Generate CRD YAML using controller-tools, update doc strings.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
Matt Moyer 2020-08-31 16:06:28 -05:00
parent f49317d7e4
commit 2959b54e7b
32 changed files with 733 additions and 220 deletions

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API. // Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped package crdpinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1 package v1alpha1

View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string type StrategyReason string
const ( const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey")
) )
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct { type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"` Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional // +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
} }
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct { type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required. // The K8s API server URL.
Server string `json:"server,omitempty"` // +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required. // The K8s API server CA bundle.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
} }
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct { type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"` // Type of integration attempted.
Status StrategyStatus `json:"status,omitempty"` Type StrategyType `json:"type"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"` // Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"` LastUpdateTime metav1.Time `json:"lastUpdateTime"`
} }
// Describes the configuration status of a Pinniped credential issuer.
// +genclient // +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct { type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"` Status CredentialIssuerConfigStatus `json:"status"`
} }
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct { type CredentialIssuerConfigList struct {

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package pinniped is the internal version of the API. // Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped package pinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1 package v1alpha1

View File

@ -1,85 +1,110 @@
#! Copyright 2020 VMware, Inc.
#! SPDX-License-Identifier: Apache-2.0
#! Example of valid CredentialIssuerConfig object:
#! ---
#! apiVersion: crd.pinniped.dev/v1alpha1
#! kind: CredentialIssuerConfig
#! metadata:
#! name: credential-issuer-config
#! namespace: integration
#! status:
#! kubeConfigInfo:
#! server: https://foo
#! certificateAuthorityData: bar
#! strategies:
#! - type: KubeClusterSigningCertificate
#! status: Error
#! reason: CouldNotFetchKey
#! message: "There was an error getting the signing cert"
#! lastUpdateTime: 2020-08-21T20:08:18Z
#@ load("@ytt:data", "data")
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev name: credentialissuerconfigs.crd.pinniped.dev
spec: spec:
group: crd.pinniped.dev group: crd.pinniped.dev
versions:
#! Any changes to these schemas should also be reflected in the types.go file(s)
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
strategies:
type: array
items:
type: object
required: [ type, status, reason, message, lastUpdateTime ]
properties:
type: #! this property is called "type"
type: string
minLength: 1
pattern: '^KubeClusterSigningCertificate$'
status:
type: string
minLength: 1
pattern: '^Success$|^Error$'
reason:
type: string
minLength: 1
pattern: '^CouldNotFetchKey$|^FetchedKey$'
message:
type: string
minLength: 1
lastUpdateTime:
type: string
format: date-time
minLength: 1
kubeConfigInfo:
type: object
required: [ server, certificateAuthorityData ]
properties:
server:
type: string
minLength: 1
pattern: '^https://|^http://'
certificateAuthorityData:
type: string
minLength: 1
scope: Namespaced
names: names:
plural: credentialissuerconfigs
singular: credentialissuerconfig
kind: CredentialIssuerConfig kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames: shortNames:
- cic - cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -12,7 +12,7 @@
[id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"]
=== crd.pinniped.dev/v1alpha1 === crd.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API. Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
| Field | Description | Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | | *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|=== |===
@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`server`* __string__ | The K8s API server URL. Required. | *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. | *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|=== |===
@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus ==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In: .Appears In:
**** ****
@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | | *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | | *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|=== |===
@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`type`* __StrategyType__ | | *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | | *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | | *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | | *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|=== |===
@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-pinniped-dev-v1alpha1"]
=== pinniped.dev/v1alpha1 === pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API. Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API. // Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped package crdpinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1 package v1alpha1

View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string type StrategyReason string
const ( const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey")
) )
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct { type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"` Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional // +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
} }
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct { type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required. // The K8s API server URL.
Server string `json:"server,omitempty"` // +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required. // The K8s API server CA bundle.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
} }
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct { type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"` // Type of integration attempted.
Status StrategyStatus `json:"status,omitempty"` Type StrategyType `json:"type"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"` // Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"` LastUpdateTime metav1.Time `json:"lastUpdateTime"`
} }
// Describes the configuration status of a Pinniped credential issuer.
// +genclient // +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct { type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"` Status CredentialIssuerConfigStatus `json:"status"`
} }
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct { type CredentialIssuerConfigList struct {

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package pinniped is the internal version of the API. // Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped package pinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1 package v1alpha1

View File

@ -111,6 +111,7 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe
}, },
"status": { "status": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of the credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
}, },
}, },
@ -127,23 +128,25 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"server": { "server": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "The K8s API server URL. Required.", Description: "The K8s API server URL.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"certificateAuthorityData": { "certificateAuthorityData": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "The K8s API server CA bundle. Required.", Description: "The K8s API server CA bundle.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
}, },
Required: []string{"server", "certificateAuthorityData"},
}, },
}, },
} }
@ -199,10 +202,12 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of a credential issuer.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"strategies": { "strategies": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "List of integration strategies that were attempted by Pinniped.",
Type: []string{"array"}, Type: []string{"array"},
Items: &spec.SchemaOrArray{ Items: &spec.SchemaOrArray{
Schema: &spec.Schema{ Schema: &spec.Schema{
@ -215,6 +220,7 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
}, },
"kubeConfigInfo": { "kubeConfigInfo": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
}, },
}, },
@ -231,39 +237,45 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of an integration strategy that was attempted by Pinniped.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"type": { "type": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Type of integration attempted.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"status": { "status": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of the attempted integration strategy.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"reason": { "reason": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Reason for the current status.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"message": { "message": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Human-readable description of the current status.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"lastUpdateTime": { "lastUpdateTime": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "When the status was last checked.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
}, },
}, },
}, },
Required: []string{"lastUpdateTime"}, Required: []string{"type", "status", "reason", "message", "lastUpdateTime"},
}, },
}, },
Dependencies: []string{ Dependencies: []string{

View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
names:
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -12,7 +12,7 @@
[id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"]
=== crd.pinniped.dev/v1alpha1 === crd.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API. Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
| Field | Description | Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | | *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|=== |===
@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`server`* __string__ | The K8s API server URL. Required. | *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. | *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|=== |===
@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus ==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In: .Appears In:
**** ****
@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | | *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | | *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|=== |===
@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`type`* __StrategyType__ | | *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | | *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | | *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | | *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|=== |===
@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-pinniped-dev-v1alpha1"]
=== pinniped.dev/v1alpha1 === pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API. Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API. // Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped package crdpinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1 package v1alpha1

View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string type StrategyReason string
const ( const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey")
) )
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct { type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"` Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional // +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
} }
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct { type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required. // The K8s API server URL.
Server string `json:"server,omitempty"` // +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required. // The K8s API server CA bundle.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
} }
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct { type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"` // Type of integration attempted.
Status StrategyStatus `json:"status,omitempty"` Type StrategyType `json:"type"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"` // Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"` LastUpdateTime metav1.Time `json:"lastUpdateTime"`
} }
// Describes the configuration status of a Pinniped credential issuer.
// +genclient // +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct { type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"` Status CredentialIssuerConfigStatus `json:"status"`
} }
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct { type CredentialIssuerConfigList struct {

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package pinniped is the internal version of the API. // Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped package pinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1 package v1alpha1

View File

@ -111,6 +111,7 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe
}, },
"status": { "status": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of the credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
}, },
}, },
@ -127,23 +128,25 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"server": { "server": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "The K8s API server URL. Required.", Description: "The K8s API server URL.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"certificateAuthorityData": { "certificateAuthorityData": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "The K8s API server CA bundle. Required.", Description: "The K8s API server CA bundle.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
}, },
Required: []string{"server", "certificateAuthorityData"},
}, },
}, },
} }
@ -199,10 +202,12 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of a credential issuer.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"strategies": { "strategies": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "List of integration strategies that were attempted by Pinniped.",
Type: []string{"array"}, Type: []string{"array"},
Items: &spec.SchemaOrArray{ Items: &spec.SchemaOrArray{
Schema: &spec.Schema{ Schema: &spec.Schema{
@ -215,6 +220,7 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
}, },
"kubeConfigInfo": { "kubeConfigInfo": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
}, },
}, },
@ -231,39 +237,45 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of an integration strategy that was attempted by Pinniped.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"type": { "type": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Type of integration attempted.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"status": { "status": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of the attempted integration strategy.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"reason": { "reason": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Reason for the current status.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"message": { "message": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Human-readable description of the current status.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"lastUpdateTime": { "lastUpdateTime": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "When the status was last checked.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
}, },
}, },
}, },
Required: []string{"lastUpdateTime"}, Required: []string{"type", "status", "reason", "message", "lastUpdateTime"},
}, },
}, },
Dependencies: []string{ Dependencies: []string{

View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
names:
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -12,7 +12,7 @@
[id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"]
=== crd.pinniped.dev/v1alpha1 === crd.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API. Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
| Field | Description | Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | | *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|=== |===
@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`server`* __string__ | The K8s API server URL. Required. | *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. | *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|=== |===
@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus ==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In: .Appears In:
**** ****
@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | | *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | | *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|=== |===
@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`type`* __StrategyType__ | | *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | | *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | | *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | | *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|=== |===
@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-pinniped-dev-v1alpha1"] [id="{anchor_prefix}-pinniped-dev-v1alpha1"]
=== pinniped.dev/v1alpha1 === pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API. Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API. // Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped package crdpinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev // +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1 package v1alpha1

View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string type StrategyReason string
const ( const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey")
) )
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct { type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"` Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional // +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
} }
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct { type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required. // The K8s API server URL.
Server string `json:"server,omitempty"` // +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required. // The K8s API server CA bundle.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
} }
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct { type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"` // Type of integration attempted.
Status StrategyStatus `json:"status,omitempty"` Type StrategyType `json:"type"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"` // Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"` LastUpdateTime metav1.Time `json:"lastUpdateTime"`
} }
// Describes the configuration status of a Pinniped credential issuer.
// +genclient // +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct { type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"` Status CredentialIssuerConfigStatus `json:"status"`
} }
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct { type CredentialIssuerConfigList struct {

View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package // +k8s:deepcopy-gen=package
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package pinniped is the internal version of the API. // Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped package pinniped

View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev // +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API. // Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1 package v1alpha1

View File

@ -112,6 +112,7 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe
}, },
"status": { "status": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of the credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
}, },
}, },
@ -128,23 +129,25 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"server": { "server": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "The K8s API server URL. Required.", Description: "The K8s API server URL.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"certificateAuthorityData": { "certificateAuthorityData": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "The K8s API server CA bundle. Required.", Description: "The K8s API server CA bundle.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
}, },
Required: []string{"server", "certificateAuthorityData"},
}, },
}, },
} }
@ -200,10 +203,12 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of a credential issuer.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"strategies": { "strategies": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "List of integration strategies that were attempted by Pinniped.",
Type: []string{"array"}, Type: []string{"array"},
Items: &spec.SchemaOrArray{ Items: &spec.SchemaOrArray{
Schema: &spec.Schema{ Schema: &spec.Schema{
@ -216,6 +221,7 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
}, },
"kubeConfigInfo": { "kubeConfigInfo": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
}, },
}, },
@ -232,39 +238,45 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com
return common.OpenAPIDefinition{ return common.OpenAPIDefinition{
Schema: spec.Schema{ Schema: spec.Schema{
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of an integration strategy that was attempted by Pinniped.",
Type: []string{"object"}, Type: []string{"object"},
Properties: map[string]spec.Schema{ Properties: map[string]spec.Schema{
"type": { "type": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Type of integration attempted.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"status": { "status": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Status of the attempted integration strategy.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"reason": { "reason": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Reason for the current status.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"message": { "message": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "Human-readable description of the current status.",
Type: []string{"string"}, Type: []string{"string"},
Format: "", Format: "",
}, },
}, },
"lastUpdateTime": { "lastUpdateTime": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "When the status was last checked.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
}, },
}, },
}, },
Required: []string{"lastUpdateTime"}, Required: []string{"type", "status", "reason", "message", "lastUpdateTime"},
}, },
}, },
Dependencies: []string{ Dependencies: []string{

View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
names:
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -152,3 +152,8 @@ crd-ref-docs \
--renderer=asciidoctor \ --renderer=asciidoctor \
--templates-dir="${ROOT}/hack/lib/docs/templates" \ --templates-dir="${ROOT}/hack/lib/docs/templates" \
--output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc" --output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc"
# Generate CRD YAML
(cd apis &&
controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds
)

View File

@ -8,4 +8,5 @@ set -euo pipefail
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt" xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt"
cp "$ROOT/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml" "$ROOT/deploy/crd.yaml"
"$ROOT/hack/module.sh" tidy "$ROOT/hack/module.sh" tidy