From 0be2c0d40fb5fdd8d89d43327ae6ce6d3fee011a Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 1 Mar 2021 14:26:43 -0600 Subject: [PATCH] Add CredentialIssuer "status.strategies[].frontend" field. This field is a new tagged-union style field that describes how clients can connect using each successful strategy. Signed-off-by: Matt Moyer --- .../v1alpha1/types_credentialissuer.go.tmpl | 35 +++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl index 63d59446..39989501 100644 --- a/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl +++ b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string +// +kubebuilder:validation:Enum=TokenCredentialRequestAPI +type FrontendType string + // +kubebuilder:validation:Enum=Success;Error type StrategyStatus string @@ -17,11 +20,14 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI") + SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") - CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") - FetchedKeyStrategyReason = StrategyReason("FetchedKey") + CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") + CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo") + FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) // Status of a credential issuer. @@ -30,6 +36,7 @@ type CredentialIssuerStatus struct { Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // This field is deprecated and will be removed in a future version. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } @@ -63,6 +70,30 @@ type CredentialIssuerStrategy struct { // When the status was last checked. LastUpdateTime metav1.Time `json:"lastUpdateTime"` + + // Frontend describes how clients can connect using this strategy. + Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"` +} + +type CredentialIssuerFrontend struct { + // Type describes which frontend mechanism clients can use with a strategy. + Type FrontendType `json:"type"` + + // TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. + // This field is only set when Type is "TokenCredentialRequestAPI". + TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"` +} + +// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. +type TokenCredentialRequestAPIInfo struct { + // Server is the Kubernetes API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` + + // CertificateAuthorityData is the Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } // Describes the configuration status of a Pinniped credential issuer.