Merge pull request #1194 from vmware-tanzu/config_oidcclient
Move oidcclient into config.supervisor.pinniped.dev
This commit is contained in:
Ryan Richard
GitHub
commit
268e1108d1
|
|
@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
|
|||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&FederationDomain{},
|
||||
&FederationDomainList{},
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +k8s:defaulter-gen=TypeMeta
|
||||
// +groupName=oauth.supervisor.pinniped.dev
|
||||
|
||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
package v1alpha1
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
const GroupName = "oauth.supervisor.pinniped.dev"
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects.
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
||||
|
||||
var (
|
||||
SchemeBuilder runtime.SchemeBuilder
|
||||
localSchemeBuilder = &SchemeBuilder
|
||||
AddToScheme = localSchemeBuilder.AddToScheme
|
||||
)
|
||||
|
||||
func init() {
|
||||
// We only register manually written functions here. The registration of the
|
||||
// generated functions takes place in the generated files. The separation
|
||||
// makes the code compile even when the generated files are missing.
|
||||
localSchemeBuilder.Register(addKnownTypes)
|
||||
}
|
||||
|
||||
// Adds the list of known types to the given scheme.
|
||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
||||
func Resource(resource string) schema.GroupResource {
|
||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
||||
}
|
||||
|
|
@ -5,9 +5,9 @@ metadata:
|
|||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: oidcclients.oauth.supervisor.pinniped.dev
|
||||
name: oidcclients.config.supervisor.pinniped.dev
|
||||
spec:
|
||||
group: oauth.supervisor.pinniped.dev
|
||||
group: config.supervisor.pinniped.dev
|
||||
names:
|
||||
categories:
|
||||
- pinniped
|
||||
|
|
@ -41,11 +41,11 @@ metadata:
|
|||
spec:
|
||||
group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
|
||||
|
||||
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcclients.oauth.supervisor.pinniped.dev"}}), expects=1
|
||||
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcclients.config.supervisor.pinniped.dev"}}), expects=1
|
||||
---
|
||||
metadata:
|
||||
#@overlay/match missing_ok=True
|
||||
labels: #@ labels()
|
||||
name: #@ pinnipedDevAPIGroupWithPrefix("oidcclients.oauth.supervisor")
|
||||
name: #@ pinnipedDevAPIGroupWithPrefix("oidcclients.config.supervisor")
|
||||
spec:
|
||||
group: #@ pinnipedDevAPIGroupWithPrefix("oauth.supervisor")
|
||||
group: #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@
|
|||
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
|
||||
|
||||
|
||||
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
|
||||
|
|
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
|
||||
=== identity.concierge.pinniped.dev/identity
|
||||
|
|
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|
|||
|===
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
|
||||
=== oauth.supervisor.pinniped.dev/v1alpha1
|
||||
|
||||
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
|
|||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&FederationDomain{},
|
||||
&FederationDomainList{},
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
|
|||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClient)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]OIDCClient, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
||||
*out = *in
|
||||
if in.AllowedRedirectURIs != nil {
|
||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedGrantTypes != nil {
|
||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
||||
*out = make([]GrantType, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedScopes != nil {
|
||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
||||
*out = make([]Scope, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientStatus)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +k8s:defaulter-gen=TypeMeta
|
||||
// +groupName=oauth.supervisor.pinniped.dev
|
||||
|
||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
package v1alpha1
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
const GroupName = "oauth.supervisor.pinniped.dev"
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects.
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
||||
|
||||
var (
|
||||
SchemeBuilder runtime.SchemeBuilder
|
||||
localSchemeBuilder = &SchemeBuilder
|
||||
AddToScheme = localSchemeBuilder.AddToScheme
|
||||
)
|
||||
|
||||
func init() {
|
||||
// We only register manually written functions here. The registration of the
|
||||
// generated functions takes place in the generated files. The separation
|
||||
// makes the code compile even when the generated files are missing.
|
||||
localSchemeBuilder.Register(addKnownTypes)
|
||||
}
|
||||
|
||||
// Adds the list of known types to the given scheme.
|
||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
||||
func Resource(resource string) schema.GroupResource {
|
||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
||||
}
|
||||
|
|
@ -1,121 +0,0 @@
|
|||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClient)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]OIDCClient, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
||||
*out = *in
|
||||
if in.AllowedRedirectURIs != nil {
|
||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedGrantTypes != nil {
|
||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
||||
*out = make([]GrantType, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedScopes != nil {
|
||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
||||
*out = make([]Scope, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientStatus)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
discovery "k8s.io/client-go/discovery"
|
||||
rest "k8s.io/client-go/rest"
|
||||
flowcontrol "k8s.io/client-go/util/flowcontrol"
|
||||
|
|
@ -20,7 +19,6 @@ type Interface interface {
|
|||
Discovery() discovery.DiscoveryInterface
|
||||
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
|
||||
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
|
||||
OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
|
||||
}
|
||||
|
||||
// Clientset contains the clients for groups. Each group has exactly one
|
||||
|
|
@ -29,7 +27,6 @@ type Clientset struct {
|
|||
*discovery.DiscoveryClient
|
||||
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
|
||||
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
|
||||
oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
|
||||
}
|
||||
|
||||
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
|
||||
|
|
@ -42,11 +39,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
|
|||
return c.iDPV1alpha1
|
||||
}
|
||||
|
||||
// OauthV1alpha1 retrieves the OauthV1alpha1Client
|
||||
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
|
||||
return c.oauthV1alpha1
|
||||
}
|
||||
|
||||
// Discovery retrieves the DiscoveryClient
|
||||
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
|
||||
if c == nil {
|
||||
|
|
@ -76,10 +68,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
|
||||
if err != nil {
|
||||
|
|
@ -94,7 +82,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
|
|||
var cs Clientset
|
||||
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
|
||||
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
|
||||
cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
|
||||
|
||||
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
|
||||
return &cs
|
||||
|
|
@ -105,7 +92,6 @@ func New(c rest.Interface) *Clientset {
|
|||
var cs Clientset
|
||||
cs.configV1alpha1 = configv1alpha1.New(c)
|
||||
cs.iDPV1alpha1 = idpv1alpha1.New(c)
|
||||
cs.oauthV1alpha1 = oauthv1alpha1.New(c)
|
||||
|
||||
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
|
||||
return &cs
|
||||
|
|
|
|||
|
|
@ -11,8 +11,6 @@ import (
|
|||
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
|
||||
fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
fakeoauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
"k8s.io/client-go/discovery"
|
||||
|
|
@ -76,8 +74,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
|
|||
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
|
||||
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
|
||||
}
|
||||
|
||||
// OauthV1alpha1 retrieves the OauthV1alpha1Client
|
||||
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
|
||||
return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ package fake
|
|||
import (
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -22,7 +21,6 @@ var parameterCodec = runtime.NewParameterCodec(scheme)
|
|||
var localSchemeBuilder = runtime.SchemeBuilder{
|
||||
configv1alpha1.AddToScheme,
|
||||
idpv1alpha1.AddToScheme,
|
||||
oauthv1alpha1.AddToScheme,
|
||||
}
|
||||
|
||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ package scheme
|
|||
import (
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -22,7 +21,6 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme)
|
|||
var localSchemeBuilder = runtime.SchemeBuilder{
|
||||
configv1alpha1.AddToScheme,
|
||||
idpv1alpha1.AddToScheme,
|
||||
oauthv1alpha1.AddToScheme,
|
||||
}
|
||||
|
||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import (
|
|||
type ConfigV1alpha1Interface interface {
|
||||
RESTClient() rest.Interface
|
||||
FederationDomainsGetter
|
||||
OIDCClientsGetter
|
||||
}
|
||||
|
||||
// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
|
||||
|
|
@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
|
|||
return newFederationDomains(c, namespace)
|
||||
}
|
||||
|
||||
func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
|
||||
return newOIDCClients(c, namespace)
|
||||
}
|
||||
|
||||
// NewForConfig creates a new ConfigV1alpha1Client for the given config.
|
||||
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
|
||||
config := *c
|
||||
|
|
|
|||
|
|
@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
|
|||
return &FakeFederationDomains{c, namespace}
|
||||
}
|
||||
|
||||
func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
|
||||
return &FakeOIDCClients{c, namespace}
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
package fake
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
labels "k8s.io/apimachinery/pkg/labels"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -17,13 +17,13 @@ import (
|
|||
|
||||
// FakeOIDCClients implements OIDCClientInterface
|
||||
type FakeOIDCClients struct {
|
||||
Fake *FakeOauthV1alpha1
|
||||
Fake *FakeConfigV1alpha1
|
||||
ns string
|
||||
}
|
||||
|
||||
var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
|
||||
var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
|
||||
|
||||
var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
|
||||
var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
|
||||
|
||||
// Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
|
||||
func (c *FakeOIDCClients) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {
|
||||
|
|
@ -6,3 +6,5 @@
|
|||
package v1alpha1
|
||||
|
||||
type FederationDomainExpansion interface{}
|
||||
|
||||
type OIDCClientExpansion interface{}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ package v1alpha1
|
|||
import (
|
||||
"time"
|
||||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
types "k8s.io/apimachinery/pkg/types"
|
||||
|
|
@ -43,7 +43,7 @@ type oIDCClients struct {
|
|||
}
|
||||
|
||||
// newOIDCClients returns a OIDCClients
|
||||
func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients {
|
||||
func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
|
||||
return &oIDCClients{
|
||||
client: c.RESTClient(),
|
||||
ns: namespace,
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
// This package has the automatically generated typed clients.
|
||||
package v1alpha1
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
// Package fake has the automatically generated clients.
|
||||
package fake
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
rest "k8s.io/client-go/rest"
|
||||
testing "k8s.io/client-go/testing"
|
||||
)
|
||||
|
||||
type FakeOauthV1alpha1 struct {
|
||||
*testing.Fake
|
||||
}
|
||||
|
||||
func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
|
||||
return &FakeOIDCClients{c, namespace}
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
|
||||
var ret *rest.RESTClient
|
||||
return ret
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
type OIDCClientExpansion interface{}
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
"go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
|
||||
rest "k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
type OauthV1alpha1Interface interface {
|
||||
RESTClient() rest.Interface
|
||||
OIDCClientsGetter
|
||||
}
|
||||
|
||||
// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
|
||||
type OauthV1alpha1Client struct {
|
||||
restClient rest.Interface
|
||||
}
|
||||
|
||||
func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
|
||||
return newOIDCClients(c, namespace)
|
||||
}
|
||||
|
||||
// NewForConfig creates a new OauthV1alpha1Client for the given config.
|
||||
func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
|
||||
config := *c
|
||||
if err := setConfigDefaults(&config); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
client, err := rest.RESTClientFor(&config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &OauthV1alpha1Client{client}, nil
|
||||
}
|
||||
|
||||
// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
|
||||
// panics if there is an error in the config.
|
||||
func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
|
||||
client, err := NewForConfig(c)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return client
|
||||
}
|
||||
|
||||
// New creates a new OauthV1alpha1Client for the given RESTClient.
|
||||
func New(c rest.Interface) *OauthV1alpha1Client {
|
||||
return &OauthV1alpha1Client{c}
|
||||
}
|
||||
|
||||
func setConfigDefaults(config *rest.Config) error {
|
||||
gv := v1alpha1.SchemeGroupVersion
|
||||
config.GroupVersion = &gv
|
||||
config.APIPath = "/apis"
|
||||
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
|
||||
|
||||
if config.UserAgent == "" {
|
||||
config.UserAgent = rest.DefaultKubernetesUserAgent()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
|
||||
if c == nil {
|
||||
return nil
|
||||
}
|
||||
return c.restClient
|
||||
}
|
||||
|
|
@ -13,6 +13,8 @@ import (
|
|||
type Interface interface {
|
||||
// FederationDomains returns a FederationDomainInformer.
|
||||
FederationDomains() FederationDomainInformer
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
OIDCClients() OIDCClientInformer
|
||||
}
|
||||
|
||||
type version struct {
|
||||
|
|
@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
|
|||
func (v *version) FederationDomains() FederationDomainInformer {
|
||||
return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
func (v *version) OIDCClients() OIDCClientInformer {
|
||||
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,10 +8,10 @@ package v1alpha1
|
|||
import (
|
||||
time "time"
|
||||
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned"
|
||||
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
|
|
@ -48,16 +48,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
|
|||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.OauthV1alpha1().OIDCClients(namespace).List(options)
|
||||
return client.ConfigV1alpha1().OIDCClients(namespace).List(options)
|
||||
},
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.OauthV1alpha1().OIDCClients(namespace).Watch(options)
|
||||
return client.ConfigV1alpha1().OIDCClients(namespace).Watch(options)
|
||||
},
|
||||
},
|
||||
&oauthv1alpha1.OIDCClient{},
|
||||
&configv1alpha1.OIDCClient{},
|
||||
resyncPeriod,
|
||||
indexers,
|
||||
)
|
||||
|
|
@ -68,7 +68,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
|
|||
}
|
||||
|
||||
func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
|
||||
return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer)
|
||||
return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
|
||||
}
|
||||
|
||||
func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {
|
||||
|
|
@ -14,7 +14,6 @@ import (
|
|||
config "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/config"
|
||||
idp "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/idp"
|
||||
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
oauth "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/oauth"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -163,7 +162,6 @@ type SharedInformerFactory interface {
|
|||
|
||||
Config() config.Interface
|
||||
IDP() idp.Interface
|
||||
Oauth() oauth.Interface
|
||||
}
|
||||
|
||||
func (f *sharedInformerFactory) Config() config.Interface {
|
||||
|
|
@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
|
|||
func (f *sharedInformerFactory) IDP() idp.Interface {
|
||||
return idp.New(f, f.namespace, f.tweakListOptions)
|
||||
}
|
||||
|
||||
func (f *sharedInformerFactory) Oauth() oauth.Interface {
|
||||
return oauth.New(f, f.namespace, f.tweakListOptions)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
cache "k8s.io/client-go/tools/cache"
|
||||
)
|
||||
|
|
@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
// Group=config.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
|
||||
|
||||
// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
|
||||
|
|
@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
|
||||
|
||||
// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
|
||||
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("no informer found for %v", resource)
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package oauth
|
||||
|
||||
import (
|
||||
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/oauth/v1alpha1"
|
||||
)
|
||||
|
||||
// Interface provides access to each of this group's versions.
|
||||
type Interface interface {
|
||||
// V1alpha1 provides access to shared informers for resources in V1alpha1.
|
||||
V1alpha1() v1alpha1.Interface
|
||||
}
|
||||
|
||||
type group struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
namespace string
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
}
|
||||
|
||||
// New returns a new Interface.
|
||||
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
|
||||
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
|
||||
}
|
||||
|
||||
// V1alpha1 returns a new v1alpha1.Interface.
|
||||
func (g *group) V1alpha1() v1alpha1.Interface {
|
||||
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
)
|
||||
|
||||
// Interface provides access to all the informers in this group version.
|
||||
type Interface interface {
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
OIDCClients() OIDCClientInformer
|
||||
}
|
||||
|
||||
type version struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
namespace string
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
}
|
||||
|
||||
// New returns a new Interface.
|
||||
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
|
||||
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
|
||||
}
|
||||
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
func (v *version) OIDCClients() OIDCClientInformer {
|
||||
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
|
@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
|
|||
// FederationDomainNamespaceListerExpansion allows custom methods to be added to
|
||||
// FederationDomainNamespaceLister.
|
||||
type FederationDomainNamespaceListerExpansion interface{}
|
||||
|
||||
// OIDCClientListerExpansion allows custom methods to be added to
|
||||
// OIDCClientLister.
|
||||
type OIDCClientListerExpansion interface{}
|
||||
|
||||
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
|
||||
// OIDCClientNamespaceLister.
|
||||
type OIDCClientNamespaceListerExpansion interface{}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by lister-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
// OIDCClientListerExpansion allows custom methods to be added to
|
||||
// OIDCClientLister.
|
||||
type OIDCClientListerExpansion interface{}
|
||||
|
||||
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
|
||||
// OIDCClientNamespaceLister.
|
||||
type OIDCClientNamespaceListerExpansion interface{}
|
||||
|
|
@ -5,9 +5,9 @@ metadata:
|
|||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: oidcclients.oauth.supervisor.pinniped.dev
|
||||
name: oidcclients.config.supervisor.pinniped.dev
|
||||
spec:
|
||||
group: oauth.supervisor.pinniped.dev
|
||||
group: config.supervisor.pinniped.dev
|
||||
names:
|
||||
categories:
|
||||
- pinniped
|
||||
|
|
@ -12,7 +12,6 @@
|
|||
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
|
||||
|
||||
|
||||
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
|
||||
|
|
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
|
||||
=== identity.concierge.pinniped.dev/identity
|
||||
|
|
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|
|||
|===
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
|
||||
=== oauth.supervisor.pinniped.dev/v1alpha1
|
||||
|
||||
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
|
|||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&FederationDomain{},
|
||||
&FederationDomainList{},
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
|
|||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClient)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]OIDCClient, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
||||
*out = *in
|
||||
if in.AllowedRedirectURIs != nil {
|
||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedGrantTypes != nil {
|
||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
||||
*out = make([]GrantType, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedScopes != nil {
|
||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
||||
*out = make([]Scope, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientStatus)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +k8s:defaulter-gen=TypeMeta
|
||||
// +groupName=oauth.supervisor.pinniped.dev
|
||||
|
||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
package v1alpha1
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
const GroupName = "oauth.supervisor.pinniped.dev"
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects.
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
||||
|
||||
var (
|
||||
SchemeBuilder runtime.SchemeBuilder
|
||||
localSchemeBuilder = &SchemeBuilder
|
||||
AddToScheme = localSchemeBuilder.AddToScheme
|
||||
)
|
||||
|
||||
func init() {
|
||||
// We only register manually written functions here. The registration of the
|
||||
// generated functions takes place in the generated files. The separation
|
||||
// makes the code compile even when the generated files are missing.
|
||||
localSchemeBuilder.Register(addKnownTypes)
|
||||
}
|
||||
|
||||
// Adds the list of known types to the given scheme.
|
||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
||||
func Resource(resource string) schema.GroupResource {
|
||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
||||
}
|
||||
|
|
@ -1,121 +0,0 @@
|
|||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClient)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]OIDCClient, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
||||
*out = *in
|
||||
if in.AllowedRedirectURIs != nil {
|
||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedGrantTypes != nil {
|
||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
||||
*out = make([]GrantType, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedScopes != nil {
|
||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
||||
*out = make([]Scope, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientStatus)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
discovery "k8s.io/client-go/discovery"
|
||||
rest "k8s.io/client-go/rest"
|
||||
flowcontrol "k8s.io/client-go/util/flowcontrol"
|
||||
|
|
@ -20,7 +19,6 @@ type Interface interface {
|
|||
Discovery() discovery.DiscoveryInterface
|
||||
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
|
||||
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
|
||||
OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
|
||||
}
|
||||
|
||||
// Clientset contains the clients for groups. Each group has exactly one
|
||||
|
|
@ -29,7 +27,6 @@ type Clientset struct {
|
|||
*discovery.DiscoveryClient
|
||||
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
|
||||
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
|
||||
oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
|
||||
}
|
||||
|
||||
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
|
||||
|
|
@ -42,11 +39,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
|
|||
return c.iDPV1alpha1
|
||||
}
|
||||
|
||||
// OauthV1alpha1 retrieves the OauthV1alpha1Client
|
||||
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
|
||||
return c.oauthV1alpha1
|
||||
}
|
||||
|
||||
// Discovery retrieves the DiscoveryClient
|
||||
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
|
||||
if c == nil {
|
||||
|
|
@ -76,10 +68,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
|
||||
if err != nil {
|
||||
|
|
@ -94,7 +82,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
|
|||
var cs Clientset
|
||||
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
|
||||
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
|
||||
cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
|
||||
|
||||
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
|
||||
return &cs
|
||||
|
|
@ -105,7 +92,6 @@ func New(c rest.Interface) *Clientset {
|
|||
var cs Clientset
|
||||
cs.configV1alpha1 = configv1alpha1.New(c)
|
||||
cs.iDPV1alpha1 = idpv1alpha1.New(c)
|
||||
cs.oauthV1alpha1 = oauthv1alpha1.New(c)
|
||||
|
||||
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
|
||||
return &cs
|
||||
|
|
|
|||
|
|
@ -11,8 +11,6 @@ import (
|
|||
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
|
||||
fakeidpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
fakeoauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
"k8s.io/client-go/discovery"
|
||||
|
|
@ -76,8 +74,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
|
|||
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
|
||||
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
|
||||
}
|
||||
|
||||
// OauthV1alpha1 retrieves the OauthV1alpha1Client
|
||||
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
|
||||
return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ package fake
|
|||
import (
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -22,7 +21,6 @@ var parameterCodec = runtime.NewParameterCodec(scheme)
|
|||
var localSchemeBuilder = runtime.SchemeBuilder{
|
||||
configv1alpha1.AddToScheme,
|
||||
idpv1alpha1.AddToScheme,
|
||||
oauthv1alpha1.AddToScheme,
|
||||
}
|
||||
|
||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ package scheme
|
|||
import (
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -22,7 +21,6 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme)
|
|||
var localSchemeBuilder = runtime.SchemeBuilder{
|
||||
configv1alpha1.AddToScheme,
|
||||
idpv1alpha1.AddToScheme,
|
||||
oauthv1alpha1.AddToScheme,
|
||||
}
|
||||
|
||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import (
|
|||
type ConfigV1alpha1Interface interface {
|
||||
RESTClient() rest.Interface
|
||||
FederationDomainsGetter
|
||||
OIDCClientsGetter
|
||||
}
|
||||
|
||||
// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
|
||||
|
|
@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
|
|||
return newFederationDomains(c, namespace)
|
||||
}
|
||||
|
||||
func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
|
||||
return newOIDCClients(c, namespace)
|
||||
}
|
||||
|
||||
// NewForConfig creates a new ConfigV1alpha1Client for the given config.
|
||||
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
|
||||
config := *c
|
||||
|
|
|
|||
|
|
@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
|
|||
return &FakeFederationDomains{c, namespace}
|
||||
}
|
||||
|
||||
func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
|
||||
return &FakeOIDCClients{c, namespace}
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ package fake
|
|||
import (
|
||||
"context"
|
||||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
labels "k8s.io/apimachinery/pkg/labels"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -19,13 +19,13 @@ import (
|
|||
|
||||
// FakeOIDCClients implements OIDCClientInterface
|
||||
type FakeOIDCClients struct {
|
||||
Fake *FakeOauthV1alpha1
|
||||
Fake *FakeConfigV1alpha1
|
||||
ns string
|
||||
}
|
||||
|
||||
var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
|
||||
var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
|
||||
|
||||
var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
|
||||
var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
|
||||
|
||||
// Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
|
||||
func (c *FakeOIDCClients) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {
|
||||
|
|
@ -6,3 +6,5 @@
|
|||
package v1alpha1
|
||||
|
||||
type FederationDomainExpansion interface{}
|
||||
|
||||
type OIDCClientExpansion interface{}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
"context"
|
||||
"time"
|
||||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
types "k8s.io/apimachinery/pkg/types"
|
||||
|
|
@ -44,7 +44,7 @@ type oIDCClients struct {
|
|||
}
|
||||
|
||||
// newOIDCClients returns a OIDCClients
|
||||
func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients {
|
||||
func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
|
||||
return &oIDCClients{
|
||||
client: c.RESTClient(),
|
||||
ns: namespace,
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
// This package has the automatically generated typed clients.
|
||||
package v1alpha1
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
// Package fake has the automatically generated clients.
|
||||
package fake
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
rest "k8s.io/client-go/rest"
|
||||
testing "k8s.io/client-go/testing"
|
||||
)
|
||||
|
||||
type FakeOauthV1alpha1 struct {
|
||||
*testing.Fake
|
||||
}
|
||||
|
||||
func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
|
||||
return &FakeOIDCClients{c, namespace}
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
|
||||
var ret *rest.RESTClient
|
||||
return ret
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
type OIDCClientExpansion interface{}
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
"go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme"
|
||||
rest "k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
type OauthV1alpha1Interface interface {
|
||||
RESTClient() rest.Interface
|
||||
OIDCClientsGetter
|
||||
}
|
||||
|
||||
// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
|
||||
type OauthV1alpha1Client struct {
|
||||
restClient rest.Interface
|
||||
}
|
||||
|
||||
func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
|
||||
return newOIDCClients(c, namespace)
|
||||
}
|
||||
|
||||
// NewForConfig creates a new OauthV1alpha1Client for the given config.
|
||||
func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
|
||||
config := *c
|
||||
if err := setConfigDefaults(&config); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
client, err := rest.RESTClientFor(&config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &OauthV1alpha1Client{client}, nil
|
||||
}
|
||||
|
||||
// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
|
||||
// panics if there is an error in the config.
|
||||
func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
|
||||
client, err := NewForConfig(c)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return client
|
||||
}
|
||||
|
||||
// New creates a new OauthV1alpha1Client for the given RESTClient.
|
||||
func New(c rest.Interface) *OauthV1alpha1Client {
|
||||
return &OauthV1alpha1Client{c}
|
||||
}
|
||||
|
||||
func setConfigDefaults(config *rest.Config) error {
|
||||
gv := v1alpha1.SchemeGroupVersion
|
||||
config.GroupVersion = &gv
|
||||
config.APIPath = "/apis"
|
||||
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
|
||||
|
||||
if config.UserAgent == "" {
|
||||
config.UserAgent = rest.DefaultKubernetesUserAgent()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
|
||||
if c == nil {
|
||||
return nil
|
||||
}
|
||||
return c.restClient
|
||||
}
|
||||
|
|
@ -13,6 +13,8 @@ import (
|
|||
type Interface interface {
|
||||
// FederationDomains returns a FederationDomainInformer.
|
||||
FederationDomains() FederationDomainInformer
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
OIDCClients() OIDCClientInformer
|
||||
}
|
||||
|
||||
type version struct {
|
||||
|
|
@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
|
|||
func (v *version) FederationDomains() FederationDomainInformer {
|
||||
return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
func (v *version) OIDCClients() OIDCClientInformer {
|
||||
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,10 +9,10 @@ import (
|
|||
"context"
|
||||
time "time"
|
||||
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned"
|
||||
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/config/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
|
|
@ -49,16 +49,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
|
|||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.OauthV1alpha1().OIDCClients(namespace).List(context.TODO(), options)
|
||||
return client.ConfigV1alpha1().OIDCClients(namespace).List(context.TODO(), options)
|
||||
},
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.OauthV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options)
|
||||
return client.ConfigV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options)
|
||||
},
|
||||
},
|
||||
&oauthv1alpha1.OIDCClient{},
|
||||
&configv1alpha1.OIDCClient{},
|
||||
resyncPeriod,
|
||||
indexers,
|
||||
)
|
||||
|
|
@ -69,7 +69,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
|
|||
}
|
||||
|
||||
func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
|
||||
return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer)
|
||||
return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
|
||||
}
|
||||
|
||||
func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {
|
||||
|
|
@ -14,7 +14,6 @@ import (
|
|||
config "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/config"
|
||||
idp "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/idp"
|
||||
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
oauth "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/oauth"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -163,7 +162,6 @@ type SharedInformerFactory interface {
|
|||
|
||||
Config() config.Interface
|
||||
IDP() idp.Interface
|
||||
Oauth() oauth.Interface
|
||||
}
|
||||
|
||||
func (f *sharedInformerFactory) Config() config.Interface {
|
||||
|
|
@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
|
|||
func (f *sharedInformerFactory) IDP() idp.Interface {
|
||||
return idp.New(f, f.namespace, f.tweakListOptions)
|
||||
}
|
||||
|
||||
func (f *sharedInformerFactory) Oauth() oauth.Interface {
|
||||
return oauth.New(f, f.namespace, f.tweakListOptions)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
cache "k8s.io/client-go/tools/cache"
|
||||
)
|
||||
|
|
@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
// Group=config.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
|
||||
|
||||
// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
|
||||
|
|
@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
|
||||
|
||||
// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
|
||||
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("no informer found for %v", resource)
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package oauth
|
||||
|
||||
import (
|
||||
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/oauth/v1alpha1"
|
||||
)
|
||||
|
||||
// Interface provides access to each of this group's versions.
|
||||
type Interface interface {
|
||||
// V1alpha1 provides access to shared informers for resources in V1alpha1.
|
||||
V1alpha1() v1alpha1.Interface
|
||||
}
|
||||
|
||||
type group struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
namespace string
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
}
|
||||
|
||||
// New returns a new Interface.
|
||||
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
|
||||
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
|
||||
}
|
||||
|
||||
// V1alpha1 returns a new v1alpha1.Interface.
|
||||
func (g *group) V1alpha1() v1alpha1.Interface {
|
||||
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
)
|
||||
|
||||
// Interface provides access to all the informers in this group version.
|
||||
type Interface interface {
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
OIDCClients() OIDCClientInformer
|
||||
}
|
||||
|
||||
type version struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
namespace string
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
}
|
||||
|
||||
// New returns a new Interface.
|
||||
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
|
||||
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
|
||||
}
|
||||
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
func (v *version) OIDCClients() OIDCClientInformer {
|
||||
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
|
@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
|
|||
// FederationDomainNamespaceListerExpansion allows custom methods to be added to
|
||||
// FederationDomainNamespaceLister.
|
||||
type FederationDomainNamespaceListerExpansion interface{}
|
||||
|
||||
// OIDCClientListerExpansion allows custom methods to be added to
|
||||
// OIDCClientLister.
|
||||
type OIDCClientListerExpansion interface{}
|
||||
|
||||
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
|
||||
// OIDCClientNamespaceLister.
|
||||
type OIDCClientNamespaceListerExpansion interface{}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by lister-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
// OIDCClientListerExpansion allows custom methods to be added to
|
||||
// OIDCClientLister.
|
||||
type OIDCClientListerExpansion interface{}
|
||||
|
||||
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
|
||||
// OIDCClientNamespaceLister.
|
||||
type OIDCClientNamespaceListerExpansion interface{}
|
||||
|
|
@ -5,9 +5,9 @@ metadata:
|
|||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: oidcclients.oauth.supervisor.pinniped.dev
|
||||
name: oidcclients.config.supervisor.pinniped.dev
|
||||
spec:
|
||||
group: oauth.supervisor.pinniped.dev
|
||||
group: config.supervisor.pinniped.dev
|
||||
names:
|
||||
categories:
|
||||
- pinniped
|
||||
|
|
@ -12,7 +12,6 @@
|
|||
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
|
||||
|
||||
|
||||
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
|
||||
|
|
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
|
||||
=== identity.concierge.pinniped.dev/identity
|
||||
|
|
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|
|||
|===
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
|
||||
=== oauth.supervisor.pinniped.dev/v1alpha1
|
||||
|
||||
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
|
|||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&FederationDomain{},
|
||||
&FederationDomainList{},
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
|
|||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClient)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]OIDCClient, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
||||
*out = *in
|
||||
if in.AllowedRedirectURIs != nil {
|
||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedGrantTypes != nil {
|
||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
||||
*out = make([]GrantType, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedScopes != nil {
|
||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
||||
*out = make([]Scope, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientStatus)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +k8s:defaulter-gen=TypeMeta
|
||||
// +groupName=oauth.supervisor.pinniped.dev
|
||||
|
||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
package v1alpha1
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
const GroupName = "oauth.supervisor.pinniped.dev"
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects.
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
||||
|
||||
var (
|
||||
SchemeBuilder runtime.SchemeBuilder
|
||||
localSchemeBuilder = &SchemeBuilder
|
||||
AddToScheme = localSchemeBuilder.AddToScheme
|
||||
)
|
||||
|
||||
func init() {
|
||||
// We only register manually written functions here. The registration of the
|
||||
// generated functions takes place in the generated files. The separation
|
||||
// makes the code compile even when the generated files are missing.
|
||||
localSchemeBuilder.Register(addKnownTypes)
|
||||
}
|
||||
|
||||
// Adds the list of known types to the given scheme.
|
||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&OIDCClient{},
|
||||
&OIDCClientList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
||||
func Resource(resource string) schema.GroupResource {
|
||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
||||
}
|
||||
|
|
@ -1,121 +0,0 @@
|
|||
//go:build !ignore_autogenerated
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClient)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]OIDCClient, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
||||
*out = *in
|
||||
if in.AllowedRedirectURIs != nil {
|
||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedGrantTypes != nil {
|
||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
||||
*out = make([]GrantType, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.AllowedScopes != nil {
|
||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
||||
*out = make([]Scope, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(OIDCClientStatus)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
discovery "k8s.io/client-go/discovery"
|
||||
rest "k8s.io/client-go/rest"
|
||||
flowcontrol "k8s.io/client-go/util/flowcontrol"
|
||||
|
|
@ -20,7 +19,6 @@ type Interface interface {
|
|||
Discovery() discovery.DiscoveryInterface
|
||||
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
|
||||
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
|
||||
OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
|
||||
}
|
||||
|
||||
// Clientset contains the clients for groups. Each group has exactly one
|
||||
|
|
@ -29,7 +27,6 @@ type Clientset struct {
|
|||
*discovery.DiscoveryClient
|
||||
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
|
||||
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
|
||||
oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
|
||||
}
|
||||
|
||||
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
|
||||
|
|
@ -42,11 +39,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
|
|||
return c.iDPV1alpha1
|
||||
}
|
||||
|
||||
// OauthV1alpha1 retrieves the OauthV1alpha1Client
|
||||
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
|
||||
return c.oauthV1alpha1
|
||||
}
|
||||
|
||||
// Discovery retrieves the DiscoveryClient
|
||||
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
|
||||
if c == nil {
|
||||
|
|
@ -76,10 +68,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
|
||||
if err != nil {
|
||||
|
|
@ -94,7 +82,6 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
|
|||
var cs Clientset
|
||||
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
|
||||
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
|
||||
cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
|
||||
|
||||
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
|
||||
return &cs
|
||||
|
|
@ -105,7 +92,6 @@ func New(c rest.Interface) *Clientset {
|
|||
var cs Clientset
|
||||
cs.configV1alpha1 = configv1alpha1.New(c)
|
||||
cs.iDPV1alpha1 = idpv1alpha1.New(c)
|
||||
cs.oauthV1alpha1 = oauthv1alpha1.New(c)
|
||||
|
||||
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
|
||||
return &cs
|
||||
|
|
|
|||
|
|
@ -11,8 +11,6 @@ import (
|
|||
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
|
||||
fakeidpv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
fakeoauthv1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
"k8s.io/client-go/discovery"
|
||||
|
|
@ -76,8 +74,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
|
|||
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
|
||||
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
|
||||
}
|
||||
|
||||
// OauthV1alpha1 retrieves the OauthV1alpha1Client
|
||||
func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
|
||||
return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ package fake
|
|||
import (
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -22,7 +21,6 @@ var codecs = serializer.NewCodecFactory(scheme)
|
|||
var localSchemeBuilder = runtime.SchemeBuilder{
|
||||
configv1alpha1.AddToScheme,
|
||||
idpv1alpha1.AddToScheme,
|
||||
oauthv1alpha1.AddToScheme,
|
||||
}
|
||||
|
||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ package scheme
|
|||
import (
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -22,7 +21,6 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme)
|
|||
var localSchemeBuilder = runtime.SchemeBuilder{
|
||||
configv1alpha1.AddToScheme,
|
||||
idpv1alpha1.AddToScheme,
|
||||
oauthv1alpha1.AddToScheme,
|
||||
}
|
||||
|
||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import (
|
|||
type ConfigV1alpha1Interface interface {
|
||||
RESTClient() rest.Interface
|
||||
FederationDomainsGetter
|
||||
OIDCClientsGetter
|
||||
}
|
||||
|
||||
// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
|
||||
|
|
@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
|
|||
return newFederationDomains(c, namespace)
|
||||
}
|
||||
|
||||
func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
|
||||
return newOIDCClients(c, namespace)
|
||||
}
|
||||
|
||||
// NewForConfig creates a new ConfigV1alpha1Client for the given config.
|
||||
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
|
||||
config := *c
|
||||
|
|
|
|||
|
|
@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
|
|||
return &FakeFederationDomains{c, namespace}
|
||||
}
|
||||
|
||||
func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
|
||||
return &FakeOIDCClients{c, namespace}
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ package fake
|
|||
import (
|
||||
"context"
|
||||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.21/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
labels "k8s.io/apimachinery/pkg/labels"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -19,13 +19,13 @@ import (
|
|||
|
||||
// FakeOIDCClients implements OIDCClientInterface
|
||||
type FakeOIDCClients struct {
|
||||
Fake *FakeOauthV1alpha1
|
||||
Fake *FakeConfigV1alpha1
|
||||
ns string
|
||||
}
|
||||
|
||||
var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
|
||||
var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
|
||||
|
||||
var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
|
||||
var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
|
||||
|
||||
// Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
|
||||
func (c *FakeOIDCClients) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {
|
||||
|
|
@ -6,3 +6,5 @@
|
|||
package v1alpha1
|
||||
|
||||
type FederationDomainExpansion interface{}
|
||||
|
||||
type OIDCClientExpansion interface{}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
"context"
|
||||
"time"
|
||||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
types "k8s.io/apimachinery/pkg/types"
|
||||
|
|
@ -44,7 +44,7 @@ type oIDCClients struct {
|
|||
}
|
||||
|
||||
// newOIDCClients returns a OIDCClients
|
||||
func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients {
|
||||
func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
|
||||
return &oIDCClients{
|
||||
client: c.RESTClient(),
|
||||
ns: namespace,
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
// This package has the automatically generated typed clients.
|
||||
package v1alpha1
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
// Package fake has the automatically generated clients.
|
||||
package fake
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package fake
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
|
||||
rest "k8s.io/client-go/rest"
|
||||
testing "k8s.io/client-go/testing"
|
||||
)
|
||||
|
||||
type FakeOauthV1alpha1 struct {
|
||||
*testing.Fake
|
||||
}
|
||||
|
||||
func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
|
||||
return &FakeOIDCClients{c, namespace}
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
|
||||
var ret *rest.RESTClient
|
||||
return ret
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
type OIDCClientExpansion interface{}
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by client-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
"go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme"
|
||||
rest "k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
type OauthV1alpha1Interface interface {
|
||||
RESTClient() rest.Interface
|
||||
OIDCClientsGetter
|
||||
}
|
||||
|
||||
// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
|
||||
type OauthV1alpha1Client struct {
|
||||
restClient rest.Interface
|
||||
}
|
||||
|
||||
func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
|
||||
return newOIDCClients(c, namespace)
|
||||
}
|
||||
|
||||
// NewForConfig creates a new OauthV1alpha1Client for the given config.
|
||||
func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
|
||||
config := *c
|
||||
if err := setConfigDefaults(&config); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
client, err := rest.RESTClientFor(&config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &OauthV1alpha1Client{client}, nil
|
||||
}
|
||||
|
||||
// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
|
||||
// panics if there is an error in the config.
|
||||
func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
|
||||
client, err := NewForConfig(c)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return client
|
||||
}
|
||||
|
||||
// New creates a new OauthV1alpha1Client for the given RESTClient.
|
||||
func New(c rest.Interface) *OauthV1alpha1Client {
|
||||
return &OauthV1alpha1Client{c}
|
||||
}
|
||||
|
||||
func setConfigDefaults(config *rest.Config) error {
|
||||
gv := v1alpha1.SchemeGroupVersion
|
||||
config.GroupVersion = &gv
|
||||
config.APIPath = "/apis"
|
||||
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
|
||||
|
||||
if config.UserAgent == "" {
|
||||
config.UserAgent = rest.DefaultKubernetesUserAgent()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// RESTClient returns a RESTClient that is used to communicate
|
||||
// with API server by this client implementation.
|
||||
func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
|
||||
if c == nil {
|
||||
return nil
|
||||
}
|
||||
return c.restClient
|
||||
}
|
||||
|
|
@ -13,6 +13,8 @@ import (
|
|||
type Interface interface {
|
||||
// FederationDomains returns a FederationDomainInformer.
|
||||
FederationDomains() FederationDomainInformer
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
OIDCClients() OIDCClientInformer
|
||||
}
|
||||
|
||||
type version struct {
|
||||
|
|
@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
|
|||
func (v *version) FederationDomains() FederationDomainInformer {
|
||||
return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
func (v *version) OIDCClients() OIDCClientInformer {
|
||||
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,10 +9,10 @@ import (
|
|||
"context"
|
||||
time "time"
|
||||
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned"
|
||||
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/config/v1alpha1"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
watch "k8s.io/apimachinery/pkg/watch"
|
||||
|
|
@ -49,16 +49,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
|
|||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.OauthV1alpha1().OIDCClients(namespace).List(context.TODO(), options)
|
||||
return client.ConfigV1alpha1().OIDCClients(namespace).List(context.TODO(), options)
|
||||
},
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
if tweakListOptions != nil {
|
||||
tweakListOptions(&options)
|
||||
}
|
||||
return client.OauthV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options)
|
||||
return client.ConfigV1alpha1().OIDCClients(namespace).Watch(context.TODO(), options)
|
||||
},
|
||||
},
|
||||
&oauthv1alpha1.OIDCClient{},
|
||||
&configv1alpha1.OIDCClient{},
|
||||
resyncPeriod,
|
||||
indexers,
|
||||
)
|
||||
|
|
@ -69,7 +69,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
|
|||
}
|
||||
|
||||
func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
|
||||
return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer)
|
||||
return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
|
||||
}
|
||||
|
||||
func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {
|
||||
|
|
@ -14,7 +14,6 @@ import (
|
|||
config "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/config"
|
||||
idp "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/idp"
|
||||
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
oauth "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/oauth"
|
||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
|
@ -163,7 +162,6 @@ type SharedInformerFactory interface {
|
|||
|
||||
Config() config.Interface
|
||||
IDP() idp.Interface
|
||||
Oauth() oauth.Interface
|
||||
}
|
||||
|
||||
func (f *sharedInformerFactory) Config() config.Interface {
|
||||
|
|
@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
|
|||
func (f *sharedInformerFactory) IDP() idp.Interface {
|
||||
return idp.New(f, f.namespace, f.tweakListOptions)
|
||||
}
|
||||
|
||||
func (f *sharedInformerFactory) Oauth() oauth.Interface {
|
||||
return oauth.New(f, f.namespace, f.tweakListOptions)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
|
||||
oauthv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||
cache "k8s.io/client-go/tools/cache"
|
||||
)
|
||||
|
|
@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
// Group=config.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
|
||||
case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
|
||||
|
||||
// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
|
||||
|
|
@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
|
|||
case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
|
||||
|
||||
// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
|
||||
case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
|
||||
return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
|
||||
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("no informer found for %v", resource)
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package oauth
|
||||
|
||||
import (
|
||||
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/oauth/v1alpha1"
|
||||
)
|
||||
|
||||
// Interface provides access to each of this group's versions.
|
||||
type Interface interface {
|
||||
// V1alpha1 provides access to shared informers for resources in V1alpha1.
|
||||
V1alpha1() v1alpha1.Interface
|
||||
}
|
||||
|
||||
type group struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
namespace string
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
}
|
||||
|
||||
// New returns a new Interface.
|
||||
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
|
||||
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
|
||||
}
|
||||
|
||||
// V1alpha1 returns a new v1alpha1.Interface.
|
||||
func (g *group) V1alpha1() v1alpha1.Interface {
|
||||
return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
|
||||
}
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by informer-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces"
|
||||
)
|
||||
|
||||
// Interface provides access to all the informers in this group version.
|
||||
type Interface interface {
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
OIDCClients() OIDCClientInformer
|
||||
}
|
||||
|
||||
type version struct {
|
||||
factory internalinterfaces.SharedInformerFactory
|
||||
namespace string
|
||||
tweakListOptions internalinterfaces.TweakListOptionsFunc
|
||||
}
|
||||
|
||||
// New returns a new Interface.
|
||||
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
|
||||
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
|
||||
}
|
||||
|
||||
// OIDCClients returns a OIDCClientInformer.
|
||||
func (v *version) OIDCClients() OIDCClientInformer {
|
||||
return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
|
||||
}
|
||||
|
|
@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
|
|||
// FederationDomainNamespaceListerExpansion allows custom methods to be added to
|
||||
// FederationDomainNamespaceLister.
|
||||
type FederationDomainNamespaceListerExpansion interface{}
|
||||
|
||||
// OIDCClientListerExpansion allows custom methods to be added to
|
||||
// OIDCClientLister.
|
||||
type OIDCClientListerExpansion interface{}
|
||||
|
||||
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
|
||||
// OIDCClientNamespaceLister.
|
||||
type OIDCClientNamespaceListerExpansion interface{}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
package v1alpha1
|
||||
|
||||
import (
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/oauth/v1alpha1"
|
||||
v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
// Code generated by lister-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
// OIDCClientListerExpansion allows custom methods to be added to
|
||||
// OIDCClientLister.
|
||||
type OIDCClientListerExpansion interface{}
|
||||
|
||||
// OIDCClientNamespaceListerExpansion allows custom methods to be added to
|
||||
// OIDCClientNamespaceLister.
|
||||
type OIDCClientNamespaceListerExpansion interface{}
|
||||
|
|
@ -5,9 +5,9 @@ metadata:
|
|||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.8.0
|
||||
creationTimestamp: null
|
||||
name: oidcclients.oauth.supervisor.pinniped.dev
|
||||
name: oidcclients.config.supervisor.pinniped.dev
|
||||
spec:
|
||||
group: oauth.supervisor.pinniped.dev
|
||||
group: config.supervisor.pinniped.dev
|
||||
names:
|
||||
categories:
|
||||
- pinniped
|
||||
|
|
@ -12,7 +12,6 @@
|
|||
- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
|
||||
- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
|
||||
|
||||
|
||||
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
|
||||
|
|
@ -544,6 +543,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
|
|||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
|
||||
=== identity.concierge.pinniped.dev/identity
|
||||
|
|
@ -1333,56 +1377,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
|
|||
|===
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
|
||||
=== oauth.supervisor.pinniped.dev/v1alpha1
|
||||
|
||||
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclient"]
|
||||
==== OIDCClient
|
||||
|
||||
OIDCClient describes the configuration of an OIDC client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
|
||||
==== OIDCClientSpec
|
||||
|
||||
OIDCClientSpec is a struct that describes an OIDC Client.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
|
||||
****
|
||||
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
|
||||
| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session. This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. This grant must be listed if allowedScopes lists pinniped:request-audience.
|
||||
| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
||||
Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat). This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow. This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange, which is a step in the process to be able to get a cluster credential for the user. openid, username and groups scopes must be listed when this scope is present. This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username. Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership, if their group membership is discoverable by the Supervisor. Without the groups scope being requested and allowed, the ID token will not contain groups.
|
||||
|===
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue