djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #82 from mattmoyer/add-crd-generation

Browse Source 
Generate CRD YAML using controller-tools, update doc strings.
This commit is contained in:
Matt Moyer 2020-08-31 17:18:28 -05:00 committed by GitHub
commit 3e4816c811
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
36 changed files with 746 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.pre-commit-config.yaml
View File

@ -1,3 +1,4 @@
exclude: '^generated/'
repos:
- repo: git://github.com/pre-commit/pre-commit-hooks
rev: v3.2.0

8
README.md
View File

@ -23,7 +23,7 @@ with IDPs, and distribution-specific integration strategies.
### Architecture
Pinniped offers credential exchange to enable a user to exchange an external IDP
Pinniped offers credential exchange to enable a user to exchange an external IDP
credential for a short-lived, cluster-specific credential. Pinniped supports various
IDP types and implements different integration strategies for various Kubernetes
distributions to make authentication possible.
@ -32,7 +32,7 @@ distributions to make authentication possible.
The currently supported external IDP types are outlined here. More will be added in the future.
1. Any webhook which implements the
1. Any webhook which implements the
[Kubernetes TokenReview API](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication)
#### Supported Cluster Integration Strategies
@ -49,7 +49,7 @@ will use that instead of using the cluster's signing keypair.)
#### `kubectl` Integration
With any of the above IDPs and integration strategies, `kubectl` commands receive the
cluster-specific credential via a
cluster-specific credential via a
[Kubernetes client-go credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins).
Users may use the Pinniped CLI as the credential plugin, or they may use any proprietary CLI
built with the [Pinniped Go client library](generated).
@ -69,7 +69,7 @@ To try Pinniped, see [deploy/README.md](deploy/README.md).
## Contributions
Contributions are welcome. Before contributing, please see
the [Code of Conduct](doc/code_of_conduct.md) and
the [Code of Conduct](doc/code_of_conduct.md) and
[the contributing guide](doc/contributing.md).
## Reporting Security Vulnerabilities

12
SECURITY.md
View File

@ -1,12 +1,12 @@
# Reporting a Vulnerability
Pinniped development is sponsored by VMware, and the Pinniped team encourages users
who become aware of a security vulnerability in Pinniped to report any potential
vulnerabilities found to security@vmware.com. If possible, please include a description
Pinniped development is sponsored by VMware, and the Pinniped team encourages users
who become aware of a security vulnerability in Pinniped to report any potential
vulnerabilities found to security@vmware.com. If possible, please include a description
of the effects of the vulnerability, reproduction steps, and a description of in which
version of Pinniped or its dependencies the vulnerability was discovered.
version of Pinniped or its dependencies the vulnerability was discovered.
The use of encrypted email is encouraged. The public PGP key can be found at https://kb.vmware.com/kb/1055.
The Pinniped team hopes that users encountering a new vulnerability will contact
us privately as it is in the best interests of our users that the Pinniped team has
The Pinniped team hopes that users encountering a new vulnerability will contact
us privately as it is in the best interests of our users that the Pinniped team has
an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge.

2
apis/crdpinniped/doc.go.tmpl
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API.
// Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped

2
apis/crdpinniped/v1alpha1/doc.go.tmpl
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1

47
apis/crdpinniped/v1alpha1/types.go.tmpl
View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string
const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey")
)
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
}
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required.
Server string `json:"server,omitempty"`
// The K8s API server URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
// The K8s API server CA bundle.
// +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
}
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"`
Status StrategyStatus `json:"status,omitempty"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"`
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
// Type of integration attempted.
Type StrategyType `json:"type"`
// Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
}
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"`
}
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct {

2
apis/pinniped/doc.go.tmpl
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=pinniped.dev
// Package pinniped is the internal version of the API.
// Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped

2
apis/pinniped/v1alpha1/doc.go.tmpl
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1

173
deploy/crd.yaml
View File

@ -1,85 +1,110 @@
#! Copyright 2020 VMware, Inc.
#! SPDX-License-Identifier: Apache-2.0
#! Example of valid CredentialIssuerConfig object:
#! ---
#! apiVersion: crd.pinniped.dev/v1alpha1
#! kind: CredentialIssuerConfig
#! metadata:
#! name: credential-issuer-config
#! namespace: integration
#! status:
#! kubeConfigInfo:
#! server: https://foo
#! certificateAuthorityData: bar
#! strategies:
#! - type: KubeClusterSigningCertificate
#! status: Error
#! reason: CouldNotFetchKey
#! message: "There was an error getting the signing cert"
#! lastUpdateTime: 2020-08-21T20:08:18Z
#@ load("@ytt:data", "data")
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
versions:
#! Any changes to these schemas should also be reflected in the types.go file(s)
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
strategies:
type: array
items:
type: object
required: [ type, status, reason, message, lastUpdateTime ]
properties:
type: #! this property is called "type"
type: string
minLength: 1
pattern: '^KubeClusterSigningCertificate$'
status:
type: string
minLength: 1
pattern: '^Success$|^Error$'
reason:
type: string
minLength: 1
pattern: '^CouldNotFetchKey$|^FetchedKey$'
message:
type: string
minLength: 1
lastUpdateTime:
type: string
format: date-time
minLength: 1
kubeConfigInfo:
type: object
required: [ server, certificateAuthorityData ]
properties:
server:
type: string
minLength: 1
pattern: '^https://|^http://'
certificateAuthorityData:
type: string
minLength: 1
scope: Namespaced
names:
plural: credentialissuerconfigs
singular: credentialissuerconfig
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

4
doc/contributing.md
View File

@ -16,7 +16,7 @@ To file a bug report, please first open an
[issue](https://github.com/suzerain-io/pinniped/issues/new?template=bug_report.md). The project team
will work with you on your bug report.
Once the bug has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare)
Once the bug has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare)
can be opened to fix the bug.
For specifics on what to include in your bug report, please follow the
@ -28,7 +28,7 @@ To suggest a feature, please first open an
[issue](https://github.com/suzerain-io/pinniped/issues/new?template=feature-proposal.md)
and tag it with `proposal`. The project team will work with you on your feature request.
Once the feature request has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare)
Once the feature request has been validated, a [pull request](https://github.com/suzerain-io/pinniped/compare)
can be opened to implement the feature.
For specifics on what to include in your feature request, please follow the

26
generated/1.17/README.adoc
View File

@ -12,7 +12,7 @@
[id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"]
=== crd.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ |
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|===
@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`server`* __string__ | The K8s API server URL. Required.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required.
| *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|===
@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In:
****
@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ |
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ |
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|===
@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __StrategyType__ |
| *`status`* __StrategyStatus__ |
| *`reason`* __StrategyReason__ |
| *`message`* __string__ |
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ |
| *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|===
@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-pinniped-dev-v1alpha1"]
=== pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.

2
generated/1.17/apis/crdpinniped/doc.go
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API.
// Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped

2
generated/1.17/apis/crdpinniped/v1alpha1/doc.go
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1

47
generated/1.17/apis/crdpinniped/v1alpha1/types.go
View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string
const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey")
)
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
}
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required.
Server string `json:"server,omitempty"`
// The K8s API server URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
// The K8s API server CA bundle.
// +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
}
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"`
Status StrategyStatus `json:"status,omitempty"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"`
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
// Type of integration attempted.
Type StrategyType `json:"type"`
// Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
}
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"`
}
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct {

2
generated/1.17/apis/pinniped/doc.go
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=pinniped.dev
// Package pinniped is the internal version of the API.
// Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped

2
generated/1.17/apis/pinniped/v1alpha1/doc.go
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1

48
generated/1.17/client/openapi/zz_generated.openapi.go
View File

@ -111,7 +111,8 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
Description: "Status of the credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
},
},
},
@ -127,23 +128,25 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"server": {
SchemaProps: spec.SchemaProps{
Description: "The K8s API server URL. Required.",
Description: "The K8s API server URL.",
Type: []string{"string"},
Format: "",
},
},
"certificateAuthorityData": {
SchemaProps: spec.SchemaProps{
Description: "The K8s API server CA bundle. Required.",
Description: "The K8s API server CA bundle.",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"server", "certificateAuthorityData"},
},
},
}
@ -199,11 +202,13 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Status of a credential issuer.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"strategies": {
SchemaProps: spec.SchemaProps{
Type: []string{"array"},
Description: "List of integration strategies that were attempted by Pinniped.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
@ -215,7 +220,8 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
},
"kubeConfigInfo": {
SchemaProps: spec.SchemaProps{
Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
},
},
},
@ -231,39 +237,45 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Status of an integration strategy that was attempted by Pinniped.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"type": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Type of integration attempted.",
Type: []string{"string"},
Format: "",
},
},
"status": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Status of the attempted integration strategy.",
Type: []string{"string"},
Format: "",
},
},
"reason": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Reason for the current status.",
Type: []string{"string"},
Format: "",
},
},
"message": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Human-readable description of the current status.",
Type: []string{"string"},
Format: "",
},
},
"lastUpdateTime": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
Description: "When the status was last checked.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
},
Required: []string{"lastUpdateTime"},
Required: []string{"type", "status", "reason", "message", "lastUpdateTime"},
},
},
Dependencies: []string{

110
generated/1.17/crds/crd.pinniped.dev_credentialissuerconfigs.yaml Normal file
View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
names:
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

26
generated/1.18/README.adoc
View File

@ -12,7 +12,7 @@
[id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"]
=== crd.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ |
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|===
@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`server`* __string__ | The K8s API server URL. Required.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required.
| *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|===
@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In:
****
@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ |
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ |
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|===
@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __StrategyType__ |
| *`status`* __StrategyStatus__ |
| *`reason`* __StrategyReason__ |
| *`message`* __string__ |
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ |
| *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|===
@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-pinniped-dev-v1alpha1"]
=== pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.

2
generated/1.18/apis/crdpinniped/doc.go
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API.
// Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped

2
generated/1.18/apis/crdpinniped/v1alpha1/doc.go
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1

47
generated/1.18/apis/crdpinniped/v1alpha1/types.go
View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string
const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey")
)
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
}
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required.
Server string `json:"server,omitempty"`
// The K8s API server URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
// The K8s API server CA bundle.
// +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
}
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"`
Status StrategyStatus `json:"status,omitempty"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"`
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
// Type of integration attempted.
Type StrategyType `json:"type"`
// Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
}
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"`
}
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct {

2
generated/1.18/apis/pinniped/doc.go
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=pinniped.dev
// Package pinniped is the internal version of the API.
// Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped

2
generated/1.18/apis/pinniped/v1alpha1/doc.go
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1

48
generated/1.18/client/openapi/zz_generated.openapi.go
View File

@ -111,7 +111,8 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
Description: "Status of the credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
},
},
},
@ -127,23 +128,25 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"server": {
SchemaProps: spec.SchemaProps{
Description: "The K8s API server URL. Required.",
Description: "The K8s API server URL.",
Type: []string{"string"},
Format: "",
},
},
"certificateAuthorityData": {
SchemaProps: spec.SchemaProps{
Description: "The K8s API server CA bundle. Required.",
Description: "The K8s API server CA bundle.",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"server", "certificateAuthorityData"},
},
},
}
@ -199,11 +202,13 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Status of a credential issuer.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"strategies": {
SchemaProps: spec.SchemaProps{
Type: []string{"array"},
Description: "List of integration strategies that were attempted by Pinniped.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
@ -215,7 +220,8 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
},
"kubeConfigInfo": {
SchemaProps: spec.SchemaProps{
Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
},
},
},
@ -231,39 +237,45 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Status of an integration strategy that was attempted by Pinniped.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"type": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Type of integration attempted.",
Type: []string{"string"},
Format: "",
},
},
"status": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Status of the attempted integration strategy.",
Type: []string{"string"},
Format: "",
},
},
"reason": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Reason for the current status.",
Type: []string{"string"},
Format: "",
},
},
"message": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Human-readable description of the current status.",
Type: []string{"string"},
Format: "",
},
},
"lastUpdateTime": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
Description: "When the status was last checked.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
},
Required: []string{"lastUpdateTime"},
Required: []string{"type", "status", "reason", "message", "lastUpdateTime"},
},
},
Dependencies: []string{

110
generated/1.18/crds/crd.pinniped.dev_credentialissuerconfigs.yaml Normal file
View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
names:
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

26
generated/1.19/README.adoc
View File

@ -12,7 +12,7 @@
[id="{anchor_prefix}-crd-pinniped-dev-v1alpha1"]
=== crd.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
@ -31,7 +31,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ |
| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|===
@ -48,8 +48,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`server`* __string__ | The K8s API server URL. Required.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. Required.
| *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|===
@ -58,7 +58,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In:
****
@ -68,8 +68,8 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ |
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ |
| *`strategies`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-crdpinniped-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|===
@ -86,11 +86,11 @@ Package v1alpha1 is the v1alpha1 version of the API.
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __StrategyType__ |
| *`status`* __StrategyStatus__ |
| *`reason`* __StrategyReason__ |
| *`message`* __string__ |
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ |
| *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|===
@ -98,7 +98,7 @@ Package v1alpha1 is the v1alpha1 version of the API.
[id="{anchor_prefix}-pinniped-dev-v1alpha1"]
=== pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.

2
generated/1.19/apis/crdpinniped/doc.go
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=crd.pinniped.dev
// Package crdpinniped is the internal version of the API.
// Package crdpinniped is the internal version of the Pinniped CRD-based API.
package crdpinniped

2
generated/1.19/apis/crdpinniped/v1alpha1/doc.go
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=crd.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped CRD-based API.
package v1alpha1

47
generated/1.19/apis/crdpinniped/v1alpha1/types.go
View File

@ -7,8 +7,13 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate
type StrategyType string
// +kubebuilder:validation:Enum=Success;Error
type StrategyStatus string
// +kubebuilder:validation:Enum=FetchedKey;CouldNotFetchKey
type StrategyReason string
const (
@ -21,39 +26,63 @@ const (
FetchedKeyStrategyReason = StrategyReason("FetchedKey")
)
// Status of a credential issuer.
type CredentialIssuerConfigStatus struct {
// List of integration strategies that were attempted by Pinniped.
Strategies []CredentialIssuerConfigStrategy `json:"strategies"`
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
// +optional
KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
}
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
type CredentialIssuerConfigKubeConfigInfo struct {
// The K8s API server URL. Required.
Server string `json:"server,omitempty"`
// The K8s API server URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://|^http://`
Server string `json:"server"`
// The K8s API server CA bundle. Required.
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
// The K8s API server CA bundle.
// +kubebuilder:validation:MinLength=1
CertificateAuthorityData string `json:"certificateAuthorityData"`
}
// Status of an integration strategy that was attempted by Pinniped.
type CredentialIssuerConfigStrategy struct {
Type StrategyType `json:"type,omitempty"`
Status StrategyStatus `json:"status,omitempty"`
Reason StrategyReason `json:"reason,omitempty"`
Message string `json:"message,omitempty"`
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
// Type of integration attempted.
Type StrategyType `json:"type"`
// Status of the attempted integration strategy.
Status StrategyStatus `json:"status"`
// Reason for the current status.
Reason StrategyReason `json:"reason"`
// Human-readable description of the current status.
// +kubebuilder:validation:MinLength=1
Message string `json:"message"`
// When the status was last checked.
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
}
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:shortName=cic
type CredentialIssuerConfig struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
Status CredentialIssuerConfigStatus `json:"status"`
}
// List of CredentialIssuerConfig objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type CredentialIssuerConfigList struct {

2
generated/1.19/apis/pinniped/doc.go
View File

@ -6,5 +6,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=pinniped.dev
// Package pinniped is the internal version of the API.
// Package pinniped is the internal version of the Pinniped aggregated API.
package pinniped

2
generated/1.19/apis/pinniped/v1alpha1/doc.go
View File

@ -9,5 +9,5 @@ SPDX-License-Identifier: Apache-2.0
// +k8s:defaulter-gen=TypeMeta
// +groupName=pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the API.
// Package v1alpha1 is the v1alpha1 version of the Pinniped aggregated API.
package v1alpha1

48
generated/1.19/client/openapi/zz_generated.openapi.go
View File

@ -112,7 +112,8 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfig(ref common.Refe
},
"status": {
SchemaProps: spec.SchemaProps{
Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
Description: "Status of the credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus"),
},
},
},
@ -128,23 +129,25 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigKubeConfigInfo(r
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"server": {
SchemaProps: spec.SchemaProps{
Description: "The K8s API server URL. Required.",
Description: "The K8s API server URL.",
Type: []string{"string"},
Format: "",
},
},
"certificateAuthorityData": {
SchemaProps: spec.SchemaProps{
Description: "The K8s API server CA bundle. Required.",
Description: "The K8s API server CA bundle.",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"server", "certificateAuthorityData"},
},
},
}
@ -200,11 +203,13 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Status of a credential issuer.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"strategies": {
SchemaProps: spec.SchemaProps{
Type: []string{"array"},
Description: "List of integration strategies that were attempted by Pinniped.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
@ -216,7 +221,8 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref commo
},
"kubeConfigInfo": {
SchemaProps: spec.SchemaProps{
Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.",
Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigKubeConfigInfo"),
},
},
},
@ -232,39 +238,45 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Type: []string{"object"},
Description: "Status of an integration strategy that was attempted by Pinniped.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"type": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Type of integration attempted.",
Type: []string{"string"},
Format: "",
},
},
"status": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Status of the attempted integration strategy.",
Type: []string{"string"},
Format: "",
},
},
"reason": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Reason for the current status.",
Type: []string{"string"},
Format: "",
},
},
"message": {
SchemaProps: spec.SchemaProps{
Type: []string{"string"},
Format: "",
Description: "Human-readable description of the current status.",
Type: []string{"string"},
Format: "",
},
},
"lastUpdateTime": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
Description: "When the status was last checked.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
},
Required: []string{"lastUpdateTime"},
Required: []string{"type", "status", "reason", "message", "lastUpdateTime"},
},
},
Dependencies: []string{

110
generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml Normal file
View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: credentialissuerconfigs.crd.pinniped.dev
spec:
group: crd.pinniped.dev
names:
kind: CredentialIssuerConfig
listKind: CredentialIssuerConfigList
plural: credentialissuerconfigs
shortNames:
- cic
singular: credentialissuerconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
status:
description: Status of the credential issuer.
properties:
kubeConfigInfo:
description: Information needed to form a valid Pinniped-based kubeconfig
using this credential issuer.
properties:
certificateAuthorityData:
description: The K8s API server CA bundle.
minLength: 1
type: string
server:
description: The K8s API server URL.
minLength: 1
pattern: ^https://|^http://
type: string
required:
- certificateAuthorityData
- server
type: object
strategies:
description: List of integration strategies that were attempted by
Pinniped.
items:
description: Status of an integration strategy that was attempted
by Pinniped.
properties:
lastUpdateTime:
description: When the status was last checked.
format: date-time
type: string
message:
description: Human-readable description of the current status.
minLength: 1
type: string
reason:
description: Reason for the current status.
enum:
- FetchedKey
- CouldNotFetchKey
type: string
status:
description: Status of the attempted integration strategy.
enum:
- Success
- Error
type: string
type:
description: Type of integration attempted.
enum:
- KubeClusterSigningCertificate
type: string
required:
- lastUpdateTime
- message
- reason
- status
- type
type: object
type: array
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

7
hack/lib/update-codegen.sh
View File

@ -151,4 +151,9 @@ crd-ref-docs \
--config=/tmp/docs-config.yaml \
--renderer=asciidoctor \
--templates-dir="${ROOT}/hack/lib/docs/templates" \
--output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc"
--output-path="${ROOT}/generated/${KUBE_MINOR_VERSION}/README.adoc"
# Generate CRD YAML
(cd apis &&
controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds
)

1
hack/update.sh
View File

@ -8,4 +8,5 @@ set -euo pipefail
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt"
cp "$ROOT/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml" "$ROOT/deploy/crd.yaml"
"$ROOT/hack/module.sh" tidy