From 2959b54e7b5b1ff1a1425e9b229c75de4667cf37 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 31 Aug 2020 16:06:28 -0500 Subject: [PATCH 1/2] Generate CRD YAML using controller-tools, update doc strings. Signed-off-by: Matt Moyer --- apis/crdpinniped/doc.go.tmpl | 2 +- apis/crdpinniped/v1alpha1/doc.go.tmpl | 2 +- apis/crdpinniped/v1alpha1/types.go.tmpl | 47 ++++- apis/pinniped/doc.go.tmpl | 2 +- apis/pinniped/v1alpha1/doc.go.tmpl | 2 +- deploy/crd.yaml | 173 ++++++++++-------- generated/1.17/README.adoc | 26 +-- generated/1.17/apis/crdpinniped/doc.go | 2 +- .../1.17/apis/crdpinniped/v1alpha1/doc.go | 2 +- .../1.17/apis/crdpinniped/v1alpha1/types.go | 47 ++++- generated/1.17/apis/pinniped/doc.go | 2 +- generated/1.17/apis/pinniped/v1alpha1/doc.go | 2 +- .../client/openapi/zz_generated.openapi.go | 48 +++-- ....pinniped.dev_credentialissuerconfigs.yaml | 110 +++++++++++ generated/1.18/README.adoc | 26 +-- generated/1.18/apis/crdpinniped/doc.go | 2 +- .../1.18/apis/crdpinniped/v1alpha1/doc.go | 2 +- .../1.18/apis/crdpinniped/v1alpha1/types.go | 47 ++++- generated/1.18/apis/pinniped/doc.go | 2 +- generated/1.18/apis/pinniped/v1alpha1/doc.go | 2 +- .../client/openapi/zz_generated.openapi.go | 48 +++-- ....pinniped.dev_credentialissuerconfigs.yaml | 110 +++++++++++ generated/1.19/README.adoc | 26 +-- generated/1.19/apis/crdpinniped/doc.go | 2 +- .../1.19/apis/crdpinniped/v1alpha1/doc.go | 2 +- .../1.19/apis/crdpinniped/v1alpha1/types.go | 47 ++++- generated/1.19/apis/pinniped/doc.go | 2 +- generated/1.19/apis/pinniped/v1alpha1/doc.go | 2 +- .../client/openapi/zz_generated.openapi.go | 48 +++-- ....pinniped.dev_credentialissuerconfigs.yaml | 110 +++++++++++ hack/lib/update-codegen.sh | 7 +- hack/update.sh | 1 + 32 files changed, 733 insertions(+), 220 deletions(-) create mode 100644 generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml create mode 100644 generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml create mode 100644 generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml diff --git a/apis/crdpinniped/doc.go.tmpl b/apis/crdpinniped/doc.go.tmpl index 70cb2191..647e57d7 100644 --- a/apis/crdpinniped/doc.go.tmpl +++ b/apis/crdpinniped/doc.go.tmpl @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/apis/crdpinniped/v1alpha1/doc.go.tmpl b/apis/crdpinniped/v1alpha1/doc.go.tmpl index f0de984b..b974ac81 100644 --- a/apis/crdpinniped/v1alpha1/doc.go.tmpl +++ b/apis/crdpinniped/v1alpha1/doc.go.tmpl @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/apis/crdpinniped/v1alpha1/types.go.tmpl b/apis/crdpinniped/v1alpha1/types.go.tmpl index 1fc6dc9a..e9234a93 100644 --- a/apis/crdpinniped/v1alpha1/types.go.tmpl +++ b/apis/crdpinniped/v1alpha1/types.go.tmpl @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/apis/pinniped/doc.go.tmpl b/apis/pinniped/doc.go.tmpl index 99df8e0a..304a66b2 100644 --- a/apis/pinniped/doc.go.tmpl +++ b/apis/pinniped/doc.go.tmpl @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/apis/pinniped/v1alpha1/doc.go.tmpl b/apis/pinniped/v1alpha1/doc.go.tmpl index 4bea88ef..0157f5ee 100644 --- a/apis/pinniped/v1alpha1/doc.go.tmpl +++ b/apis/pinniped/v1alpha1/doc.go.tmpl @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/deploy/crd.yaml b/deploy/crd.yaml index 0b70bb30..e47f8e63 100644 --- a/deploy/crd.yaml +++ b/deploy/crd.yaml @@ -1,85 +1,110 @@ -#! Copyright 2020 VMware, Inc. -#! SPDX-License-Identifier: Apache-2.0 - -#! Example of valid CredentialIssuerConfig object: -#! --- -#! apiVersion: crd.pinniped.dev/v1alpha1 -#! kind: CredentialIssuerConfig -#! metadata: -#! name: credential-issuer-config -#! namespace: integration -#! status: -#! kubeConfigInfo: -#! server: https://foo -#! certificateAuthorityData: bar -#! strategies: -#! - type: KubeClusterSigningCertificate -#! status: Error -#! reason: CouldNotFetchKey -#! message: "There was an error getting the signing cert" -#! lastUpdateTime: 2020-08-21T20:08:18Z - -#@ load("@ytt:data", "data") --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null name: credentialissuerconfigs.crd.pinniped.dev spec: group: crd.pinniped.dev - versions: - #! Any changes to these schemas should also be reflected in the types.go file(s) - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - strategies: - type: array - items: - type: object - required: [ type, status, reason, message, lastUpdateTime ] - properties: - type: #! this property is called "type" - type: string - minLength: 1 - pattern: '^KubeClusterSigningCertificate$' - status: - type: string - minLength: 1 - pattern: '^Success$|^Error$' - reason: - type: string - minLength: 1 - pattern: '^CouldNotFetchKey$|^FetchedKey$' - message: - type: string - minLength: 1 - lastUpdateTime: - type: string - format: date-time - minLength: 1 - kubeConfigInfo: - type: object - required: [ server, certificateAuthorityData ] - properties: - server: - type: string - minLength: 1 - pattern: '^https://|^http://' - certificateAuthorityData: - type: string - minLength: 1 - scope: Namespaced names: - plural: credentialissuerconfigs - singular: credentialissuerconfig kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs shortNames: - - cic + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 70c3317e..44028a1d 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -12,7 +12,7 @@ [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] === crd.pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. @@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. |=== @@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. Required. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. +| *`server`* __string__ | The K8s API server URL. +| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. |=== @@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] ==== CredentialIssuerConfigStatus - +Status of a credential issuer. .Appears In: **** @@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | -| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | +| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== @@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`type`* __StrategyType__ | -| *`status`* __StrategyStatus__ | -| *`reason`* __StrategyReason__ | -| *`message`* __string__ | -| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | +| *`type`* __StrategyType__ | Type of integration attempted. +| *`status`* __StrategyStatus__ | Status of the attempted integration strategy. +| *`reason`* __StrategyReason__ | Reason for the current status. +| *`message`* __string__ | Human-readable description of the current status. +| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | When the status was last checked. |=== @@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. diff --git a/generated/1.17/apis/crdpinniped/doc.go b/generated/1.17/apis/crdpinniped/doc.go index 70cb2191..647e57d7 100644 --- a/generated/1.17/apis/crdpinniped/doc.go +++ b/generated/1.17/apis/crdpinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/generated/1.17/apis/crdpinniped/v1alpha1/doc.go b/generated/1.17/apis/crdpinniped/v1alpha1/doc.go index 41580720..5bd02ab8 100644 --- a/generated/1.17/apis/crdpinniped/v1alpha1/doc.go +++ b/generated/1.17/apis/crdpinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/generated/1.17/apis/crdpinniped/v1alpha1/types.go b/generated/1.17/apis/crdpinniped/v1alpha1/types.go index 1fc6dc9a..e9234a93 100644 --- a/generated/1.17/apis/crdpinniped/v1alpha1/types.go +++ b/generated/1.17/apis/crdpinniped/v1alpha1/types.go @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/generated/1.17/apis/pinniped/doc.go b/generated/1.17/apis/pinniped/doc.go index 99df8e0a..304a66b2 100644 --- a/generated/1.17/apis/pinniped/doc.go +++ b/generated/1.17/apis/pinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/generated/1.17/apis/pinniped/v1alpha1/doc.go b/generated/1.17/apis/pinniped/v1alpha1/doc.go index 27e75d31..6b92cf98 100644 --- a/generated/1.17/apis/pinniped/v1alpha1/doc.go +++ b/generated/1.17/apis/pinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/generated/1.17/client/openapi/zz_generated.openapi.go b/generated/1.17/client/openapi/zz_generated.openapi.go index 201585ea..7f3e6439 100644 --- a/generated/1.17/client/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/openapi/zz_generated.openapi.go @@ -111,7 +111,8 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), + Description: "Status of the credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), }, }, }, @@ -127,23 +128,25 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server URL. Required.", + Description: "The K8s API server URL.", Type: []string{"string"}, Format: "", }, }, "certificateAuthorityData": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server CA bundle. Required.", + Description: "The K8s API server CA bundle.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"server", "certificateAuthorityData"}, }, }, } @@ -199,11 +202,13 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of a credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "strategies": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "List of integration strategies that were attempted by Pinniped.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -215,7 +220,8 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo }, "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), }, }, }, @@ -231,39 +237,45 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of an integration strategy that was attempted by Pinniped.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Type of integration attempted.", + Type: []string{"string"}, + Format: "", }, }, "status": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Status of the attempted integration strategy.", + Type: []string{"string"}, + Format: "", }, }, "reason": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Reason for the current status.", + Type: []string{"string"}, + Format: "", }, }, "message": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Human-readable description of the current status.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdateTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "When the status was last checked.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, - Required: []string{"lastUpdateTime"}, + Required: []string{"type", "status", "reason", "message", "lastUpdateTime"}, }, }, Dependencies: []string{ diff --git a/generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml new file mode 100644 index 00000000..e47f8e63 --- /dev/null +++ b/generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml @@ -0,0 +1,110 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: credentialissuerconfigs.crd.pinniped.dev +spec: + group: crd.pinniped.dev + names: + kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs + shortNames: + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 23e90b60..99e78c4a 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -12,7 +12,7 @@ [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] === crd.pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. @@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. |=== @@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. Required. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. +| *`server`* __string__ | The K8s API server URL. +| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. |=== @@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] ==== CredentialIssuerConfigStatus - +Status of a credential issuer. .Appears In: **** @@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | -| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | +| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== @@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`type`* __StrategyType__ | -| *`status`* __StrategyStatus__ | -| *`reason`* __StrategyReason__ | -| *`message`* __string__ | -| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | +| *`type`* __StrategyType__ | Type of integration attempted. +| *`status`* __StrategyStatus__ | Status of the attempted integration strategy. +| *`reason`* __StrategyReason__ | Reason for the current status. +| *`message`* __string__ | Human-readable description of the current status. +| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | When the status was last checked. |=== @@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. diff --git a/generated/1.18/apis/crdpinniped/doc.go b/generated/1.18/apis/crdpinniped/doc.go index 70cb2191..647e57d7 100644 --- a/generated/1.18/apis/crdpinniped/doc.go +++ b/generated/1.18/apis/crdpinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/generated/1.18/apis/crdpinniped/v1alpha1/doc.go b/generated/1.18/apis/crdpinniped/v1alpha1/doc.go index 1851b32d..666ad8f2 100644 --- a/generated/1.18/apis/crdpinniped/v1alpha1/doc.go +++ b/generated/1.18/apis/crdpinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/generated/1.18/apis/crdpinniped/v1alpha1/types.go b/generated/1.18/apis/crdpinniped/v1alpha1/types.go index 1fc6dc9a..e9234a93 100644 --- a/generated/1.18/apis/crdpinniped/v1alpha1/types.go +++ b/generated/1.18/apis/crdpinniped/v1alpha1/types.go @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/generated/1.18/apis/pinniped/doc.go b/generated/1.18/apis/pinniped/doc.go index 99df8e0a..304a66b2 100644 --- a/generated/1.18/apis/pinniped/doc.go +++ b/generated/1.18/apis/pinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/generated/1.18/apis/pinniped/v1alpha1/doc.go b/generated/1.18/apis/pinniped/v1alpha1/doc.go index 9bd18788..06378069 100644 --- a/generated/1.18/apis/pinniped/v1alpha1/doc.go +++ b/generated/1.18/apis/pinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/generated/1.18/client/openapi/zz_generated.openapi.go b/generated/1.18/client/openapi/zz_generated.openapi.go index 5771ce0a..564319af 100644 --- a/generated/1.18/client/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/openapi/zz_generated.openapi.go @@ -111,7 +111,8 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), + Description: "Status of the credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), }, }, }, @@ -127,23 +128,25 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server URL. Required.", + Description: "The K8s API server URL.", Type: []string{"string"}, Format: "", }, }, "certificateAuthorityData": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server CA bundle. Required.", + Description: "The K8s API server CA bundle.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"server", "certificateAuthorityData"}, }, }, } @@ -199,11 +202,13 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of a credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "strategies": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "List of integration strategies that were attempted by Pinniped.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -215,7 +220,8 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo }, "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), }, }, }, @@ -231,39 +237,45 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of an integration strategy that was attempted by Pinniped.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Type of integration attempted.", + Type: []string{"string"}, + Format: "", }, }, "status": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Status of the attempted integration strategy.", + Type: []string{"string"}, + Format: "", }, }, "reason": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Reason for the current status.", + Type: []string{"string"}, + Format: "", }, }, "message": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Human-readable description of the current status.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdateTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "When the status was last checked.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, - Required: []string{"lastUpdateTime"}, + Required: []string{"type", "status", "reason", "message", "lastUpdateTime"}, }, }, Dependencies: []string{ diff --git a/generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml new file mode 100644 index 00000000..e47f8e63 --- /dev/null +++ b/generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml @@ -0,0 +1,110 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: credentialissuerconfigs.crd.pinniped.dev +spec: + group: crd.pinniped.dev + names: + kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs + shortNames: + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index dd0c7471..57d176cc 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -12,7 +12,7 @@ [id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"] === crd.pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. @@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. |=== @@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. Required. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required. +| *`server`* __string__ | The K8s API server URL. +| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. |=== @@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"] ==== CredentialIssuerConfigStatus - +Status of a credential issuer. .Appears In: **** @@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | -| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | +| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== @@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API. [cols="25a,75a", options="header"] |=== | Field | Description -| *`type`* __StrategyType__ | -| *`status`* __StrategyStatus__ | -| *`reason`* __StrategyReason__ | -| *`message`* __string__ | -| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | +| *`type`* __StrategyType__ | Type of integration attempted. +| *`status`* __StrategyStatus__ | Status of the attempted integration strategy. +| *`reason`* __StrategyReason__ | Reason for the current status. +| *`message`* __string__ | Human-readable description of the current status. +| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | When the status was last checked. |=== @@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API. [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 -Package v1alpha1 is the v1alpha1 version of the API. +Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. diff --git a/generated/1.19/apis/crdpinniped/doc.go b/generated/1.19/apis/crdpinniped/doc.go index 70cb2191..647e57d7 100644 --- a/generated/1.19/apis/crdpinniped/doc.go +++ b/generated/1.19/apis/crdpinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=crd.pinniped.dev -// Package crdpinniped is the internal version of the API. +// Package crdpinniped is the internal version of the Pinniped CRD-based API. package crdpinniped diff --git a/generated/1.19/apis/crdpinniped/v1alpha1/doc.go b/generated/1.19/apis/crdpinniped/v1alpha1/doc.go index 65e935a8..cb64d9a9 100644 --- a/generated/1.19/apis/crdpinniped/v1alpha1/doc.go +++ b/generated/1.19/apis/crdpinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=crd.pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API. package v1alpha1 diff --git a/generated/1.19/apis/crdpinniped/v1alpha1/types.go b/generated/1.19/apis/crdpinniped/v1alpha1/types.go index 1fc6dc9a..e9234a93 100644 --- a/generated/1.19/apis/crdpinniped/v1alpha1/types.go +++ b/generated/1.19/apis/crdpinniped/v1alpha1/types.go @@ -7,8 +7,13 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string + +// +kubebuilder:validation:Enum=Success;Error type StrategyStatus string + +// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey type StrategyReason string const ( @@ -21,39 +26,63 @@ const ( FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) +// Status of a credential issuer. type CredentialIssuerConfigStatus struct { + // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } +// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. type CredentialIssuerConfigKubeConfigInfo struct { - // The K8s API server URL. Required. - Server string `json:"server,omitempty"` + // The K8s API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` - // The K8s API server CA bundle. Required. - CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` + // The K8s API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } +// Status of an integration strategy that was attempted by Pinniped. type CredentialIssuerConfigStrategy struct { - Type StrategyType `json:"type,omitempty"` - Status StrategyStatus `json:"status,omitempty"` - Reason StrategyReason `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime"` + // Type of integration attempted. + Type StrategyType `json:"type"` + + // Status of the attempted integration strategy. + Status StrategyStatus `json:"status"` + + // Reason for the current status. + Reason StrategyReason `json:"reason"` + + // Human-readable description of the current status. + // +kubebuilder:validation:MinLength=1 + Message string `json:"message"` + + // When the status was last checked. + LastUpdateTime metav1.Time `json:"lastUpdateTime"` } + +// Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=cic type CredentialIssuerConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` + // Status of the credential issuer. Status CredentialIssuerConfigStatus `json:"status"` } + +// List of CredentialIssuerConfig objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type CredentialIssuerConfigList struct { diff --git a/generated/1.19/apis/pinniped/doc.go b/generated/1.19/apis/pinniped/doc.go index 99df8e0a..304a66b2 100644 --- a/generated/1.19/apis/pinniped/doc.go +++ b/generated/1.19/apis/pinniped/doc.go @@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:deepcopy-gen=package // +groupName=pinniped.dev -// Package pinniped is the internal version of the API. +// Package pinniped is the internal version of the Pinniped aggregated API. package pinniped diff --git a/generated/1.19/apis/pinniped/v1alpha1/doc.go b/generated/1.19/apis/pinniped/v1alpha1/doc.go index a97e35ef..d883c2a9 100644 --- a/generated/1.19/apis/pinniped/v1alpha1/doc.go +++ b/generated/1.19/apis/pinniped/v1alpha1/doc.go @@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0 // +k8s:defaulter-gen=TypeMeta // +groupName=pinniped.dev -// Package v1alpha1 is the v1alpha1 version of the API. +// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API. package v1alpha1 diff --git a/generated/1.19/client/openapi/zz_generated.openapi.go b/generated/1.19/client/openapi/zz_generated.openapi.go index 28dc2bba..2b066cbf 100644 --- a/generated/1.19/client/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/openapi/zz_generated.openapi.go @@ -112,7 +112,8 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe }, "status": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), + Description: "Status of the credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"), }, }, }, @@ -128,23 +129,25 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server URL. Required.", + Description: "The K8s API server URL.", Type: []string{"string"}, Format: "", }, }, "certificateAuthorityData": { SchemaProps: spec.SchemaProps{ - Description: "The K8s API server CA bundle. Required.", + Description: "The K8s API server CA bundle.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"server", "certificateAuthorityData"}, }, }, } @@ -200,11 +203,13 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of a credential issuer.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "strategies": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "List of integration strategies that were attempted by Pinniped.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -216,7 +221,8 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo }, "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), }, }, }, @@ -232,39 +238,45 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "Status of an integration strategy that was attempted by Pinniped.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Type of integration attempted.", + Type: []string{"string"}, + Format: "", }, }, "status": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Status of the attempted integration strategy.", + Type: []string{"string"}, + Format: "", }, }, "reason": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Reason for the current status.", + Type: []string{"string"}, + Format: "", }, }, "message": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Human-readable description of the current status.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdateTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "When the status was last checked.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, - Required: []string{"lastUpdateTime"}, + Required: []string{"type", "status", "reason", "message", "lastUpdateTime"}, }, }, Dependencies: []string{ diff --git a/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml new file mode 100644 index 00000000..e47f8e63 --- /dev/null +++ b/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml @@ -0,0 +1,110 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: credentialissuerconfigs.crd.pinniped.dev +spec: + group: crd.pinniped.dev + names: + kind: CredentialIssuerConfig + listKind: CredentialIssuerConfigList + plural: credentialissuerconfigs + shortNames: + - cic + singular: credentialissuerconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: Status of the credential issuer. + properties: + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using this credential issuer. + properties: + certificateAuthorityData: + description: The K8s API server CA bundle. + minLength: 1 + type: string + server: + description: The K8s API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + strategies: + description: List of integration strategies that were attempted by + Pinniped. + items: + description: Status of an integration strategy that was attempted + by Pinniped. + properties: + lastUpdateTime: + description: When the status was last checked. + format: date-time + type: string + message: + description: Human-readable description of the current status. + minLength: 1 + type: string + reason: + description: Reason for the current status. + enum: + - FetchedKey + - CouldNotFetchKey + type: string + status: + description: Status of the attempted integration strategy. + enum: + - Success + - Error + type: string + type: + description: Type of integration attempted. + enum: + - KubeClusterSigningCertificate + type: string + required: + - lastUpdateTime + - message + - reason + - status + - type + type: object + type: array + required: + - strategies + type: object + required: + - status + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/hack/lib/update-codegen.sh b/hack/lib/update-codegen.sh index 4cde8901..95e96009 100755 --- a/hack/lib/update-codegen.sh +++ b/hack/lib/update-codegen.sh @@ -151,4 +151,9 @@ crd-ref-docs \ --config=/tmp/docs-config.yaml \ --renderer=asciidoctor \ --templates-dir="${ROOT}/hack/lib/docs/templates" \ - --output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc" \ No newline at end of file + --output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc" + +# Generate CRD YAML +(cd apis && + controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds +) \ No newline at end of file diff --git a/hack/update.sh b/hack/update.sh index ee7b3f0e..00c15ae7 100755 --- a/hack/update.sh +++ b/hack/update.sh @@ -8,4 +8,5 @@ set -euo pipefail ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt" +cp "$ROOT/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml" "$ROOT/deploy/crd.yaml" "$ROOT/hack/module.sh" tidy From 8e5912e4c2d6b623f9569417ee503b23c9b6179b Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 31 Aug 2020 16:41:22 -0500 Subject: [PATCH 2/2] Update precommit hook config to ignore generated files and fix whitespace. Signed-off-by: Matt Moyer --- .pre-commit-config.yaml | 1 + README.md | 8 ++++---- SECURITY.md | 12 ++++++------ doc/contributing.md | 4 ++-- hack/lib/update-codegen.sh | 2 +- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4290d430..f4712345 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,3 +1,4 @@ +exclude: '^generated/' repos: - repo: git://github.com/pre-commit/pre-commit-hooks rev: v3.2.0 diff --git a/README.md b/README.md index 43f10ca2..c53a2f3a 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ with IDPs, and distribution-specific integration strategies. ### Architecture -Pinniped offers credential exchange to enable a user to exchange an external IDP +Pinniped offers credential exchange to enable a user to exchange an external IDP credential for a short-lived, cluster-specific credential. Pinniped supports various IDP types and implements different integration strategies for various Kubernetes distributions to make authentication possible. @@ -32,7 +32,7 @@ distributions to make authentication possible. The currently supported external IDP types are outlined here. More will be added in the future. -1. Any webhook which implements the +1. Any webhook which implements the [Kubernetes TokenReview API](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication) #### Supported Cluster Integration Strategies @@ -49,7 +49,7 @@ will use that instead of using the cluster's signing keypair.) #### `kubectl` Integration With any of the above IDPs and integration strategies, `kubectl` commands receive the -cluster-specific credential via a +cluster-specific credential via a [Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins). Users may use the Pinniped CLI as the credential plugin, or they may use any proprietary CLI built with the [Pinniped Go client library](generated). @@ -69,7 +69,7 @@ To try Pinniped, see [deploy/README.md](deploy/README.md). ## Contributions Contributions are welcome. Before contributing, please see -the [Code of Conduct](doc/code_of_conduct.md) and +the [Code of Conduct](doc/code_of_conduct.md) and [the contributing guide](doc/contributing.md). ## Reporting Security Vulnerabilities diff --git a/SECURITY.md b/SECURITY.md index ad936e3e..5cabfda8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,12 +1,12 @@ # Reporting a Vulnerability -Pinniped development is sponsored by VMware, and the Pinniped team encourages users -who become aware of a security vulnerability in Pinniped to report any potential -vulnerabilities found to security@vmware.com. If possible, please include a description +Pinniped development is sponsored by VMware, and the Pinniped team encourages users +who become aware of a security vulnerability in Pinniped to report any potential +vulnerabilities found to security@vmware.com. If possible, please include a description of the effects of the vulnerability, reproduction steps, and a description of in which -version of Pinniped or its dependencies the vulnerability was discovered. +version of Pinniped or its dependencies the vulnerability was discovered. The use of encrypted email is encouraged. The public PGP key can be found at https://kb.vmware.com/kb/1055. -The Pinniped team hopes that users encountering a new vulnerability will contact -us privately as it is in the best interests of our users that the Pinniped team has +The Pinniped team hopes that users encountering a new vulnerability will contact +us privately as it is in the best interests of our users that the Pinniped team has an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge. diff --git a/doc/contributing.md b/doc/contributing.md index 20320ed7..6c8aa5b5 100644 --- a/doc/contributing.md +++ b/doc/contributing.md @@ -16,7 +16,7 @@ To file a bug report, please first open an [issue](https://github.com/suzerain-io/pinniped/issues/new?template=bug_report.md). The project team will work with you on your bug report. -Once the bug has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare) +Once the bug has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare) can be opened to fix the bug. For specifics on what to include in your bug report, please follow the @@ -28,7 +28,7 @@ To suggest a feature, please first open an [issue](https://github.com/suzerain-io/pinniped/issues/new?template=feature-proposal.md) and tag it with `proposal`. The project team will work with you on your feature request. -Once the feature request has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare) +Once the feature request has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare) can be opened to implement the feature. For specifics on what to include in your feature request, please follow the diff --git a/hack/lib/update-codegen.sh b/hack/lib/update-codegen.sh index 95e96009..baba076b 100755 --- a/hack/lib/update-codegen.sh +++ b/hack/lib/update-codegen.sh @@ -156,4 +156,4 @@ crd-ref-docs \ # Generate CRD YAML (cd apis && controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds -) \ No newline at end of file +)