Move oidcclient into config.supervisor.pinniped.dev

Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Margo Crawford 2022-06-13 15:48:54 -07:00
parent aceea7888b
commit 0c1f48cbc1
294 changed files with 2740 additions and 5419 deletions

View File

@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&FederationDomain{}, &FederationDomain{},
&FederationDomainList{}, &FederationDomainList{},
&OIDCClient{},
&OIDCClientList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -1,10 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:defaulter-gen=TypeMeta
// +groupName=oauth.supervisor.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
package v1alpha1

View File

@ -1,43 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "oauth.supervisor.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClient{},
&OIDCClientList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

View File

@ -5,9 +5,9 @@ metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.8.0 controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null creationTimestamp: null
name: oidcclients.oauth.supervisor.pinniped.dev name: oidcclients.config.supervisor.pinniped.dev
spec: spec:
group: oauth.supervisor.pinniped.dev group: config.supervisor.pinniped.dev
names: names:
categories: categories:
- pinniped - pinniped

View File

@ -41,11 +41,11 @@ metadata:
spec: spec:
group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor") group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcclients.oauth.supervisor.pinniped.dev"}}), expects=1 #@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcclients.config.supervisor.pinniped.dev"}}), expects=1
--- ---
metadata: metadata:
#@overlay/match missing_ok=True #@overlay/match missing_ok=True
labels: #@ labels() labels: #@ labels()
name: #@ pinnipedDevAPIGroupWithPrefix("oidcclients.oauth.supervisor") name: #@ pinnipedDevAPIGroupWithPrefix("oidcclients.config.supervisor")
spec: spec:
group: #@ pinnipedDevAPIGroupWithPrefix("oauth.supervisor") group: #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")

View File

@ -12,7 +12,6 @@
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|=== |===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] [id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
=== identity.concierge.pinniped.dev/identity === identity.concierge.pinniped.dev/identity
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|=== |===
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
=== oauth.supervisor.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===

View File

@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&FederationDomain{}, &FederationDomain{},
&FederationDomainList{}, &FederationDomainList{},
&OIDCClient{},
&OIDCClientList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
in.DeepCopyInto(out) in.DeepCopyInto(out)
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (in *OIDCClient) DeepCopy() *OIDCClient {
if in == nil {
return nil
}
out := new(OIDCClient)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClient) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClient, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
if in == nil {
return nil
}
out := new(OIDCClientList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
*out = *in
if in.AllowedRedirectURIs != nil {
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedGrantTypes != nil {
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
*out = make([]GrantType, len(*in))
copy(*out, *in)
}
if in.AllowedScopes != nil {
in, out := &in.AllowedScopes, &out.AllowedScopes
*out = make([]Scope, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
if in == nil {
return nil
}
out := new(OIDCClientSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
if in == nil {
return nil
}
out := new(OIDCClientStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -1,10 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:defaulter-gen=TypeMeta
// +groupName=oauth.supervisor.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
package v1alpha1

View File

@ -1,43 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "oauth.supervisor.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClient{},
&OIDCClientList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

View File

@ -1,121 +0,0 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (in *OIDCClient) DeepCopy() *OIDCClient {
if in == nil {
return nil
}
out := new(OIDCClient)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClient) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClient, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
if in == nil {
return nil
}
out := new(OIDCClientList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
*out = *in
if in.AllowedRedirectURIs != nil {
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedGrantTypes != nil {
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
*out = make([]GrantType, len(*in))
copy(*out, *in)
}
if in.AllowedScopes != nil {
in, out := &in.AllowedScopes, &out.AllowedScopes
*out = make([]Scope, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
if in == nil {
return nil
}
out := new(OIDCClientSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
if in == nil {
return nil
}
out := new(OIDCClientStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -10,7 +10,6 @@ import (
configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
discovery "k8s.io/client-go/discovery" discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest" rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol" flowcontrol "k8s.io/client-go/util/flowcontrol"
@ -20,7 +19,6 @@ type Interface interface {
Discovery() discovery.DiscoveryInterface Discovery() discovery.DiscoveryInterface
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
} }
// Clientset contains the clients for groups. Each group has exactly one // Clientset contains the clients for groups. Each group has exactly one
@ -29,7 +27,6 @@ type Clientset struct {
*discovery.DiscoveryClient *discovery.DiscoveryClient
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
} }
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
@ -42,11 +39,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return c.iDPV1alpha1 return c.iDPV1alpha1
} }
// OauthV1alpha1 retrieves the OauthV1alpha1Client
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
return c.oauthV1alpha1
}
// Discovery retrieves the DiscoveryClient // Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface { func (c *Clientset) Discovery() discovery.DiscoveryInterface {
if c == nil { if c == nil {
@ -76,10 +68,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
if err != nil { if err != nil {
@ -94,7 +82,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset var cs Clientset
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs return &cs
@ -105,7 +92,6 @@ func New(c rest.Interface) *Clientset {
var cs Clientset var cs Clientset
cs.configV1alpha1 = configv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c)
cs.iDPV1alpha1 = idpv1alpha1.New(c) cs.iDPV1alpha1 = idpv1alpha1.New(c)
cs.oauthV1alpha1 = oauthv1alpha1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs return &cs

View File

@ -11,8 +11,6 @@ import (
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake" fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
fakeoauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery" "k8s.io/client-go/discovery"
@ -76,8 +74,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
} }
// OauthV1alpha1 retrieves the OauthV1alpha1Client
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
}

View File

@ -8,7 +8,6 @@ package fake
import ( import (
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -22,7 +21,6 @@ var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{ var localSchemeBuilder = runtime.SchemeBuilder{
configv1alpha1.AddToScheme, configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme, idpv1alpha1.AddToScheme,
oauthv1alpha1.AddToScheme,
} }
// AddToScheme adds all types of this clientset into the given scheme. This allows composition // AddToScheme adds all types of this clientset into the given scheme. This allows composition

View File

@ -8,7 +8,6 @@ package scheme
import ( import (
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -22,7 +21,6 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{ var localSchemeBuilder = runtime.SchemeBuilder{
configv1alpha1.AddToScheme, configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme, idpv1alpha1.AddToScheme,
oauthv1alpha1.AddToScheme,
} }
// AddToScheme adds all types of this clientset into the given scheme. This allows composition // AddToScheme adds all types of this clientset into the given scheme. This allows composition

View File

@ -14,6 +14,7 @@ import (
type ConfigV1alpha1Interface interface { type ConfigV1alpha1Interface interface {
RESTClient() rest.Interface RESTClient() rest.Interface
FederationDomainsGetter FederationDomainsGetter
OIDCClientsGetter
} }
// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
return newFederationDomains(c, namespace) return newFederationDomains(c, namespace)
} }
func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
return newOIDCClients(c, namespace)
}
// NewForConfig creates a new ConfigV1alpha1Client for the given config. // NewForConfig creates a new ConfigV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) { func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
config := *c config := *c

View File

@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
return &FakeFederationDomains{c, namespace} return &FakeFederationDomains{c, namespace}
} }
func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
return &FakeOIDCClients{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate // RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation. // with API server by this client implementation.
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface { func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {

View File

@ -6,7 +6,7 @@
package fake package fake
import ( import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels" labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -17,13 +17,13 @@ import (
// FakeOIDCClients implements OIDCClientInterface // FakeOIDCClients implements OIDCClientInterface
type FakeOIDCClients struct { type FakeOIDCClients struct {
Fake *FakeOauthV1alpha1 Fake *FakeConfigV1alpha1
ns string ns string
} }
var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"} var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"} var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
// Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any. // Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
func (c *FakeOIDCClients) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) { func (c *FakeOIDCClients) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {

View File

@ -6,3 +6,5 @@
package v1alpha1 package v1alpha1
type FederationDomainExpansion interface{} type FederationDomainExpansion interface{}
type OIDCClientExpansion interface{}

View File

@ -8,7 +8,7 @@ package v1alpha1
import ( import (
"time" "time"
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types" types "k8s.io/apimachinery/pkg/types"
@ -43,7 +43,7 @@ type oIDCClients struct {
} }
// newOIDCClients returns a OIDCClients // newOIDCClients returns a OIDCClients
func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients { func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
return &oIDCClients{ return &oIDCClients{
client: c.RESTClient(), client: c.RESTClient(),
ns: namespace, ns: namespace,

View File

@ -1,7 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha1

View File

@ -1,7 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

View File

@ -1,27 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeOauthV1alpha1 struct {
*testing.Fake
}
func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
return &FakeOIDCClients{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

View File

@ -1,8 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
type OIDCClientExpansion interface{}

View File

@ -1,76 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
"go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
type OauthV1alpha1Interface interface {
RESTClient() rest.Interface
OIDCClientsGetter
}
// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
type OauthV1alpha1Client struct {
restClient rest.Interface
}
func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
return newOIDCClients(c, namespace)
}
// NewForConfig creates a new OauthV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &OauthV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new OauthV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *OauthV1alpha1Client {
return &OauthV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

View File

@ -13,6 +13,8 @@ import (
type Interface interface { type Interface interface {
// FederationDomains returns a FederationDomainInformer. // FederationDomains returns a FederationDomainInformer.
FederationDomains() FederationDomainInformer FederationDomains() FederationDomainInformer
// OIDCClients returns a OIDCClientInformer.
OIDCClients() OIDCClientInformer
} }
type version struct { type version struct {
@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
func (v *version) FederationDomains() FederationDomainInformer { func (v *version) FederationDomains() FederationDomainInformer {
return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
} }
// OIDCClients returns a OIDCClientInformer.
func (v *version) OIDCClients() OIDCClientInformer {
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -8,10 +8,10 @@ package v1alpha1
import ( import (
time "time" time "time"
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned" versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned"
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces" internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch" watch "k8s.io/apimachinery/pkg/watch"
@ -48,16 +48,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
if tweakListOptions != nil { if tweakListOptions != nil {
tweakListOptions(&options) tweakListOptions(&options)
} }
return client.OauthV1alpha1().OIDCClients(namespace).List(options) return client.ConfigV1alpha1().OIDCClients(namespace).List(options)
}, },
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil { if tweakListOptions != nil {
tweakListOptions(&options) tweakListOptions(&options)
} }
return client.OauthV1alpha1().OIDCClients(namespace).Watch(options) return client.ConfigV1alpha1().OIDCClients(namespace).Watch(options)
}, },
}, },
&oauthv1alpha1.OIDCClient{}, &configv1alpha1.OIDCClient{},
resyncPeriod, resyncPeriod,
indexers, indexers,
) )
@ -68,7 +68,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
} }
func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer { func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer) return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
} }
func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister { func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {

View File

@ -14,7 +14,6 @@ import (
config "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/config" config "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/config"
idp "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/idp" idp "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/idp"
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces" internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
oauth "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/oauth"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -163,7 +162,6 @@ type SharedInformerFactory interface {
Config() config.Interface Config() config.Interface
IDP() idp.Interface IDP() idp.Interface
Oauth() oauth.Interface
} }
func (f *sharedInformerFactory) Config() config.Interface { func (f *sharedInformerFactory) Config() config.Interface {
@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
func (f *sharedInformerFactory) IDP() idp.Interface { func (f *sharedInformerFactory) IDP() idp.Interface {
return idp.New(f, f.namespace, f.tweakListOptions) return idp.New(f, f.namespace, f.tweakListOptions)
} }
func (f *sharedInformerFactory) Oauth() oauth.Interface {
return oauth.New(f, f.namespace, f.tweakListOptions)
}

View File

@ -10,7 +10,6 @@ import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache" cache "k8s.io/client-go/tools/cache"
) )
@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=config.supervisor.pinniped.dev, Version=v1alpha1 // Group=config.supervisor.pinniped.dev, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"): case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
// Group=idp.supervisor.pinniped.dev, Version=v1alpha1 // Group=idp.supervisor.pinniped.dev, Version=v1alpha1
case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"): case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"): case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
} }
return nil, fmt.Errorf("no informer found for %v", resource) return nil, fmt.Errorf("no informer found for %v", resource)

View File

@ -1,33 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package oauth
import (
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/oauth/v1alpha1"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
}

View File

@ -1,32 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// OIDCClients returns a OIDCClientInformer.
OIDCClients() OIDCClientInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// OIDCClients returns a OIDCClientInformer.
func (v *version) OIDCClients() OIDCClientInformer {
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
// FederationDomainNamespaceListerExpansion allows custom methods to be added to // FederationDomainNamespaceListerExpansion allows custom methods to be added to
// FederationDomainNamespaceLister. // FederationDomainNamespaceLister.
type FederationDomainNamespaceListerExpansion interface{} type FederationDomainNamespaceListerExpansion interface{}
// OIDCClientListerExpansion allows custom methods to be added to
// OIDCClientLister.
type OIDCClientListerExpansion interface{}
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
// OIDCClientNamespaceLister.
type OIDCClientNamespaceListerExpansion interface{}

View File

@ -6,7 +6,7 @@
package v1alpha1 package v1alpha1
import ( import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/cache"

View File

@ -1,14 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// OIDCClientListerExpansion allows custom methods to be added to
// OIDCClientLister.
type OIDCClientListerExpansion interface{}
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
// OIDCClientNamespaceLister.
type OIDCClientNamespaceListerExpansion interface{}

View File

@ -5,9 +5,9 @@ metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.8.0 controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null creationTimestamp: null
name: oidcclients.oauth.supervisor.pinniped.dev name: oidcclients.config.supervisor.pinniped.dev
spec: spec:
group: oauth.supervisor.pinniped.dev group: config.supervisor.pinniped.dev
names: names:
categories: categories:
- pinniped - pinniped

View File

@ -12,7 +12,6 @@
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|=== |===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] [id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
=== identity.concierge.pinniped.dev/identity === identity.concierge.pinniped.dev/identity
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|=== |===
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
=== oauth.supervisor.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===

View File

@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&FederationDomain{}, &FederationDomain{},
&FederationDomainList{}, &FederationDomainList{},
&OIDCClient{},
&OIDCClientList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
in.DeepCopyInto(out) in.DeepCopyInto(out)
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (in *OIDCClient) DeepCopy() *OIDCClient {
if in == nil {
return nil
}
out := new(OIDCClient)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClient) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClient, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
if in == nil {
return nil
}
out := new(OIDCClientList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
*out = *in
if in.AllowedRedirectURIs != nil {
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedGrantTypes != nil {
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
*out = make([]GrantType, len(*in))
copy(*out, *in)
}
if in.AllowedScopes != nil {
in, out := &in.AllowedScopes, &out.AllowedScopes
*out = make([]Scope, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
if in == nil {
return nil
}
out := new(OIDCClientSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
if in == nil {
return nil
}
out := new(OIDCClientStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -1,10 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:defaulter-gen=TypeMeta
// +groupName=oauth.supervisor.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
package v1alpha1

View File

@ -1,43 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "oauth.supervisor.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClient{},
&OIDCClientList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

View File

@ -1,121 +0,0 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (in *OIDCClient) DeepCopy() *OIDCClient {
if in == nil {
return nil
}
out := new(OIDCClient)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClient) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClient, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
if in == nil {
return nil
}
out := new(OIDCClientList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
*out = *in
if in.AllowedRedirectURIs != nil {
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedGrantTypes != nil {
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
*out = make([]GrantType, len(*in))
copy(*out, *in)
}
if in.AllowedScopes != nil {
in, out := &in.AllowedScopes, &out.AllowedScopes
*out = make([]Scope, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
if in == nil {
return nil
}
out := new(OIDCClientSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
if in == nil {
return nil
}
out := new(OIDCClientStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -10,7 +10,6 @@ import (
configv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
discovery "k8s.io/client-go/discovery" discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest" rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol" flowcontrol "k8s.io/client-go/util/flowcontrol"
@ -20,7 +19,6 @@ type Interface interface {
Discovery() discovery.DiscoveryInterface Discovery() discovery.DiscoveryInterface
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
} }
// Clientset contains the clients for groups. Each group has exactly one // Clientset contains the clients for groups. Each group has exactly one
@ -29,7 +27,6 @@ type Clientset struct {
*discovery.DiscoveryClient *discovery.DiscoveryClient
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
} }
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
@ -42,11 +39,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return c.iDPV1alpha1 return c.iDPV1alpha1
} }
// OauthV1alpha1 retrieves the OauthV1alpha1Client
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
return c.oauthV1alpha1
}
// Discovery retrieves the DiscoveryClient // Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface { func (c *Clientset) Discovery() discovery.DiscoveryInterface {
if c == nil { if c == nil {
@ -76,10 +68,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
if err != nil { if err != nil {
@ -94,7 +82,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset var cs Clientset
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs return &cs
@ -105,7 +92,6 @@ func New(c rest.Interface) *Clientset {
var cs Clientset var cs Clientset
cs.configV1alpha1 = configv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c)
cs.iDPV1alpha1 = idpv1alpha1.New(c) cs.iDPV1alpha1 = idpv1alpha1.New(c)
cs.oauthV1alpha1 = oauthv1alpha1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs return &cs

View File

@ -11,8 +11,6 @@ import (
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
fakeidpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake" fakeidpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
oauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
fakeoauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery" "k8s.io/client-go/discovery"
@ -76,8 +74,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
} }
// OauthV1alpha1 retrieves the OauthV1alpha1Client
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
}

View File

@ -8,7 +8,6 @@ package fake
import ( import (
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -22,7 +21,6 @@ var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{ var localSchemeBuilder = runtime.SchemeBuilder{
configv1alpha1.AddToScheme, configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme, idpv1alpha1.AddToScheme,
oauthv1alpha1.AddToScheme,
} }
// AddToScheme adds all types of this clientset into the given scheme. This allows composition // AddToScheme adds all types of this clientset into the given scheme. This allows composition

View File

@ -8,7 +8,6 @@ package scheme
import ( import (
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -22,7 +21,6 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{ var localSchemeBuilder = runtime.SchemeBuilder{
configv1alpha1.AddToScheme, configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme, idpv1alpha1.AddToScheme,
oauthv1alpha1.AddToScheme,
} }
// AddToScheme adds all types of this clientset into the given scheme. This allows composition // AddToScheme adds all types of this clientset into the given scheme. This allows composition

View File

@ -14,6 +14,7 @@ import (
type ConfigV1alpha1Interface interface { type ConfigV1alpha1Interface interface {
RESTClient() rest.Interface RESTClient() rest.Interface
FederationDomainsGetter FederationDomainsGetter
OIDCClientsGetter
} }
// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
return newFederationDomains(c, namespace) return newFederationDomains(c, namespace)
} }
func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
return newOIDCClients(c, namespace)
}
// NewForConfig creates a new ConfigV1alpha1Client for the given config. // NewForConfig creates a new ConfigV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) { func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
config := *c config := *c

View File

@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
return &FakeFederationDomains{c, namespace} return &FakeFederationDomains{c, namespace}
} }
func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
return &FakeOIDCClients{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate // RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation. // with API server by this client implementation.
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface { func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {

View File

@ -8,7 +8,7 @@ package fake
import ( import (
"context" "context"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels" labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -19,13 +19,13 @@ import (
// FakeOIDCClients implements OIDCClientInterface // FakeOIDCClients implements OIDCClientInterface
type FakeOIDCClients struct { type FakeOIDCClients struct {
Fake *FakeOauthV1alpha1 Fake *FakeConfigV1alpha1
ns string ns string
} }
var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"} var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"} var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
// Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any. // Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
func (c *FakeOIDCClients) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) { func (c *FakeOIDCClients) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {

View File

@ -6,3 +6,5 @@
package v1alpha1 package v1alpha1
type FederationDomainExpansion interface{} type FederationDomainExpansion interface{}
type OIDCClientExpansion interface{}

View File

@ -9,7 +9,7 @@ import (
"context" "context"
"time" "time"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types" types "k8s.io/apimachinery/pkg/types"
@ -44,7 +44,7 @@ type oIDCClients struct {
} }
// newOIDCClients returns a OIDCClients // newOIDCClients returns a OIDCClients
func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients { func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
return &oIDCClients{ return &oIDCClients{
client: c.RESTClient(), client: c.RESTClient(),
ns: namespace, ns: namespace,

View File

@ -1,7 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha1

View File

@ -1,7 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

View File

@ -1,27 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeOauthV1alpha1 struct {
*testing.Fake
}
func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
return &FakeOIDCClients{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

View File

@ -1,8 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
type OIDCClientExpansion interface{}

View File

@ -1,76 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
"go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
type OauthV1alpha1Interface interface {
RESTClient() rest.Interface
OIDCClientsGetter
}
// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
type OauthV1alpha1Client struct {
restClient rest.Interface
}
func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
return newOIDCClients(c, namespace)
}
// NewForConfig creates a new OauthV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &OauthV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new OauthV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *OauthV1alpha1Client {
return &OauthV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

View File

@ -13,6 +13,8 @@ import (
type Interface interface { type Interface interface {
// FederationDomains returns a FederationDomainInformer. // FederationDomains returns a FederationDomainInformer.
FederationDomains() FederationDomainInformer FederationDomains() FederationDomainInformer
// OIDCClients returns a OIDCClientInformer.
OIDCClients() OIDCClientInformer
} }
type version struct { type version struct {
@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
func (v *version) FederationDomains() FederationDomainInformer { func (v *version) FederationDomains() FederationDomainInformer {
return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
} }
// OIDCClients returns a OIDCClientInformer.
func (v *version) OIDCClients() OIDCClientInformer {
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -9,10 +9,10 @@ import (
"context" "context"
time "time" time "time"
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned" versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned"
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces" internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/config/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch" watch "k8s.io/apimachinery/pkg/watch"
@ -49,16 +49,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
if tweakListOptions != nil { if tweakListOptions != nil {
tweakListOptions(&options) tweakListOptions(&options)
} }
return client.OauthV1alpha1().OIDCClients(namespace).List(context.TODO(), options) return client.ConfigV1alpha1().OIDCClients(namespace).List(context.TODO(), options)
}, },
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil { if tweakListOptions != nil {
tweakListOptions(&options) tweakListOptions(&options)
} }
return client.OauthV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options) return client.ConfigV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options)
}, },
}, },
&oauthv1alpha1.OIDCClient{}, &configv1alpha1.OIDCClient{},
resyncPeriod, resyncPeriod,
indexers, indexers,
) )
@ -69,7 +69,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
} }
func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer { func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer) return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
} }
func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister { func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {

View File

@ -14,7 +14,6 @@ import (
config "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/config" config "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/config"
idp "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/idp" idp "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/idp"
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces" internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
oauth "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/oauth"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -163,7 +162,6 @@ type SharedInformerFactory interface {
Config() config.Interface Config() config.Interface
IDP() idp.Interface IDP() idp.Interface
Oauth() oauth.Interface
} }
func (f *sharedInformerFactory) Config() config.Interface { func (f *sharedInformerFactory) Config() config.Interface {
@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
func (f *sharedInformerFactory) IDP() idp.Interface { func (f *sharedInformerFactory) IDP() idp.Interface {
return idp.New(f, f.namespace, f.tweakListOptions) return idp.New(f, f.namespace, f.tweakListOptions)
} }
func (f *sharedInformerFactory) Oauth() oauth.Interface {
return oauth.New(f, f.namespace, f.tweakListOptions)
}

View File

@ -10,7 +10,6 @@ import (
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache" cache "k8s.io/client-go/tools/cache"
) )
@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=config.supervisor.pinniped.dev, Version=v1alpha1 // Group=config.supervisor.pinniped.dev, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"): case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
// Group=idp.supervisor.pinniped.dev, Version=v1alpha1 // Group=idp.supervisor.pinniped.dev, Version=v1alpha1
case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"): case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"): case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
} }
return nil, fmt.Errorf("no informer found for %v", resource) return nil, fmt.Errorf("no informer found for %v", resource)

View File

@ -1,33 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package oauth
import (
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/oauth/v1alpha1"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
}

View File

@ -1,32 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// OIDCClients returns a OIDCClientInformer.
OIDCClients() OIDCClientInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// OIDCClients returns a OIDCClientInformer.
func (v *version) OIDCClients() OIDCClientInformer {
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
// FederationDomainNamespaceListerExpansion allows custom methods to be added to // FederationDomainNamespaceListerExpansion allows custom methods to be added to
// FederationDomainNamespaceLister. // FederationDomainNamespaceLister.
type FederationDomainNamespaceListerExpansion interface{} type FederationDomainNamespaceListerExpansion interface{}
// OIDCClientListerExpansion allows custom methods to be added to
// OIDCClientLister.
type OIDCClientListerExpansion interface{}
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
// OIDCClientNamespaceLister.
type OIDCClientNamespaceListerExpansion interface{}

View File

@ -6,7 +6,7 @@
package v1alpha1 package v1alpha1
import ( import (
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/cache"

View File

@ -1,14 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// OIDCClientListerExpansion allows custom methods to be added to
// OIDCClientLister.
type OIDCClientListerExpansion interface{}
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
// OIDCClientNamespaceLister.
type OIDCClientNamespaceListerExpansion interface{}

View File

@ -5,9 +5,9 @@ metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.8.0 controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null creationTimestamp: null
name: oidcclients.oauth.supervisor.pinniped.dev name: oidcclients.config.supervisor.pinniped.dev
spec: spec:
group: oauth.supervisor.pinniped.dev group: config.supervisor.pinniped.dev
names: names:
categories: categories:
- pinniped - pinniped

View File

@ -12,7 +12,6 @@
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|=== |===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] [id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
=== identity.concierge.pinniped.dev/identity === identity.concierge.pinniped.dev/identity
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|=== |===
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
=== oauth.supervisor.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===

View File

@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&FederationDomain{}, &FederationDomain{},
&FederationDomainList{}, &FederationDomainList{},
&OIDCClient{},
&OIDCClientList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
in.DeepCopyInto(out) in.DeepCopyInto(out)
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (in *OIDCClient) DeepCopy() *OIDCClient {
if in == nil {
return nil
}
out := new(OIDCClient)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClient) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClient, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
if in == nil {
return nil
}
out := new(OIDCClientList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
*out = *in
if in.AllowedRedirectURIs != nil {
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedGrantTypes != nil {
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
*out = make([]GrantType, len(*in))
copy(*out, *in)
}
if in.AllowedScopes != nil {
in, out := &in.AllowedScopes, &out.AllowedScopes
*out = make([]Scope, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
if in == nil {
return nil
}
out := new(OIDCClientSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
if in == nil {
return nil
}
out := new(OIDCClientStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -1,10 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:defaulter-gen=TypeMeta
// +groupName=oauth.supervisor.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
package v1alpha1

View File

@ -1,43 +0,0 @@
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "oauth.supervisor.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
var (
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
}
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClient{},
&OIDCClientList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

View File

@ -1,121 +0,0 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
out.Status = in.Status
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (in *OIDCClient) DeepCopy() *OIDCClient {
if in == nil {
return nil
}
out := new(OIDCClient)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClient) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClient, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
if in == nil {
return nil
}
out := new(OIDCClientList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
*out = *in
if in.AllowedRedirectURIs != nil {
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.AllowedGrantTypes != nil {
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
*out = make([]GrantType, len(*in))
copy(*out, *in)
}
if in.AllowedScopes != nil {
in, out := &in.AllowedScopes, &out.AllowedScopes
*out = make([]Scope, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
if in == nil {
return nil
}
out := new(OIDCClientSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
if in == nil {
return nil
}
out := new(OIDCClientStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -10,7 +10,6 @@ import (
configv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
discovery "k8s.io/client-go/discovery" discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest" rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol" flowcontrol "k8s.io/client-go/util/flowcontrol"
@ -20,7 +19,6 @@ type Interface interface {
Discovery() discovery.DiscoveryInterface Discovery() discovery.DiscoveryInterface
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
} }
// Clientset contains the clients for groups. Each group has exactly one // Clientset contains the clients for groups. Each group has exactly one
@ -29,7 +27,6 @@ type Clientset struct {
*discovery.DiscoveryClient *discovery.DiscoveryClient
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
} }
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
@ -42,11 +39,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return c.iDPV1alpha1 return c.iDPV1alpha1
} }
// OauthV1alpha1 retrieves the OauthV1alpha1Client
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
return c.oauthV1alpha1
}
// Discovery retrieves the DiscoveryClient // Discovery retrieves the DiscoveryClient
func (c *Clientset) Discovery() discovery.DiscoveryInterface { func (c *Clientset) Discovery() discovery.DiscoveryInterface {
if c == nil { if c == nil {
@ -76,10 +68,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
if err != nil { if err != nil {
@ -94,7 +82,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset var cs Clientset
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
return &cs return &cs
@ -105,7 +92,6 @@ func New(c rest.Interface) *Clientset {
var cs Clientset var cs Clientset
cs.configV1alpha1 = configv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c)
cs.iDPV1alpha1 = idpv1alpha1.New(c) cs.iDPV1alpha1 = idpv1alpha1.New(c)
cs.oauthV1alpha1 = oauthv1alpha1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
return &cs return &cs

View File

@ -11,8 +11,6 @@ import (
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
idpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
fakeidpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake" fakeidpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
oauthv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
fakeoauthv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch" "k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery" "k8s.io/client-go/discovery"
@ -76,8 +74,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
} }
// OauthV1alpha1 retrieves the OauthV1alpha1Client
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
}

View File

@ -8,7 +8,6 @@ package fake
import ( import (
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -22,7 +21,6 @@ var codecs = serializer.NewCodecFactory(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{ var localSchemeBuilder = runtime.SchemeBuilder{
configv1alpha1.AddToScheme, configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme, idpv1alpha1.AddToScheme,
oauthv1alpha1.AddToScheme,
} }
// AddToScheme adds all types of this clientset into the given scheme. This allows composition // AddToScheme adds all types of this clientset into the given scheme. This allows composition

View File

@ -8,7 +8,6 @@ package scheme
import ( import (
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -22,7 +21,6 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{ var localSchemeBuilder = runtime.SchemeBuilder{
configv1alpha1.AddToScheme, configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme, idpv1alpha1.AddToScheme,
oauthv1alpha1.AddToScheme,
} }
// AddToScheme adds all types of this clientset into the given scheme. This allows composition // AddToScheme adds all types of this clientset into the given scheme. This allows composition

View File

@ -14,6 +14,7 @@ import (
type ConfigV1alpha1Interface interface { type ConfigV1alpha1Interface interface {
RESTClient() rest.Interface RESTClient() rest.Interface
FederationDomainsGetter FederationDomainsGetter
OIDCClientsGetter
} }
// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
return newFederationDomains(c, namespace) return newFederationDomains(c, namespace)
} }
func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
return newOIDCClients(c, namespace)
}
// NewForConfig creates a new ConfigV1alpha1Client for the given config. // NewForConfig creates a new ConfigV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) { func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
config := *c config := *c

View File

@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
return &FakeFederationDomains{c, namespace} return &FakeFederationDomains{c, namespace}
} }
func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
return &FakeOIDCClients{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate // RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation. // with API server by this client implementation.
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface { func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {

View File

@ -8,7 +8,7 @@ package fake
import ( import (
"context" "context"
v1alpha1 "go.pinniped.dev/generated/1.21/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels" labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -19,13 +19,13 @@ import (
// FakeOIDCClients implements OIDCClientInterface // FakeOIDCClients implements OIDCClientInterface
type FakeOIDCClients struct { type FakeOIDCClients struct {
Fake *FakeOauthV1alpha1 Fake *FakeConfigV1alpha1
ns string ns string
} }
var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"} var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"} var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
// Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any. // Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
func (c *FakeOIDCClients) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) { func (c *FakeOIDCClients) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {

View File

@ -6,3 +6,5 @@
package v1alpha1 package v1alpha1
type FederationDomainExpansion interface{} type FederationDomainExpansion interface{}
type OIDCClientExpansion interface{}

View File

@ -9,7 +9,7 @@ import (
"context" "context"
"time" "time"
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types" types "k8s.io/apimachinery/pkg/types"
@ -44,7 +44,7 @@ type oIDCClients struct {
} }
// newOIDCClients returns a OIDCClients // newOIDCClients returns a OIDCClients
func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients { func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
return &oIDCClients{ return &oIDCClients{
client: c.RESTClient(), client: c.RESTClient(),
ns: namespace, ns: namespace,

View File

@ -1,7 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package v1alpha1

View File

@ -1,7 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

View File

@ -1,27 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeOauthV1alpha1 struct {
*testing.Fake
}
func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
return &FakeOIDCClients{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

View File

@ -1,8 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
type OIDCClientExpansion interface{}

View File

@ -1,76 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
"go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
type OauthV1alpha1Interface interface {
RESTClient() rest.Interface
OIDCClientsGetter
}
// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
type OauthV1alpha1Client struct {
restClient rest.Interface
}
func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
return newOIDCClients(c, namespace)
}
// NewForConfig creates a new OauthV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &OauthV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new OauthV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *OauthV1alpha1Client {
return &OauthV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
gv := v1alpha1.SchemeGroupVersion
config.GroupVersion = &gv
config.APIPath = "/apis"
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

View File

@ -13,6 +13,8 @@ import (
type Interface interface { type Interface interface {
// FederationDomains returns a FederationDomainInformer. // FederationDomains returns a FederationDomainInformer.
FederationDomains() FederationDomainInformer FederationDomains() FederationDomainInformer
// OIDCClients returns a OIDCClientInformer.
OIDCClients() OIDCClientInformer
} }
type version struct { type version struct {
@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
func (v *version) FederationDomains() FederationDomainInformer { func (v *version) FederationDomains() FederationDomainInformer {
return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
} }
// OIDCClients returns a OIDCClientInformer.
func (v *version) OIDCClients() OIDCClientInformer {
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -9,10 +9,10 @@ import (
"context" "context"
time "time" time "time"
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned" versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned"
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces" internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/config/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch" watch "k8s.io/apimachinery/pkg/watch"
@ -49,16 +49,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
if tweakListOptions != nil { if tweakListOptions != nil {
tweakListOptions(&options) tweakListOptions(&options)
} }
return client.OauthV1alpha1().OIDCClients(namespace).List(context.TODO(), options) return client.ConfigV1alpha1().OIDCClients(namespace).List(context.TODO(), options)
}, },
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil { if tweakListOptions != nil {
tweakListOptions(&options) tweakListOptions(&options)
} }
return client.OauthV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options) return client.ConfigV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options)
}, },
}, },
&oauthv1alpha1.OIDCClient{}, &configv1alpha1.OIDCClient{},
resyncPeriod, resyncPeriod,
indexers, indexers,
) )
@ -69,7 +69,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
} }
func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer { func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer) return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
} }
func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister { func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {

View File

@ -14,7 +14,6 @@ import (
config "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/config" config "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/config"
idp "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/idp" idp "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/idp"
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces" internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
oauth "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/oauth"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -163,7 +162,6 @@ type SharedInformerFactory interface {
Config() config.Interface Config() config.Interface
IDP() idp.Interface IDP() idp.Interface
Oauth() oauth.Interface
} }
func (f *sharedInformerFactory) Config() config.Interface { func (f *sharedInformerFactory) Config() config.Interface {
@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
func (f *sharedInformerFactory) IDP() idp.Interface { func (f *sharedInformerFactory) IDP() idp.Interface {
return idp.New(f, f.namespace, f.tweakListOptions) return idp.New(f, f.namespace, f.tweakListOptions)
} }
func (f *sharedInformerFactory) Oauth() oauth.Interface {
return oauth.New(f, f.namespace, f.tweakListOptions)
}

View File

@ -10,7 +10,6 @@ import (
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
schema "k8s.io/apimachinery/pkg/runtime/schema" schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache" cache "k8s.io/client-go/tools/cache"
) )
@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
// Group=config.supervisor.pinniped.dev, Version=v1alpha1 // Group=config.supervisor.pinniped.dev, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"): case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
// Group=idp.supervisor.pinniped.dev, Version=v1alpha1 // Group=idp.supervisor.pinniped.dev, Version=v1alpha1
case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"): case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"): case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
} }
return nil, fmt.Errorf("no informer found for %v", resource) return nil, fmt.Errorf("no informer found for %v", resource)

View File

@ -1,33 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package oauth
import (
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/oauth/v1alpha1"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// V1alpha1 provides access to shared informers for resources in V1alpha1.
V1alpha1() v1alpha1.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// V1alpha1 returns a new v1alpha1.Interface.
func (g *group) V1alpha1() v1alpha1.Interface {
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
}

View File

@ -1,32 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// OIDCClients returns a OIDCClientInformer.
OIDCClients() OIDCClientInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// OIDCClients returns a OIDCClientInformer.
func (v *version) OIDCClients() OIDCClientInformer {
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
// FederationDomainNamespaceListerExpansion allows custom methods to be added to // FederationDomainNamespaceListerExpansion allows custom methods to be added to
// FederationDomainNamespaceLister. // FederationDomainNamespaceLister.
type FederationDomainNamespaceListerExpansion interface{} type FederationDomainNamespaceListerExpansion interface{}
// OIDCClientListerExpansion allows custom methods to be added to
// OIDCClientLister.
type OIDCClientListerExpansion interface{}
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
// OIDCClientNamespaceLister.
type OIDCClientNamespaceListerExpansion interface{}

View File

@ -6,7 +6,7 @@
package v1alpha1 package v1alpha1
import ( import (
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1" v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/cache"

View File

@ -1,14 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// OIDCClientListerExpansion allows custom methods to be added to
// OIDCClientLister.
type OIDCClientListerExpansion interface{}
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
// OIDCClientNamespaceLister.
type OIDCClientNamespaceListerExpansion interface{}

View File

@ -5,9 +5,9 @@ metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.8.0 controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null creationTimestamp: null
name: oidcclients.oauth.supervisor.pinniped.dev name: oidcclients.config.supervisor.pinniped.dev
spec: spec:
group: oauth.supervisor.pinniped.dev group: config.supervisor.pinniped.dev
names: names:
categories: categories:
- pinniped - pinniped

View File

@ -12,7 +12,6 @@
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|=== |===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] [id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
=== identity.concierge.pinniped.dev/identity === identity.concierge.pinniped.dev/identity
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|=== |===
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
=== oauth.supervisor.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclient"]
==== OIDCClient
OIDCClient describes the configuration of an OIDC client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
==== OIDCClientSpec
OIDCClientSpec is a struct that describes an OIDC Client.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|===

Some files were not shown because too many files have changed in this diff Show More