diff --git a/apis/crdpinniped/doc.go.tmpl b/apis/crdpinniped/doc.go.tmpl index 70cb2191..647e57d7 100644 --- a/apis/crdpinniped/doc.go.tmpl +++ b/apis/crdpinniped/doc.go.tmpl @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/apis/crdpinniped/v1alpha1/doc.go.tmpl b/apis/crdpinniped/v1alpha1/doc.go.tmpl index f0de984b..b974ac81 100644 --- a/apis/crdpinniped/v1alpha1/doc.go.tmpl +++ b/apis/crdpinniped/v1alpha1/doc.go.tmpl @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/apis/crdpinniped/v1alpha1/types.go.tmpl b/apis/crdpinniped/v1alpha1/types.go.tmpl index 1fc6dc9a..e9234a93 100644 --- a/apis/crdpinniped/v1alpha1/types.go.tmpl +++ b/apis/crdpinniped/v1alpha1/types.go.tmpl @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/apis/pinniped/doc.go.tmpl b/apis/pinniped/doc.go.tmpl index 99df8e0a..304a66b2 100644 --- a/apis/pinniped/doc.go.tmpl +++ b/apis/pinniped/doc.go.tmpl @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/apis/pinniped/v1alpha1/doc.go.tmpl b/apis/pinniped/v1alpha1/doc.go.tmpl index 4bea88ef..0157f5ee 100644 --- a/apis/pinniped/v1alpha1/doc.go.tmpl +++ b/apis/pinniped/v1alpha1/doc.go.tmpl @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/deploy/crd.yaml b/deploy/crd.yaml index 0b70bb30..e47f8e63 100644 --- a/deploy/crd.yaml +++ b/deploy/crd.yaml @@ -1,85 +1,110 @@ -#! Copyright 2020 VMware, Inc. -#! SPDX-License-Identifier: Apache-2.0 - -#! Example of valid CredentialIssuerConfig object: -#! --- -#! apiVersion: crd.pinniped.dev/v1alpha1 -#! kind: CredentialIssuerConfig -#! metadata: -#! name: credential-issuer-config -#! namespace: integration -#! status: -#! kubeConfigInfo: -#! server: https://foo -#! certificateAuthorityData: bar -#! strategies: -#! - type: KubeClusterSigningCertificate -#! status: Error -#! reason: CouldNotFetchKey -#! message: "There was an error getting the signing cert" -#! lastUpdateTime: 2020-08-21T20:08:18Z - -#@ load("@ytt:data", "data") --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null name: credentialissuerconfigs.crd.pinniped.dev spec: group: crd.pinniped.dev - versions: - #! Any changes to these schemas should also be reflected in the types.go file(s) - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - strategies: - type: array - items: - type: object - required: [ type, status, reason, message, lastUpdateTime ] - properties: - type: #! this property is called "type" - type: string - minLength: 1 - pattern: '^KubeClusterSigningCertificate$' - status: - type: string - minLength: 1 - pattern: '^Success$|^Error$' - reason: - type: string - minLength: 1 - pattern: '^CouldNotFetchKey$|^FetchedKey$' - message: - type: string - minLength: 1 - lastUpdateTime: - type: string - format: date-time - minLength: 1 - kubeConfigInfo: - type: object - required: [ server, certificateAuthorityData ] - properties: - server: - type: string - minLength: 1 - pattern: '^https://|^http://' - certificateAuthorityData: - type: string - minLength: 1 - scope: Namespaced names: - plural: credentialissuerconfigs - singular: credentialissuerconfig kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs shortNames: - - cic + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 70c3317e..44028a1d 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -12,7 +12,7 @@ [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] === crd.pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. @@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. |=== @@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. Required. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. +| *`server`* __string__ | The K8s API server URL. +| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. |=== @@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] ==== CredentialIssuerConfigStatus - +Status of a credential issuer. .Appears In: **** @@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | -| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | +| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== @@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`type`* __StrategyType__ | -| *`status`* __StrategyStatus__ | -| *`reason`* __StrategyReason__ | -| *`message`* __string__ | -| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | +| *`type`* __StrategyType__ | Type of integration attempted. +| *`status`* __StrategyStatus__ | Status of the attempted integration strategy. +| *`reason`* __StrategyReason__ | Reason for the current status. +| *`message`* __string__ | Human-readable description of the current status. +| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | When the status was last checked. |=== @@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. diff --git a/generated/1.17/apis/crdpinniped/doc.go b/generated/1.17/apis/crdpinniped/doc.go index 70cb2191..647e57d7 100644 --- a/generated/1.17/apis/crdpinniped/doc.go +++ b/generated/1.17/apis/crdpinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/generated/1.17/apis/crdpinniped/v1alpha1/doc.go b/generated/1.17/apis/crdpinniped/v1alpha1/doc.go index 41580720..5bd02ab8 100644 --- a/generated/1.17/apis/crdpinniped/v1alpha1/doc.go +++ b/generated/1.17/apis/crdpinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/generated/1.17/apis/crdpinniped/v1alpha1/types.go b/generated/1.17/apis/crdpinniped/v1alpha1/types.go index 1fc6dc9a..e9234a93 100644 --- a/generated/1.17/apis/crdpinniped/v1alpha1/types.go +++ b/generated/1.17/apis/crdpinniped/v1alpha1/types.go @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/generated/1.17/apis/pinniped/doc.go b/generated/1.17/apis/pinniped/doc.go index 99df8e0a..304a66b2 100644 --- a/generated/1.17/apis/pinniped/doc.go +++ b/generated/1.17/apis/pinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/generated/1.17/apis/pinniped/v1alpha1/doc.go b/generated/1.17/apis/pinniped/v1alpha1/doc.go index 27e75d31..6b92cf98 100644 --- a/generated/1.17/apis/pinniped/v1alpha1/doc.go +++ b/generated/1.17/apis/pinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/generated/1.17/client/openapi/zz_generated.openapi.go b/generated/1.17/client/openapi/zz_generated.openapi.go index 201585ea..7f3e6439 100644 --- a/generated/1.17/client/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/openapi/zz_generated.openapi.go @@ -111,7 +111,8 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), + Description: "Status of the credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), }, }, }, @@ -127,23 +128,25 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server URL. Required.", + Description: "The K8s API server URL.", Type: []string{"string"}, Format: "", }, }, "certificateAuthorityData": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server CA bundle. Required.", + Description: "The K8s API server CA bundle.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"server", "certificateAuthorityData"}, }, }, } @@ -199,11 +202,13 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of a credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "strategies": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "List of integration strategies that were attempted by Pinniped.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -215,7 +220,8 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo }, "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), }, }, }, @@ -231,39 +237,45 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of an integration strategy that was attempted by Pinniped.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Type of integration attempted.", + Type: []string{"string"}, + Format: "", }, }, "status": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Status of the attempted integration strategy.", + Type: []string{"string"}, + Format: "", }, }, "reason": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Reason for the current status.", + Type: []string{"string"}, + Format: "", }, }, "message": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Human-readable description of the current status.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdateTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "When the status was last checked.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, - Required: []string{"lastUpdateTime"}, + Required: []string{"type", "status", "reason", "message", "lastUpdateTime"}, }, }, Dependencies: []string{ diff --git a/generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml new file mode 100644 index 00000000..e47f8e63 --- /dev/null +++ b/generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml @@ -0,0 +1,110 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: credentialissuerconfigs.crd.pinniped.dev +spec: + group: crd.pinniped.dev + names: + kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs + shortNames: + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 23e90b60..99e78c4a 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -12,7 +12,7 @@ [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] === crd.pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. @@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. |=== @@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. Required. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. +| *`server`* __string__ | The K8s API server URL. +| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. |=== @@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] ==== CredentialIssuerConfigStatus - +Status of a credential issuer. .Appears In: **** @@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | -| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | +| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== @@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`type`* __StrategyType__ | -| *`status`* __StrategyStatus__ | -| *`reason`* __StrategyReason__ | -| *`message`* __string__ | -| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | +| *`type`* __StrategyType__ | Type of integration attempted. +| *`status`* __StrategyStatus__ | Status of the attempted integration strategy. +| *`reason`* __StrategyReason__ | Reason for the current status. +| *`message`* __string__ | Human-readable description of the current status. +| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | When the status was last checked. |=== @@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. diff --git a/generated/1.18/apis/crdpinniped/doc.go b/generated/1.18/apis/crdpinniped/doc.go index 70cb2191..647e57d7 100644 --- a/generated/1.18/apis/crdpinniped/doc.go +++ b/generated/1.18/apis/crdpinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/generated/1.18/apis/crdpinniped/v1alpha1/doc.go b/generated/1.18/apis/crdpinniped/v1alpha1/doc.go index 1851b32d..666ad8f2 100644 --- a/generated/1.18/apis/crdpinniped/v1alpha1/doc.go +++ b/generated/1.18/apis/crdpinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/generated/1.18/apis/crdpinniped/v1alpha1/types.go b/generated/1.18/apis/crdpinniped/v1alpha1/types.go index 1fc6dc9a..e9234a93 100644 --- a/generated/1.18/apis/crdpinniped/v1alpha1/types.go +++ b/generated/1.18/apis/crdpinniped/v1alpha1/types.go @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/generated/1.18/apis/pinniped/doc.go b/generated/1.18/apis/pinniped/doc.go index 99df8e0a..304a66b2 100644 --- a/generated/1.18/apis/pinniped/doc.go +++ b/generated/1.18/apis/pinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/generated/1.18/apis/pinniped/v1alpha1/doc.go b/generated/1.18/apis/pinniped/v1alpha1/doc.go index 9bd18788..06378069 100644 --- a/generated/1.18/apis/pinniped/v1alpha1/doc.go +++ b/generated/1.18/apis/pinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/generated/1.18/client/openapi/zz_generated.openapi.go b/generated/1.18/client/openapi/zz_generated.openapi.go index 5771ce0a..564319af 100644 --- a/generated/1.18/client/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/openapi/zz_generated.openapi.go @@ -111,7 +111,8 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), + Description: "Status of the credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), }, }, }, @@ -127,23 +128,25 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server URL. Required.", + Description: "The K8s API server URL.", Type: []string{"string"}, Format: "", }, }, "certificateAuthorityData": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server CA bundle. Required.", + Description: "The K8s API server CA bundle.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"server", "certificateAuthorityData"}, }, }, } @@ -199,11 +202,13 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of a credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "strategies": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "List of integration strategies that were attempted by Pinniped.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -215,7 +220,8 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo }, "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), }, }, }, @@ -231,39 +237,45 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of an integration strategy that was attempted by Pinniped.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Type of integration attempted.", + Type: []string{"string"}, + Format: "", }, }, "status": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Status of the attempted integration strategy.", + Type: []string{"string"}, + Format: "", }, }, "reason": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Reason for the current status.", + Type: []string{"string"}, + Format: "", }, }, "message": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Human-readable description of the current status.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdateTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "When the status was last checked.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, - Required: []string{"lastUpdateTime"}, + Required: []string{"type", "status", "reason", "message", "lastUpdateTime"}, }, }, Dependencies: []string{ diff --git a/generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml new file mode 100644 index 00000000..e47f8e63 --- /dev/null +++ b/generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml @@ -0,0 +1,110 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: credentialissuerconfigs.crd.pinniped.dev +spec: + group: crd.pinniped.dev + names: + kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs + shortNames: + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index dd0c7471..57d176cc 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -12,7 +12,7 @@ [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] === crd.pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. @@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. |=== @@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. Required. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. +| *`server`* __string__ | The K8s API server URL. +| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. |=== @@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] ==== CredentialIssuerConfigStatus - +Status of a credential issuer. .Appears In: **** @@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | -| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | +| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== @@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`type`* __StrategyType__ | -| *`status`* __StrategyStatus__ | -| *`reason`* __StrategyReason__ | -| *`message`* __string__ | -| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | +| *`type`* __StrategyType__ | Type of integration attempted. +| *`status`* __StrategyStatus__ | Status of the attempted integration strategy. +| *`reason`* __StrategyReason__ | Reason for the current status. +| *`message`* __string__ | Human-readable description of the current status. +| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | When the status was last checked. |=== @@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. diff --git a/generated/1.19/apis/crdpinniped/doc.go b/generated/1.19/apis/crdpinniped/doc.go index 70cb2191..647e57d7 100644 --- a/generated/1.19/apis/crdpinniped/doc.go +++ b/generated/1.19/apis/crdpinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/generated/1.19/apis/crdpinniped/v1alpha1/doc.go b/generated/1.19/apis/crdpinniped/v1alpha1/doc.go index 65e935a8..cb64d9a9 100644 --- a/generated/1.19/apis/crdpinniped/v1alpha1/doc.go +++ b/generated/1.19/apis/crdpinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/generated/1.19/apis/crdpinniped/v1alpha1/types.go b/generated/1.19/apis/crdpinniped/v1alpha1/types.go index 1fc6dc9a..e9234a93 100644 --- a/generated/1.19/apis/crdpinniped/v1alpha1/types.go +++ b/generated/1.19/apis/crdpinniped/v1alpha1/types.go @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/generated/1.19/apis/pinniped/doc.go b/generated/1.19/apis/pinniped/doc.go index 99df8e0a..304a66b2 100644 --- a/generated/1.19/apis/pinniped/doc.go +++ b/generated/1.19/apis/pinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/generated/1.19/apis/pinniped/v1alpha1/doc.go b/generated/1.19/apis/pinniped/v1alpha1/doc.go index a97e35ef..d883c2a9 100644 --- a/generated/1.19/apis/pinniped/v1alpha1/doc.go +++ b/generated/1.19/apis/pinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/generated/1.19/client/openapi/zz_generated.openapi.go b/generated/1.19/client/openapi/zz_generated.openapi.go index 28dc2bba..2b066cbf 100644 --- a/generated/1.19/client/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/openapi/zz_generated.openapi.go @@ -112,7 +112,8 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), + Description: "Status of the credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), }, }, }, @@ -128,23 +129,25 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server URL. Required.", + Description: "The K8s API server URL.", Type: []string{"string"}, Format: "", }, }, "certificateAuthorityData": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server CA bundle. Required.", + Description: "The K8s API server CA bundle.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"server", "certificateAuthorityData"}, }, }, } @@ -200,11 +203,13 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of a credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "strategies": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "List of integration strategies that were attempted by Pinniped.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -216,7 +221,8 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo }, "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), }, }, }, @@ -232,39 +238,45 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of an integration strategy that was attempted by Pinniped.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Type of integration attempted.", + Type: []string{"string"}, + Format: "", }, }, "status": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Status of the attempted integration strategy.", + Type: []string{"string"}, + Format: "", }, }, "reason": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Reason for the current status.", + Type: []string{"string"}, + Format: "", }, }, "message": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Human-readable description of the current status.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdateTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "When the status was last checked.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, - Required: []string{"lastUpdateTime"}, + Required: []string{"type", "status", "reason", "message", "lastUpdateTime"}, }, }, Dependencies: []string{ diff --git a/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml new file mode 100644 index 00000000..e47f8e63 --- /dev/null +++ b/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml @@ -0,0 +1,110 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: credentialissuerconfigs.crd.pinniped.dev +spec: + group: crd.pinniped.dev + names: + kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs + shortNames: + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/hack/lib/update-codegen.sh b/hack/lib/update-codegen.sh index 4cde8901..95e96009 100755 --- a/hack/lib/update-codegen.sh +++ b/hack/lib/update-codegen.sh @@ -151,4 +151,9 @@ crd-ref-docs \ --config=/tmp/docs-config.yaml \ --renderer=asciidoctor \ --templates-dir="${ROOT}/hack/lib/docs/templates" \ - --output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc" \ No newline at end of file + --output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc" + +# Generate CRD YAML +(cd apis && + controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds +) \ No newline at end of file diff --git a/hack/update.sh b/hack/update.sh index ee7b3f0e..00c15ae7 100755 --- a/hack/update.sh +++ b/hack/update.sh @@ -8,4 +8,5 @@ set -euo pipefail ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt" +cp "$ROOT/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml" "$ROOT/deploy/crd.yaml" "$ROOT/hack/module.sh" tidy