name: Issuer
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.status
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
name: v1alpha1
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
description: FederationDomain describes the configuration of an OIDC provider.
|
description: FederationDomain describes the configuration of an OIDC provider.
|
||||||
|
@ -1,83 +0,0 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// Status of a JWT authenticator.
|
|
||||||
type JWTAuthenticatorStatus struct {
|
|
||||||
// Represents the observations of the authenticator's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring a JWT authenticator.
|
|
||||||
type JWTAuthenticatorSpec struct {
|
|
||||||
// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
|
|
||||||
// also used to validate the "iss" JWT claim.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Issuer string `json:"issuer"`
|
|
||||||
|
|
||||||
// Audience is the required value of the "aud" JWT claim.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Audience string `json:"audience"`
|
|
||||||
|
|
||||||
// Claims allows customization of the claims that will be mapped to user identity
|
|
||||||
// for Kubernetes access.
|
|
||||||
// +optional
|
|
||||||
Claims JWTTokenClaims `json:"claims"`
|
|
||||||
|
|
||||||
// TLS configuration for communicating with the OIDC provider.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTTokenClaims allows customization of the claims that will be mapped to user identity
|
|
||||||
// for Kubernetes access.
|
|
||||||
type JWTTokenClaims struct {
|
|
||||||
// Groups is the name of the claim which should be read to extract the user's
|
|
||||||
// group membership from the JWT token. When not specified, it will default to "groups".
|
|
||||||
// +optional
|
|
||||||
Groups string `json:"groups"`
|
|
||||||
|
|
||||||
// Username is the name of the claim which should be read to extract the
|
|
||||||
// username from the JWT token. When not specified, it will default to "username".
|
|
||||||
// +optional
|
|
||||||
Username string `json:"username"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTAuthenticator describes the configuration of a JWT authenticator.
|
|
||||||
//
|
|
||||||
// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid
|
|
||||||
// signature, existence of claims, etc.) and extract the username and groups from the token.
|
|
||||||
//
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type JWTAuthenticator struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the authenticator.
|
|
||||||
Spec JWTAuthenticatorSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the authenticator.
|
|
||||||
Status JWTAuthenticatorStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of JWTAuthenticator objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type JWTAuthenticatorList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []JWTAuthenticator `json:"items"`
|
|
||||||
}
|
|
85
generated/latest/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go
generated
Normal file
85
generated/latest/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go
generated
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// Status of a JWT authenticator.
|
||||||
|
type JWTAuthenticatorStatus struct {
|
||||||
|
// Represents the observations of the authenticator's current state.
|
||||||
|
// +patchMergeKey=type
|
||||||
|
// +patchStrategy=merge
|
||||||
|
// +listType=map
|
||||||
|
// +listMapKey=type
|
||||||
|
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Spec for configuring a JWT authenticator.
|
||||||
|
type JWTAuthenticatorSpec struct {
|
||||||
|
// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
|
||||||
|
// also used to validate the "iss" JWT claim.
|
||||||
|
// +kubebuilder:validation:MinLength=1
|
||||||
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
|
Issuer string `json:"issuer"`
|
||||||
|
|
||||||
|
// Audience is the required value of the "aud" JWT claim.
|
||||||
|
// +kubebuilder:validation:MinLength=1
|
||||||
|
Audience string `json:"audience"`
|
||||||
|
|
||||||
|
// Claims allows customization of the claims that will be mapped to user identity
|
||||||
|
// for Kubernetes access.
|
||||||
|
// +optional
|
||||||
|
Claims JWTTokenClaims `json:"claims"`
|
||||||
|
|
||||||
|
// TLS configuration for communicating with the OIDC provider.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// JWTTokenClaims allows customization of the claims that will be mapped to user identity
|
||||||
|
// for Kubernetes access.
|
||||||
|
type JWTTokenClaims struct {
|
||||||
|
// Groups is the name of the claim which should be read to extract the user's
|
||||||
|
// group membership from the JWT token. When not specified, it will default to "groups".
|
||||||
|
// +optional
|
||||||
|
Groups string `json:"groups"`
|
||||||
|
|
||||||
|
// Username is the name of the claim which should be read to extract the
|
||||||
|
// username from the JWT token. When not specified, it will default to "username".
|
||||||
|
// +optional
|
||||||
|
Username string `json:"username"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// JWTAuthenticator describes the configuration of a JWT authenticator.
|
||||||
|
//
|
||||||
|
// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid
|
||||||
|
// signature, existence of claims, etc.) and extract the username and groups from the token.
|
||||||
|
//
|
||||||
|
// +genclient
|
||||||
|
// +genclient:nonNamespaced
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
|
// +kubebuilder:subresource:status
|
||||||
|
type JWTAuthenticator struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// Spec for configuring the authenticator.
|
||||||
|
Spec JWTAuthenticatorSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the authenticator.
|
||||||
|
Status JWTAuthenticatorStatus `json:"status,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// List of JWTAuthenticator objects.
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
type JWTAuthenticatorList struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ListMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
Items []JWTAuthenticator `json:"items"`
|
||||||
|
}
|
@ -1,55 +0,0 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// Status of a webhook authenticator.
|
|
||||||
type WebhookAuthenticatorStatus struct {
|
|
||||||
// Represents the observations of the authenticator's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring a webhook authenticator.
|
|
||||||
type WebhookAuthenticatorSpec struct {
|
|
||||||
// Webhook server endpoint URL.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Endpoint string `json:"endpoint"`
|
|
||||||
|
|
||||||
// TLS configuration.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// WebhookAuthenticator describes the configuration of a webhook authenticator.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type WebhookAuthenticator struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the authenticator.
|
|
||||||
Spec WebhookAuthenticatorSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the authenticator.
|
|
||||||
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of WebhookAuthenticator objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WebhookAuthenticatorList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []WebhookAuthenticator `json:"items"`
|
|
||||||
}
|
|
56
generated/latest/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go
generated
Normal file
56
generated/latest/apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go
generated
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// Status of a webhook authenticator.
|
||||||
|
type WebhookAuthenticatorStatus struct {
|
||||||
|
// Represents the observations of the authenticator's current state.
|
||||||
|
// +patchMergeKey=type
|
||||||
|
// +patchStrategy=merge
|
||||||
|
// +listType=map
|
||||||
|
// +listMapKey=type
|
||||||
|
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Spec for configuring a webhook authenticator.
|
||||||
|
type WebhookAuthenticatorSpec struct {
|
||||||
|
// Webhook server endpoint URL.
|
||||||
|
// +kubebuilder:validation:MinLength=1
|
||||||
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
|
Endpoint string `json:"endpoint"`
|
||||||
|
|
||||||
|
// TLS configuration.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// WebhookAuthenticator describes the configuration of a webhook authenticator.
|
||||||
|
// +genclient
|
||||||
|
// +genclient:nonNamespaced
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
|
// +kubebuilder:subresource:status
|
||||||
|
type WebhookAuthenticator struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
// Spec for configuring the authenticator.
|
||||||
|
Spec WebhookAuthenticatorSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the authenticator.
|
||||||
|
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// List of WebhookAuthenticator objects.
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
type WebhookAuthenticatorList struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ListMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
|
Items []WebhookAuthenticator `json:"items"`
|
||||||
|
}
|
@ -215,6 +215,8 @@ type ImpersonationProxyInfo struct {
|
|||||||
// +genclient:nonNamespaced
|
// +genclient:nonNamespaced
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
||||||
|
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type CredentialIssuer struct {
|
type CredentialIssuer struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
package v1alpha1
|
package v1alpha1
|
||||||
@ -109,6 +109,9 @@ type FederationDomainStatus struct {
|
|||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
// +kubebuilder:resource:categories=pinniped
|
// +kubebuilder:resource:categories=pinniped
|
||||||
|
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
||||||
|
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
||||||
|
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
||||||
// +kubebuilder:subresource:status
|
// +kubebuilder:subresource:status
|
||||||
type FederationDomain struct {
|
type FederationDomain struct {
|
||||||
metav1.TypeMeta `json:",inline"`
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
13
go.mod
13
go.mod
@ -33,15 +33,16 @@ require (
|
|||||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||||
golang.org/x/term v0.0.0-20210503060354-a79de5458b56
|
golang.org/x/term v0.0.0-20210503060354-a79de5458b56
|
||||||
gopkg.in/square/go-jose.v2 v2.6.0
|
gopkg.in/square/go-jose.v2 v2.6.0
|
||||||
k8s.io/api v0.22.1
|
k8s.io/api v0.22.2
|
||||||
k8s.io/apimachinery v0.22.1
|
k8s.io/apiextensions-apiserver v0.22.2
|
||||||
k8s.io/apiserver v0.22.1
|
k8s.io/apimachinery v0.22.2
|
||||||
k8s.io/client-go v0.22.1
|
k8s.io/apiserver v0.22.2
|
||||||
k8s.io/component-base v0.22.1
|
k8s.io/client-go v0.22.2
|
||||||
|
k8s.io/component-base v0.22.2
|
||||||
k8s.io/gengo v0.0.0-20210203185629-de9496dff47b
|
k8s.io/gengo v0.0.0-20210203185629-de9496dff47b
|
||||||
k8s.io/klog/v2 v2.10.0
|
k8s.io/klog/v2 v2.10.0
|
||||||
k8s.io/kube-aggregator v0.22.1
|
k8s.io/kube-aggregator v0.22.1
|
||||||
k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9
|
k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a
|
||||||
sigs.k8s.io/yaml v1.2.0
|
sigs.k8s.io/yaml v1.2.0
|
||||||
)
|
)
|
||||||
|
|
||||||
|
21
go.sum
21
go.sum
@ -1871,17 +1871,25 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt
|
|||||||
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||||
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||||
howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
|
howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
|
||||||
k8s.io/api v0.22.1 h1:ISu3tD/jRhYfSW8jI/Q1e+lRxkR7w9UwQEZ7FgslrwY=
|
|
||||||
k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY=
|
k8s.io/api v0.22.1/go.mod h1:bh13rkTp3F1XEaLGykbyRD2QaTTzPm0e/BMd8ptFONY=
|
||||||
k8s.io/apimachinery v0.22.1 h1:DTARnyzmdHMz7bFWFDDm22AM4pLWTQECMpRTFu2d2OM=
|
k8s.io/api v0.22.2 h1:M8ZzAD0V6725Fjg53fKeTJxGsJvRbk4TEm/fexHMtfw=
|
||||||
|
k8s.io/api v0.22.2/go.mod h1:y3ydYpLJAaDI+BbSe2xmGcqxiWHmWjkEeIbiwHvnPR8=
|
||||||
|
k8s.io/apiextensions-apiserver v0.22.2 h1:zK7qI8Ery7j2CaN23UCFaC1hj7dMiI87n01+nKuewd4=
|
||||||
|
k8s.io/apiextensions-apiserver v0.22.2/go.mod h1:2E0Ve/isxNl7tWLSUDgi6+cmwHi5fQRdwGVCxbC+KFA=
|
||||||
k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
|
k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
|
||||||
k8s.io/apiserver v0.22.1 h1:Ul9Iv8OMB2s45h2tl5XWPpAZo1VPIJ/6N+MESeed7L8=
|
k8s.io/apimachinery v0.22.2 h1:ejz6y/zNma8clPVfNDLnPbleBo6MpoFy/HBiBqCouVk=
|
||||||
|
k8s.io/apimachinery v0.22.2/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
|
||||||
k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400=
|
k8s.io/apiserver v0.22.1/go.mod h1:2mcM6dzSt+XndzVQJX21Gx0/Klo7Aen7i0Ai6tIa400=
|
||||||
k8s.io/client-go v0.22.1 h1:jW0ZSHi8wW260FvcXHkIa0NLxFBQszTlhiAVsU5mopw=
|
k8s.io/apiserver v0.22.2 h1:TdIfZJc6YNhu2WxeAOWq1TvukHF0Sfx0+ln4XK9qnL4=
|
||||||
|
k8s.io/apiserver v0.22.2/go.mod h1:vrpMmbyjWrgdyOvZTSpsusQq5iigKNWv9o9KlDAbBHI=
|
||||||
k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk=
|
k8s.io/client-go v0.22.1/go.mod h1:BquC5A4UOo4qVDUtoc04/+Nxp1MeHcVc1HJm1KmG8kk=
|
||||||
|
k8s.io/client-go v0.22.2 h1:DaSQgs02aCC1QcwUdkKZWOeaVsQjYvWv8ZazcZ6JcHc=
|
||||||
|
k8s.io/client-go v0.22.2/go.mod h1:sAlhrkVDf50ZHx6z4K0S40wISNTarf1r800F+RlCF6U=
|
||||||
k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
|
k8s.io/code-generator v0.22.1/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
|
||||||
k8s.io/component-base v0.22.1 h1:SFqIXsEN3v3Kkr1bS6rstrs1wd45StJqbtgbQ4nRQdo=
|
k8s.io/code-generator v0.22.2/go.mod h1:eV77Y09IopzeXOJzndrDyCI88UBok2h6WxAlBwpxa+o=
|
||||||
k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo=
|
k8s.io/component-base v0.22.1/go.mod h1:0D+Bl8rrnsPN9v0dyYvkqFfBeAd4u7n77ze+p8CMiPo=
|
||||||
|
k8s.io/component-base v0.22.2 h1:vNIvE0AIrLhjX8drH0BgCNJcR4QZxMXcJzBsDplDx9M=
|
||||||
|
k8s.io/component-base v0.22.2/go.mod h1:5Br2QhI9OTe79p+TzPe9JKNQYvEKbq9rTJDWllunGug=
|
||||||
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
||||||
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||||
k8s.io/gengo v0.0.0-20210203185629-de9496dff47b h1:bAU8IlrMA6KbP0dIg/sVSJn95pDCUHDZx0DpTGrf2v4=
|
k8s.io/gengo v0.0.0-20210203185629-de9496dff47b h1:bAU8IlrMA6KbP0dIg/sVSJn95pDCUHDZx0DpTGrf2v4=
|
||||||
@ -1895,8 +1903,9 @@ k8s.io/kube-aggregator v0.22.1 h1:hsntyWsnkLiL4ccmoKfqiUVyxnlnqtqPRMuq/mT2wGQ=
|
|||||||
k8s.io/kube-aggregator v0.22.1/go.mod h1:VbmI+8fUeCPkzSvarWTrlIGEgUGEGI/66SFajDQ0Pdc=
|
k8s.io/kube-aggregator v0.22.1/go.mod h1:VbmI+8fUeCPkzSvarWTrlIGEgUGEGI/66SFajDQ0Pdc=
|
||||||
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM=
|
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e h1:KLHHjkdQFomZy8+06csTWZ0m1343QqxZhR2LJ1OxCYM=
|
||||||
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
|
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
|
||||||
k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 h1:imL9YgXQ9p7xmPzHFm/vVd/cF78jad+n4wK1ABwYtMM=
|
|
||||||
k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
||||||
|
k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a h1:8dYfu/Fc9Gz2rNJKB9IQRGgQOh2clmRzNIPPY1xLY5g=
|
||||||
|
k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
||||||
modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
|
modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
|
||||||
modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
|
modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
|
||||||
modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
|
modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
|
||||||
|
@ -4,13 +4,16 @@
|
|||||||
package integration
|
package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
@ -399,3 +402,109 @@ func TestGetAPIResourceList(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// safe to run in parallel with serial tests since it only reads CRDs, see main_test.go.
|
||||||
|
func TestCRDAdditionalPrinterColumns_Parallel(t *testing.T) {
|
||||||
|
// AdditionalPrinterColumns can be set on a CRD to make `kubectl get` return those columns in its table output.
|
||||||
|
// The main purpose of this test is to fail when we add a new CRD without considering which
|
||||||
|
// AdditionalPrinterColumns to set on it. This test will force us to consider it and make an explicit choice.
|
||||||
|
env := testlib.IntegrationEnv(t)
|
||||||
|
|
||||||
|
ctx, cancelFunc := context.WithTimeout(context.Background(), time.Minute)
|
||||||
|
defer cancelFunc()
|
||||||
|
|
||||||
|
// AdditionalPrinterColumns are not returned by the Kube discovery endpoints,
|
||||||
|
// so "discover" them in the CRD definitions instead.
|
||||||
|
apiExtensionsV1Client := testlib.NewAPIExtensionsV1Client(t)
|
||||||
|
crdList, err := apiExtensionsV1Client.CustomResourceDefinitions().List(ctx, metav1.ListOptions{})
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
addSuffix := func(base string) string {
|
||||||
|
return base + "." + env.APIGroupSuffix
|
||||||
|
}
|
||||||
|
|
||||||
|
// Since we're checking that AdditionalPrinterColumns exists on every CRD then we might as well also
|
||||||
|
// assert which fields are set as AdditionalPrinterColumns.
|
||||||
|
// Ideally, every CRD should show some kind of identifying info, some kind of status, and Age.
|
||||||
|
expectedColumnsPerCRDVersion := map[string]map[string][]apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
addSuffix("credentialissuers.config.concierge"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "ProxyMode", Type: "string", JSONPath: ".spec.impersonationProxy.mode"},
|
||||||
|
// CredentialIssuers status is a list of strategies, each with its own status. Unfortunately,
|
||||||
|
// AdditionalPrinterColumns cannot show multiple results, e.g. a list of strategy types where
|
||||||
|
// the status is equal to Successful. See https://github.com/kubernetes/kubernetes/issues/67268.
|
||||||
|
// So we don't show any status as a AdditionalPrinterColumn at the moment.
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
addSuffix("webhookauthenticators.authentication.concierge"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "Endpoint", Type: "string", JSONPath: ".spec.endpoint"},
|
||||||
|
// Note that WebhookAuthenticators have a status type, but no controller currently sets the status, so we don't show it.
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
addSuffix("jwtauthenticators.authentication.concierge"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "Issuer", Type: "string", JSONPath: ".spec.issuer"},
|
||||||
|
{Name: "Audience", Type: "string", JSONPath: ".spec.audience"},
|
||||||
|
// Note that JWTAuthenticators have a status type, but no controller currently sets the status, so we don't show it.
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
addSuffix("activedirectoryidentityproviders.idp.supervisor"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "Host", Type: "string", JSONPath: ".spec.host"},
|
||||||
|
{Name: "Status", Type: "string", JSONPath: ".status.phase"},
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
addSuffix("federationdomains.config.supervisor"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "Issuer", Type: "string", JSONPath: ".spec.issuer"},
|
||||||
|
{Name: "Status", Type: "string", JSONPath: ".status.status"},
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
addSuffix("ldapidentityproviders.idp.supervisor"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "Host", Type: "string", JSONPath: ".spec.host"},
|
||||||
|
{Name: "Status", Type: "string", JSONPath: ".status.phase"},
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
addSuffix("oidcidentityproviders.idp.supervisor"): {
|
||||||
|
"v1alpha1": []apiextensionsv1.CustomResourceColumnDefinition{
|
||||||
|
{Name: "Issuer", Type: "string", JSONPath: ".spec.issuer"},
|
||||||
|
{Name: "Status", Type: "string", JSONPath: ".status.phase"},
|
||||||
|
{Name: "Age", Type: "date", JSONPath: ".metadata.creationTimestamp"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
actualPinnipedCRDCount := 0
|
||||||
|
expectedPinnipedCRDCount := 7 // the current number of CRDs that we ship as part of Pinniped
|
||||||
|
|
||||||
|
for _, crd := range crdList.Items {
|
||||||
|
if !strings.Contains(crd.Spec.Group, env.APIGroupSuffix) {
|
||||||
|
continue // skip non-Pinniped CRDs
|
||||||
|
}
|
||||||
|
|
||||||
|
// Found a Pinniped CRD, so let's check it for AdditionalPrinterColumns.
|
||||||
|
actualPinnipedCRDCount++
|
||||||
|
|
||||||
|
for _, version := range crd.Spec.Versions {
|
||||||
|
expectedColumns, ok := expectedColumnsPerCRDVersion[crd.Name][version.Name]
|
||||||
|
assert.Truef(t, ok,
|
||||||
|
"should have found an expected AdditionalPrinterColumns for CRD %q version %q: "+
|
||||||
|
"please make sure that some useful AdditionalPrinterColumns are defined on the CRD and update this test's expectations",
|
||||||
|
crd.Name, version.Name)
|
||||||
|
assert.Equalf(t, expectedColumns, version.AdditionalPrinterColumns,
|
||||||
|
"CRD %q version %q had unexpected AdditionalPrinterColumns", crd.Name, version.Name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make sure that the logic of this test did not accidentally skip a CRD that it should have interrogated.
|
||||||
|
require.Equal(t, expectedPinnipedCRDCount, actualPinnipedCRDCount,
|
||||||
|
"did not find expected number of Pinniped CRDs to check for additionalPrinterColumns")
|
||||||
|
}
|
||||||
|
@ -26,6 +26,8 @@ import (
|
|||||||
"k8s.io/client-go/tools/clientcmd"
|
"k8s.io/client-go/tools/clientcmd"
|
||||||
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
|
aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset"
|
||||||
|
|
||||||
|
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
|
||||||
|
|
||||||
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
|
auth1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
|
||||||
"go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
"go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1"
|
||||||
configv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
|
configv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1"
|
||||||
@ -102,6 +104,12 @@ func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface {
|
|||||||
return aggregatorclient.NewForConfigOrDie(NewClientConfig(t))
|
return aggregatorclient.NewForConfigOrDie(NewClientConfig(t))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewAPIExtensionsV1Client(t *testing.T) apiextensionsv1.ApiextensionsV1Interface {
|
||||||
|
t.Helper()
|
||||||
|
|
||||||
|
return apiextensionsv1.NewForConfigOrDie(NewClientConfig(t))
|
||||||
|
}
|
||||||
|
|
||||||
func newClientConfigWithOverrides(t *testing.T, overrides *clientcmd.ConfigOverrides) *rest.Config {
|
func newClientConfigWithOverrides(t *testing.T, overrides *clientcmd.ConfigOverrides) *rest.Config {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user