From 196e43aa4869eda80116d1873827d47aa8375a2a Mon Sep 17 00:00:00 2001 From: Margo Crawford Date: Wed, 16 Dec 2020 14:27:09 -0800 Subject: [PATCH] Rename off of main Signed-off-by: Ryan Richard --- .../config/v1alpha1/register.go.tmpl | 4 +- ...go.tmpl => types_federationdomain.go.tmpl} | 50 +- apis/supervisor/idp/v1alpha1/register.go.tmpl | 4 +- .../types_oidcidentityprovider.go.tmpl | 36 +- cmd/pinniped-supervisor/main.go | 30 +- deploy/supervisor/README.md | 10 +- ...rvisor.pinniped.dev_federationdomains.yaml | 18 +- ...or.pinniped.dev_oidcidentityproviders.yaml | 14 +- deploy/supervisor/rbac.yaml | 6 +- deploy/supervisor/z0_crd_overlay.yaml | 4 +- generated/1.17/README.adoc | 120 +-- .../supervisor/config/v1alpha1/register.go | 4 +- .../v1alpha1/types_federationdomain.go} | 50 +- .../config/v1alpha1/zz_generated.deepcopy.go | 56 +- .../apis/supervisor/idp/v1alpha1/register.go | 4 +- .../v1alpha1/types_oidcidentityprovider.go | 36 +- .../idp/v1alpha1/zz_generated.deepcopy.go | 216 +++--- .../typed/config/v1alpha1/config_client.go | 6 +- .../v1alpha1/fake/fake_config_client.go | 4 +- .../v1alpha1/fake/fake_federationdomain.go | 127 ++++ .../config/v1alpha1/fake/fake_oidcprovider.go | 127 ---- .../typed/config/v1alpha1/federationdomain.go | 178 +++++ .../config/v1alpha1/generated_expansion.go | 2 +- .../typed/config/v1alpha1/oidcprovider.go | 178 ----- .../idp/v1alpha1/fake/fake_idp_client.go | 4 +- .../fake/fake_oidcidentityprovider.go | 127 ++++ .../fake/fake_upstreamoidcprovider.go | 127 ---- .../typed/idp/v1alpha1/generated_expansion.go | 2 +- .../typed/idp/v1alpha1/idp_client.go | 6 +- .../idp/v1alpha1/oidcidentityprovider.go | 178 +++++ .../idp/v1alpha1/upstreamoidcprovider.go | 178 ----- .../config/v1alpha1/federationdomain.go | 76 ++ .../config/v1alpha1/interface.go | 10 +- .../config/v1alpha1/oidcprovider.go | 76 -- .../informers/externalversions/generic.go | 8 +- .../idp/v1alpha1/interface.go | 10 +- ...idcprovider.go => oidcidentityprovider.go} | 38 +- .../config/v1alpha1/expansion_generated.go | 12 +- .../config/v1alpha1/federationdomain.go | 81 +++ .../listers/config/v1alpha1/oidcprovider.go | 81 --- .../idp/v1alpha1/expansion_generated.go | 12 +- .../idp/v1alpha1/oidcidentityprovider.go | 81 +++ .../idp/v1alpha1/upstreamoidcprovider.go | 81 --- ...visor.pinniped.dev_federationdomains.yaml} | 18 +- ...r.pinniped.dev_oidcidentityproviders.yaml} | 14 +- generated/1.18/README.adoc | 120 +-- .../supervisor/config/v1alpha1/register.go | 4 +- .../v1alpha1/types_federationdomain.go} | 50 +- .../config/v1alpha1/zz_generated.deepcopy.go | 56 +- .../apis/supervisor/idp/v1alpha1/register.go | 4 +- .../v1alpha1/types_oidcidentityprovider.go} | 36 +- .../idp/v1alpha1/zz_generated.deepcopy.go | 216 +++--- .../typed/config/v1alpha1/config_client.go | 6 +- .../v1alpha1/fake/fake_config_client.go | 4 +- .../v1alpha1/fake/fake_federationdomain.go | 129 ++++ .../config/v1alpha1/fake/fake_oidcprovider.go | 129 ---- .../typed/config/v1alpha1/federationdomain.go | 182 +++++ .../config/v1alpha1/generated_expansion.go | 2 +- .../typed/config/v1alpha1/oidcprovider.go | 182 ----- .../idp/v1alpha1/fake/fake_idp_client.go | 4 +- .../fake/fake_oidcidentityprovider.go | 129 ++++ .../fake/fake_upstreamoidcprovider.go | 129 ---- .../typed/idp/v1alpha1/generated_expansion.go | 2 +- .../typed/idp/v1alpha1/idp_client.go | 6 +- .../idp/v1alpha1/oidcidentityprovider.go | 182 +++++ .../idp/v1alpha1/upstreamoidcprovider.go | 182 ----- .../config/v1alpha1/federationdomain.go | 77 ++ .../config/v1alpha1/interface.go | 10 +- .../config/v1alpha1/oidcprovider.go | 77 -- .../informers/externalversions/generic.go | 8 +- .../idp/v1alpha1/interface.go | 10 +- ...idcprovider.go => oidcidentityprovider.go} | 38 +- .../config/v1alpha1/expansion_generated.go | 12 +- .../config/v1alpha1/federationdomain.go | 81 +++ .../listers/config/v1alpha1/oidcprovider.go | 81 --- .../idp/v1alpha1/expansion_generated.go | 12 +- .../idp/v1alpha1/oidcidentityprovider.go | 81 +++ .../idp/v1alpha1/upstreamoidcprovider.go | 81 --- ...rvisor.pinniped.dev_federationdomains.yaml | 18 +- ...r.pinniped.dev_oidcidentityproviders.yaml} | 14 +- generated/1.19/README.adoc | 120 +-- .../supervisor/config/v1alpha1/register.go | 4 +- ...cprovider.go => types_federationdomain.go} | 50 +- .../config/v1alpha1/zz_generated.deepcopy.go | 56 +- .../apis/supervisor/idp/v1alpha1/register.go | 4 +- .../v1alpha1/types_oidcidentityprovider.go} | 36 +- .../idp/v1alpha1/zz_generated.deepcopy.go | 216 +++--- .../typed/config/v1alpha1/config_client.go | 6 +- .../v1alpha1/fake/fake_config_client.go | 4 +- .../v1alpha1/fake/fake_federationdomain.go | 129 ++++ .../config/v1alpha1/fake/fake_oidcprovider.go | 129 ---- .../typed/config/v1alpha1/federationdomain.go | 182 +++++ .../config/v1alpha1/generated_expansion.go | 2 +- .../typed/config/v1alpha1/oidcprovider.go | 182 ----- .../idp/v1alpha1/fake/fake_idp_client.go | 4 +- .../fake/fake_oidcidentityprovider.go | 129 ++++ .../fake/fake_upstreamoidcprovider.go | 129 ---- .../typed/idp/v1alpha1/generated_expansion.go | 2 +- .../typed/idp/v1alpha1/idp_client.go | 6 +- .../idp/v1alpha1/oidcidentityprovider.go | 182 +++++ .../idp/v1alpha1/upstreamoidcprovider.go | 182 ----- .../config/v1alpha1/federationdomain.go | 77 ++ .../config/v1alpha1/interface.go | 10 +- .../config/v1alpha1/oidcprovider.go | 77 -- .../informers/externalversions/generic.go | 8 +- .../idp/v1alpha1/interface.go | 10 +- ...idcprovider.go => oidcidentityprovider.go} | 38 +- .../config/v1alpha1/expansion_generated.go | 12 +- .../config/v1alpha1/federationdomain.go | 86 +++ .../listers/config/v1alpha1/oidcprovider.go | 86 --- .../idp/v1alpha1/expansion_generated.go | 12 +- .../idp/v1alpha1/oidcidentityprovider.go | 86 +++ .../idp/v1alpha1/upstreamoidcprovider.go | 86 --- ...visor.pinniped.dev_federationdomains.yaml} | 18 +- ...or.pinniped.dev_oidcidentityproviders.yaml | 14 +- hack/lib/tilt/Tiltfile | 4 +- .../supervisorconfig/generator/generator.go | 2 +- .../generator/oidc_provider_secrets.go | 62 +- .../generator/oidc_provider_secrets_test.go | 100 +-- .../generator/secret_helper.go | 22 +- .../generator/secret_helper_test.go | 38 +- .../supervisorconfig/jwks_observer.go | 24 +- .../supervisorconfig/jwks_observer_test.go | 110 +-- .../supervisorconfig/jwks_writer.go | 26 +- .../supervisorconfig/jwks_writer_test.go | 72 +- .../oidcproviderconfig_watcher.go | 48 +- .../oidcproviderconfig_watcher_test.go | 684 +++++++++--------- .../supervisorconfig/tls_cert_observer.go | 14 +- .../tls_cert_observer_test.go | 88 +-- .../upstreamwatcher/upstreamwatcher.go | 36 +- .../upstreamwatcher/upstreamwatcher_test.go | 112 +-- .../mocksecrethelper/mocksecrethelper.go | 26 +- .../oidc/callback/callback_handler_test.go | 2 +- internal/oidc/dynamic_oauth2_hmac_strategy.go | 10 +- .../dynamic_open_id_connect_ecdsa_strategy.go | 10 +- .../provider/dynamic_upstream_idp_provider.go | 10 +- internal/oidc/provider/manager/manager.go | 10 +- .../oidc/provider/manager/manager_test.go | 8 +- internal/oidc/provider/oidcprovider.go | 16 +- internal/oidc/provider/oidcprovider_test.go | 4 +- internal/secret/cache.go | 26 +- internal/secret/cache_test.go | 2 +- test/integration/e2e_test.go | 8 +- test/integration/kube_api_discovery_test.go | 16 +- test/integration/supervisor_discovery_test.go | 134 ++-- test/integration/supervisor_login_test.go | 8 +- test/integration/supervisor_secrets_test.go | 18 +- test/integration/supervisor_upstream_test.go | 10 +- test/library/client.go | 56 +- 149 files changed, 4525 insertions(+), 4523 deletions(-) rename apis/supervisor/config/v1alpha1/{types_oidcprovider.go.tmpl => types_federationdomain.go.tmpl} (72%) rename generated/1.18/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go => apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go.tmpl (80%) rename generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml => deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml (93%) rename generated/1.18/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml => deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml (96%) rename generated/{1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go => 1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go} (72%) rename apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go.tmpl => generated/1.17/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go (80%) create mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go delete mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go create mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go create mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go delete mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go create mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go delete mode 100644 generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go create mode 100644 generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go rename generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/{upstreamoidcprovider.go => oidcidentityprovider.go} (65%) create mode 100644 generated/1.17/client/supervisor/listers/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go create mode 100644 generated/1.17/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go delete mode 100644 generated/1.17/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go rename generated/1.17/crds/{config.supervisor.pinniped.dev_oidcproviders.yaml => config.supervisor.pinniped.dev_federationdomains.yaml} (93%) rename generated/1.17/crds/{idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml => idp.supervisor.pinniped.dev_oidcidentityproviders.yaml} (96%) rename generated/{1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go => 1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go} (72%) rename generated/{1.19/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go => 1.18/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go} (80%) create mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go delete mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go create mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go create mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go delete mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go create mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go delete mode 100644 generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go create mode 100644 generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go rename generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/{upstreamoidcprovider.go => oidcidentityprovider.go} (65%) create mode 100644 generated/1.18/client/supervisor/listers/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go create mode 100644 generated/1.18/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go delete mode 100644 generated/1.18/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go rename deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml => generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml (93%) rename generated/{1.19/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml => 1.18/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml} (96%) rename generated/1.19/apis/supervisor/config/v1alpha1/{types_oidcprovider.go => types_federationdomain.go} (72%) rename generated/{1.17/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go => 1.19/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go} (80%) create mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go delete mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go create mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go create mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go delete mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go create mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go delete mode 100644 generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go create mode 100644 generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go rename generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/{upstreamoidcprovider.go => oidcidentityprovider.go} (65%) create mode 100644 generated/1.19/client/supervisor/listers/config/v1alpha1/federationdomain.go delete mode 100644 generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go create mode 100644 generated/1.19/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go delete mode 100644 generated/1.19/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go rename generated/1.19/crds/{config.supervisor.pinniped.dev_oidcproviders.yaml => config.supervisor.pinniped.dev_federationdomains.yaml} (93%) rename deploy/supervisor/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml => generated/1.19/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml (96%) diff --git a/apis/supervisor/config/v1alpha1/register.go.tmpl b/apis/supervisor/config/v1alpha1/register.go.tmpl index 9bf58c3f..32c81af8 100644 --- a/apis/supervisor/config/v1alpha1/register.go.tmpl +++ b/apis/supervisor/config/v1alpha1/register.go.tmpl @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProvider{}, - &OIDCProviderList{}, + &FederationDomain{}, + &FederationDomainList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl b/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl similarity index 72% rename from apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl rename to apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl index a351900f..2655ab56 100644 --- a/apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl +++ b/apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl @@ -9,19 +9,19 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret -type OIDCProviderStatusCondition string +type FederationDomainStatusCondition string const ( - SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") - DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") + SuccessFederationDomainStatusCondition = FederationDomainStatusCondition("Success") + DuplicateFederationDomainStatusCondition = FederationDomainStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidFederationDomainStatusCondition = FederationDomainStatusCondition("Invalid") ) -// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. -type OIDCProviderTLSSpec struct { +// FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type FederationDomainTLSSpec struct { // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains - // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use // for TLS. // @@ -41,8 +41,8 @@ type OIDCProviderTLSSpec struct { SecretName string `json:"secretName,omitempty"` } -// OIDCProviderSpec is a struct that describes an OIDC Provider. -type OIDCProviderSpec struct { +// FederationDomainSpec is a struct that describes an OIDC Provider. +type FederationDomainSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -54,13 +54,13 @@ type OIDCProviderSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). + // TLS configures how this FederationDomain is served over Transport Layer Security (TLS). // +optional - TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` + TLS *FederationDomainTLSSpec `json:"tls,omitempty"` } -// OIDCProviderSecrets holds information about this OIDC Provider's secrets. -type OIDCProviderSecrets struct { +// FederationDomainSecrets holds information about this OIDC Provider's secrets. +type FederationDomainSecrets struct { // JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are // stored. If it is empty, then the signing/verification keys are either unknown or they don't // exist. @@ -83,12 +83,12 @@ type OIDCProviderSecrets struct { StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"` } -// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderStatus struct { +// FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. +type FederationDomainStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatusCondition `json:"status,omitempty"` + Status FederationDomainStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -102,29 +102,29 @@ type OIDCProviderStatus struct { // Secrets contains information about this OIDC Provider's secrets. // +optional - Secrets OIDCProviderSecrets `json:"secrets,omitempty"` + Secrets FederationDomainSecrets `json:"secrets,omitempty"` } -// OIDCProvider describes the configuration of an OIDC provider. +// FederationDomain describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped -type OIDCProvider struct { +type FederationDomain struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderSpec `json:"spec"` + Spec FederationDomainSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderStatus `json:"status,omitempty"` + Status FederationDomainStatus `json:"status,omitempty"` } -// List of OIDCProvider objects. +// List of FederationDomain objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type OIDCProviderList struct { +type FederationDomainList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProvider `json:"items"` + Items []FederationDomain `json:"items"` } diff --git a/apis/supervisor/idp/v1alpha1/register.go.tmpl b/apis/supervisor/idp/v1alpha1/register.go.tmpl index 67e549f9..c03b7dde 100644 --- a/apis/supervisor/idp/v1alpha1/register.go.tmpl +++ b/apis/supervisor/idp/v1alpha1/register.go.tmpl @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &UpstreamOIDCProvider{}, - &UpstreamOIDCProviderList{}, + &OIDCIdentityProvider{}, + &OIDCIdentityProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.18/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go b/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go.tmpl similarity index 80% rename from generated/1.18/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go rename to apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go.tmpl index 09f74c7c..21945fcf 100644 --- a/generated/1.18/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go +++ b/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go.tmpl @@ -7,25 +7,25 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type UpstreamOIDCProviderPhase string +type OIDCIdentityProviderPhase string const ( - // PhasePending is the default phase for newly-created UpstreamOIDCProvider resources. - PhasePending UpstreamOIDCProviderPhase = "Pending" + // PhasePending is the default phase for newly-created OIDCIdentityProvider resources. + PhasePending OIDCIdentityProviderPhase = "Pending" - // PhaseReady is the phase for an UpstreamOIDCProvider resource in a healthy state. - PhaseReady UpstreamOIDCProviderPhase = "Ready" + // PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state. + PhaseReady OIDCIdentityProviderPhase = "Ready" - // PhaseError is the phase for an UpstreamOIDCProvider in an unhealthy state. - PhaseError UpstreamOIDCProviderPhase = "Error" + // PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state. + PhaseError OIDCIdentityProviderPhase = "Error" ) // Status of an OIDC identity provider. -type UpstreamOIDCProviderStatus struct { - // Phase summarizes the overall status of the UpstreamOIDCProvider. +type OIDCIdentityProviderStatus struct { + // Phase summarizes the overall status of the OIDCIdentityProvider. // +kubebuilder:default=Pending // +kubebuilder:validation:Enum=Pending;Ready;Error - Phase UpstreamOIDCProviderPhase `json:"phase,omitempty"` + Phase OIDCIdentityProviderPhase `json:"phase,omitempty"` // Represents the observations of an identity provider's current state. // +patchMergeKey=type @@ -68,7 +68,7 @@ type OIDCClient struct { } // Spec for configuring an OIDC identity provider. -type UpstreamOIDCProviderSpec struct { +type OIDCIdentityProviderSpec struct { // Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch // /.well-known/openid-configuration. // +kubebuilder:validation:MinLength=1 @@ -94,7 +94,7 @@ type UpstreamOIDCProviderSpec struct { Client OIDCClient `json:"client"` } -// UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. +// OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps @@ -102,22 +102,22 @@ type UpstreamOIDCProviderSpec struct { // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase` // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status -type UpstreamOIDCProvider struct { +type OIDCIdentityProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec for configuring the identity provider. - Spec UpstreamOIDCProviderSpec `json:"spec"` + Spec OIDCIdentityProviderSpec `json:"spec"` // Status of the identity provider. - Status UpstreamOIDCProviderStatus `json:"status,omitempty"` + Status OIDCIdentityProviderStatus `json:"status,omitempty"` } -// List of UpstreamOIDCProvider objects. +// List of OIDCIdentityProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type UpstreamOIDCProviderList struct { +type OIDCIdentityProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []UpstreamOIDCProvider `json:"items"` + Items []OIDCIdentityProvider `json:"items"` } diff --git a/cmd/pinniped-supervisor/main.go b/cmd/pinniped-supervisor/main.go index 461eea56..d9508290 100644 --- a/cmd/pinniped-supervisor/main.go +++ b/cmd/pinniped-supervisor/main.go @@ -91,7 +91,7 @@ func startControllers( kubeInformers kubeinformers.SharedInformerFactory, pinnipedInformers pinnipedinformers.SharedInformerFactory, ) { - opInformer := pinnipedInformers.Config().V1alpha1().OIDCProviders() + opInformer := pinnipedInformers.Config().V1alpha1().FederationDomains() secretInformer := kubeInformers.Core().V1().Secrets() // Create controller manager. @@ -107,7 +107,7 @@ func startControllers( singletonWorker, ). WithController( - supervisorconfig.NewOIDCProviderWatcherController( + supervisorconfig.NewFederationDomainWatcherController( issuerManager, clock.RealClock{}, pinnipedClient, @@ -162,15 +162,15 @@ func startControllers( singletonWorker, ). WithController( - generator.NewOIDCProviderSecretsController( + generator.NewFederationDomainSecretsController( generator.NewSymmetricSecretHelper( "pinniped-oidc-provider-hmac-key-", cfg.Labels, rand.Reader, generator.SecretUsageTokenSigningKey, - func(oidcProviderIssuer string, symmetricKey []byte) { - plog.Debug("setting hmac secret", "issuer", oidcProviderIssuer) - secretCache.SetTokenHMACKey(oidcProviderIssuer, symmetricKey) + func(federationDomainIssuer string, symmetricKey []byte) { + plog.Debug("setting hmac secret", "issuer", federationDomainIssuer) + secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey) }, ), kubeClient, @@ -182,15 +182,15 @@ func startControllers( singletonWorker, ). WithController( - generator.NewOIDCProviderSecretsController( + generator.NewFederationDomainSecretsController( generator.NewSymmetricSecretHelper( "pinniped-oidc-provider-upstream-state-signature-key-", cfg.Labels, rand.Reader, generator.SecretUsageStateSigningKey, - func(oidcProviderIssuer string, symmetricKey []byte) { - plog.Debug("setting state signature key", "issuer", oidcProviderIssuer) - secretCache.SetStateEncoderHashKey(oidcProviderIssuer, symmetricKey) + func(federationDomainIssuer string, symmetricKey []byte) { + plog.Debug("setting state signature key", "issuer", federationDomainIssuer) + secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey) }, ), kubeClient, @@ -202,15 +202,15 @@ func startControllers( singletonWorker, ). WithController( - generator.NewOIDCProviderSecretsController( + generator.NewFederationDomainSecretsController( generator.NewSymmetricSecretHelper( "pinniped-oidc-provider-upstream-state-encryption-key-", cfg.Labels, rand.Reader, generator.SecretUsageStateEncryptionKey, - func(oidcProviderIssuer string, symmetricKey []byte) { - plog.Debug("setting state encryption key", "issuer", oidcProviderIssuer) - secretCache.SetStateEncoderBlockKey(oidcProviderIssuer, symmetricKey) + func(federationDomainIssuer string, symmetricKey []byte) { + plog.Debug("setting state encryption key", "issuer", federationDomainIssuer) + secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey) }, ), kubeClient, @@ -225,7 +225,7 @@ func startControllers( upstreamwatcher.New( dynamicUpstreamIDPProvider, pinnipedClient, - pinnipedInformers.IDP().V1alpha1().UpstreamOIDCProviders(), + pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(), kubeInformers.Core().V1().Secrets(), klogr.New()), singletonWorker) diff --git a/deploy/supervisor/README.md b/deploy/supervisor/README.md index 4216a0dd..b97f39d7 100644 --- a/deploy/supervisor/README.md +++ b/deploy/supervisor/README.md @@ -59,7 +59,7 @@ The most common ways are: 1. Or, define a [TCP LoadBalancer Service](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) which is a layer 4 load balancer and does not terminate TLS. In this case, the Supervisor app will need to be - configured with TLS certificates and will terminate the TLS connection itself (see the section about OIDCProvider + configured with TLS certificates and will terminate the TLS connection itself (see the section about FederationDomain below). The LoadBalancer Service should be configured to use the HTTPS port 443 of the Supervisor pods as its `targetPort`. *Warning:* Do not expose the Supervisor's port 8080 to the public. It would not be secure for the OIDC protocol @@ -132,12 +132,12 @@ spec: ### Configuring the Supervisor to Act as an OIDC Provider -The Supervisor can be configured as an OIDC provider by creating `OIDCProvider` resources +The Supervisor can be configured as an OIDC provider by creating `FederationDomain` resources in the same namespace where the Supervisor app was installed. For example: ```yaml apiVersion: config.supervisor.pinniped.dev/v1alpha1 -kind: OIDCProvider +kind: FederationDomain metadata: name: my-provider # Assuming that this is the namespace where the supervisor was installed. This is the default in install-supervisor.yaml. @@ -156,12 +156,12 @@ spec: #### Configuring TLS for the Supervisor OIDC Endpoints If you have terminated TLS outside the app, for example using an Ingress with TLS certificates, then you do not need to -configure TLS certificates on the OIDCProvider. +configure TLS certificates on the FederationDomain. If you are using a LoadBalancer Service to expose the Supervisor app outside your cluster, then you will also need to configure the Supervisor app to terminate TLS. There are two places to configure TLS certificates: -1. Each `OIDCProvider` can be configured with TLS certificates, using the `spec.tls.secretName` field. +1. Each `FederationDomain` can be configured with TLS certificates, using the `spec.tls.secretName` field. 1. The default TLS certificate for all OIDC providers can be configured by creating a Secret called `pinniped-supervisor-default-tls-certificate` in the same namespace in which the Supervisor was installed. diff --git a/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml b/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml similarity index 93% rename from generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml rename to deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml index 47c6f5a9..d894643b 100644 --- a/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml +++ b/deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml @@ -6,22 +6,22 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviders.config.supervisor.pinniped.dev + name: federationdomains.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: categories: - pinniped - kind: OIDCProvider - listKind: OIDCProviderList - plural: oidcproviders - singular: oidcprovider + kind: FederationDomain + listKind: FederationDomainList + plural: federationdomains + singular: federationdomain scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProvider describes the configuration of an OIDC provider. + description: FederationDomain describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -50,14 +50,14 @@ spec: minLength: 1 type: string tls: - description: TLS configures how this OIDCProvider is served over Transport - Layer Security (TLS). + description: TLS configures how this FederationDomain is served over + Transport Layer Security (TLS). properties: secretName: description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by - this OIDCProvider. When provided, the TLS Secret named here + this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. \n Server Name Indication (SNI) is an extension to the Transport Layer Security diff --git a/generated/1.18/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml b/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml similarity index 96% rename from generated/1.18/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml rename to deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index bd239a6f..75cf37d0 100644 --- a/generated/1.18/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml +++ b/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -6,7 +6,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: upstreamoidcproviders.idp.supervisor.pinniped.dev + name: oidcidentityproviders.idp.supervisor.pinniped.dev spec: group: idp.supervisor.pinniped.dev names: @@ -14,10 +14,10 @@ spec: - pinniped - pinniped-idp - pinniped-idps - kind: UpstreamOIDCProvider - listKind: UpstreamOIDCProviderList - plural: upstreamoidcproviders - singular: upstreamoidcprovider + kind: OIDCIdentityProvider + listKind: OIDCIdentityProviderList + plural: oidcidentityproviders + singular: oidcidentityprovider scope: Namespaced versions: - additionalPrinterColumns: @@ -33,7 +33,7 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: UpstreamOIDCProvider describes the configuration of an upstream + description: OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. properties: apiVersion: @@ -183,7 +183,7 @@ spec: x-kubernetes-list-type: map phase: default: Pending - description: Phase summarizes the overall status of the UpstreamOIDCProvider. + description: Phase summarizes the overall status of the OIDCIdentityProvider. enum: - Pending - Ready diff --git a/deploy/supervisor/rbac.yaml b/deploy/supervisor/rbac.yaml index b66c00fc..44b7b93a 100644 --- a/deploy/supervisor/rbac.yaml +++ b/deploy/supervisor/rbac.yaml @@ -17,13 +17,13 @@ rules: resources: [secrets] verbs: [create, get, list, patch, update, watch, delete] - apiGroups: [config.supervisor.pinniped.dev] - resources: [oidcproviders] + resources: [federationdomains] verbs: [update, get, list, watch] - apiGroups: [idp.supervisor.pinniped.dev] - resources: [upstreamoidcproviders] + resources: [oidcidentityproviders] verbs: [get, list, watch] - apiGroups: [idp.supervisor.pinniped.dev] - resources: [upstreamoidcproviders/status] + resources: [oidcidentityproviders/status] verbs: [get, patch, update] #! We want to be able to read pods/replicasets/deployment so we can learn who our deployment is to set #! as an owner reference. diff --git a/deploy/supervisor/z0_crd_overlay.yaml b/deploy/supervisor/z0_crd_overlay.yaml index b51556c5..e7888f5b 100644 --- a/deploy/supervisor/z0_crd_overlay.yaml +++ b/deploy/supervisor/z0_crd_overlay.yaml @@ -4,13 +4,13 @@ #@ load("@ytt:overlay", "overlay") #@ load("helpers.lib.yaml", "labels") -#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcproviders.config.supervisor.pinniped.dev"}}), expects=1 +#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"federationdomains.config.supervisor.pinniped.dev"}}), expects=1 --- metadata: #@overlay/match missing_ok=True labels: #@ labels() -#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"upstreamoidcproviders.idp.supervisor.pinniped.dev"}}), expects=1 +#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcidentityproviders.idp.supervisor.pinniped.dev"}}), expects=1 --- metadata: #@overlay/match missing_ok=True diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 6db75766..78e691e8 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -301,14 +301,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuratio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovider"] -==== OIDCProvider +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomain"] +==== FederationDomain -OIDCProvider describes the configuration of an OIDC provider. +FederationDomain describes the configuration of an OIDC provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderlist[$$OIDCProviderList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainlist[$$FederationDomainList$$] **** [cols="25a,75a", options="header"] @@ -316,21 +316,21 @@ OIDCProvider describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$]__ | Spec of the OIDC provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$]__ | Status of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainspec[$$FederationDomainSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainstatus[$$FederationDomainStatus$$]__ | Status of the OIDC provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovidersecrets"] -==== OIDCProviderSecrets +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainsecrets"] +==== FederationDomainSecrets -OIDCProviderSecrets holds information about this OIDC Provider's secrets. +FederationDomainSecrets holds information about this OIDC Provider's secrets. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainstatus[$$FederationDomainStatus$$] **** [cols="25a,75a", options="header"] @@ -343,14 +343,14 @@ OIDCProviderSecrets holds information about this OIDC Provider's secrets. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderspec"] -==== OIDCProviderSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainspec"] +==== FederationDomainSpec -OIDCProviderSpec is a struct that describes an OIDC Provider. +FederationDomainSpec is a struct that describes an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomain[$$FederationDomain$$] **** [cols="25a,75a", options="header"] @@ -358,44 +358,44 @@ OIDCProviderSpec is a struct that describes an OIDC Provider. | Field | Description | *`issuer`* __string__ | Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the identifier that it will use for the iss claim in issued JWTs. This field will also be used as the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is https://example.com/foo, then your authorization endpoint will look like https://example.com/foo/some/path/to/auth/endpoint). See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information. -| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovidertlsspec[$$OIDCProviderTLSSpec$$]__ | TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomaintlsspec[$$FederationDomainTLSSpec$$]__ | TLS configures how this FederationDomain is served over Transport Layer Security (TLS). |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderstatus"] -==== OIDCProviderStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainstatus"] +==== FederationDomainStatus -OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomain[$$FederationDomain$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`status`* __OIDCProviderStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. +| *`status`* __FederationDomainStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. | *`message`* __string__ | Message provides human-readable details about the Status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811). -| *`secrets`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovidersecrets[$$OIDCProviderSecrets$$]__ | Secrets contains information about this OIDC Provider's secrets. +| *`secrets`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainsecrets[$$FederationDomainSecrets$$]__ | Secrets contains information about this OIDC Provider's secrets. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovidertlsspec"] -==== OIDCProviderTLSSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomaintlsspec"] +==== FederationDomainTLSSpec -OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-federationdomainspec[$$FederationDomainSpec$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. +| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. @@ -418,7 +418,7 @@ Condition status of a resource (mirrored from the metav1.Condition type added in .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus[$$UpstreamOIDCProviderStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus[$$OIDCIdentityProviderStatus$$] **** [cols="25a,75a", options="header"] @@ -440,7 +440,7 @@ OIDCAuthorizationConfig provides information about how to form the OAuth2 author .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -457,7 +457,7 @@ OIDCClaims provides a mapping from upstream claims into identities. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -475,7 +475,7 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -485,31 +485,14 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-tlsspec"] -==== TLSSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityprovider"] +==== OIDCIdentityProvider -Configuration for TLS parameters related to identity provider integration. +OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description -| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. -|=== - - -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"] -==== UpstreamOIDCProvider - -UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. - -.Appears In: -**** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderlist[$$UpstreamOIDCProviderList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderlist[$$OIDCIdentityProviderList$$] **** [cols="25a,75a", options="header"] @@ -517,21 +500,21 @@ UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect i | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$]__ | Spec for configuring the identity provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus[$$UpstreamOIDCProviderStatus$$]__ | Status of the identity provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$]__ | Spec for configuring the identity provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus[$$OIDCIdentityProviderStatus$$]__ | Status of the identity provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec"] -==== UpstreamOIDCProviderSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec"] +==== OIDCIdentityProviderSpec Spec for configuring an OIDC identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcprovider[$$UpstreamOIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityprovider[$$OIDCIdentityProvider$$] **** [cols="25a,75a", options="header"] @@ -545,24 +528,41 @@ Spec for configuring an OIDC identity provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus"] -==== UpstreamOIDCProviderStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus"] +==== OIDCIdentityProviderStatus Status of an OIDC identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcprovider[$$UpstreamOIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityprovider[$$OIDCIdentityProvider$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`phase`* __UpstreamOIDCProviderPhase__ | Phase summarizes the overall status of the UpstreamOIDCProvider. +| *`phase`* __OIDCIdentityProviderPhase__ | Phase summarizes the overall status of the OIDCIdentityProvider. | *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-tlsspec"] +==== TLSSpec + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. +|=== + + [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"] === login.concierge.pinniped.dev/v1alpha1 diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/register.go b/generated/1.17/apis/supervisor/config/v1alpha1/register.go index 9bf58c3f..32c81af8 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/register.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProvider{}, - &OIDCProviderList{}, + &FederationDomain{}, + &FederationDomainList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go b/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go similarity index 72% rename from generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go rename to generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go index a351900f..2655ab56 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -9,19 +9,19 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret -type OIDCProviderStatusCondition string +type FederationDomainStatusCondition string const ( - SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") - DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") + SuccessFederationDomainStatusCondition = FederationDomainStatusCondition("Success") + DuplicateFederationDomainStatusCondition = FederationDomainStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidFederationDomainStatusCondition = FederationDomainStatusCondition("Invalid") ) -// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. -type OIDCProviderTLSSpec struct { +// FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type FederationDomainTLSSpec struct { // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains - // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use // for TLS. // @@ -41,8 +41,8 @@ type OIDCProviderTLSSpec struct { SecretName string `json:"secretName,omitempty"` } -// OIDCProviderSpec is a struct that describes an OIDC Provider. -type OIDCProviderSpec struct { +// FederationDomainSpec is a struct that describes an OIDC Provider. +type FederationDomainSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -54,13 +54,13 @@ type OIDCProviderSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). + // TLS configures how this FederationDomain is served over Transport Layer Security (TLS). // +optional - TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` + TLS *FederationDomainTLSSpec `json:"tls,omitempty"` } -// OIDCProviderSecrets holds information about this OIDC Provider's secrets. -type OIDCProviderSecrets struct { +// FederationDomainSecrets holds information about this OIDC Provider's secrets. +type FederationDomainSecrets struct { // JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are // stored. If it is empty, then the signing/verification keys are either unknown or they don't // exist. @@ -83,12 +83,12 @@ type OIDCProviderSecrets struct { StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"` } -// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderStatus struct { +// FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. +type FederationDomainStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatusCondition `json:"status,omitempty"` + Status FederationDomainStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -102,29 +102,29 @@ type OIDCProviderStatus struct { // Secrets contains information about this OIDC Provider's secrets. // +optional - Secrets OIDCProviderSecrets `json:"secrets,omitempty"` + Secrets FederationDomainSecrets `json:"secrets,omitempty"` } -// OIDCProvider describes the configuration of an OIDC provider. +// FederationDomain describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped -type OIDCProvider struct { +type FederationDomain struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderSpec `json:"spec"` + Spec FederationDomainSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderStatus `json:"status,omitempty"` + Status FederationDomainStatus `json:"status,omitempty"` } -// List of OIDCProvider objects. +// List of FederationDomain objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type OIDCProviderList struct { +type FederationDomainList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProvider `json:"items"` + Items []FederationDomain `json:"items"` } diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go index 0cfc17a4..64ef403c 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go @@ -12,7 +12,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { +func (in *FederationDomain) DeepCopyInto(out *FederationDomain) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -21,18 +21,18 @@ func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. -func (in *OIDCProvider) DeepCopy() *OIDCProvider { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomain. +func (in *FederationDomain) DeepCopy() *FederationDomain { if in == nil { return nil } - out := new(OIDCProvider) + out := new(FederationDomain) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProvider) DeepCopyObject() runtime.Object { +func (in *FederationDomain) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -40,13 +40,13 @@ func (in *OIDCProvider) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { +func (in *FederationDomainList) DeepCopyInto(out *FederationDomainList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]OIDCProvider, len(*in)) + *out = make([]FederationDomain, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -54,18 +54,18 @@ func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderList. -func (in *OIDCProviderList) DeepCopy() *OIDCProviderList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainList. +func (in *FederationDomainList) DeepCopy() *FederationDomainList { if in == nil { return nil } - out := new(OIDCProviderList) + out := new(FederationDomainList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderList) DeepCopyObject() runtime.Object { +func (in *FederationDomainList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -73,7 +73,7 @@ func (in *OIDCProviderList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderSecrets) DeepCopyInto(out *OIDCProviderSecrets) { +func (in *FederationDomainSecrets) DeepCopyInto(out *FederationDomainSecrets) { *out = *in out.JWKS = in.JWKS out.TokenSigningKey = in.TokenSigningKey @@ -82,39 +82,39 @@ func (in *OIDCProviderSecrets) DeepCopyInto(out *OIDCProviderSecrets) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSecrets. -func (in *OIDCProviderSecrets) DeepCopy() *OIDCProviderSecrets { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSecrets. +func (in *FederationDomainSecrets) DeepCopy() *FederationDomainSecrets { if in == nil { return nil } - out := new(OIDCProviderSecrets) + out := new(FederationDomainSecrets) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderSpec) DeepCopyInto(out *OIDCProviderSpec) { +func (in *FederationDomainSpec) DeepCopyInto(out *FederationDomainSpec) { *out = *in if in.TLS != nil { in, out := &in.TLS, &out.TLS - *out = new(OIDCProviderTLSSpec) + *out = new(FederationDomainTLSSpec) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSpec. -func (in *OIDCProviderSpec) DeepCopy() *OIDCProviderSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSpec. +func (in *FederationDomainSpec) DeepCopy() *FederationDomainSpec { if in == nil { return nil } - out := new(OIDCProviderSpec) + out := new(FederationDomainSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { +func (in *FederationDomainStatus) DeepCopyInto(out *FederationDomainStatus) { *out = *in if in.LastUpdateTime != nil { in, out := &in.LastUpdateTime, &out.LastUpdateTime @@ -124,28 +124,28 @@ func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. -func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainStatus. +func (in *FederationDomainStatus) DeepCopy() *FederationDomainStatus { if in == nil { return nil } - out := new(OIDCProviderStatus) + out := new(FederationDomainStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderTLSSpec) DeepCopyInto(out *OIDCProviderTLSSpec) { +func (in *FederationDomainTLSSpec) DeepCopyInto(out *FederationDomainTLSSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderTLSSpec. -func (in *OIDCProviderTLSSpec) DeepCopy() *OIDCProviderTLSSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainTLSSpec. +func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec { if in == nil { return nil } - out := new(OIDCProviderTLSSpec) + out := new(FederationDomainTLSSpec) in.DeepCopyInto(out) return out } diff --git a/generated/1.17/apis/supervisor/idp/v1alpha1/register.go b/generated/1.17/apis/supervisor/idp/v1alpha1/register.go index 67e549f9..c03b7dde 100644 --- a/generated/1.17/apis/supervisor/idp/v1alpha1/register.go +++ b/generated/1.17/apis/supervisor/idp/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &UpstreamOIDCProvider{}, - &UpstreamOIDCProviderList{}, + &OIDCIdentityProvider{}, + &OIDCIdentityProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go.tmpl b/generated/1.17/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go similarity index 80% rename from apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go.tmpl rename to generated/1.17/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go index 09f74c7c..21945fcf 100644 --- a/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go.tmpl +++ b/generated/1.17/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go @@ -7,25 +7,25 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type UpstreamOIDCProviderPhase string +type OIDCIdentityProviderPhase string const ( - // PhasePending is the default phase for newly-created UpstreamOIDCProvider resources. - PhasePending UpstreamOIDCProviderPhase = "Pending" + // PhasePending is the default phase for newly-created OIDCIdentityProvider resources. + PhasePending OIDCIdentityProviderPhase = "Pending" - // PhaseReady is the phase for an UpstreamOIDCProvider resource in a healthy state. - PhaseReady UpstreamOIDCProviderPhase = "Ready" + // PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state. + PhaseReady OIDCIdentityProviderPhase = "Ready" - // PhaseError is the phase for an UpstreamOIDCProvider in an unhealthy state. - PhaseError UpstreamOIDCProviderPhase = "Error" + // PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state. + PhaseError OIDCIdentityProviderPhase = "Error" ) // Status of an OIDC identity provider. -type UpstreamOIDCProviderStatus struct { - // Phase summarizes the overall status of the UpstreamOIDCProvider. +type OIDCIdentityProviderStatus struct { + // Phase summarizes the overall status of the OIDCIdentityProvider. // +kubebuilder:default=Pending // +kubebuilder:validation:Enum=Pending;Ready;Error - Phase UpstreamOIDCProviderPhase `json:"phase,omitempty"` + Phase OIDCIdentityProviderPhase `json:"phase,omitempty"` // Represents the observations of an identity provider's current state. // +patchMergeKey=type @@ -68,7 +68,7 @@ type OIDCClient struct { } // Spec for configuring an OIDC identity provider. -type UpstreamOIDCProviderSpec struct { +type OIDCIdentityProviderSpec struct { // Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch // /.well-known/openid-configuration. // +kubebuilder:validation:MinLength=1 @@ -94,7 +94,7 @@ type UpstreamOIDCProviderSpec struct { Client OIDCClient `json:"client"` } -// UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. +// OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps @@ -102,22 +102,22 @@ type UpstreamOIDCProviderSpec struct { // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase` // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status -type UpstreamOIDCProvider struct { +type OIDCIdentityProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec for configuring the identity provider. - Spec UpstreamOIDCProviderSpec `json:"spec"` + Spec OIDCIdentityProviderSpec `json:"spec"` // Status of the identity provider. - Status UpstreamOIDCProviderStatus `json:"status,omitempty"` + Status OIDCIdentityProviderStatus `json:"status,omitempty"` } -// List of UpstreamOIDCProvider objects. +// List of OIDCIdentityProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type UpstreamOIDCProviderList struct { +type OIDCIdentityProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []UpstreamOIDCProvider `json:"items"` + Items []OIDCIdentityProvider `json:"items"` } diff --git a/generated/1.17/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 9eeade4e..b3ab1ae1 100644 --- a/generated/1.17/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -81,6 +81,114 @@ func (in *OIDCClient) DeepCopy() *OIDCClient { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProvider) DeepCopyInto(out *OIDCIdentityProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProvider. +func (in *OIDCIdentityProvider) DeepCopy() *OIDCIdentityProvider { + if in == nil { + return nil + } + out := new(OIDCIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OIDCIdentityProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderList) DeepCopyInto(out *OIDCIdentityProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OIDCIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderList. +func (in *OIDCIdentityProviderList) DeepCopy() *OIDCIdentityProviderList { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OIDCIdentityProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderSpec) DeepCopyInto(out *OIDCIdentityProviderSpec) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(TLSSpec) + **out = **in + } + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + out.Claims = in.Claims + out.Client = in.Client + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderSpec. +func (in *OIDCIdentityProviderSpec) DeepCopy() *OIDCIdentityProviderSpec { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderStatus) DeepCopyInto(out *OIDCIdentityProviderStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderStatus. +func (in *OIDCIdentityProviderStatus) DeepCopy() *OIDCIdentityProviderStatus { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in @@ -96,111 +204,3 @@ func (in *TLSSpec) DeepCopy() *TLSSpec { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProvider. -func (in *UpstreamOIDCProvider) DeepCopy() *UpstreamOIDCProvider { - if in == nil { - return nil - } - out := new(UpstreamOIDCProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *UpstreamOIDCProvider) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderList) DeepCopyInto(out *UpstreamOIDCProviderList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]UpstreamOIDCProvider, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderList. -func (in *UpstreamOIDCProviderList) DeepCopy() *UpstreamOIDCProviderList { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *UpstreamOIDCProviderList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) { - *out = *in - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = new(TLSSpec) - **out = **in - } - in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) - out.Claims = in.Claims - out.Client = in.Client - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderSpec. -func (in *UpstreamOIDCProviderSpec) DeepCopy() *UpstreamOIDCProviderSpec { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderStatus) DeepCopyInto(out *UpstreamOIDCProviderStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderStatus. -func (in *UpstreamOIDCProviderStatus) DeepCopy() *UpstreamOIDCProviderStatus { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderStatus) - in.DeepCopyInto(out) - return out -} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go index 71ffaa40..270321e2 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - OIDCProvidersGetter + FederationDomainsGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) OIDCProviders(namespace string) OIDCProviderInterface { - return newOIDCProviders(c, namespace) +func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDomainInterface { + return newFederationDomains(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index 4b1ea9b4..96e36096 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) OIDCProviders(namespace string) v1alpha1.OIDCProviderInterface { - return &FakeOIDCProviders{c, namespace} +func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.FederationDomainInterface { + return &FakeFederationDomains{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go new file mode 100644 index 00000000..ea7ab19c --- /dev/null +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go @@ -0,0 +1,127 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeFederationDomains implements FederationDomainInterface +type FakeFederationDomains struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var federationdomainsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "federationdomains"} + +var federationdomainsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "FederationDomain"} + +// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any. +func (c *FakeFederationDomains) Get(name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// List takes label and field selectors, and returns the list of FederationDomains that match those selectors. +func (c *FakeFederationDomains) List(opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(federationdomainsResource, federationdomainsKind, c.ns, opts), &v1alpha1.FederationDomainList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.FederationDomainList{ListMeta: obj.(*v1alpha1.FederationDomainList).ListMeta} + for _, item := range obj.(*v1alpha1.FederationDomainList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested federationDomains. +func (c *FakeFederationDomains) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(federationdomainsResource, c.ns, opts)) + +} + +// Create takes the representation of a federationDomain and creates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *FakeFederationDomains) Create(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *FakeFederationDomains) Update(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeFederationDomains) UpdateStatus(federationDomain *v1alpha1.FederationDomain) (*v1alpha1.FederationDomain, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(federationdomainsResource, "status", c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs. +func (c *FakeFederationDomains) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeFederationDomains) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(federationdomainsResource, c.ns, listOptions) + + _, err := c.Fake.Invokes(action, &v1alpha1.FederationDomainList{}) + return err +} + +// Patch applies the patch and returns the patched federationDomain. +func (c *FakeFederationDomains) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(federationdomainsResource, c.ns, name, pt, data, subresources...), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go deleted file mode 100644 index 3c9cc7eb..00000000 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeOIDCProviders implements OIDCProviderInterface -type FakeOIDCProviders struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var oidcprovidersResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviders"} - -var oidcprovidersKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProvider"} - -// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. -func (c *FakeOIDCProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. -func (c *FakeOIDCProviders) List(opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(oidcprovidersResource, oidcprovidersKind, c.ns, opts), &v1alpha1.OIDCProviderList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.OIDCProviderList{ListMeta: obj.(*v1alpha1.OIDCProviderList).ListMeta} - for _, item := range obj.(*v1alpha1.OIDCProviderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested oIDCProviders. -func (c *FakeOIDCProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(oidcprovidersResource, c.ns, opts)) - -} - -// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *FakeOIDCProviders) Create(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *FakeOIDCProviders) Update(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOIDCProviders) UpdateStatus(oIDCProvider *v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(oidcprovidersResource, "status", c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. -func (c *FakeOIDCProviders) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeOIDCProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(oidcprovidersResource, c.ns, listOptions) - - _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderList{}) - return err -} - -// Patch applies the patch and returns the patched oIDCProvider. -func (c *FakeOIDCProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(oidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..f59e2518 --- /dev/null +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go @@ -0,0 +1,178 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "time" + + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// FederationDomainsGetter has a method to return a FederationDomainInterface. +// A group's client should implement this interface. +type FederationDomainsGetter interface { + FederationDomains(namespace string) FederationDomainInterface +} + +// FederationDomainInterface has methods to work with FederationDomain resources. +type FederationDomainInterface interface { + Create(*v1alpha1.FederationDomain) (*v1alpha1.FederationDomain, error) + Update(*v1alpha1.FederationDomain) (*v1alpha1.FederationDomain, error) + UpdateStatus(*v1alpha1.FederationDomain) (*v1alpha1.FederationDomain, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.FederationDomain, error) + List(opts v1.ListOptions) (*v1alpha1.FederationDomainList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.FederationDomain, err error) + FederationDomainExpansion +} + +// federationDomains implements FederationDomainInterface +type federationDomains struct { + client rest.Interface + ns string +} + +// newFederationDomains returns a FederationDomains +func newFederationDomains(c *ConfigV1alpha1Client, namespace string) *federationDomains { + return &federationDomains{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any. +func (c *federationDomains) Get(name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of FederationDomains that match those selectors. +func (c *federationDomains) List(opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.FederationDomainList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested federationDomains. +func (c *federationDomains) Watch(opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a federationDomain and creates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *federationDomains) Create(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Post(). + Namespace(c.ns). + Resource("federationdomains"). + Body(federationDomain). + Do(). + Into(result) + return +} + +// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *federationDomains) Update(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Put(). + Namespace(c.ns). + Resource("federationdomains"). + Name(federationDomain.Name). + Body(federationDomain). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *federationDomains) UpdateStatus(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Put(). + Namespace(c.ns). + Resource("federationdomains"). + Name(federationDomain.Name). + SubResource("status"). + Body(federationDomain). + Do(). + Into(result) + return +} + +// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs. +func (c *federationDomains) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *federationDomains) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched federationDomain. +func (c *federationDomains) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("federationdomains"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 09541c9a..00f4c934 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type OIDCProviderExpansion interface{} +type FederationDomainExpansion interface{} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go deleted file mode 100644 index 9e7ee623..00000000 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,178 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "time" - - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// OIDCProvidersGetter has a method to return a OIDCProviderInterface. -// A group's client should implement this interface. -type OIDCProvidersGetter interface { - OIDCProviders(namespace string) OIDCProviderInterface -} - -// OIDCProviderInterface has methods to work with OIDCProvider resources. -type OIDCProviderInterface interface { - Create(*v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) - Update(*v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) - UpdateStatus(*v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) - Delete(name string, options *v1.DeleteOptions) error - DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error - Get(name string, options v1.GetOptions) (*v1alpha1.OIDCProvider, error) - List(opts v1.ListOptions) (*v1alpha1.OIDCProviderList, error) - Watch(opts v1.ListOptions) (watch.Interface, error) - Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProvider, err error) - OIDCProviderExpansion -} - -// oIDCProviders implements OIDCProviderInterface -type oIDCProviders struct { - client rest.Interface - ns string -} - -// newOIDCProviders returns a OIDCProviders -func newOIDCProviders(c *ConfigV1alpha1Client, namespace string) *oIDCProviders { - return &oIDCProviders{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. -func (c *oIDCProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. -func (c *oIDCProviders) List(opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.OIDCProviderList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested oIDCProviders. -func (c *oIDCProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch() -} - -// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *oIDCProviders) Create(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Post(). - Namespace(c.ns). - Resource("oidcproviders"). - Body(oIDCProvider). - Do(). - Into(result) - return -} - -// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *oIDCProviders) Update(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(oIDCProvider.Name). - Body(oIDCProvider). - Do(). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - -func (c *oIDCProviders) UpdateStatus(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(oIDCProvider.Name). - SubResource("status"). - Body(oIDCProvider). - Do(). - Into(result) - return -} - -// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. -func (c *oIDCProviders) Delete(name string, options *v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - Body(options). - Do(). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *oIDCProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - var timeout time.Duration - if listOptions.TimeoutSeconds != nil { - timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&listOptions, scheme.ParameterCodec). - Timeout(timeout). - Body(options). - Do(). - Error() -} - -// Patch applies the patch and returns the patched oIDCProvider. -func (c *oIDCProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("oidcproviders"). - SubResource(subresources...). - Name(name). - Body(data). - Do(). - Into(result) - return -} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go index 28f33fa3..0007036e 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go @@ -15,8 +15,8 @@ type FakeIDPV1alpha1 struct { *testing.Fake } -func (c *FakeIDPV1alpha1) UpstreamOIDCProviders(namespace string) v1alpha1.UpstreamOIDCProviderInterface { - return &FakeUpstreamOIDCProviders{c, namespace} +func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface { + return &FakeOIDCIdentityProviders{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go new file mode 100644 index 00000000..739979e8 --- /dev/null +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go @@ -0,0 +1,127 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOIDCIdentityProviders implements OIDCIdentityProviderInterface +type FakeOIDCIdentityProviders struct { + Fake *FakeIDPV1alpha1 + ns string +} + +var oidcidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcidentityproviders"} + +var oidcidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCIdentityProvider"} + +// Get takes name of the oIDCIdentityProvider, and returns the corresponding oIDCIdentityProvider object, and an error if there is any. +func (c *FakeOIDCIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(oidcidentityprovidersResource, c.ns, name), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// List takes label and field selectors, and returns the list of OIDCIdentityProviders that match those selectors. +func (c *FakeOIDCIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.OIDCIdentityProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(oidcidentityprovidersResource, oidcidentityprovidersKind, c.ns, opts), &v1alpha1.OIDCIdentityProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.OIDCIdentityProviderList{ListMeta: obj.(*v1alpha1.OIDCIdentityProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.OIDCIdentityProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested oIDCIdentityProviders. +func (c *FakeOIDCIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(oidcidentityprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a oIDCIdentityProvider and creates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *FakeOIDCIdentityProviders) Create(oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(oidcidentityprovidersResource, c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// Update takes the representation of a oIDCIdentityProvider and updates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *FakeOIDCIdentityProviders) Update(oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(oidcidentityprovidersResource, c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCIdentityProviders) UpdateStatus(oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider) (*v1alpha1.OIDCIdentityProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcidentityprovidersResource, "status", c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// Delete takes name of the oIDCIdentityProvider and deletes it. Returns an error if one occurs. +func (c *FakeOIDCIdentityProviders) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(oidcidentityprovidersResource, c.ns, name), &v1alpha1.OIDCIdentityProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOIDCIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(oidcidentityprovidersResource, c.ns, listOptions) + + _, err := c.Fake.Invokes(action, &v1alpha1.OIDCIdentityProviderList{}) + return err +} + +// Patch applies the patch and returns the patched oIDCIdentityProvider. +func (c *FakeOIDCIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(oidcidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go deleted file mode 100644 index 167261ea..00000000 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeUpstreamOIDCProviders implements UpstreamOIDCProviderInterface -type FakeUpstreamOIDCProviders struct { - Fake *FakeIDPV1alpha1 - ns string -} - -var upstreamoidcprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "upstreamoidcproviders"} - -var upstreamoidcprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "UpstreamOIDCProvider"} - -// Get takes name of the upstreamOIDCProvider, and returns the corresponding upstreamOIDCProvider object, and an error if there is any. -func (c *FakeUpstreamOIDCProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(upstreamoidcprovidersResource, c.ns, name), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// List takes label and field selectors, and returns the list of UpstreamOIDCProviders that match those selectors. -func (c *FakeUpstreamOIDCProviders) List(opts v1.ListOptions) (result *v1alpha1.UpstreamOIDCProviderList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(upstreamoidcprovidersResource, upstreamoidcprovidersKind, c.ns, opts), &v1alpha1.UpstreamOIDCProviderList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.UpstreamOIDCProviderList{ListMeta: obj.(*v1alpha1.UpstreamOIDCProviderList).ListMeta} - for _, item := range obj.(*v1alpha1.UpstreamOIDCProviderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested upstreamOIDCProviders. -func (c *FakeUpstreamOIDCProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(upstreamoidcprovidersResource, c.ns, opts)) - -} - -// Create takes the representation of a upstreamOIDCProvider and creates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *FakeUpstreamOIDCProviders) Create(upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(upstreamoidcprovidersResource, c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// Update takes the representation of a upstreamOIDCProvider and updates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *FakeUpstreamOIDCProviders) Update(upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(upstreamoidcprovidersResource, c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeUpstreamOIDCProviders) UpdateStatus(upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider) (*v1alpha1.UpstreamOIDCProvider, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(upstreamoidcprovidersResource, "status", c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// Delete takes name of the upstreamOIDCProvider and deletes it. Returns an error if one occurs. -func (c *FakeUpstreamOIDCProviders) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(upstreamoidcprovidersResource, c.ns, name), &v1alpha1.UpstreamOIDCProvider{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeUpstreamOIDCProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(upstreamoidcprovidersResource, c.ns, listOptions) - - _, err := c.Fake.Invokes(action, &v1alpha1.UpstreamOIDCProviderList{}) - return err -} - -// Patch applies the patch and returns the patched upstreamOIDCProvider. -func (c *FakeUpstreamOIDCProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(upstreamoidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go index 1950f156..55c3c3e5 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type UpstreamOIDCProviderExpansion interface{} +type OIDCIdentityProviderExpansion interface{} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go index 35b1deff..cda53357 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go @@ -13,7 +13,7 @@ import ( type IDPV1alpha1Interface interface { RESTClient() rest.Interface - UpstreamOIDCProvidersGetter + OIDCIdentityProvidersGetter } // IDPV1alpha1Client is used to interact with features provided by the idp.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type IDPV1alpha1Client struct { restClient rest.Interface } -func (c *IDPV1alpha1Client) UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderInterface { - return newUpstreamOIDCProviders(c, namespace) +func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface { + return newOIDCIdentityProviders(c, namespace) } // NewForConfig creates a new IDPV1alpha1Client for the given config. diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go new file mode 100644 index 00000000..2bce199a --- /dev/null +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go @@ -0,0 +1,178 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "time" + + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" + scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// OIDCIdentityProvidersGetter has a method to return a OIDCIdentityProviderInterface. +// A group's client should implement this interface. +type OIDCIdentityProvidersGetter interface { + OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface +} + +// OIDCIdentityProviderInterface has methods to work with OIDCIdentityProvider resources. +type OIDCIdentityProviderInterface interface { + Create(*v1alpha1.OIDCIdentityProvider) (*v1alpha1.OIDCIdentityProvider, error) + Update(*v1alpha1.OIDCIdentityProvider) (*v1alpha1.OIDCIdentityProvider, error) + UpdateStatus(*v1alpha1.OIDCIdentityProvider) (*v1alpha1.OIDCIdentityProvider, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.OIDCIdentityProvider, error) + List(opts v1.ListOptions) (*v1alpha1.OIDCIdentityProviderList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) + OIDCIdentityProviderExpansion +} + +// oIDCIdentityProviders implements OIDCIdentityProviderInterface +type oIDCIdentityProviders struct { + client rest.Interface + ns string +} + +// newOIDCIdentityProviders returns a OIDCIdentityProviders +func newOIDCIdentityProviders(c *IDPV1alpha1Client, namespace string) *oIDCIdentityProviders { + return &oIDCIdentityProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the oIDCIdentityProvider, and returns the corresponding oIDCIdentityProvider object, and an error if there is any. +func (c *oIDCIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of OIDCIdentityProviders that match those selectors. +func (c *oIDCIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.OIDCIdentityProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.OIDCIdentityProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested oIDCIdentityProviders. +func (c *oIDCIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a oIDCIdentityProvider and creates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *oIDCIdentityProviders) Create(oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Body(oIDCIdentityProvider). + Do(). + Into(result) + return +} + +// Update takes the representation of a oIDCIdentityProvider and updates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *oIDCIdentityProviders) Update(oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(oIDCIdentityProvider.Name). + Body(oIDCIdentityProvider). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *oIDCIdentityProviders) UpdateStatus(oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(oIDCIdentityProvider.Name). + SubResource("status"). + Body(oIDCIdentityProvider). + Do(). + Into(result) + return +} + +// Delete takes name of the oIDCIdentityProvider and deletes it. Returns an error if one occurs. +func (c *oIDCIdentityProviders) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *oIDCIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched oIDCIdentityProvider. +func (c *oIDCIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("oidcidentityproviders"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go deleted file mode 100644 index 9e459593..00000000 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go +++ /dev/null @@ -1,178 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "time" - - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" - scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// UpstreamOIDCProvidersGetter has a method to return a UpstreamOIDCProviderInterface. -// A group's client should implement this interface. -type UpstreamOIDCProvidersGetter interface { - UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderInterface -} - -// UpstreamOIDCProviderInterface has methods to work with UpstreamOIDCProvider resources. -type UpstreamOIDCProviderInterface interface { - Create(*v1alpha1.UpstreamOIDCProvider) (*v1alpha1.UpstreamOIDCProvider, error) - Update(*v1alpha1.UpstreamOIDCProvider) (*v1alpha1.UpstreamOIDCProvider, error) - UpdateStatus(*v1alpha1.UpstreamOIDCProvider) (*v1alpha1.UpstreamOIDCProvider, error) - Delete(name string, options *v1.DeleteOptions) error - DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error - Get(name string, options v1.GetOptions) (*v1alpha1.UpstreamOIDCProvider, error) - List(opts v1.ListOptions) (*v1alpha1.UpstreamOIDCProviderList, error) - Watch(opts v1.ListOptions) (watch.Interface, error) - Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) - UpstreamOIDCProviderExpansion -} - -// upstreamOIDCProviders implements UpstreamOIDCProviderInterface -type upstreamOIDCProviders struct { - client rest.Interface - ns string -} - -// newUpstreamOIDCProviders returns a UpstreamOIDCProviders -func newUpstreamOIDCProviders(c *IDPV1alpha1Client, namespace string) *upstreamOIDCProviders { - return &upstreamOIDCProviders{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the upstreamOIDCProvider, and returns the corresponding upstreamOIDCProvider object, and an error if there is any. -func (c *upstreamOIDCProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of UpstreamOIDCProviders that match those selectors. -func (c *upstreamOIDCProviders) List(opts v1.ListOptions) (result *v1alpha1.UpstreamOIDCProviderList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.UpstreamOIDCProviderList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested upstreamOIDCProviders. -func (c *upstreamOIDCProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch() -} - -// Create takes the representation of a upstreamOIDCProvider and creates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *upstreamOIDCProviders) Create(upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Post(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Body(upstreamOIDCProvider). - Do(). - Into(result) - return -} - -// Update takes the representation of a upstreamOIDCProvider and updates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *upstreamOIDCProviders) Update(upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(upstreamOIDCProvider.Name). - Body(upstreamOIDCProvider). - Do(). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - -func (c *upstreamOIDCProviders) UpdateStatus(upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(upstreamOIDCProvider.Name). - SubResource("status"). - Body(upstreamOIDCProvider). - Do(). - Into(result) - return -} - -// Delete takes name of the upstreamOIDCProvider and deletes it. Returns an error if one occurs. -func (c *upstreamOIDCProviders) Delete(name string, options *v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - Body(options). - Do(). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *upstreamOIDCProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - var timeout time.Duration - if listOptions.TimeoutSeconds != nil { - timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&listOptions, scheme.ParameterCodec). - Timeout(timeout). - Body(options). - Do(). - Error() -} - -// Patch applies the patch and returns the patched upstreamOIDCProvider. -func (c *upstreamOIDCProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - SubResource(subresources...). - Name(name). - Body(data). - Do(). - Into(result) - return -} diff --git a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..53b1a780 --- /dev/null +++ b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// FederationDomainInformer provides access to a shared informer and lister for +// FederationDomains. +type FederationDomainInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.FederationDomainLister +} + +type federationDomainInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewFederationDomainInformer constructs a new informer for FederationDomain type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFederationDomainInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredFederationDomainInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredFederationDomainInformer constructs a new informer for FederationDomain type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredFederationDomainInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().FederationDomains(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().FederationDomains(namespace).Watch(options) + }, + }, + &configv1alpha1.FederationDomain{}, + resyncPeriod, + indexers, + ) +} + +func (f *federationDomainInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredFederationDomainInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *federationDomainInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.FederationDomain{}, f.defaultInformer) +} + +func (f *federationDomainInformer) Lister() v1alpha1.FederationDomainLister { + return v1alpha1.NewFederationDomainLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go index 1e580d50..ac047f80 100644 --- a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // OIDCProviders returns a OIDCProviderInformer. - OIDCProviders() OIDCProviderInformer + // FederationDomains returns a FederationDomainInformer. + FederationDomains() FederationDomainInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// OIDCProviders returns a OIDCProviderInformer. -func (v *version) OIDCProviders() OIDCProviderInformer { - return &oIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// FederationDomains returns a FederationDomainInformer. +func (v *version) FederationDomains() FederationDomainInformer { + return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go deleted file mode 100644 index 3d2a6460..00000000 --- a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// OIDCProviderInformer provides access to a shared informer and lister for -// OIDCProviders. -type OIDCProviderInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.OIDCProviderLister -} - -type oIDCProviderInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewOIDCProviderInformer constructs a new informer for OIDCProvider type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredOIDCProviderInformer constructs a new informer for OIDCProvider type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviders(namespace).List(options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviders(namespace).Watch(options) - }, - }, - &configv1alpha1.OIDCProvider{}, - resyncPeriod, - indexers, - ) -} - -func (f *oIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *oIDCProviderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.OIDCProvider{}, f.defaultInformer) -} - -func (f *oIDCProviderInformer) Lister() v1alpha1.OIDCProviderLister { - return v1alpha1.NewOIDCProviderLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.17/client/supervisor/informers/externalversions/generic.go b/generated/1.17/client/supervisor/informers/externalversions/generic.go index 42e3e5a2..5fc8d92d 100644 --- a/generated/1.17/client/supervisor/informers/externalversions/generic.go +++ b/generated/1.17/client/supervisor/informers/externalversions/generic.go @@ -41,12 +41,12 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=config.supervisor.pinniped.dev, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("oidcproviders"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviders().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil // Group=idp.supervisor.pinniped.dev, Version=v1alpha1 - case idpv1alpha1.SchemeGroupVersion.WithResource("upstreamoidcproviders"): - return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().UpstreamOIDCProviders().Informer()}, nil + case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil } diff --git a/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go b/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go index 99eda1f7..f76013cd 100644 --- a/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go +++ b/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // UpstreamOIDCProviders returns a UpstreamOIDCProviderInformer. - UpstreamOIDCProviders() UpstreamOIDCProviderInformer + // OIDCIdentityProviders returns a OIDCIdentityProviderInformer. + OIDCIdentityProviders() OIDCIdentityProviderInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// UpstreamOIDCProviders returns a UpstreamOIDCProviderInformer. -func (v *version) UpstreamOIDCProviders() UpstreamOIDCProviderInformer { - return &upstreamOIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// OIDCIdentityProviders returns a OIDCIdentityProviderInformer. +func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer { + return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go similarity index 65% rename from generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go rename to generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go index 461e8d4a..6862d9a4 100644 --- a/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go +++ b/generated/1.17/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go @@ -18,59 +18,59 @@ import ( cache "k8s.io/client-go/tools/cache" ) -// UpstreamOIDCProviderInformer provides access to a shared informer and lister for -// UpstreamOIDCProviders. -type UpstreamOIDCProviderInformer interface { +// OIDCIdentityProviderInformer provides access to a shared informer and lister for +// OIDCIdentityProviders. +type OIDCIdentityProviderInformer interface { Informer() cache.SharedIndexInformer - Lister() v1alpha1.UpstreamOIDCProviderLister + Lister() v1alpha1.OIDCIdentityProviderLister } -type upstreamOIDCProviderInformer struct { +type oIDCIdentityProviderInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc namespace string } -// NewUpstreamOIDCProviderInformer constructs a new informer for UpstreamOIDCProvider type. +// NewOIDCIdentityProviderInformer constructs a new informer for OIDCIdentityProvider type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewUpstreamOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredUpstreamOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) +func NewOIDCIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOIDCIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil) } -// NewFilteredUpstreamOIDCProviderInformer constructs a new informer for UpstreamOIDCProvider type. +// NewFilteredOIDCIdentityProviderInformer constructs a new informer for OIDCIdentityProvider type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredUpstreamOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredOIDCIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.IDPV1alpha1().UpstreamOIDCProviders(namespace).List(options) + return client.IDPV1alpha1().OIDCIdentityProviders(namespace).List(options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.IDPV1alpha1().UpstreamOIDCProviders(namespace).Watch(options) + return client.IDPV1alpha1().OIDCIdentityProviders(namespace).Watch(options) }, }, - &idpv1alpha1.UpstreamOIDCProvider{}, + &idpv1alpha1.OIDCIdentityProvider{}, resyncPeriod, indexers, ) } -func (f *upstreamOIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredUpstreamOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *oIDCIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOIDCIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *upstreamOIDCProviderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&idpv1alpha1.UpstreamOIDCProvider{}, f.defaultInformer) +func (f *oIDCIdentityProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&idpv1alpha1.OIDCIdentityProvider{}, f.defaultInformer) } -func (f *upstreamOIDCProviderInformer) Lister() v1alpha1.UpstreamOIDCProviderLister { - return v1alpha1.NewUpstreamOIDCProviderLister(f.Informer().GetIndexer()) +func (f *oIDCIdentityProviderInformer) Lister() v1alpha1.OIDCIdentityProviderLister { + return v1alpha1.NewOIDCIdentityProviderLister(f.Informer().GetIndexer()) } diff --git a/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go b/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go index 3d2b7e22..d4e52519 100644 --- a/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// OIDCProviderListerExpansion allows custom methods to be added to -// OIDCProviderLister. -type OIDCProviderListerExpansion interface{} +// FederationDomainListerExpansion allows custom methods to be added to +// FederationDomainLister. +type FederationDomainListerExpansion interface{} -// OIDCProviderNamespaceListerExpansion allows custom methods to be added to -// OIDCProviderNamespaceLister. -type OIDCProviderNamespaceListerExpansion interface{} +// FederationDomainNamespaceListerExpansion allows custom methods to be added to +// FederationDomainNamespaceLister. +type FederationDomainNamespaceListerExpansion interface{} diff --git a/generated/1.17/client/supervisor/listers/config/v1alpha1/federationdomain.go b/generated/1.17/client/supervisor/listers/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..fb47d413 --- /dev/null +++ b/generated/1.17/client/supervisor/listers/config/v1alpha1/federationdomain.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// FederationDomainLister helps list FederationDomains. +type FederationDomainLister interface { + // List lists all FederationDomains in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) + // FederationDomains returns an object that can list and get FederationDomains. + FederationDomains(namespace string) FederationDomainNamespaceLister + FederationDomainListerExpansion +} + +// federationDomainLister implements the FederationDomainLister interface. +type federationDomainLister struct { + indexer cache.Indexer +} + +// NewFederationDomainLister returns a new FederationDomainLister. +func NewFederationDomainLister(indexer cache.Indexer) FederationDomainLister { + return &federationDomainLister{indexer: indexer} +} + +// List lists all FederationDomains in the indexer. +func (s *federationDomainLister) List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.FederationDomain)) + }) + return ret, err +} + +// FederationDomains returns an object that can list and get FederationDomains. +func (s *federationDomainLister) FederationDomains(namespace string) FederationDomainNamespaceLister { + return federationDomainNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// FederationDomainNamespaceLister helps list and get FederationDomains. +type FederationDomainNamespaceLister interface { + // List lists all FederationDomains in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) + // Get retrieves the FederationDomain from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.FederationDomain, error) + FederationDomainNamespaceListerExpansion +} + +// federationDomainNamespaceLister implements the FederationDomainNamespaceLister +// interface. +type federationDomainNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all FederationDomains in the indexer for a given namespace. +func (s federationDomainNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.FederationDomain)) + }) + return ret, err +} + +// Get retrieves the FederationDomain from the indexer for a given namespace and name. +func (s federationDomainNamespaceLister) Get(name string) (*v1alpha1.FederationDomain, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("federationdomain"), name) + } + return obj.(*v1alpha1.FederationDomain), nil +} diff --git a/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go b/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go deleted file mode 100644 index e26d7175..00000000 --- a/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// OIDCProviderLister helps list OIDCProviders. -type OIDCProviderLister interface { - // List lists all OIDCProviders in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) - // OIDCProviders returns an object that can list and get OIDCProviders. - OIDCProviders(namespace string) OIDCProviderNamespaceLister - OIDCProviderListerExpansion -} - -// oIDCProviderLister implements the OIDCProviderLister interface. -type oIDCProviderLister struct { - indexer cache.Indexer -} - -// NewOIDCProviderLister returns a new OIDCProviderLister. -func NewOIDCProviderLister(indexer cache.Indexer) OIDCProviderLister { - return &oIDCProviderLister{indexer: indexer} -} - -// List lists all OIDCProviders in the indexer. -func (s *oIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProvider)) - }) - return ret, err -} - -// OIDCProviders returns an object that can list and get OIDCProviders. -func (s *oIDCProviderLister) OIDCProviders(namespace string) OIDCProviderNamespaceLister { - return oIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// OIDCProviderNamespaceLister helps list and get OIDCProviders. -type OIDCProviderNamespaceLister interface { - // List lists all OIDCProviders in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) - // Get retrieves the OIDCProvider from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.OIDCProvider, error) - OIDCProviderNamespaceListerExpansion -} - -// oIDCProviderNamespaceLister implements the OIDCProviderNamespaceLister -// interface. -type oIDCProviderNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all OIDCProviders in the indexer for a given namespace. -func (s oIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProvider)) - }) - return ret, err -} - -// Get retrieves the OIDCProvider from the indexer for a given namespace and name. -func (s oIDCProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCProvider, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("oidcprovider"), name) - } - return obj.(*v1alpha1.OIDCProvider), nil -} diff --git a/generated/1.17/client/supervisor/listers/idp/v1alpha1/expansion_generated.go b/generated/1.17/client/supervisor/listers/idp/v1alpha1/expansion_generated.go index 5d290e01..da0f8025 100644 --- a/generated/1.17/client/supervisor/listers/idp/v1alpha1/expansion_generated.go +++ b/generated/1.17/client/supervisor/listers/idp/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// UpstreamOIDCProviderListerExpansion allows custom methods to be added to -// UpstreamOIDCProviderLister. -type UpstreamOIDCProviderListerExpansion interface{} +// OIDCIdentityProviderListerExpansion allows custom methods to be added to +// OIDCIdentityProviderLister. +type OIDCIdentityProviderListerExpansion interface{} -// UpstreamOIDCProviderNamespaceListerExpansion allows custom methods to be added to -// UpstreamOIDCProviderNamespaceLister. -type UpstreamOIDCProviderNamespaceListerExpansion interface{} +// OIDCIdentityProviderNamespaceListerExpansion allows custom methods to be added to +// OIDCIdentityProviderNamespaceLister. +type OIDCIdentityProviderNamespaceListerExpansion interface{} diff --git a/generated/1.17/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go b/generated/1.17/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go new file mode 100644 index 00000000..c6cf2861 --- /dev/null +++ b/generated/1.17/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OIDCIdentityProviderLister helps list OIDCIdentityProviders. +type OIDCIdentityProviderLister interface { + // List lists all OIDCIdentityProviders in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) + // OIDCIdentityProviders returns an object that can list and get OIDCIdentityProviders. + OIDCIdentityProviders(namespace string) OIDCIdentityProviderNamespaceLister + OIDCIdentityProviderListerExpansion +} + +// oIDCIdentityProviderLister implements the OIDCIdentityProviderLister interface. +type oIDCIdentityProviderLister struct { + indexer cache.Indexer +} + +// NewOIDCIdentityProviderLister returns a new OIDCIdentityProviderLister. +func NewOIDCIdentityProviderLister(indexer cache.Indexer) OIDCIdentityProviderLister { + return &oIDCIdentityProviderLister{indexer: indexer} +} + +// List lists all OIDCIdentityProviders in the indexer. +func (s *oIDCIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCIdentityProvider)) + }) + return ret, err +} + +// OIDCIdentityProviders returns an object that can list and get OIDCIdentityProviders. +func (s *oIDCIdentityProviderLister) OIDCIdentityProviders(namespace string) OIDCIdentityProviderNamespaceLister { + return oIDCIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OIDCIdentityProviderNamespaceLister helps list and get OIDCIdentityProviders. +type OIDCIdentityProviderNamespaceLister interface { + // List lists all OIDCIdentityProviders in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) + // Get retrieves the OIDCIdentityProvider from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.OIDCIdentityProvider, error) + OIDCIdentityProviderNamespaceListerExpansion +} + +// oIDCIdentityProviderNamespaceLister implements the OIDCIdentityProviderNamespaceLister +// interface. +type oIDCIdentityProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all OIDCIdentityProviders in the indexer for a given namespace. +func (s oIDCIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCIdentityProvider)) + }) + return ret, err +} + +// Get retrieves the OIDCIdentityProvider from the indexer for a given namespace and name. +func (s oIDCIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCIdentityProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("oidcidentityprovider"), name) + } + return obj.(*v1alpha1.OIDCIdentityProvider), nil +} diff --git a/generated/1.17/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.17/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go deleted file mode 100644 index 26f20bcc..00000000 --- a/generated/1.17/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// UpstreamOIDCProviderLister helps list UpstreamOIDCProviders. -type UpstreamOIDCProviderLister interface { - // List lists all UpstreamOIDCProviders in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) - // UpstreamOIDCProviders returns an object that can list and get UpstreamOIDCProviders. - UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderNamespaceLister - UpstreamOIDCProviderListerExpansion -} - -// upstreamOIDCProviderLister implements the UpstreamOIDCProviderLister interface. -type upstreamOIDCProviderLister struct { - indexer cache.Indexer -} - -// NewUpstreamOIDCProviderLister returns a new UpstreamOIDCProviderLister. -func NewUpstreamOIDCProviderLister(indexer cache.Indexer) UpstreamOIDCProviderLister { - return &upstreamOIDCProviderLister{indexer: indexer} -} - -// List lists all UpstreamOIDCProviders in the indexer. -func (s *upstreamOIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.UpstreamOIDCProvider)) - }) - return ret, err -} - -// UpstreamOIDCProviders returns an object that can list and get UpstreamOIDCProviders. -func (s *upstreamOIDCProviderLister) UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderNamespaceLister { - return upstreamOIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// UpstreamOIDCProviderNamespaceLister helps list and get UpstreamOIDCProviders. -type UpstreamOIDCProviderNamespaceLister interface { - // List lists all UpstreamOIDCProviders in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) - // Get retrieves the UpstreamOIDCProvider from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.UpstreamOIDCProvider, error) - UpstreamOIDCProviderNamespaceListerExpansion -} - -// upstreamOIDCProviderNamespaceLister implements the UpstreamOIDCProviderNamespaceLister -// interface. -type upstreamOIDCProviderNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all UpstreamOIDCProviders in the indexer for a given namespace. -func (s upstreamOIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.UpstreamOIDCProvider)) - }) - return ret, err -} - -// Get retrieves the UpstreamOIDCProvider from the indexer for a given namespace and name. -func (s upstreamOIDCProviderNamespaceLister) Get(name string) (*v1alpha1.UpstreamOIDCProvider, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("upstreamoidcprovider"), name) - } - return obj.(*v1alpha1.UpstreamOIDCProvider), nil -} diff --git a/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml b/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml similarity index 93% rename from generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml rename to generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 47c6f5a9..d894643b 100644 --- a/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml +++ b/generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -6,22 +6,22 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviders.config.supervisor.pinniped.dev + name: federationdomains.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: categories: - pinniped - kind: OIDCProvider - listKind: OIDCProviderList - plural: oidcproviders - singular: oidcprovider + kind: FederationDomain + listKind: FederationDomainList + plural: federationdomains + singular: federationdomain scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProvider describes the configuration of an OIDC provider. + description: FederationDomain describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -50,14 +50,14 @@ spec: minLength: 1 type: string tls: - description: TLS configures how this OIDCProvider is served over Transport - Layer Security (TLS). + description: TLS configures how this FederationDomain is served over + Transport Layer Security (TLS). properties: secretName: description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by - this OIDCProvider. When provided, the TLS Secret named here + this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. \n Server Name Indication (SNI) is an extension to the Transport Layer Security diff --git a/generated/1.17/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml b/generated/1.17/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml similarity index 96% rename from generated/1.17/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml rename to generated/1.17/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index bd239a6f..75cf37d0 100644 --- a/generated/1.17/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml +++ b/generated/1.17/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -6,7 +6,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: upstreamoidcproviders.idp.supervisor.pinniped.dev + name: oidcidentityproviders.idp.supervisor.pinniped.dev spec: group: idp.supervisor.pinniped.dev names: @@ -14,10 +14,10 @@ spec: - pinniped - pinniped-idp - pinniped-idps - kind: UpstreamOIDCProvider - listKind: UpstreamOIDCProviderList - plural: upstreamoidcproviders - singular: upstreamoidcprovider + kind: OIDCIdentityProvider + listKind: OIDCIdentityProviderList + plural: oidcidentityproviders + singular: oidcidentityprovider scope: Namespaced versions: - additionalPrinterColumns: @@ -33,7 +33,7 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: UpstreamOIDCProvider describes the configuration of an upstream + description: OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. properties: apiVersion: @@ -183,7 +183,7 @@ spec: x-kubernetes-list-type: map phase: default: Pending - description: Phase summarizes the overall status of the UpstreamOIDCProvider. + description: Phase summarizes the overall status of the OIDCIdentityProvider. enum: - Pending - Ready diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index a8c51180..2be2ab9b 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -301,14 +301,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuratio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovider"] -==== OIDCProvider +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomain"] +==== FederationDomain -OIDCProvider describes the configuration of an OIDC provider. +FederationDomain describes the configuration of an OIDC provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderlist[$$OIDCProviderList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainlist[$$FederationDomainList$$] **** [cols="25a,75a", options="header"] @@ -316,21 +316,21 @@ OIDCProvider describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$]__ | Spec of the OIDC provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$]__ | Status of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainspec[$$FederationDomainSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainstatus[$$FederationDomainStatus$$]__ | Status of the OIDC provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovidersecrets"] -==== OIDCProviderSecrets +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainsecrets"] +==== FederationDomainSecrets -OIDCProviderSecrets holds information about this OIDC Provider's secrets. +FederationDomainSecrets holds information about this OIDC Provider's secrets. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainstatus[$$FederationDomainStatus$$] **** [cols="25a,75a", options="header"] @@ -343,14 +343,14 @@ OIDCProviderSecrets holds information about this OIDC Provider's secrets. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderspec"] -==== OIDCProviderSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainspec"] +==== FederationDomainSpec -OIDCProviderSpec is a struct that describes an OIDC Provider. +FederationDomainSpec is a struct that describes an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomain[$$FederationDomain$$] **** [cols="25a,75a", options="header"] @@ -358,44 +358,44 @@ OIDCProviderSpec is a struct that describes an OIDC Provider. | Field | Description | *`issuer`* __string__ | Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the identifier that it will use for the iss claim in issued JWTs. This field will also be used as the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is https://example.com/foo, then your authorization endpoint will look like https://example.com/foo/some/path/to/auth/endpoint). See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information. -| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovidertlsspec[$$OIDCProviderTLSSpec$$]__ | TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomaintlsspec[$$FederationDomainTLSSpec$$]__ | TLS configures how this FederationDomain is served over Transport Layer Security (TLS). |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderstatus"] -==== OIDCProviderStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainstatus"] +==== FederationDomainStatus -OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomain[$$FederationDomain$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`status`* __OIDCProviderStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. +| *`status`* __FederationDomainStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. | *`message`* __string__ | Message provides human-readable details about the Status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811). -| *`secrets`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovidersecrets[$$OIDCProviderSecrets$$]__ | Secrets contains information about this OIDC Provider's secrets. +| *`secrets`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainsecrets[$$FederationDomainSecrets$$]__ | Secrets contains information about this OIDC Provider's secrets. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovidertlsspec"] -==== OIDCProviderTLSSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomaintlsspec"] +==== FederationDomainTLSSpec -OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-federationdomainspec[$$FederationDomainSpec$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. +| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. @@ -418,7 +418,7 @@ Condition status of a resource (mirrored from the metav1.Condition type added in .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus[$$UpstreamOIDCProviderStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus[$$OIDCIdentityProviderStatus$$] **** [cols="25a,75a", options="header"] @@ -440,7 +440,7 @@ OIDCAuthorizationConfig provides information about how to form the OAuth2 author .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -457,7 +457,7 @@ OIDCClaims provides a mapping from upstream claims into identities. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -475,7 +475,7 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -485,31 +485,14 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-tlsspec"] -==== TLSSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityprovider"] +==== OIDCIdentityProvider -Configuration for TLS parameters related to identity provider integration. +OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description -| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. -|=== - - -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"] -==== UpstreamOIDCProvider - -UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. - -.Appears In: -**** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderlist[$$UpstreamOIDCProviderList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderlist[$$OIDCIdentityProviderList$$] **** [cols="25a,75a", options="header"] @@ -517,21 +500,21 @@ UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect i | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$]__ | Spec for configuring the identity provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus[$$UpstreamOIDCProviderStatus$$]__ | Status of the identity provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$]__ | Spec for configuring the identity provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus[$$OIDCIdentityProviderStatus$$]__ | Status of the identity provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec"] -==== UpstreamOIDCProviderSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec"] +==== OIDCIdentityProviderSpec Spec for configuring an OIDC identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcprovider[$$UpstreamOIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityprovider[$$OIDCIdentityProvider$$] **** [cols="25a,75a", options="header"] @@ -545,24 +528,41 @@ Spec for configuring an OIDC identity provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus"] -==== UpstreamOIDCProviderStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus"] +==== OIDCIdentityProviderStatus Status of an OIDC identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcprovider[$$UpstreamOIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityprovider[$$OIDCIdentityProvider$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`phase`* __UpstreamOIDCProviderPhase__ | Phase summarizes the overall status of the UpstreamOIDCProvider. +| *`phase`* __OIDCIdentityProviderPhase__ | Phase summarizes the overall status of the OIDCIdentityProvider. | *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-tlsspec"] +==== TLSSpec + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. +|=== + + [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"] === login.concierge.pinniped.dev/v1alpha1 diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/register.go b/generated/1.18/apis/supervisor/config/v1alpha1/register.go index 9bf58c3f..32c81af8 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/register.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProvider{}, - &OIDCProviderList{}, + &FederationDomain{}, + &FederationDomainList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go b/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go similarity index 72% rename from generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go rename to generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go index a351900f..2655ab56 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -9,19 +9,19 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret -type OIDCProviderStatusCondition string +type FederationDomainStatusCondition string const ( - SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") - DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") + SuccessFederationDomainStatusCondition = FederationDomainStatusCondition("Success") + DuplicateFederationDomainStatusCondition = FederationDomainStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidFederationDomainStatusCondition = FederationDomainStatusCondition("Invalid") ) -// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. -type OIDCProviderTLSSpec struct { +// FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type FederationDomainTLSSpec struct { // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains - // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use // for TLS. // @@ -41,8 +41,8 @@ type OIDCProviderTLSSpec struct { SecretName string `json:"secretName,omitempty"` } -// OIDCProviderSpec is a struct that describes an OIDC Provider. -type OIDCProviderSpec struct { +// FederationDomainSpec is a struct that describes an OIDC Provider. +type FederationDomainSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -54,13 +54,13 @@ type OIDCProviderSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). + // TLS configures how this FederationDomain is served over Transport Layer Security (TLS). // +optional - TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` + TLS *FederationDomainTLSSpec `json:"tls,omitempty"` } -// OIDCProviderSecrets holds information about this OIDC Provider's secrets. -type OIDCProviderSecrets struct { +// FederationDomainSecrets holds information about this OIDC Provider's secrets. +type FederationDomainSecrets struct { // JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are // stored. If it is empty, then the signing/verification keys are either unknown or they don't // exist. @@ -83,12 +83,12 @@ type OIDCProviderSecrets struct { StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"` } -// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderStatus struct { +// FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. +type FederationDomainStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatusCondition `json:"status,omitempty"` + Status FederationDomainStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -102,29 +102,29 @@ type OIDCProviderStatus struct { // Secrets contains information about this OIDC Provider's secrets. // +optional - Secrets OIDCProviderSecrets `json:"secrets,omitempty"` + Secrets FederationDomainSecrets `json:"secrets,omitempty"` } -// OIDCProvider describes the configuration of an OIDC provider. +// FederationDomain describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped -type OIDCProvider struct { +type FederationDomain struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderSpec `json:"spec"` + Spec FederationDomainSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderStatus `json:"status,omitempty"` + Status FederationDomainStatus `json:"status,omitempty"` } -// List of OIDCProvider objects. +// List of FederationDomain objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type OIDCProviderList struct { +type FederationDomainList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProvider `json:"items"` + Items []FederationDomain `json:"items"` } diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go index 0cfc17a4..64ef403c 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go @@ -12,7 +12,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { +func (in *FederationDomain) DeepCopyInto(out *FederationDomain) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -21,18 +21,18 @@ func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. -func (in *OIDCProvider) DeepCopy() *OIDCProvider { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomain. +func (in *FederationDomain) DeepCopy() *FederationDomain { if in == nil { return nil } - out := new(OIDCProvider) + out := new(FederationDomain) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProvider) DeepCopyObject() runtime.Object { +func (in *FederationDomain) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -40,13 +40,13 @@ func (in *OIDCProvider) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { +func (in *FederationDomainList) DeepCopyInto(out *FederationDomainList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]OIDCProvider, len(*in)) + *out = make([]FederationDomain, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -54,18 +54,18 @@ func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderList. -func (in *OIDCProviderList) DeepCopy() *OIDCProviderList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainList. +func (in *FederationDomainList) DeepCopy() *FederationDomainList { if in == nil { return nil } - out := new(OIDCProviderList) + out := new(FederationDomainList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderList) DeepCopyObject() runtime.Object { +func (in *FederationDomainList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -73,7 +73,7 @@ func (in *OIDCProviderList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderSecrets) DeepCopyInto(out *OIDCProviderSecrets) { +func (in *FederationDomainSecrets) DeepCopyInto(out *FederationDomainSecrets) { *out = *in out.JWKS = in.JWKS out.TokenSigningKey = in.TokenSigningKey @@ -82,39 +82,39 @@ func (in *OIDCProviderSecrets) DeepCopyInto(out *OIDCProviderSecrets) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSecrets. -func (in *OIDCProviderSecrets) DeepCopy() *OIDCProviderSecrets { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSecrets. +func (in *FederationDomainSecrets) DeepCopy() *FederationDomainSecrets { if in == nil { return nil } - out := new(OIDCProviderSecrets) + out := new(FederationDomainSecrets) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderSpec) DeepCopyInto(out *OIDCProviderSpec) { +func (in *FederationDomainSpec) DeepCopyInto(out *FederationDomainSpec) { *out = *in if in.TLS != nil { in, out := &in.TLS, &out.TLS - *out = new(OIDCProviderTLSSpec) + *out = new(FederationDomainTLSSpec) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSpec. -func (in *OIDCProviderSpec) DeepCopy() *OIDCProviderSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSpec. +func (in *FederationDomainSpec) DeepCopy() *FederationDomainSpec { if in == nil { return nil } - out := new(OIDCProviderSpec) + out := new(FederationDomainSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { +func (in *FederationDomainStatus) DeepCopyInto(out *FederationDomainStatus) { *out = *in if in.LastUpdateTime != nil { in, out := &in.LastUpdateTime, &out.LastUpdateTime @@ -124,28 +124,28 @@ func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. -func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainStatus. +func (in *FederationDomainStatus) DeepCopy() *FederationDomainStatus { if in == nil { return nil } - out := new(OIDCProviderStatus) + out := new(FederationDomainStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderTLSSpec) DeepCopyInto(out *OIDCProviderTLSSpec) { +func (in *FederationDomainTLSSpec) DeepCopyInto(out *FederationDomainTLSSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderTLSSpec. -func (in *OIDCProviderTLSSpec) DeepCopy() *OIDCProviderTLSSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainTLSSpec. +func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec { if in == nil { return nil } - out := new(OIDCProviderTLSSpec) + out := new(FederationDomainTLSSpec) in.DeepCopyInto(out) return out } diff --git a/generated/1.18/apis/supervisor/idp/v1alpha1/register.go b/generated/1.18/apis/supervisor/idp/v1alpha1/register.go index 67e549f9..c03b7dde 100644 --- a/generated/1.18/apis/supervisor/idp/v1alpha1/register.go +++ b/generated/1.18/apis/supervisor/idp/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &UpstreamOIDCProvider{}, - &UpstreamOIDCProviderList{}, + &OIDCIdentityProvider{}, + &OIDCIdentityProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.19/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go b/generated/1.18/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go similarity index 80% rename from generated/1.19/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go rename to generated/1.18/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go index 09f74c7c..21945fcf 100644 --- a/generated/1.19/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go +++ b/generated/1.18/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go @@ -7,25 +7,25 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type UpstreamOIDCProviderPhase string +type OIDCIdentityProviderPhase string const ( - // PhasePending is the default phase for newly-created UpstreamOIDCProvider resources. - PhasePending UpstreamOIDCProviderPhase = "Pending" + // PhasePending is the default phase for newly-created OIDCIdentityProvider resources. + PhasePending OIDCIdentityProviderPhase = "Pending" - // PhaseReady is the phase for an UpstreamOIDCProvider resource in a healthy state. - PhaseReady UpstreamOIDCProviderPhase = "Ready" + // PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state. + PhaseReady OIDCIdentityProviderPhase = "Ready" - // PhaseError is the phase for an UpstreamOIDCProvider in an unhealthy state. - PhaseError UpstreamOIDCProviderPhase = "Error" + // PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state. + PhaseError OIDCIdentityProviderPhase = "Error" ) // Status of an OIDC identity provider. -type UpstreamOIDCProviderStatus struct { - // Phase summarizes the overall status of the UpstreamOIDCProvider. +type OIDCIdentityProviderStatus struct { + // Phase summarizes the overall status of the OIDCIdentityProvider. // +kubebuilder:default=Pending // +kubebuilder:validation:Enum=Pending;Ready;Error - Phase UpstreamOIDCProviderPhase `json:"phase,omitempty"` + Phase OIDCIdentityProviderPhase `json:"phase,omitempty"` // Represents the observations of an identity provider's current state. // +patchMergeKey=type @@ -68,7 +68,7 @@ type OIDCClient struct { } // Spec for configuring an OIDC identity provider. -type UpstreamOIDCProviderSpec struct { +type OIDCIdentityProviderSpec struct { // Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch // /.well-known/openid-configuration. // +kubebuilder:validation:MinLength=1 @@ -94,7 +94,7 @@ type UpstreamOIDCProviderSpec struct { Client OIDCClient `json:"client"` } -// UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. +// OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps @@ -102,22 +102,22 @@ type UpstreamOIDCProviderSpec struct { // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase` // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status -type UpstreamOIDCProvider struct { +type OIDCIdentityProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec for configuring the identity provider. - Spec UpstreamOIDCProviderSpec `json:"spec"` + Spec OIDCIdentityProviderSpec `json:"spec"` // Status of the identity provider. - Status UpstreamOIDCProviderStatus `json:"status,omitempty"` + Status OIDCIdentityProviderStatus `json:"status,omitempty"` } -// List of UpstreamOIDCProvider objects. +// List of OIDCIdentityProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type UpstreamOIDCProviderList struct { +type OIDCIdentityProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []UpstreamOIDCProvider `json:"items"` + Items []OIDCIdentityProvider `json:"items"` } diff --git a/generated/1.18/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 9eeade4e..b3ab1ae1 100644 --- a/generated/1.18/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -81,6 +81,114 @@ func (in *OIDCClient) DeepCopy() *OIDCClient { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProvider) DeepCopyInto(out *OIDCIdentityProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProvider. +func (in *OIDCIdentityProvider) DeepCopy() *OIDCIdentityProvider { + if in == nil { + return nil + } + out := new(OIDCIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OIDCIdentityProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderList) DeepCopyInto(out *OIDCIdentityProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OIDCIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderList. +func (in *OIDCIdentityProviderList) DeepCopy() *OIDCIdentityProviderList { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OIDCIdentityProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderSpec) DeepCopyInto(out *OIDCIdentityProviderSpec) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(TLSSpec) + **out = **in + } + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + out.Claims = in.Claims + out.Client = in.Client + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderSpec. +func (in *OIDCIdentityProviderSpec) DeepCopy() *OIDCIdentityProviderSpec { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderStatus) DeepCopyInto(out *OIDCIdentityProviderStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderStatus. +func (in *OIDCIdentityProviderStatus) DeepCopy() *OIDCIdentityProviderStatus { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in @@ -96,111 +204,3 @@ func (in *TLSSpec) DeepCopy() *TLSSpec { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProvider. -func (in *UpstreamOIDCProvider) DeepCopy() *UpstreamOIDCProvider { - if in == nil { - return nil - } - out := new(UpstreamOIDCProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *UpstreamOIDCProvider) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderList) DeepCopyInto(out *UpstreamOIDCProviderList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]UpstreamOIDCProvider, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderList. -func (in *UpstreamOIDCProviderList) DeepCopy() *UpstreamOIDCProviderList { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *UpstreamOIDCProviderList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) { - *out = *in - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = new(TLSSpec) - **out = **in - } - in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) - out.Claims = in.Claims - out.Client = in.Client - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderSpec. -func (in *UpstreamOIDCProviderSpec) DeepCopy() *UpstreamOIDCProviderSpec { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderStatus) DeepCopyInto(out *UpstreamOIDCProviderStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderStatus. -func (in *UpstreamOIDCProviderStatus) DeepCopy() *UpstreamOIDCProviderStatus { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderStatus) - in.DeepCopyInto(out) - return out -} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go index 0540919f..3ccb9f8b 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - OIDCProvidersGetter + FederationDomainsGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) OIDCProviders(namespace string) OIDCProviderInterface { - return newOIDCProviders(c, namespace) +func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDomainInterface { + return newFederationDomains(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index 8fbe3864..14aa5872 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) OIDCProviders(namespace string) v1alpha1.OIDCProviderInterface { - return &FakeOIDCProviders{c, namespace} +func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.FederationDomainInterface { + return &FakeFederationDomains{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go new file mode 100644 index 00000000..b4aa971b --- /dev/null +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeFederationDomains implements FederationDomainInterface +type FakeFederationDomains struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var federationdomainsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "federationdomains"} + +var federationdomainsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "FederationDomain"} + +// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any. +func (c *FakeFederationDomains) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// List takes label and field selectors, and returns the list of FederationDomains that match those selectors. +func (c *FakeFederationDomains) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(federationdomainsResource, federationdomainsKind, c.ns, opts), &v1alpha1.FederationDomainList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.FederationDomainList{ListMeta: obj.(*v1alpha1.FederationDomainList).ListMeta} + for _, item := range obj.(*v1alpha1.FederationDomainList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested federationDomains. +func (c *FakeFederationDomains) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(federationdomainsResource, c.ns, opts)) + +} + +// Create takes the representation of a federationDomain and creates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *FakeFederationDomains) Create(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.CreateOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *FakeFederationDomains) Update(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeFederationDomains) UpdateStatus(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (*v1alpha1.FederationDomain, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(federationdomainsResource, "status", c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs. +func (c *FakeFederationDomains) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeFederationDomains) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(federationdomainsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.FederationDomainList{}) + return err +} + +// Patch applies the patch and returns the patched federationDomain. +func (c *FakeFederationDomains) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(federationdomainsResource, c.ns, name, pt, data, subresources...), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go deleted file mode 100644 index e156e6a1..00000000 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeOIDCProviders implements OIDCProviderInterface -type FakeOIDCProviders struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var oidcprovidersResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviders"} - -var oidcprovidersKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProvider"} - -// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. -func (c *FakeOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. -func (c *FakeOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(oidcprovidersResource, oidcprovidersKind, c.ns, opts), &v1alpha1.OIDCProviderList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.OIDCProviderList{ListMeta: obj.(*v1alpha1.OIDCProviderList).ListMeta} - for _, item := range obj.(*v1alpha1.OIDCProviderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested oIDCProviders. -func (c *FakeOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(oidcprovidersResource, c.ns, opts)) - -} - -// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *FakeOIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *FakeOIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(oidcprovidersResource, "status", c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. -func (c *FakeOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(oidcprovidersResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderList{}) - return err -} - -// Patch applies the patch and returns the patched oIDCProvider. -func (c *FakeOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(oidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..929fe181 --- /dev/null +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// FederationDomainsGetter has a method to return a FederationDomainInterface. +// A group's client should implement this interface. +type FederationDomainsGetter interface { + FederationDomains(namespace string) FederationDomainInterface +} + +// FederationDomainInterface has methods to work with FederationDomain resources. +type FederationDomainInterface interface { + Create(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.CreateOptions) (*v1alpha1.FederationDomain, error) + Update(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (*v1alpha1.FederationDomain, error) + UpdateStatus(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (*v1alpha1.FederationDomain, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.FederationDomain, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.FederationDomainList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.FederationDomain, err error) + FederationDomainExpansion +} + +// federationDomains implements FederationDomainInterface +type federationDomains struct { + client rest.Interface + ns string +} + +// newFederationDomains returns a FederationDomains +func newFederationDomains(c *ConfigV1alpha1Client, namespace string) *federationDomains { + return &federationDomains{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any. +func (c *federationDomains) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of FederationDomains that match those selectors. +func (c *federationDomains) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.FederationDomainList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested federationDomains. +func (c *federationDomains) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a federationDomain and creates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *federationDomains) Create(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.CreateOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Post(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(federationDomain). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *federationDomains) Update(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Put(). + Namespace(c.ns). + Resource("federationdomains"). + Name(federationDomain.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(federationDomain). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *federationDomains) UpdateStatus(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Put(). + Namespace(c.ns). + Resource("federationdomains"). + Name(federationDomain.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(federationDomain). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs. +func (c *federationDomains) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *federationDomains) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched federationDomain. +func (c *federationDomains) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 09541c9a..00f4c934 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type OIDCProviderExpansion interface{} +type FederationDomainExpansion interface{} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go deleted file mode 100644 index a70472b5..00000000 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// OIDCProvidersGetter has a method to return a OIDCProviderInterface. -// A group's client should implement this interface. -type OIDCProvidersGetter interface { - OIDCProviders(namespace string) OIDCProviderInterface -} - -// OIDCProviderInterface has methods to work with OIDCProvider resources. -type OIDCProviderInterface interface { - Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (*v1alpha1.OIDCProvider, error) - Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) - UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProvider, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCProviderList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) - OIDCProviderExpansion -} - -// oIDCProviders implements OIDCProviderInterface -type oIDCProviders struct { - client rest.Interface - ns string -} - -// newOIDCProviders returns a OIDCProviders -func newOIDCProviders(c *ConfigV1alpha1Client, namespace string) *oIDCProviders { - return &oIDCProviders{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. -func (c *oIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. -func (c *oIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.OIDCProviderList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested oIDCProviders. -func (c *oIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *oIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Post(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProvider). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *oIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(oIDCProvider.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProvider). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *oIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(oIDCProvider.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProvider). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. -func (c *oIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *oIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched oIDCProvider. -func (c *oIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go index cccf4d3c..d9671388 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go @@ -15,8 +15,8 @@ type FakeIDPV1alpha1 struct { *testing.Fake } -func (c *FakeIDPV1alpha1) UpstreamOIDCProviders(namespace string) v1alpha1.UpstreamOIDCProviderInterface { - return &FakeUpstreamOIDCProviders{c, namespace} +func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface { + return &FakeOIDCIdentityProviders{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go new file mode 100644 index 00000000..f6905f10 --- /dev/null +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOIDCIdentityProviders implements OIDCIdentityProviderInterface +type FakeOIDCIdentityProviders struct { + Fake *FakeIDPV1alpha1 + ns string +} + +var oidcidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcidentityproviders"} + +var oidcidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCIdentityProvider"} + +// Get takes name of the oIDCIdentityProvider, and returns the corresponding oIDCIdentityProvider object, and an error if there is any. +func (c *FakeOIDCIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(oidcidentityprovidersResource, c.ns, name), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// List takes label and field selectors, and returns the list of OIDCIdentityProviders that match those selectors. +func (c *FakeOIDCIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCIdentityProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(oidcidentityprovidersResource, oidcidentityprovidersKind, c.ns, opts), &v1alpha1.OIDCIdentityProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.OIDCIdentityProviderList{ListMeta: obj.(*v1alpha1.OIDCIdentityProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.OIDCIdentityProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested oIDCIdentityProviders. +func (c *FakeOIDCIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(oidcidentityprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a oIDCIdentityProvider and creates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *FakeOIDCIdentityProviders) Create(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(oidcidentityprovidersResource, c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// Update takes the representation of a oIDCIdentityProvider and updates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *FakeOIDCIdentityProviders) Update(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(oidcidentityprovidersResource, c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCIdentityProviders) UpdateStatus(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCIdentityProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcidentityprovidersResource, "status", c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// Delete takes name of the oIDCIdentityProvider and deletes it. Returns an error if one occurs. +func (c *FakeOIDCIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(oidcidentityprovidersResource, c.ns, name), &v1alpha1.OIDCIdentityProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOIDCIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(oidcidentityprovidersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.OIDCIdentityProviderList{}) + return err +} + +// Patch applies the patch and returns the patched oIDCIdentityProvider. +func (c *FakeOIDCIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(oidcidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go deleted file mode 100644 index 3d642676..00000000 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeUpstreamOIDCProviders implements UpstreamOIDCProviderInterface -type FakeUpstreamOIDCProviders struct { - Fake *FakeIDPV1alpha1 - ns string -} - -var upstreamoidcprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "upstreamoidcproviders"} - -var upstreamoidcprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "UpstreamOIDCProvider"} - -// Get takes name of the upstreamOIDCProvider, and returns the corresponding upstreamOIDCProvider object, and an error if there is any. -func (c *FakeUpstreamOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(upstreamoidcprovidersResource, c.ns, name), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// List takes label and field selectors, and returns the list of UpstreamOIDCProviders that match those selectors. -func (c *FakeUpstreamOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.UpstreamOIDCProviderList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(upstreamoidcprovidersResource, upstreamoidcprovidersKind, c.ns, opts), &v1alpha1.UpstreamOIDCProviderList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.UpstreamOIDCProviderList{ListMeta: obj.(*v1alpha1.UpstreamOIDCProviderList).ListMeta} - for _, item := range obj.(*v1alpha1.UpstreamOIDCProviderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested upstreamOIDCProviders. -func (c *FakeUpstreamOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(upstreamoidcprovidersResource, c.ns, opts)) - -} - -// Create takes the representation of a upstreamOIDCProvider and creates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *FakeUpstreamOIDCProviders) Create(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.CreateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(upstreamoidcprovidersResource, c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// Update takes the representation of a upstreamOIDCProvider and updates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *FakeUpstreamOIDCProviders) Update(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(upstreamoidcprovidersResource, c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeUpstreamOIDCProviders) UpdateStatus(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (*v1alpha1.UpstreamOIDCProvider, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(upstreamoidcprovidersResource, "status", c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// Delete takes name of the upstreamOIDCProvider and deletes it. Returns an error if one occurs. -func (c *FakeUpstreamOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(upstreamoidcprovidersResource, c.ns, name), &v1alpha1.UpstreamOIDCProvider{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeUpstreamOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(upstreamoidcprovidersResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.UpstreamOIDCProviderList{}) - return err -} - -// Patch applies the patch and returns the patched upstreamOIDCProvider. -func (c *FakeUpstreamOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(upstreamoidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go index 1950f156..55c3c3e5 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type UpstreamOIDCProviderExpansion interface{} +type OIDCIdentityProviderExpansion interface{} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go index 477d45b6..83794ecd 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go @@ -13,7 +13,7 @@ import ( type IDPV1alpha1Interface interface { RESTClient() rest.Interface - UpstreamOIDCProvidersGetter + OIDCIdentityProvidersGetter } // IDPV1alpha1Client is used to interact with features provided by the idp.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type IDPV1alpha1Client struct { restClient rest.Interface } -func (c *IDPV1alpha1Client) UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderInterface { - return newUpstreamOIDCProviders(c, namespace) +func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface { + return newOIDCIdentityProviders(c, namespace) } // NewForConfig creates a new IDPV1alpha1Client for the given config. diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go new file mode 100644 index 00000000..d7db2f36 --- /dev/null +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" + scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// OIDCIdentityProvidersGetter has a method to return a OIDCIdentityProviderInterface. +// A group's client should implement this interface. +type OIDCIdentityProvidersGetter interface { + OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface +} + +// OIDCIdentityProviderInterface has methods to work with OIDCIdentityProvider resources. +type OIDCIdentityProviderInterface interface { + Create(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.CreateOptions) (*v1alpha1.OIDCIdentityProvider, error) + Update(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCIdentityProvider, error) + UpdateStatus(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCIdentityProvider, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCIdentityProvider, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCIdentityProviderList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) + OIDCIdentityProviderExpansion +} + +// oIDCIdentityProviders implements OIDCIdentityProviderInterface +type oIDCIdentityProviders struct { + client rest.Interface + ns string +} + +// newOIDCIdentityProviders returns a OIDCIdentityProviders +func newOIDCIdentityProviders(c *IDPV1alpha1Client, namespace string) *oIDCIdentityProviders { + return &oIDCIdentityProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the oIDCIdentityProvider, and returns the corresponding oIDCIdentityProvider object, and an error if there is any. +func (c *oIDCIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of OIDCIdentityProviders that match those selectors. +func (c *oIDCIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCIdentityProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.OIDCIdentityProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested oIDCIdentityProviders. +func (c *oIDCIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a oIDCIdentityProvider and creates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *oIDCIdentityProviders) Create(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a oIDCIdentityProvider and updates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *oIDCIdentityProviders) Update(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(oIDCIdentityProvider.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCIdentityProvider). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *oIDCIdentityProviders) UpdateStatus(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(oIDCIdentityProvider.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the oIDCIdentityProvider and deletes it. Returns an error if one occurs. +func (c *oIDCIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *oIDCIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched oIDCIdentityProvider. +func (c *oIDCIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go deleted file mode 100644 index 1498d43c..00000000 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" - scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// UpstreamOIDCProvidersGetter has a method to return a UpstreamOIDCProviderInterface. -// A group's client should implement this interface. -type UpstreamOIDCProvidersGetter interface { - UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderInterface -} - -// UpstreamOIDCProviderInterface has methods to work with UpstreamOIDCProvider resources. -type UpstreamOIDCProviderInterface interface { - Create(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.CreateOptions) (*v1alpha1.UpstreamOIDCProvider, error) - Update(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (*v1alpha1.UpstreamOIDCProvider, error) - UpdateStatus(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (*v1alpha1.UpstreamOIDCProvider, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.UpstreamOIDCProvider, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.UpstreamOIDCProviderList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) - UpstreamOIDCProviderExpansion -} - -// upstreamOIDCProviders implements UpstreamOIDCProviderInterface -type upstreamOIDCProviders struct { - client rest.Interface - ns string -} - -// newUpstreamOIDCProviders returns a UpstreamOIDCProviders -func newUpstreamOIDCProviders(c *IDPV1alpha1Client, namespace string) *upstreamOIDCProviders { - return &upstreamOIDCProviders{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the upstreamOIDCProvider, and returns the corresponding upstreamOIDCProvider object, and an error if there is any. -func (c *upstreamOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of UpstreamOIDCProviders that match those selectors. -func (c *upstreamOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.UpstreamOIDCProviderList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.UpstreamOIDCProviderList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested upstreamOIDCProviders. -func (c *upstreamOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a upstreamOIDCProvider and creates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *upstreamOIDCProviders) Create(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.CreateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Post(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(upstreamOIDCProvider). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a upstreamOIDCProvider and updates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *upstreamOIDCProviders) Update(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(upstreamOIDCProvider.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(upstreamOIDCProvider). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *upstreamOIDCProviders) UpdateStatus(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(upstreamOIDCProvider.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(upstreamOIDCProvider). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the upstreamOIDCProvider and deletes it. Returns an error if one occurs. -func (c *upstreamOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *upstreamOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched upstreamOIDCProvider. -func (c *upstreamOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..af31a108 --- /dev/null +++ b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// FederationDomainInformer provides access to a shared informer and lister for +// FederationDomains. +type FederationDomainInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.FederationDomainLister +} + +type federationDomainInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewFederationDomainInformer constructs a new informer for FederationDomain type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFederationDomainInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredFederationDomainInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredFederationDomainInformer constructs a new informer for FederationDomain type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredFederationDomainInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().FederationDomains(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().FederationDomains(namespace).Watch(context.TODO(), options) + }, + }, + &configv1alpha1.FederationDomain{}, + resyncPeriod, + indexers, + ) +} + +func (f *federationDomainInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredFederationDomainInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *federationDomainInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.FederationDomain{}, f.defaultInformer) +} + +func (f *federationDomainInformer) Lister() v1alpha1.FederationDomainLister { + return v1alpha1.NewFederationDomainLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go index b3397b2a..0b7fca6f 100644 --- a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // OIDCProviders returns a OIDCProviderInformer. - OIDCProviders() OIDCProviderInformer + // FederationDomains returns a FederationDomainInformer. + FederationDomains() FederationDomainInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// OIDCProviders returns a OIDCProviderInformer. -func (v *version) OIDCProviders() OIDCProviderInformer { - return &oIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// FederationDomains returns a FederationDomainInformer. +func (v *version) FederationDomains() FederationDomainInformer { + return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go deleted file mode 100644 index a19446c4..00000000 --- a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// OIDCProviderInformer provides access to a shared informer and lister for -// OIDCProviders. -type OIDCProviderInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.OIDCProviderLister -} - -type oIDCProviderInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewOIDCProviderInformer constructs a new informer for OIDCProvider type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredOIDCProviderInformer constructs a new informer for OIDCProvider type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviders(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviders(namespace).Watch(context.TODO(), options) - }, - }, - &configv1alpha1.OIDCProvider{}, - resyncPeriod, - indexers, - ) -} - -func (f *oIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *oIDCProviderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.OIDCProvider{}, f.defaultInformer) -} - -func (f *oIDCProviderInformer) Lister() v1alpha1.OIDCProviderLister { - return v1alpha1.NewOIDCProviderLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.18/client/supervisor/informers/externalversions/generic.go b/generated/1.18/client/supervisor/informers/externalversions/generic.go index 4c976b43..74143086 100644 --- a/generated/1.18/client/supervisor/informers/externalversions/generic.go +++ b/generated/1.18/client/supervisor/informers/externalversions/generic.go @@ -41,12 +41,12 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=config.supervisor.pinniped.dev, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("oidcproviders"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviders().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil // Group=idp.supervisor.pinniped.dev, Version=v1alpha1 - case idpv1alpha1.SchemeGroupVersion.WithResource("upstreamoidcproviders"): - return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().UpstreamOIDCProviders().Informer()}, nil + case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil } diff --git a/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go b/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go index 2cbabef9..4fdb244b 100644 --- a/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go +++ b/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // UpstreamOIDCProviders returns a UpstreamOIDCProviderInformer. - UpstreamOIDCProviders() UpstreamOIDCProviderInformer + // OIDCIdentityProviders returns a OIDCIdentityProviderInformer. + OIDCIdentityProviders() OIDCIdentityProviderInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// UpstreamOIDCProviders returns a UpstreamOIDCProviderInformer. -func (v *version) UpstreamOIDCProviders() UpstreamOIDCProviderInformer { - return &upstreamOIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// OIDCIdentityProviders returns a OIDCIdentityProviderInformer. +func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer { + return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go similarity index 65% rename from generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go rename to generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go index 6ccbeaf0..0dd6f109 100644 --- a/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go +++ b/generated/1.18/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go @@ -19,59 +19,59 @@ import ( cache "k8s.io/client-go/tools/cache" ) -// UpstreamOIDCProviderInformer provides access to a shared informer and lister for -// UpstreamOIDCProviders. -type UpstreamOIDCProviderInformer interface { +// OIDCIdentityProviderInformer provides access to a shared informer and lister for +// OIDCIdentityProviders. +type OIDCIdentityProviderInformer interface { Informer() cache.SharedIndexInformer - Lister() v1alpha1.UpstreamOIDCProviderLister + Lister() v1alpha1.OIDCIdentityProviderLister } -type upstreamOIDCProviderInformer struct { +type oIDCIdentityProviderInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc namespace string } -// NewUpstreamOIDCProviderInformer constructs a new informer for UpstreamOIDCProvider type. +// NewOIDCIdentityProviderInformer constructs a new informer for OIDCIdentityProvider type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewUpstreamOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredUpstreamOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) +func NewOIDCIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOIDCIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil) } -// NewFilteredUpstreamOIDCProviderInformer constructs a new informer for UpstreamOIDCProvider type. +// NewFilteredOIDCIdentityProviderInformer constructs a new informer for OIDCIdentityProvider type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredUpstreamOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredOIDCIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.IDPV1alpha1().UpstreamOIDCProviders(namespace).List(context.TODO(), options) + return client.IDPV1alpha1().OIDCIdentityProviders(namespace).List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.IDPV1alpha1().UpstreamOIDCProviders(namespace).Watch(context.TODO(), options) + return client.IDPV1alpha1().OIDCIdentityProviders(namespace).Watch(context.TODO(), options) }, }, - &idpv1alpha1.UpstreamOIDCProvider{}, + &idpv1alpha1.OIDCIdentityProvider{}, resyncPeriod, indexers, ) } -func (f *upstreamOIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredUpstreamOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *oIDCIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOIDCIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *upstreamOIDCProviderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&idpv1alpha1.UpstreamOIDCProvider{}, f.defaultInformer) +func (f *oIDCIdentityProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&idpv1alpha1.OIDCIdentityProvider{}, f.defaultInformer) } -func (f *upstreamOIDCProviderInformer) Lister() v1alpha1.UpstreamOIDCProviderLister { - return v1alpha1.NewUpstreamOIDCProviderLister(f.Informer().GetIndexer()) +func (f *oIDCIdentityProviderInformer) Lister() v1alpha1.OIDCIdentityProviderLister { + return v1alpha1.NewOIDCIdentityProviderLister(f.Informer().GetIndexer()) } diff --git a/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go b/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go index 3d2b7e22..d4e52519 100644 --- a/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// OIDCProviderListerExpansion allows custom methods to be added to -// OIDCProviderLister. -type OIDCProviderListerExpansion interface{} +// FederationDomainListerExpansion allows custom methods to be added to +// FederationDomainLister. +type FederationDomainListerExpansion interface{} -// OIDCProviderNamespaceListerExpansion allows custom methods to be added to -// OIDCProviderNamespaceLister. -type OIDCProviderNamespaceListerExpansion interface{} +// FederationDomainNamespaceListerExpansion allows custom methods to be added to +// FederationDomainNamespaceLister. +type FederationDomainNamespaceListerExpansion interface{} diff --git a/generated/1.18/client/supervisor/listers/config/v1alpha1/federationdomain.go b/generated/1.18/client/supervisor/listers/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..e7148e2b --- /dev/null +++ b/generated/1.18/client/supervisor/listers/config/v1alpha1/federationdomain.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// FederationDomainLister helps list FederationDomains. +type FederationDomainLister interface { + // List lists all FederationDomains in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) + // FederationDomains returns an object that can list and get FederationDomains. + FederationDomains(namespace string) FederationDomainNamespaceLister + FederationDomainListerExpansion +} + +// federationDomainLister implements the FederationDomainLister interface. +type federationDomainLister struct { + indexer cache.Indexer +} + +// NewFederationDomainLister returns a new FederationDomainLister. +func NewFederationDomainLister(indexer cache.Indexer) FederationDomainLister { + return &federationDomainLister{indexer: indexer} +} + +// List lists all FederationDomains in the indexer. +func (s *federationDomainLister) List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.FederationDomain)) + }) + return ret, err +} + +// FederationDomains returns an object that can list and get FederationDomains. +func (s *federationDomainLister) FederationDomains(namespace string) FederationDomainNamespaceLister { + return federationDomainNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// FederationDomainNamespaceLister helps list and get FederationDomains. +type FederationDomainNamespaceLister interface { + // List lists all FederationDomains in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) + // Get retrieves the FederationDomain from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.FederationDomain, error) + FederationDomainNamespaceListerExpansion +} + +// federationDomainNamespaceLister implements the FederationDomainNamespaceLister +// interface. +type federationDomainNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all FederationDomains in the indexer for a given namespace. +func (s federationDomainNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.FederationDomain)) + }) + return ret, err +} + +// Get retrieves the FederationDomain from the indexer for a given namespace and name. +func (s federationDomainNamespaceLister) Get(name string) (*v1alpha1.FederationDomain, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("federationdomain"), name) + } + return obj.(*v1alpha1.FederationDomain), nil +} diff --git a/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go b/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go deleted file mode 100644 index f93e49f7..00000000 --- a/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// OIDCProviderLister helps list OIDCProviders. -type OIDCProviderLister interface { - // List lists all OIDCProviders in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) - // OIDCProviders returns an object that can list and get OIDCProviders. - OIDCProviders(namespace string) OIDCProviderNamespaceLister - OIDCProviderListerExpansion -} - -// oIDCProviderLister implements the OIDCProviderLister interface. -type oIDCProviderLister struct { - indexer cache.Indexer -} - -// NewOIDCProviderLister returns a new OIDCProviderLister. -func NewOIDCProviderLister(indexer cache.Indexer) OIDCProviderLister { - return &oIDCProviderLister{indexer: indexer} -} - -// List lists all OIDCProviders in the indexer. -func (s *oIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProvider)) - }) - return ret, err -} - -// OIDCProviders returns an object that can list and get OIDCProviders. -func (s *oIDCProviderLister) OIDCProviders(namespace string) OIDCProviderNamespaceLister { - return oIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// OIDCProviderNamespaceLister helps list and get OIDCProviders. -type OIDCProviderNamespaceLister interface { - // List lists all OIDCProviders in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) - // Get retrieves the OIDCProvider from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.OIDCProvider, error) - OIDCProviderNamespaceListerExpansion -} - -// oIDCProviderNamespaceLister implements the OIDCProviderNamespaceLister -// interface. -type oIDCProviderNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all OIDCProviders in the indexer for a given namespace. -func (s oIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProvider)) - }) - return ret, err -} - -// Get retrieves the OIDCProvider from the indexer for a given namespace and name. -func (s oIDCProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCProvider, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("oidcprovider"), name) - } - return obj.(*v1alpha1.OIDCProvider), nil -} diff --git a/generated/1.18/client/supervisor/listers/idp/v1alpha1/expansion_generated.go b/generated/1.18/client/supervisor/listers/idp/v1alpha1/expansion_generated.go index 5d290e01..da0f8025 100644 --- a/generated/1.18/client/supervisor/listers/idp/v1alpha1/expansion_generated.go +++ b/generated/1.18/client/supervisor/listers/idp/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// UpstreamOIDCProviderListerExpansion allows custom methods to be added to -// UpstreamOIDCProviderLister. -type UpstreamOIDCProviderListerExpansion interface{} +// OIDCIdentityProviderListerExpansion allows custom methods to be added to +// OIDCIdentityProviderLister. +type OIDCIdentityProviderListerExpansion interface{} -// UpstreamOIDCProviderNamespaceListerExpansion allows custom methods to be added to -// UpstreamOIDCProviderNamespaceLister. -type UpstreamOIDCProviderNamespaceListerExpansion interface{} +// OIDCIdentityProviderNamespaceListerExpansion allows custom methods to be added to +// OIDCIdentityProviderNamespaceLister. +type OIDCIdentityProviderNamespaceListerExpansion interface{} diff --git a/generated/1.18/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go b/generated/1.18/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go new file mode 100644 index 00000000..c5224265 --- /dev/null +++ b/generated/1.18/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OIDCIdentityProviderLister helps list OIDCIdentityProviders. +type OIDCIdentityProviderLister interface { + // List lists all OIDCIdentityProviders in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) + // OIDCIdentityProviders returns an object that can list and get OIDCIdentityProviders. + OIDCIdentityProviders(namespace string) OIDCIdentityProviderNamespaceLister + OIDCIdentityProviderListerExpansion +} + +// oIDCIdentityProviderLister implements the OIDCIdentityProviderLister interface. +type oIDCIdentityProviderLister struct { + indexer cache.Indexer +} + +// NewOIDCIdentityProviderLister returns a new OIDCIdentityProviderLister. +func NewOIDCIdentityProviderLister(indexer cache.Indexer) OIDCIdentityProviderLister { + return &oIDCIdentityProviderLister{indexer: indexer} +} + +// List lists all OIDCIdentityProviders in the indexer. +func (s *oIDCIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCIdentityProvider)) + }) + return ret, err +} + +// OIDCIdentityProviders returns an object that can list and get OIDCIdentityProviders. +func (s *oIDCIdentityProviderLister) OIDCIdentityProviders(namespace string) OIDCIdentityProviderNamespaceLister { + return oIDCIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OIDCIdentityProviderNamespaceLister helps list and get OIDCIdentityProviders. +type OIDCIdentityProviderNamespaceLister interface { + // List lists all OIDCIdentityProviders in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) + // Get retrieves the OIDCIdentityProvider from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.OIDCIdentityProvider, error) + OIDCIdentityProviderNamespaceListerExpansion +} + +// oIDCIdentityProviderNamespaceLister implements the OIDCIdentityProviderNamespaceLister +// interface. +type oIDCIdentityProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all OIDCIdentityProviders in the indexer for a given namespace. +func (s oIDCIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCIdentityProvider)) + }) + return ret, err +} + +// Get retrieves the OIDCIdentityProvider from the indexer for a given namespace and name. +func (s oIDCIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCIdentityProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("oidcidentityprovider"), name) + } + return obj.(*v1alpha1.OIDCIdentityProvider), nil +} diff --git a/generated/1.18/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.18/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go deleted file mode 100644 index 770e3444..00000000 --- a/generated/1.18/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// UpstreamOIDCProviderLister helps list UpstreamOIDCProviders. -type UpstreamOIDCProviderLister interface { - // List lists all UpstreamOIDCProviders in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) - // UpstreamOIDCProviders returns an object that can list and get UpstreamOIDCProviders. - UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderNamespaceLister - UpstreamOIDCProviderListerExpansion -} - -// upstreamOIDCProviderLister implements the UpstreamOIDCProviderLister interface. -type upstreamOIDCProviderLister struct { - indexer cache.Indexer -} - -// NewUpstreamOIDCProviderLister returns a new UpstreamOIDCProviderLister. -func NewUpstreamOIDCProviderLister(indexer cache.Indexer) UpstreamOIDCProviderLister { - return &upstreamOIDCProviderLister{indexer: indexer} -} - -// List lists all UpstreamOIDCProviders in the indexer. -func (s *upstreamOIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.UpstreamOIDCProvider)) - }) - return ret, err -} - -// UpstreamOIDCProviders returns an object that can list and get UpstreamOIDCProviders. -func (s *upstreamOIDCProviderLister) UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderNamespaceLister { - return upstreamOIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// UpstreamOIDCProviderNamespaceLister helps list and get UpstreamOIDCProviders. -type UpstreamOIDCProviderNamespaceLister interface { - // List lists all UpstreamOIDCProviders in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) - // Get retrieves the UpstreamOIDCProvider from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.UpstreamOIDCProvider, error) - UpstreamOIDCProviderNamespaceListerExpansion -} - -// upstreamOIDCProviderNamespaceLister implements the UpstreamOIDCProviderNamespaceLister -// interface. -type upstreamOIDCProviderNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all UpstreamOIDCProviders in the indexer for a given namespace. -func (s upstreamOIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.UpstreamOIDCProvider)) - }) - return ret, err -} - -// Get retrieves the UpstreamOIDCProvider from the indexer for a given namespace and name. -func (s upstreamOIDCProviderNamespaceLister) Get(name string) (*v1alpha1.UpstreamOIDCProvider, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("upstreamoidcprovider"), name) - } - return obj.(*v1alpha1.UpstreamOIDCProvider), nil -} diff --git a/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml b/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml similarity index 93% rename from deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml rename to generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 47c6f5a9..d894643b 100644 --- a/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml +++ b/generated/1.18/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -6,22 +6,22 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviders.config.supervisor.pinniped.dev + name: federationdomains.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: categories: - pinniped - kind: OIDCProvider - listKind: OIDCProviderList - plural: oidcproviders - singular: oidcprovider + kind: FederationDomain + listKind: FederationDomainList + plural: federationdomains + singular: federationdomain scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProvider describes the configuration of an OIDC provider. + description: FederationDomain describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -50,14 +50,14 @@ spec: minLength: 1 type: string tls: - description: TLS configures how this OIDCProvider is served over Transport - Layer Security (TLS). + description: TLS configures how this FederationDomain is served over + Transport Layer Security (TLS). properties: secretName: description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by - this OIDCProvider. When provided, the TLS Secret named here + this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. \n Server Name Indication (SNI) is an extension to the Transport Layer Security diff --git a/generated/1.19/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml b/generated/1.18/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml similarity index 96% rename from generated/1.19/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml rename to generated/1.18/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index bd239a6f..75cf37d0 100644 --- a/generated/1.19/crds/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml +++ b/generated/1.18/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -6,7 +6,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: upstreamoidcproviders.idp.supervisor.pinniped.dev + name: oidcidentityproviders.idp.supervisor.pinniped.dev spec: group: idp.supervisor.pinniped.dev names: @@ -14,10 +14,10 @@ spec: - pinniped - pinniped-idp - pinniped-idps - kind: UpstreamOIDCProvider - listKind: UpstreamOIDCProviderList - plural: upstreamoidcproviders - singular: upstreamoidcprovider + kind: OIDCIdentityProvider + listKind: OIDCIdentityProviderList + plural: oidcidentityproviders + singular: oidcidentityprovider scope: Namespaced versions: - additionalPrinterColumns: @@ -33,7 +33,7 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: UpstreamOIDCProvider describes the configuration of an upstream + description: OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. properties: apiVersion: @@ -183,7 +183,7 @@ spec: x-kubernetes-list-type: map phase: default: Pending - description: Phase summarizes the overall status of the UpstreamOIDCProvider. + description: Phase summarizes the overall status of the OIDCIdentityProvider. enum: - Pending - Ready diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index c8a5461a..c1eae62c 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -301,14 +301,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuratio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovider"] -==== OIDCProvider +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain"] +==== FederationDomain -OIDCProvider describes the configuration of an OIDC provider. +FederationDomain describes the configuration of an OIDC provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderlist[$$OIDCProviderList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainlist[$$FederationDomainList$$] **** [cols="25a,75a", options="header"] @@ -316,21 +316,21 @@ OIDCProvider describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$]__ | Spec of the OIDC provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$]__ | Status of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainspec[$$FederationDomainSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainstatus[$$FederationDomainStatus$$]__ | Status of the OIDC provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovidersecrets"] -==== OIDCProviderSecrets +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainsecrets"] +==== FederationDomainSecrets -OIDCProviderSecrets holds information about this OIDC Provider's secrets. +FederationDomainSecrets holds information about this OIDC Provider's secrets. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainstatus[$$FederationDomainStatus$$] **** [cols="25a,75a", options="header"] @@ -343,14 +343,14 @@ OIDCProviderSecrets holds information about this OIDC Provider's secrets. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderspec"] -==== OIDCProviderSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainspec"] +==== FederationDomainSpec -OIDCProviderSpec is a struct that describes an OIDC Provider. +FederationDomainSpec is a struct that describes an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain[$$FederationDomain$$] **** [cols="25a,75a", options="header"] @@ -358,44 +358,44 @@ OIDCProviderSpec is a struct that describes an OIDC Provider. | Field | Description | *`issuer`* __string__ | Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the identifier that it will use for the iss claim in issued JWTs. This field will also be used as the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is https://example.com/foo, then your authorization endpoint will look like https://example.com/foo/some/path/to/auth/endpoint). See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information. -| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovidertlsspec[$$OIDCProviderTLSSpec$$]__ | TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomaintlsspec[$$FederationDomainTLSSpec$$]__ | TLS configures how this FederationDomain is served over Transport Layer Security (TLS). |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderstatus"] -==== OIDCProviderStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainstatus"] +==== FederationDomainStatus -OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomain[$$FederationDomain$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`status`* __OIDCProviderStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. +| *`status`* __FederationDomainStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. | *`message`* __string__ | Message provides human-readable details about the Status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811). -| *`secrets`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovidersecrets[$$OIDCProviderSecrets$$]__ | Secrets contains information about this OIDC Provider's secrets. +| *`secrets`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainsecrets[$$FederationDomainSecrets$$]__ | Secrets contains information about this OIDC Provider's secrets. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovidertlsspec"] -==== OIDCProviderTLSSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomaintlsspec"] +==== FederationDomainTLSSpec -OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-federationdomainspec[$$FederationDomainSpec$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. +| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. @@ -418,7 +418,7 @@ Condition status of a resource (mirrored from the metav1.Condition type added in .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus[$$UpstreamOIDCProviderStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus[$$OIDCIdentityProviderStatus$$] **** [cols="25a,75a", options="header"] @@ -440,7 +440,7 @@ OIDCAuthorizationConfig provides information about how to form the OAuth2 author .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -457,7 +457,7 @@ OIDCClaims provides a mapping from upstream claims into identities. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -475,7 +475,7 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] **** [cols="25a,75a", options="header"] @@ -485,31 +485,14 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-tlsspec"] -==== TLSSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider"] +==== OIDCIdentityProvider -Configuration for TLS parameters related to identity provider integration. +OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$] -**** - -[cols="25a,75a", options="header"] -|=== -| Field | Description -| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. -|=== - - -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"] -==== UpstreamOIDCProvider - -UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. - -.Appears In: -**** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderlist[$$UpstreamOIDCProviderList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderlist[$$OIDCIdentityProviderList$$] **** [cols="25a,75a", options="header"] @@ -517,21 +500,21 @@ UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect i | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$]__ | Spec for configuring the identity provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus[$$UpstreamOIDCProviderStatus$$]__ | Status of the identity provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$]__ | Spec for configuring the identity provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus[$$OIDCIdentityProviderStatus$$]__ | Status of the identity provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec"] -==== UpstreamOIDCProviderSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec"] +==== OIDCIdentityProviderSpec Spec for configuring an OIDC identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcprovider[$$UpstreamOIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider[$$OIDCIdentityProvider$$] **** [cols="25a,75a", options="header"] @@ -545,24 +528,41 @@ Spec for configuring an OIDC identity provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderstatus"] -==== UpstreamOIDCProviderStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderstatus"] +==== OIDCIdentityProviderStatus Status of an OIDC identity provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcprovider[$$UpstreamOIDCProvider$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityprovider[$$OIDCIdentityProvider$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`phase`* __UpstreamOIDCProviderPhase__ | Phase summarizes the overall status of the UpstreamOIDCProvider. +| *`phase`* __OIDCIdentityProviderPhase__ | Phase summarizes the overall status of the OIDCIdentityProvider. | *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-tlsspec"] +==== TLSSpec + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcidentityproviderspec[$$OIDCIdentityProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. +|=== + + [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"] === login.concierge.pinniped.dev/v1alpha1 diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/register.go b/generated/1.19/apis/supervisor/config/v1alpha1/register.go index 9bf58c3f..32c81af8 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/register.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProvider{}, - &OIDCProviderList{}, + &FederationDomain{}, + &FederationDomainList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go b/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go similarity index 72% rename from generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go rename to generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go index a351900f..2655ab56 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/types_federationdomain.go @@ -9,19 +9,19 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret -type OIDCProviderStatusCondition string +type FederationDomainStatusCondition string const ( - SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") - DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") + SuccessFederationDomainStatusCondition = FederationDomainStatusCondition("Success") + DuplicateFederationDomainStatusCondition = FederationDomainStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidFederationDomainStatusCondition = FederationDomainStatusCondition("Invalid") ) -// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. -type OIDCProviderTLSSpec struct { +// FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type FederationDomainTLSSpec struct { // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains - // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use // for TLS. // @@ -41,8 +41,8 @@ type OIDCProviderTLSSpec struct { SecretName string `json:"secretName,omitempty"` } -// OIDCProviderSpec is a struct that describes an OIDC Provider. -type OIDCProviderSpec struct { +// FederationDomainSpec is a struct that describes an OIDC Provider. +type FederationDomainSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -54,13 +54,13 @@ type OIDCProviderSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). + // TLS configures how this FederationDomain is served over Transport Layer Security (TLS). // +optional - TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` + TLS *FederationDomainTLSSpec `json:"tls,omitempty"` } -// OIDCProviderSecrets holds information about this OIDC Provider's secrets. -type OIDCProviderSecrets struct { +// FederationDomainSecrets holds information about this OIDC Provider's secrets. +type FederationDomainSecrets struct { // JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are // stored. If it is empty, then the signing/verification keys are either unknown or they don't // exist. @@ -83,12 +83,12 @@ type OIDCProviderSecrets struct { StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"` } -// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderStatus struct { +// FederationDomainStatus is a struct that describes the actual state of an OIDC Provider. +type FederationDomainStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatusCondition `json:"status,omitempty"` + Status FederationDomainStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -102,29 +102,29 @@ type OIDCProviderStatus struct { // Secrets contains information about this OIDC Provider's secrets. // +optional - Secrets OIDCProviderSecrets `json:"secrets,omitempty"` + Secrets FederationDomainSecrets `json:"secrets,omitempty"` } -// OIDCProvider describes the configuration of an OIDC provider. +// FederationDomain describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped -type OIDCProvider struct { +type FederationDomain struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderSpec `json:"spec"` + Spec FederationDomainSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderStatus `json:"status,omitempty"` + Status FederationDomainStatus `json:"status,omitempty"` } -// List of OIDCProvider objects. +// List of FederationDomain objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type OIDCProviderList struct { +type FederationDomainList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProvider `json:"items"` + Items []FederationDomain `json:"items"` } diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go index 0cfc17a4..64ef403c 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go @@ -12,7 +12,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { +func (in *FederationDomain) DeepCopyInto(out *FederationDomain) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -21,18 +21,18 @@ func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. -func (in *OIDCProvider) DeepCopy() *OIDCProvider { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomain. +func (in *FederationDomain) DeepCopy() *FederationDomain { if in == nil { return nil } - out := new(OIDCProvider) + out := new(FederationDomain) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProvider) DeepCopyObject() runtime.Object { +func (in *FederationDomain) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -40,13 +40,13 @@ func (in *OIDCProvider) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { +func (in *FederationDomainList) DeepCopyInto(out *FederationDomainList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]OIDCProvider, len(*in)) + *out = make([]FederationDomain, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -54,18 +54,18 @@ func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderList. -func (in *OIDCProviderList) DeepCopy() *OIDCProviderList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainList. +func (in *FederationDomainList) DeepCopy() *FederationDomainList { if in == nil { return nil } - out := new(OIDCProviderList) + out := new(FederationDomainList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderList) DeepCopyObject() runtime.Object { +func (in *FederationDomainList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -73,7 +73,7 @@ func (in *OIDCProviderList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderSecrets) DeepCopyInto(out *OIDCProviderSecrets) { +func (in *FederationDomainSecrets) DeepCopyInto(out *FederationDomainSecrets) { *out = *in out.JWKS = in.JWKS out.TokenSigningKey = in.TokenSigningKey @@ -82,39 +82,39 @@ func (in *OIDCProviderSecrets) DeepCopyInto(out *OIDCProviderSecrets) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSecrets. -func (in *OIDCProviderSecrets) DeepCopy() *OIDCProviderSecrets { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSecrets. +func (in *FederationDomainSecrets) DeepCopy() *FederationDomainSecrets { if in == nil { return nil } - out := new(OIDCProviderSecrets) + out := new(FederationDomainSecrets) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderSpec) DeepCopyInto(out *OIDCProviderSpec) { +func (in *FederationDomainSpec) DeepCopyInto(out *FederationDomainSpec) { *out = *in if in.TLS != nil { in, out := &in.TLS, &out.TLS - *out = new(OIDCProviderTLSSpec) + *out = new(FederationDomainTLSSpec) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSpec. -func (in *OIDCProviderSpec) DeepCopy() *OIDCProviderSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSpec. +func (in *FederationDomainSpec) DeepCopy() *FederationDomainSpec { if in == nil { return nil } - out := new(OIDCProviderSpec) + out := new(FederationDomainSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { +func (in *FederationDomainStatus) DeepCopyInto(out *FederationDomainStatus) { *out = *in if in.LastUpdateTime != nil { in, out := &in.LastUpdateTime, &out.LastUpdateTime @@ -124,28 +124,28 @@ func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. -func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainStatus. +func (in *FederationDomainStatus) DeepCopy() *FederationDomainStatus { if in == nil { return nil } - out := new(OIDCProviderStatus) + out := new(FederationDomainStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderTLSSpec) DeepCopyInto(out *OIDCProviderTLSSpec) { +func (in *FederationDomainTLSSpec) DeepCopyInto(out *FederationDomainTLSSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderTLSSpec. -func (in *OIDCProviderTLSSpec) DeepCopy() *OIDCProviderTLSSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainTLSSpec. +func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec { if in == nil { return nil } - out := new(OIDCProviderTLSSpec) + out := new(FederationDomainTLSSpec) in.DeepCopyInto(out) return out } diff --git a/generated/1.19/apis/supervisor/idp/v1alpha1/register.go b/generated/1.19/apis/supervisor/idp/v1alpha1/register.go index 67e549f9..c03b7dde 100644 --- a/generated/1.19/apis/supervisor/idp/v1alpha1/register.go +++ b/generated/1.19/apis/supervisor/idp/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &UpstreamOIDCProvider{}, - &UpstreamOIDCProviderList{}, + &OIDCIdentityProvider{}, + &OIDCIdentityProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.17/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go b/generated/1.19/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go similarity index 80% rename from generated/1.17/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go rename to generated/1.19/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go index 09f74c7c..21945fcf 100644 --- a/generated/1.17/apis/supervisor/idp/v1alpha1/types_upstreamoidcprovider.go +++ b/generated/1.19/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go @@ -7,25 +7,25 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -type UpstreamOIDCProviderPhase string +type OIDCIdentityProviderPhase string const ( - // PhasePending is the default phase for newly-created UpstreamOIDCProvider resources. - PhasePending UpstreamOIDCProviderPhase = "Pending" + // PhasePending is the default phase for newly-created OIDCIdentityProvider resources. + PhasePending OIDCIdentityProviderPhase = "Pending" - // PhaseReady is the phase for an UpstreamOIDCProvider resource in a healthy state. - PhaseReady UpstreamOIDCProviderPhase = "Ready" + // PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state. + PhaseReady OIDCIdentityProviderPhase = "Ready" - // PhaseError is the phase for an UpstreamOIDCProvider in an unhealthy state. - PhaseError UpstreamOIDCProviderPhase = "Error" + // PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state. + PhaseError OIDCIdentityProviderPhase = "Error" ) // Status of an OIDC identity provider. -type UpstreamOIDCProviderStatus struct { - // Phase summarizes the overall status of the UpstreamOIDCProvider. +type OIDCIdentityProviderStatus struct { + // Phase summarizes the overall status of the OIDCIdentityProvider. // +kubebuilder:default=Pending // +kubebuilder:validation:Enum=Pending;Ready;Error - Phase UpstreamOIDCProviderPhase `json:"phase,omitempty"` + Phase OIDCIdentityProviderPhase `json:"phase,omitempty"` // Represents the observations of an identity provider's current state. // +patchMergeKey=type @@ -68,7 +68,7 @@ type OIDCClient struct { } // Spec for configuring an OIDC identity provider. -type UpstreamOIDCProviderSpec struct { +type OIDCIdentityProviderSpec struct { // Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch // /.well-known/openid-configuration. // +kubebuilder:validation:MinLength=1 @@ -94,7 +94,7 @@ type UpstreamOIDCProviderSpec struct { Client OIDCClient `json:"client"` } -// UpstreamOIDCProvider describes the configuration of an upstream OpenID Connect identity provider. +// OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps @@ -102,22 +102,22 @@ type UpstreamOIDCProviderSpec struct { // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase` // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` // +kubebuilder:subresource:status -type UpstreamOIDCProvider struct { +type OIDCIdentityProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec for configuring the identity provider. - Spec UpstreamOIDCProviderSpec `json:"spec"` + Spec OIDCIdentityProviderSpec `json:"spec"` // Status of the identity provider. - Status UpstreamOIDCProviderStatus `json:"status,omitempty"` + Status OIDCIdentityProviderStatus `json:"status,omitempty"` } -// List of UpstreamOIDCProvider objects. +// List of OIDCIdentityProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type UpstreamOIDCProviderList struct { +type OIDCIdentityProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []UpstreamOIDCProvider `json:"items"` + Items []OIDCIdentityProvider `json:"items"` } diff --git a/generated/1.19/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 9eeade4e..b3ab1ae1 100644 --- a/generated/1.19/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -81,6 +81,114 @@ func (in *OIDCClient) DeepCopy() *OIDCClient { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProvider) DeepCopyInto(out *OIDCIdentityProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProvider. +func (in *OIDCIdentityProvider) DeepCopy() *OIDCIdentityProvider { + if in == nil { + return nil + } + out := new(OIDCIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OIDCIdentityProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderList) DeepCopyInto(out *OIDCIdentityProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OIDCIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderList. +func (in *OIDCIdentityProviderList) DeepCopy() *OIDCIdentityProviderList { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OIDCIdentityProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderSpec) DeepCopyInto(out *OIDCIdentityProviderSpec) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(TLSSpec) + **out = **in + } + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + out.Claims = in.Claims + out.Client = in.Client + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderSpec. +func (in *OIDCIdentityProviderSpec) DeepCopy() *OIDCIdentityProviderSpec { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCIdentityProviderStatus) DeepCopyInto(out *OIDCIdentityProviderStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderStatus. +func (in *OIDCIdentityProviderStatus) DeepCopy() *OIDCIdentityProviderStatus { + if in == nil { + return nil + } + out := new(OIDCIdentityProviderStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in @@ -96,111 +204,3 @@ func (in *TLSSpec) DeepCopy() *TLSSpec { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProvider. -func (in *UpstreamOIDCProvider) DeepCopy() *UpstreamOIDCProvider { - if in == nil { - return nil - } - out := new(UpstreamOIDCProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *UpstreamOIDCProvider) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderList) DeepCopyInto(out *UpstreamOIDCProviderList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]UpstreamOIDCProvider, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderList. -func (in *UpstreamOIDCProviderList) DeepCopy() *UpstreamOIDCProviderList { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *UpstreamOIDCProviderList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) { - *out = *in - if in.TLS != nil { - in, out := &in.TLS, &out.TLS - *out = new(TLSSpec) - **out = **in - } - in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) - out.Claims = in.Claims - out.Client = in.Client - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderSpec. -func (in *UpstreamOIDCProviderSpec) DeepCopy() *UpstreamOIDCProviderSpec { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UpstreamOIDCProviderStatus) DeepCopyInto(out *UpstreamOIDCProviderStatus) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpstreamOIDCProviderStatus. -func (in *UpstreamOIDCProviderStatus) DeepCopy() *UpstreamOIDCProviderStatus { - if in == nil { - return nil - } - out := new(UpstreamOIDCProviderStatus) - in.DeepCopyInto(out) - return out -} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go index b9ff785c..b75fa1b0 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - OIDCProvidersGetter + FederationDomainsGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) OIDCProviders(namespace string) OIDCProviderInterface { - return newOIDCProviders(c, namespace) +func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDomainInterface { + return newFederationDomains(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index 8925e998..f9b3bef2 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) OIDCProviders(namespace string) v1alpha1.OIDCProviderInterface { - return &FakeOIDCProviders{c, namespace} +func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.FederationDomainInterface { + return &FakeFederationDomains{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go new file mode 100644 index 00000000..c164d294 --- /dev/null +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeFederationDomains implements FederationDomainInterface +type FakeFederationDomains struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var federationdomainsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "federationdomains"} + +var federationdomainsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "FederationDomain"} + +// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any. +func (c *FakeFederationDomains) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// List takes label and field selectors, and returns the list of FederationDomains that match those selectors. +func (c *FakeFederationDomains) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(federationdomainsResource, federationdomainsKind, c.ns, opts), &v1alpha1.FederationDomainList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.FederationDomainList{ListMeta: obj.(*v1alpha1.FederationDomainList).ListMeta} + for _, item := range obj.(*v1alpha1.FederationDomainList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested federationDomains. +func (c *FakeFederationDomains) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(federationdomainsResource, c.ns, opts)) + +} + +// Create takes the representation of a federationDomain and creates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *FakeFederationDomains) Create(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.CreateOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *FakeFederationDomains) Update(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeFederationDomains) UpdateStatus(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (*v1alpha1.FederationDomain, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(federationdomainsResource, "status", c.ns, federationDomain), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} + +// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs. +func (c *FakeFederationDomains) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeFederationDomains) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(federationdomainsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.FederationDomainList{}) + return err +} + +// Patch applies the patch and returns the patched federationDomain. +func (c *FakeFederationDomains) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.FederationDomain, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(federationdomainsResource, c.ns, name, pt, data, subresources...), &v1alpha1.FederationDomain{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.FederationDomain), err +} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go deleted file mode 100644 index 675f29ca..00000000 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeOIDCProviders implements OIDCProviderInterface -type FakeOIDCProviders struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var oidcprovidersResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviders"} - -var oidcprovidersKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProvider"} - -// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. -func (c *FakeOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. -func (c *FakeOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(oidcprovidersResource, oidcprovidersKind, c.ns, opts), &v1alpha1.OIDCProviderList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.OIDCProviderList{ListMeta: obj.(*v1alpha1.OIDCProviderList).ListMeta} - for _, item := range obj.(*v1alpha1.OIDCProviderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested oIDCProviders. -func (c *FakeOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(oidcprovidersResource, c.ns, opts)) - -} - -// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *FakeOIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *FakeOIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(oidcprovidersResource, "status", c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} - -// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. -func (c *FakeOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(oidcprovidersResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderList{}) - return err -} - -// Patch applies the patch and returns the patched oIDCProvider. -func (c *FakeOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(oidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProvider), err -} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..8e03ae61 --- /dev/null +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/federationdomain.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// FederationDomainsGetter has a method to return a FederationDomainInterface. +// A group's client should implement this interface. +type FederationDomainsGetter interface { + FederationDomains(namespace string) FederationDomainInterface +} + +// FederationDomainInterface has methods to work with FederationDomain resources. +type FederationDomainInterface interface { + Create(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.CreateOptions) (*v1alpha1.FederationDomain, error) + Update(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (*v1alpha1.FederationDomain, error) + UpdateStatus(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (*v1alpha1.FederationDomain, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.FederationDomain, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.FederationDomainList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.FederationDomain, err error) + FederationDomainExpansion +} + +// federationDomains implements FederationDomainInterface +type federationDomains struct { + client rest.Interface + ns string +} + +// newFederationDomains returns a FederationDomains +func newFederationDomains(c *ConfigV1alpha1Client, namespace string) *federationDomains { + return &federationDomains{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any. +func (c *federationDomains) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of FederationDomains that match those selectors. +func (c *federationDomains) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.FederationDomainList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested federationDomains. +func (c *federationDomains) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a federationDomain and creates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *federationDomains) Create(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.CreateOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Post(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(federationDomain). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any. +func (c *federationDomains) Update(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Put(). + Namespace(c.ns). + Resource("federationdomains"). + Name(federationDomain.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(federationDomain). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *federationDomains) UpdateStatus(ctx context.Context, federationDomain *v1alpha1.FederationDomain, opts v1.UpdateOptions) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Put(). + Namespace(c.ns). + Resource("federationdomains"). + Name(federationDomain.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(federationDomain). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs. +func (c *federationDomains) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *federationDomains) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("federationdomains"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched federationDomain. +func (c *federationDomains) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.FederationDomain, err error) { + result = &v1alpha1.FederationDomain{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("federationdomains"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 09541c9a..00f4c934 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type OIDCProviderExpansion interface{} +type FederationDomainExpansion interface{} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go deleted file mode 100644 index 362fa07f..00000000 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// OIDCProvidersGetter has a method to return a OIDCProviderInterface. -// A group's client should implement this interface. -type OIDCProvidersGetter interface { - OIDCProviders(namespace string) OIDCProviderInterface -} - -// OIDCProviderInterface has methods to work with OIDCProvider resources. -type OIDCProviderInterface interface { - Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (*v1alpha1.OIDCProvider, error) - Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) - UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProvider, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCProviderList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) - OIDCProviderExpansion -} - -// oIDCProviders implements OIDCProviderInterface -type oIDCProviders struct { - client rest.Interface - ns string -} - -// newOIDCProviders returns a OIDCProviders -func newOIDCProviders(c *ConfigV1alpha1Client, namespace string) *oIDCProviders { - return &oIDCProviders{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. -func (c *oIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. -func (c *oIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.OIDCProviderList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested oIDCProviders. -func (c *oIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *oIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Post(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProvider). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. -func (c *oIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(oIDCProvider.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProvider). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *oIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(oIDCProvider.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProvider). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. -func (c *oIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *oIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviders"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched oIDCProvider. -func (c *oIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { - result = &v1alpha1.OIDCProvider{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("oidcproviders"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go index 57199da7..14e6433e 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go @@ -15,8 +15,8 @@ type FakeIDPV1alpha1 struct { *testing.Fake } -func (c *FakeIDPV1alpha1) UpstreamOIDCProviders(namespace string) v1alpha1.UpstreamOIDCProviderInterface { - return &FakeUpstreamOIDCProviders{c, namespace} +func (c *FakeIDPV1alpha1) OIDCIdentityProviders(namespace string) v1alpha1.OIDCIdentityProviderInterface { + return &FakeOIDCIdentityProviders{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go new file mode 100644 index 00000000..25ed7472 --- /dev/null +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_oidcidentityprovider.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOIDCIdentityProviders implements OIDCIdentityProviderInterface +type FakeOIDCIdentityProviders struct { + Fake *FakeIDPV1alpha1 + ns string +} + +var oidcidentityprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcidentityproviders"} + +var oidcidentityprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCIdentityProvider"} + +// Get takes name of the oIDCIdentityProvider, and returns the corresponding oIDCIdentityProvider object, and an error if there is any. +func (c *FakeOIDCIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(oidcidentityprovidersResource, c.ns, name), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// List takes label and field selectors, and returns the list of OIDCIdentityProviders that match those selectors. +func (c *FakeOIDCIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCIdentityProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(oidcidentityprovidersResource, oidcidentityprovidersKind, c.ns, opts), &v1alpha1.OIDCIdentityProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.OIDCIdentityProviderList{ListMeta: obj.(*v1alpha1.OIDCIdentityProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.OIDCIdentityProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested oIDCIdentityProviders. +func (c *FakeOIDCIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(oidcidentityprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a oIDCIdentityProvider and creates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *FakeOIDCIdentityProviders) Create(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(oidcidentityprovidersResource, c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// Update takes the representation of a oIDCIdentityProvider and updates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *FakeOIDCIdentityProviders) Update(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(oidcidentityprovidersResource, c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCIdentityProviders) UpdateStatus(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCIdentityProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcidentityprovidersResource, "status", c.ns, oIDCIdentityProvider), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} + +// Delete takes name of the oIDCIdentityProvider and deletes it. Returns an error if one occurs. +func (c *FakeOIDCIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(oidcidentityprovidersResource, c.ns, name), &v1alpha1.OIDCIdentityProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOIDCIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(oidcidentityprovidersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.OIDCIdentityProviderList{}) + return err +} + +// Patch applies the patch and returns the patched oIDCIdentityProvider. +func (c *FakeOIDCIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(oidcidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCIdentityProvider), err +} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go deleted file mode 100644 index d26f3fb3..00000000 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake/fake_upstreamoidcprovider.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeUpstreamOIDCProviders implements UpstreamOIDCProviderInterface -type FakeUpstreamOIDCProviders struct { - Fake *FakeIDPV1alpha1 - ns string -} - -var upstreamoidcprovidersResource = schema.GroupVersionResource{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "upstreamoidcproviders"} - -var upstreamoidcprovidersKind = schema.GroupVersionKind{Group: "idp.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "UpstreamOIDCProvider"} - -// Get takes name of the upstreamOIDCProvider, and returns the corresponding upstreamOIDCProvider object, and an error if there is any. -func (c *FakeUpstreamOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(upstreamoidcprovidersResource, c.ns, name), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// List takes label and field selectors, and returns the list of UpstreamOIDCProviders that match those selectors. -func (c *FakeUpstreamOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.UpstreamOIDCProviderList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(upstreamoidcprovidersResource, upstreamoidcprovidersKind, c.ns, opts), &v1alpha1.UpstreamOIDCProviderList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.UpstreamOIDCProviderList{ListMeta: obj.(*v1alpha1.UpstreamOIDCProviderList).ListMeta} - for _, item := range obj.(*v1alpha1.UpstreamOIDCProviderList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested upstreamOIDCProviders. -func (c *FakeUpstreamOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(upstreamoidcprovidersResource, c.ns, opts)) - -} - -// Create takes the representation of a upstreamOIDCProvider and creates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *FakeUpstreamOIDCProviders) Create(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.CreateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(upstreamoidcprovidersResource, c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// Update takes the representation of a upstreamOIDCProvider and updates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *FakeUpstreamOIDCProviders) Update(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(upstreamoidcprovidersResource, c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeUpstreamOIDCProviders) UpdateStatus(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (*v1alpha1.UpstreamOIDCProvider, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(upstreamoidcprovidersResource, "status", c.ns, upstreamOIDCProvider), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} - -// Delete takes name of the upstreamOIDCProvider and deletes it. Returns an error if one occurs. -func (c *FakeUpstreamOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(upstreamoidcprovidersResource, c.ns, name), &v1alpha1.UpstreamOIDCProvider{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeUpstreamOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(upstreamoidcprovidersResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.UpstreamOIDCProviderList{}) - return err -} - -// Patch applies the patch and returns the patched upstreamOIDCProvider. -func (c *FakeUpstreamOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(upstreamoidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.UpstreamOIDCProvider{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.UpstreamOIDCProvider), err -} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go index 1950f156..55c3c3e5 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type UpstreamOIDCProviderExpansion interface{} +type OIDCIdentityProviderExpansion interface{} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go index 69a54302..a6e63d59 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/idp_client.go @@ -13,7 +13,7 @@ import ( type IDPV1alpha1Interface interface { RESTClient() rest.Interface - UpstreamOIDCProvidersGetter + OIDCIdentityProvidersGetter } // IDPV1alpha1Client is used to interact with features provided by the idp.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type IDPV1alpha1Client struct { restClient rest.Interface } -func (c *IDPV1alpha1Client) UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderInterface { - return newUpstreamOIDCProviders(c, namespace) +func (c *IDPV1alpha1Client) OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface { + return newOIDCIdentityProviders(c, namespace) } // NewForConfig creates a new IDPV1alpha1Client for the given config. diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go new file mode 100644 index 00000000..d9a82656 --- /dev/null +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/oidcidentityprovider.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" + scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// OIDCIdentityProvidersGetter has a method to return a OIDCIdentityProviderInterface. +// A group's client should implement this interface. +type OIDCIdentityProvidersGetter interface { + OIDCIdentityProviders(namespace string) OIDCIdentityProviderInterface +} + +// OIDCIdentityProviderInterface has methods to work with OIDCIdentityProvider resources. +type OIDCIdentityProviderInterface interface { + Create(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.CreateOptions) (*v1alpha1.OIDCIdentityProvider, error) + Update(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCIdentityProvider, error) + UpdateStatus(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCIdentityProvider, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCIdentityProvider, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCIdentityProviderList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) + OIDCIdentityProviderExpansion +} + +// oIDCIdentityProviders implements OIDCIdentityProviderInterface +type oIDCIdentityProviders struct { + client rest.Interface + ns string +} + +// newOIDCIdentityProviders returns a OIDCIdentityProviders +func newOIDCIdentityProviders(c *IDPV1alpha1Client, namespace string) *oIDCIdentityProviders { + return &oIDCIdentityProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the oIDCIdentityProvider, and returns the corresponding oIDCIdentityProvider object, and an error if there is any. +func (c *oIDCIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of OIDCIdentityProviders that match those selectors. +func (c *oIDCIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCIdentityProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.OIDCIdentityProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested oIDCIdentityProviders. +func (c *oIDCIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a oIDCIdentityProvider and creates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *oIDCIdentityProviders) Create(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a oIDCIdentityProvider and updates it. Returns the server's representation of the oIDCIdentityProvider, and an error, if there is any. +func (c *oIDCIdentityProviders) Update(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(oIDCIdentityProvider.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCIdentityProvider). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *oIDCIdentityProviders) UpdateStatus(ctx context.Context, oIDCIdentityProvider *v1alpha1.OIDCIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(oIDCIdentityProvider.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the oIDCIdentityProvider and deletes it. Returns an error if one occurs. +func (c *oIDCIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *oIDCIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcidentityproviders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched oIDCIdentityProvider. +func (c *oIDCIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCIdentityProvider, err error) { + result = &v1alpha1.OIDCIdentityProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("oidcidentityproviders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go deleted file mode 100644 index 19f4f829..00000000 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/idp/v1alpha1/upstreamoidcprovider.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" - scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// UpstreamOIDCProvidersGetter has a method to return a UpstreamOIDCProviderInterface. -// A group's client should implement this interface. -type UpstreamOIDCProvidersGetter interface { - UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderInterface -} - -// UpstreamOIDCProviderInterface has methods to work with UpstreamOIDCProvider resources. -type UpstreamOIDCProviderInterface interface { - Create(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.CreateOptions) (*v1alpha1.UpstreamOIDCProvider, error) - Update(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (*v1alpha1.UpstreamOIDCProvider, error) - UpdateStatus(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (*v1alpha1.UpstreamOIDCProvider, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.UpstreamOIDCProvider, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.UpstreamOIDCProviderList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) - UpstreamOIDCProviderExpansion -} - -// upstreamOIDCProviders implements UpstreamOIDCProviderInterface -type upstreamOIDCProviders struct { - client rest.Interface - ns string -} - -// newUpstreamOIDCProviders returns a UpstreamOIDCProviders -func newUpstreamOIDCProviders(c *IDPV1alpha1Client, namespace string) *upstreamOIDCProviders { - return &upstreamOIDCProviders{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the upstreamOIDCProvider, and returns the corresponding upstreamOIDCProvider object, and an error if there is any. -func (c *upstreamOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of UpstreamOIDCProviders that match those selectors. -func (c *upstreamOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.UpstreamOIDCProviderList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.UpstreamOIDCProviderList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested upstreamOIDCProviders. -func (c *upstreamOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a upstreamOIDCProvider and creates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *upstreamOIDCProviders) Create(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.CreateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Post(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(upstreamOIDCProvider). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a upstreamOIDCProvider and updates it. Returns the server's representation of the upstreamOIDCProvider, and an error, if there is any. -func (c *upstreamOIDCProviders) Update(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(upstreamOIDCProvider.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(upstreamOIDCProvider). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *upstreamOIDCProviders) UpdateStatus(ctx context.Context, upstreamOIDCProvider *v1alpha1.UpstreamOIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Put(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(upstreamOIDCProvider.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(upstreamOIDCProvider). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the upstreamOIDCProvider and deletes it. Returns an error if one occurs. -func (c *upstreamOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *upstreamOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched upstreamOIDCProvider. -func (c *upstreamOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.UpstreamOIDCProvider, err error) { - result = &v1alpha1.UpstreamOIDCProvider{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("upstreamoidcproviders"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..b2fa08c9 --- /dev/null +++ b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/federationdomain.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// FederationDomainInformer provides access to a shared informer and lister for +// FederationDomains. +type FederationDomainInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.FederationDomainLister +} + +type federationDomainInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewFederationDomainInformer constructs a new informer for FederationDomain type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFederationDomainInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredFederationDomainInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredFederationDomainInformer constructs a new informer for FederationDomain type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredFederationDomainInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().FederationDomains(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().FederationDomains(namespace).Watch(context.TODO(), options) + }, + }, + &configv1alpha1.FederationDomain{}, + resyncPeriod, + indexers, + ) +} + +func (f *federationDomainInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredFederationDomainInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *federationDomainInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.FederationDomain{}, f.defaultInformer) +} + +func (f *federationDomainInformer) Lister() v1alpha1.FederationDomainLister { + return v1alpha1.NewFederationDomainLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go index 92c87ad3..cfaf9ede 100644 --- a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // OIDCProviders returns a OIDCProviderInformer. - OIDCProviders() OIDCProviderInformer + // FederationDomains returns a FederationDomainInformer. + FederationDomains() FederationDomainInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// OIDCProviders returns a OIDCProviderInformer. -func (v *version) OIDCProviders() OIDCProviderInformer { - return &oIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// FederationDomains returns a FederationDomainInformer. +func (v *version) FederationDomains() FederationDomainInformer { + return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go deleted file mode 100644 index 7714b8a4..00000000 --- a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// OIDCProviderInformer provides access to a shared informer and lister for -// OIDCProviders. -type OIDCProviderInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.OIDCProviderLister -} - -type oIDCProviderInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewOIDCProviderInformer constructs a new informer for OIDCProvider type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredOIDCProviderInformer constructs a new informer for OIDCProvider type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviders(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviders(namespace).Watch(context.TODO(), options) - }, - }, - &configv1alpha1.OIDCProvider{}, - resyncPeriod, - indexers, - ) -} - -func (f *oIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *oIDCProviderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.OIDCProvider{}, f.defaultInformer) -} - -func (f *oIDCProviderInformer) Lister() v1alpha1.OIDCProviderLister { - return v1alpha1.NewOIDCProviderLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.19/client/supervisor/informers/externalversions/generic.go b/generated/1.19/client/supervisor/informers/externalversions/generic.go index 8d6bf6d3..1575c38b 100644 --- a/generated/1.19/client/supervisor/informers/externalversions/generic.go +++ b/generated/1.19/client/supervisor/informers/externalversions/generic.go @@ -41,12 +41,12 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=config.supervisor.pinniped.dev, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("oidcproviders"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviders().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil // Group=idp.supervisor.pinniped.dev, Version=v1alpha1 - case idpv1alpha1.SchemeGroupVersion.WithResource("upstreamoidcproviders"): - return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().UpstreamOIDCProviders().Informer()}, nil + case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil } diff --git a/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go b/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go index 0d67191a..4f6ecc9c 100644 --- a/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go +++ b/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // UpstreamOIDCProviders returns a UpstreamOIDCProviderInformer. - UpstreamOIDCProviders() UpstreamOIDCProviderInformer + // OIDCIdentityProviders returns a OIDCIdentityProviderInformer. + OIDCIdentityProviders() OIDCIdentityProviderInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// UpstreamOIDCProviders returns a UpstreamOIDCProviderInformer. -func (v *version) UpstreamOIDCProviders() UpstreamOIDCProviderInformer { - return &upstreamOIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// OIDCIdentityProviders returns a OIDCIdentityProviderInformer. +func (v *version) OIDCIdentityProviders() OIDCIdentityProviderInformer { + return &oIDCIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go similarity index 65% rename from generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go rename to generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go index 6799fa8b..8ee98652 100644 --- a/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/upstreamoidcprovider.go +++ b/generated/1.19/client/supervisor/informers/externalversions/idp/v1alpha1/oidcidentityprovider.go @@ -19,59 +19,59 @@ import ( cache "k8s.io/client-go/tools/cache" ) -// UpstreamOIDCProviderInformer provides access to a shared informer and lister for -// UpstreamOIDCProviders. -type UpstreamOIDCProviderInformer interface { +// OIDCIdentityProviderInformer provides access to a shared informer and lister for +// OIDCIdentityProviders. +type OIDCIdentityProviderInformer interface { Informer() cache.SharedIndexInformer - Lister() v1alpha1.UpstreamOIDCProviderLister + Lister() v1alpha1.OIDCIdentityProviderLister } -type upstreamOIDCProviderInformer struct { +type oIDCIdentityProviderInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc namespace string } -// NewUpstreamOIDCProviderInformer constructs a new informer for UpstreamOIDCProvider type. +// NewOIDCIdentityProviderInformer constructs a new informer for OIDCIdentityProvider type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewUpstreamOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredUpstreamOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) +func NewOIDCIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOIDCIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil) } -// NewFilteredUpstreamOIDCProviderInformer constructs a new informer for UpstreamOIDCProvider type. +// NewFilteredOIDCIdentityProviderInformer constructs a new informer for OIDCIdentityProvider type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredUpstreamOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredOIDCIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.IDPV1alpha1().UpstreamOIDCProviders(namespace).List(context.TODO(), options) + return client.IDPV1alpha1().OIDCIdentityProviders(namespace).List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.IDPV1alpha1().UpstreamOIDCProviders(namespace).Watch(context.TODO(), options) + return client.IDPV1alpha1().OIDCIdentityProviders(namespace).Watch(context.TODO(), options) }, }, - &idpv1alpha1.UpstreamOIDCProvider{}, + &idpv1alpha1.OIDCIdentityProvider{}, resyncPeriod, indexers, ) } -func (f *upstreamOIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredUpstreamOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *oIDCIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOIDCIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *upstreamOIDCProviderInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&idpv1alpha1.UpstreamOIDCProvider{}, f.defaultInformer) +func (f *oIDCIdentityProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&idpv1alpha1.OIDCIdentityProvider{}, f.defaultInformer) } -func (f *upstreamOIDCProviderInformer) Lister() v1alpha1.UpstreamOIDCProviderLister { - return v1alpha1.NewUpstreamOIDCProviderLister(f.Informer().GetIndexer()) +func (f *oIDCIdentityProviderInformer) Lister() v1alpha1.OIDCIdentityProviderLister { + return v1alpha1.NewOIDCIdentityProviderLister(f.Informer().GetIndexer()) } diff --git a/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go b/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go index 3d2b7e22..d4e52519 100644 --- a/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// OIDCProviderListerExpansion allows custom methods to be added to -// OIDCProviderLister. -type OIDCProviderListerExpansion interface{} +// FederationDomainListerExpansion allows custom methods to be added to +// FederationDomainLister. +type FederationDomainListerExpansion interface{} -// OIDCProviderNamespaceListerExpansion allows custom methods to be added to -// OIDCProviderNamespaceLister. -type OIDCProviderNamespaceListerExpansion interface{} +// FederationDomainNamespaceListerExpansion allows custom methods to be added to +// FederationDomainNamespaceLister. +type FederationDomainNamespaceListerExpansion interface{} diff --git a/generated/1.19/client/supervisor/listers/config/v1alpha1/federationdomain.go b/generated/1.19/client/supervisor/listers/config/v1alpha1/federationdomain.go new file mode 100644 index 00000000..9f142111 --- /dev/null +++ b/generated/1.19/client/supervisor/listers/config/v1alpha1/federationdomain.go @@ -0,0 +1,86 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// FederationDomainLister helps list FederationDomains. +// All objects returned here must be treated as read-only. +type FederationDomainLister interface { + // List lists all FederationDomains in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) + // FederationDomains returns an object that can list and get FederationDomains. + FederationDomains(namespace string) FederationDomainNamespaceLister + FederationDomainListerExpansion +} + +// federationDomainLister implements the FederationDomainLister interface. +type federationDomainLister struct { + indexer cache.Indexer +} + +// NewFederationDomainLister returns a new FederationDomainLister. +func NewFederationDomainLister(indexer cache.Indexer) FederationDomainLister { + return &federationDomainLister{indexer: indexer} +} + +// List lists all FederationDomains in the indexer. +func (s *federationDomainLister) List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.FederationDomain)) + }) + return ret, err +} + +// FederationDomains returns an object that can list and get FederationDomains. +func (s *federationDomainLister) FederationDomains(namespace string) FederationDomainNamespaceLister { + return federationDomainNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// FederationDomainNamespaceLister helps list and get FederationDomains. +// All objects returned here must be treated as read-only. +type FederationDomainNamespaceLister interface { + // List lists all FederationDomains in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) + // Get retrieves the FederationDomain from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.FederationDomain, error) + FederationDomainNamespaceListerExpansion +} + +// federationDomainNamespaceLister implements the FederationDomainNamespaceLister +// interface. +type federationDomainNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all FederationDomains in the indexer for a given namespace. +func (s federationDomainNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.FederationDomain, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.FederationDomain)) + }) + return ret, err +} + +// Get retrieves the FederationDomain from the indexer for a given namespace and name. +func (s federationDomainNamespaceLister) Get(name string) (*v1alpha1.FederationDomain, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("federationdomain"), name) + } + return obj.(*v1alpha1.FederationDomain), nil +} diff --git a/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go b/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go deleted file mode 100644 index 59bf42fc..00000000 --- a/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// OIDCProviderLister helps list OIDCProviders. -// All objects returned here must be treated as read-only. -type OIDCProviderLister interface { - // List lists all OIDCProviders in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) - // OIDCProviders returns an object that can list and get OIDCProviders. - OIDCProviders(namespace string) OIDCProviderNamespaceLister - OIDCProviderListerExpansion -} - -// oIDCProviderLister implements the OIDCProviderLister interface. -type oIDCProviderLister struct { - indexer cache.Indexer -} - -// NewOIDCProviderLister returns a new OIDCProviderLister. -func NewOIDCProviderLister(indexer cache.Indexer) OIDCProviderLister { - return &oIDCProviderLister{indexer: indexer} -} - -// List lists all OIDCProviders in the indexer. -func (s *oIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProvider)) - }) - return ret, err -} - -// OIDCProviders returns an object that can list and get OIDCProviders. -func (s *oIDCProviderLister) OIDCProviders(namespace string) OIDCProviderNamespaceLister { - return oIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// OIDCProviderNamespaceLister helps list and get OIDCProviders. -// All objects returned here must be treated as read-only. -type OIDCProviderNamespaceLister interface { - // List lists all OIDCProviders in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) - // Get retrieves the OIDCProvider from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.OIDCProvider, error) - OIDCProviderNamespaceListerExpansion -} - -// oIDCProviderNamespaceLister implements the OIDCProviderNamespaceLister -// interface. -type oIDCProviderNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all OIDCProviders in the indexer for a given namespace. -func (s oIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProvider)) - }) - return ret, err -} - -// Get retrieves the OIDCProvider from the indexer for a given namespace and name. -func (s oIDCProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCProvider, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("oidcprovider"), name) - } - return obj.(*v1alpha1.OIDCProvider), nil -} diff --git a/generated/1.19/client/supervisor/listers/idp/v1alpha1/expansion_generated.go b/generated/1.19/client/supervisor/listers/idp/v1alpha1/expansion_generated.go index 5d290e01..da0f8025 100644 --- a/generated/1.19/client/supervisor/listers/idp/v1alpha1/expansion_generated.go +++ b/generated/1.19/client/supervisor/listers/idp/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// UpstreamOIDCProviderListerExpansion allows custom methods to be added to -// UpstreamOIDCProviderLister. -type UpstreamOIDCProviderListerExpansion interface{} +// OIDCIdentityProviderListerExpansion allows custom methods to be added to +// OIDCIdentityProviderLister. +type OIDCIdentityProviderListerExpansion interface{} -// UpstreamOIDCProviderNamespaceListerExpansion allows custom methods to be added to -// UpstreamOIDCProviderNamespaceLister. -type UpstreamOIDCProviderNamespaceListerExpansion interface{} +// OIDCIdentityProviderNamespaceListerExpansion allows custom methods to be added to +// OIDCIdentityProviderNamespaceLister. +type OIDCIdentityProviderNamespaceListerExpansion interface{} diff --git a/generated/1.19/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go b/generated/1.19/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go new file mode 100644 index 00000000..4a174d18 --- /dev/null +++ b/generated/1.19/client/supervisor/listers/idp/v1alpha1/oidcidentityprovider.go @@ -0,0 +1,86 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OIDCIdentityProviderLister helps list OIDCIdentityProviders. +// All objects returned here must be treated as read-only. +type OIDCIdentityProviderLister interface { + // List lists all OIDCIdentityProviders in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) + // OIDCIdentityProviders returns an object that can list and get OIDCIdentityProviders. + OIDCIdentityProviders(namespace string) OIDCIdentityProviderNamespaceLister + OIDCIdentityProviderListerExpansion +} + +// oIDCIdentityProviderLister implements the OIDCIdentityProviderLister interface. +type oIDCIdentityProviderLister struct { + indexer cache.Indexer +} + +// NewOIDCIdentityProviderLister returns a new OIDCIdentityProviderLister. +func NewOIDCIdentityProviderLister(indexer cache.Indexer) OIDCIdentityProviderLister { + return &oIDCIdentityProviderLister{indexer: indexer} +} + +// List lists all OIDCIdentityProviders in the indexer. +func (s *oIDCIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCIdentityProvider)) + }) + return ret, err +} + +// OIDCIdentityProviders returns an object that can list and get OIDCIdentityProviders. +func (s *oIDCIdentityProviderLister) OIDCIdentityProviders(namespace string) OIDCIdentityProviderNamespaceLister { + return oIDCIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OIDCIdentityProviderNamespaceLister helps list and get OIDCIdentityProviders. +// All objects returned here must be treated as read-only. +type OIDCIdentityProviderNamespaceLister interface { + // List lists all OIDCIdentityProviders in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) + // Get retrieves the OIDCIdentityProvider from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.OIDCIdentityProvider, error) + OIDCIdentityProviderNamespaceListerExpansion +} + +// oIDCIdentityProviderNamespaceLister implements the OIDCIdentityProviderNamespaceLister +// interface. +type oIDCIdentityProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all OIDCIdentityProviders in the indexer for a given namespace. +func (s oIDCIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCIdentityProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCIdentityProvider)) + }) + return ret, err +} + +// Get retrieves the OIDCIdentityProvider from the indexer for a given namespace and name. +func (s oIDCIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCIdentityProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("oidcidentityprovider"), name) + } + return obj.(*v1alpha1.OIDCIdentityProvider), nil +} diff --git a/generated/1.19/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go b/generated/1.19/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go deleted file mode 100644 index 7bd60666..00000000 --- a/generated/1.19/client/supervisor/listers/idp/v1alpha1/upstreamoidcprovider.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// UpstreamOIDCProviderLister helps list UpstreamOIDCProviders. -// All objects returned here must be treated as read-only. -type UpstreamOIDCProviderLister interface { - // List lists all UpstreamOIDCProviders in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) - // UpstreamOIDCProviders returns an object that can list and get UpstreamOIDCProviders. - UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderNamespaceLister - UpstreamOIDCProviderListerExpansion -} - -// upstreamOIDCProviderLister implements the UpstreamOIDCProviderLister interface. -type upstreamOIDCProviderLister struct { - indexer cache.Indexer -} - -// NewUpstreamOIDCProviderLister returns a new UpstreamOIDCProviderLister. -func NewUpstreamOIDCProviderLister(indexer cache.Indexer) UpstreamOIDCProviderLister { - return &upstreamOIDCProviderLister{indexer: indexer} -} - -// List lists all UpstreamOIDCProviders in the indexer. -func (s *upstreamOIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.UpstreamOIDCProvider)) - }) - return ret, err -} - -// UpstreamOIDCProviders returns an object that can list and get UpstreamOIDCProviders. -func (s *upstreamOIDCProviderLister) UpstreamOIDCProviders(namespace string) UpstreamOIDCProviderNamespaceLister { - return upstreamOIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// UpstreamOIDCProviderNamespaceLister helps list and get UpstreamOIDCProviders. -// All objects returned here must be treated as read-only. -type UpstreamOIDCProviderNamespaceLister interface { - // List lists all UpstreamOIDCProviders in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) - // Get retrieves the UpstreamOIDCProvider from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.UpstreamOIDCProvider, error) - UpstreamOIDCProviderNamespaceListerExpansion -} - -// upstreamOIDCProviderNamespaceLister implements the UpstreamOIDCProviderNamespaceLister -// interface. -type upstreamOIDCProviderNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all UpstreamOIDCProviders in the indexer for a given namespace. -func (s upstreamOIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.UpstreamOIDCProvider, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.UpstreamOIDCProvider)) - }) - return ret, err -} - -// Get retrieves the UpstreamOIDCProvider from the indexer for a given namespace and name. -func (s upstreamOIDCProviderNamespaceLister) Get(name string) (*v1alpha1.UpstreamOIDCProvider, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("upstreamoidcprovider"), name) - } - return obj.(*v1alpha1.UpstreamOIDCProvider), nil -} diff --git a/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml b/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml similarity index 93% rename from generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml rename to generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml index 47c6f5a9..d894643b 100644 --- a/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml +++ b/generated/1.19/crds/config.supervisor.pinniped.dev_federationdomains.yaml @@ -6,22 +6,22 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviders.config.supervisor.pinniped.dev + name: federationdomains.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: categories: - pinniped - kind: OIDCProvider - listKind: OIDCProviderList - plural: oidcproviders - singular: oidcprovider + kind: FederationDomain + listKind: FederationDomainList + plural: federationdomains + singular: federationdomain scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProvider describes the configuration of an OIDC provider. + description: FederationDomain describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -50,14 +50,14 @@ spec: minLength: 1 type: string tls: - description: TLS configures how this OIDCProvider is served over Transport - Layer Security (TLS). + description: TLS configures how this FederationDomain is served over + Transport Layer Security (TLS). properties: secretName: description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by - this OIDCProvider. When provided, the TLS Secret named here + this FederationDomain. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. \n Server Name Indication (SNI) is an extension to the Transport Layer Security diff --git a/deploy/supervisor/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml b/generated/1.19/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml similarity index 96% rename from deploy/supervisor/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml rename to generated/1.19/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index bd239a6f..75cf37d0 100644 --- a/deploy/supervisor/idp.supervisor.pinniped.dev_upstreamoidcproviders.yaml +++ b/generated/1.19/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -6,7 +6,7 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: upstreamoidcproviders.idp.supervisor.pinniped.dev + name: oidcidentityproviders.idp.supervisor.pinniped.dev spec: group: idp.supervisor.pinniped.dev names: @@ -14,10 +14,10 @@ spec: - pinniped - pinniped-idp - pinniped-idps - kind: UpstreamOIDCProvider - listKind: UpstreamOIDCProviderList - plural: upstreamoidcproviders - singular: upstreamoidcprovider + kind: OIDCIdentityProvider + listKind: OIDCIdentityProviderList + plural: oidcidentityproviders + singular: oidcidentityprovider scope: Namespaced versions: - additionalPrinterColumns: @@ -33,7 +33,7 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: UpstreamOIDCProvider describes the configuration of an upstream + description: OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. properties: apiVersion: @@ -183,7 +183,7 @@ spec: x-kubernetes-list-type: map phase: default: Pending - description: Phase summarizes the overall status of the UpstreamOIDCProvider. + description: Phase summarizes the overall status of the OIDCIdentityProvider. enum: - Pending - Ready diff --git a/hack/lib/tilt/Tiltfile b/hack/lib/tilt/Tiltfile index 8233f665..cb455004 100644 --- a/hack/lib/tilt/Tiltfile +++ b/hack/lib/tilt/Tiltfile @@ -118,8 +118,8 @@ k8s_resource( new_name='supervisor', # this is the name that will appear in the tilt UI objects=[ # these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI - 'oidcproviders.config.supervisor.pinniped.dev:customresourcedefinition', - 'upstreamoidcproviders.idp.supervisor.pinniped.dev:customresourcedefinition', + 'federationdomains.config.supervisor.pinniped.dev:customresourcedefinition', + 'oidcidentityproviders.idp.supervisor.pinniped.dev:customresourcedefinition', 'pinniped-supervisor-static-config:configmap', 'supervisor:namespace', 'pinniped-supervisor:role', diff --git a/internal/controller/supervisorconfig/generator/generator.go b/internal/controller/supervisorconfig/generator/generator.go index fe711698..0cbaeaf8 100644 --- a/internal/controller/supervisorconfig/generator/generator.go +++ b/internal/controller/supervisorconfig/generator/generator.go @@ -15,7 +15,7 @@ import ( ) const ( - opKind = "OIDCProvider" + opKind = "FederationDomain" ) func generateSymmetricKey() ([]byte, error) { diff --git a/internal/controller/supervisorconfig/generator/oidc_provider_secrets.go b/internal/controller/supervisorconfig/generator/oidc_provider_secrets.go index b188cc18..227f55d4 100644 --- a/internal/controller/supervisorconfig/generator/oidc_provider_secrets.go +++ b/internal/controller/supervisorconfig/generator/oidc_provider_secrets.go @@ -24,29 +24,29 @@ import ( "go.pinniped.dev/internal/plog" ) -type oidcProviderSecretsController struct { +type federationDomainSecretsController struct { secretHelper SecretHelper kubeClient kubernetes.Interface pinnipedClient pinnipedclientset.Interface - opcInformer configinformers.OIDCProviderInformer + opcInformer configinformers.FederationDomainInformer secretInformer corev1informers.SecretInformer } -// NewOIDCProviderSecretsController returns a controllerlib.Controller that ensures a child Secret -// always exists for a parent OIDCProvider. It does this using the provided secretHelper, which +// NewFederationDomainSecretsController returns a controllerlib.Controller that ensures a child Secret +// always exists for a parent FederationDomain. It does this using the provided secretHelper, which // provides the parent/child mapping logic. -func NewOIDCProviderSecretsController( +func NewFederationDomainSecretsController( secretHelper SecretHelper, kubeClient kubernetes.Interface, pinnipedClient pinnipedclientset.Interface, secretInformer corev1informers.SecretInformer, - opcInformer configinformers.OIDCProviderInformer, + opcInformer configinformers.FederationDomainInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ Name: fmt.Sprintf("%s%s", secretHelper.NamePrefix(), "controller"), - Syncer: &oidcProviderSecretsController{ + Syncer: &federationDomainSecretsController{ secretHelper: secretHelper, kubeClient: kubeClient, pinnipedClient: pinnipedClient, @@ -79,12 +79,12 @@ func NewOIDCProviderSecretsController( ) } -func (c *oidcProviderSecretsController) Sync(ctx controllerlib.Context) error { - op, err := c.opcInformer.Lister().OIDCProviders(ctx.Key.Namespace).Get(ctx.Key.Name) +func (c *federationDomainSecretsController) Sync(ctx controllerlib.Context) error { + op, err := c.opcInformer.Lister().FederationDomains(ctx.Key.Namespace).Get(ctx.Key.Name) notFound := k8serrors.IsNotFound(err) if err != nil && !notFound { return fmt.Errorf( - "failed to get %s/%s OIDCProvider: %w", + "failed to get %s/%s FederationDomain: %w", ctx.Key.Namespace, ctx.Key.Name, err, @@ -95,8 +95,8 @@ func (c *oidcProviderSecretsController) Sync(ctx controllerlib.Context) error { // The corresponding secret to this OP should have been garbage collected since it should have // had this OP as its owner. plog.Debug( - "oidcprovider deleted", - "oidcprovider", + "federationdomain deleted", + "federationdomain", klog.KRef(ctx.Key.Namespace, ctx.Key.Name), ) return nil @@ -115,17 +115,17 @@ func (c *oidcProviderSecretsController) Sync(ctx controllerlib.Context) error { // Secret is up to date - we are good to go. plog.Debug( "secret is up to date", - "oidcprovider", + "federationdomain", klog.KObj(op), "secret", klog.KObj(existingSecret), ) - op = c.secretHelper.ObserveActiveSecretAndUpdateParentOIDCProvider(op, existingSecret) - if err := c.updateOIDCProvider(ctx.Context, op); err != nil { - return fmt.Errorf("failed to update oidcprovider: %w", err) + op = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(op, existingSecret) + if err := c.updateFederationDomain(ctx.Context, op); err != nil { + return fmt.Errorf("failed to update federationdomain: %w", err) } - plog.Debug("updated oidcprovider", "oidcprovider", klog.KObj(op), "secret", klog.KObj(newSecret)) + plog.Debug("updated federationdomain", "federationdomain", klog.KObj(op), "secret", klog.KObj(newSecret)) return nil } @@ -135,21 +135,21 @@ func (c *oidcProviderSecretsController) Sync(ctx controllerlib.Context) error { if err := c.createOrUpdateSecret(ctx.Context, op, &newSecret); err != nil { return fmt.Errorf("failed to create or update secret: %w", err) } - plog.Debug("created/updated secret", "oidcprovider", klog.KObj(op), "secret", klog.KObj(newSecret)) + plog.Debug("created/updated secret", "federationdomain", klog.KObj(op), "secret", klog.KObj(newSecret)) - op = c.secretHelper.ObserveActiveSecretAndUpdateParentOIDCProvider(op, newSecret) - if err := c.updateOIDCProvider(ctx.Context, op); err != nil { - return fmt.Errorf("failed to update oidcprovider: %w", err) + op = c.secretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(op, newSecret) + if err := c.updateFederationDomain(ctx.Context, op); err != nil { + return fmt.Errorf("failed to update federationdomain: %w", err) } - plog.Debug("updated oidcprovider", "oidcprovider", klog.KObj(op), "secret", klog.KObj(newSecret)) + plog.Debug("updated federationdomain", "federationdomain", klog.KObj(op), "secret", klog.KObj(newSecret)) return nil } -// secretNeedsUpdate returns whether or not the Secret, with name secretName, for OIDCProvider op +// secretNeedsUpdate returns whether or not the Secret, with name secretName, for FederationDomain op // needs to be updated. It returns the existing secret as its second argument. -func (c *oidcProviderSecretsController) secretNeedsUpdate( - op *configv1alpha1.OIDCProvider, +func (c *federationDomainSecretsController) secretNeedsUpdate( + op *configv1alpha1.FederationDomain, secretName string, ) (bool, *corev1.Secret, error) { // This OPC says it has a secret associated with it. Let's try to get it from the cache. @@ -171,9 +171,9 @@ func (c *oidcProviderSecretsController) secretNeedsUpdate( return false, secret, nil } -func (c *oidcProviderSecretsController) createOrUpdateSecret( +func (c *federationDomainSecretsController) createOrUpdateSecret( ctx context.Context, - op *configv1alpha1.OIDCProvider, + op *configv1alpha1.FederationDomain, newSecret **corev1.Secret, ) error { secretClient := c.kubeClient.CoreV1().Secrets((*newSecret).Namespace) @@ -210,15 +210,15 @@ func (c *oidcProviderSecretsController) createOrUpdateSecret( }) } -func (c *oidcProviderSecretsController) updateOIDCProvider( +func (c *federationDomainSecretsController) updateFederationDomain( ctx context.Context, - newOP *configv1alpha1.OIDCProvider, + newOP *configv1alpha1.FederationDomain, ) error { - opcClient := c.pinnipedClient.ConfigV1alpha1().OIDCProviders(newOP.Namespace) + opcClient := c.pinnipedClient.ConfigV1alpha1().FederationDomains(newOP.Namespace) return retry.RetryOnConflict(retry.DefaultRetry, func() error { oldOP, err := opcClient.Get(ctx, newOP.Name, metav1.GetOptions{}) if err != nil { - return fmt.Errorf("failed to get oidcprovider %s/%s: %w", newOP.Namespace, newOP.Name, err) + return fmt.Errorf("failed to get federationdomain %s/%s: %w", newOP.Namespace, newOP.Name, err) } if reflect.DeepEqual(newOP.Status.Secrets, oldOP.Status.Secrets) { diff --git a/internal/controller/supervisorconfig/generator/oidc_provider_secrets_test.go b/internal/controller/supervisorconfig/generator/oidc_provider_secrets_test.go index e888c7c2..d4e90863 100644 --- a/internal/controller/supervisorconfig/generator/oidc_provider_secrets_test.go +++ b/internal/controller/supervisorconfig/generator/oidc_provider_secrets_test.go @@ -30,7 +30,7 @@ import ( "go.pinniped.dev/internal/testutil" ) -func TestOIDCProviderControllerFilterSecret(t *testing.T) { +func TestFederationDomainControllerFilterSecret(t *testing.T) { t.Parallel() tests := []struct { @@ -54,7 +54,7 @@ func TestOIDCProviderControllerFilterSecret(t *testing.T) { Namespace: "some-namespace", OwnerReferences: []metav1.OwnerReference{ { - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", Controller: boolPtr(true), }, @@ -85,7 +85,7 @@ func TestOIDCProviderControllerFilterSecret(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", }, }, @@ -100,7 +100,7 @@ func TestOIDCProviderControllerFilterSecret(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", Controller: boolPtr(true), }, @@ -123,7 +123,7 @@ func TestOIDCProviderControllerFilterSecret(t *testing.T) { }, { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", Controller: boolPtr(true), }, @@ -153,9 +153,9 @@ func TestOIDCProviderControllerFilterSecret(t *testing.T) { opcInformer := pinnipedinformers.NewSharedInformerFactory( pinnipedfake.NewSimpleClientset(), 0, - ).Config().V1alpha1().OIDCProviders() + ).Config().V1alpha1().FederationDomains() withInformer := testutil.NewObservableWithInformerOption() - _ = NewOIDCProviderSecretsController( + _ = NewFederationDomainSecretsController( secretHelper, nil, // kubeClient, not needed nil, // pinnipedClient, not needed @@ -175,12 +175,12 @@ func TestOIDCProviderControllerFilterSecret(t *testing.T) { } } -func TestNewOIDCProviderSecretsControllerFilterOPC(t *testing.T) { +func TestNewFederationDomainSecretsControllerFilterOPC(t *testing.T) { t.Parallel() tests := []struct { name string - opc configv1alpha1.OIDCProvider + opc configv1alpha1.FederationDomain wantAdd bool wantUpdate bool wantDelete bool @@ -188,7 +188,7 @@ func TestNewOIDCProviderSecretsControllerFilterOPC(t *testing.T) { }{ { name: "anything goes", - opc: configv1alpha1.OIDCProvider{}, + opc: configv1alpha1.FederationDomain{}, wantAdd: true, wantUpdate: true, wantDelete: true, @@ -212,9 +212,9 @@ func TestNewOIDCProviderSecretsControllerFilterOPC(t *testing.T) { opcInformer := pinnipedinformers.NewSharedInformerFactory( pinnipedfake.NewSimpleClientset(), 0, - ).Config().V1alpha1().OIDCProviders() + ).Config().V1alpha1().FederationDomains() withInformer := testutil.NewObservableWithInformerOption() - _ = NewOIDCProviderSecretsController( + _ = NewFederationDomainSecretsController( secretHelper, nil, // kubeClient, not needed nil, // pinnipedClient, not needed @@ -223,7 +223,7 @@ func TestNewOIDCProviderSecretsControllerFilterOPC(t *testing.T) { withInformer.WithInformer, ) - unrelated := configv1alpha1.OIDCProvider{} + unrelated := configv1alpha1.FederationDomain{} filter := withInformer.GetFilterForInformer(opcInformer) require.Equal(t, test.wantAdd, filter.Add(&test.opc)) require.Equal(t, test.wantUpdate, filter.Update(&unrelated, &test.opc)) @@ -234,7 +234,7 @@ func TestNewOIDCProviderSecretsControllerFilterOPC(t *testing.T) { } } -func TestOIDCProviderSecretsControllerSync(t *testing.T) { +func TestFederationDomainSecretsControllerSync(t *testing.T) { t.Parallel() const ( @@ -250,7 +250,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { opGVR := schema.GroupVersionResource{ Group: configv1alpha1.SchemeGroupVersion.Group, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "oidcproviders", + Resource: "federationdomains", } secretGVR := schema.GroupVersionResource{ @@ -259,7 +259,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { Resource: "secrets", } - goodOP := &configv1alpha1.OIDCProvider{ + goodOP := &configv1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ Name: opName, Namespace: namespace, @@ -275,7 +275,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: opGVR.GroupVersion().String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: opName, UID: opUID, BlockOwnerDeletion: boolPtr(true), @@ -304,7 +304,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: opGVR.GroupVersion().String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: opName, UID: opUID, BlockOwnerDeletion: boolPtr(true), @@ -316,7 +316,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { tests := []struct { name string - storage func(**configv1alpha1.OIDCProvider, **corev1.Secret) + storage func(**configv1alpha1.FederationDomain, **corev1.Secret) client func(*pinnipedfake.Clientset, *kubernetesfake.Clientset) secretHelper func(*mocksecrethelper.MockSecretHelper) wantOPActions []kubetesting.Action @@ -324,26 +324,26 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { wantError string }{ { - name: "OIDCProvider does not exist and secret does not exist", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain does not exist and secret does not exist", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *op = nil *s = nil }, }, { - name: "OIDCProvider does not exist and secret exists", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain does not exist and secret exists", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *op = nil }, }, { - name: "OIDCProvider exists and secret does not exist", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain exists and secret does not exist", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *s = nil }, secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) - secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentOIDCProvider(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) + secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentFederationDomain(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) }, wantOPActions: []kubetesting.Action{ kubetesting.NewGetAction(opGVR, namespace, goodOP.Name), @@ -355,14 +355,14 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { }, }, { - name: "OIDCProvider exists and invalid secret exists", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain exists and invalid secret exists", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *s = invalidSecret.DeepCopy() }, secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) secretHelper.EXPECT().IsValid(goodOP, invalidSecret).Times(2).Return(false) - secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentOIDCProvider(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) + secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentFederationDomain(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) }, wantOPActions: []kubetesting.Action{ kubetesting.NewGetAction(opGVR, namespace, goodOP.Name), @@ -374,14 +374,14 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { }, }, { - name: "OIDCProvider exists and generating a secret fails", + name: "FederationDomain exists and generating a secret fails", secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(nil, errors.New("some generate error")) }, wantError: "failed to generate secret: some generate error", }, { - name: "OIDCProvider exists and invalid secret exists and upon update we learn of a valid secret", + name: "FederationDomain exists and invalid secret exists and upon update we learn of a valid secret", secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { otherSecret := goodSecret.DeepCopy() otherSecret.UID = "other-secret-uid" @@ -389,7 +389,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(otherSecret, nil) secretHelper.EXPECT().IsValid(goodOP, goodSecret).Times(1).Return(false) secretHelper.EXPECT().IsValid(goodOP, goodSecret).Times(1).Return(true) - secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentOIDCProvider(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) + secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentFederationDomain(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) }, wantOPActions: []kubetesting.Action{ kubetesting.NewGetAction(opGVR, namespace, goodOP.Name), @@ -400,7 +400,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { }, }, { - name: "OIDCProvider exists and invalid secret exists and getting secret fails", + name: "FederationDomain exists and invalid secret exists and getting secret fails", secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) secretHelper.EXPECT().IsValid(goodOP, goodSecret).Times(1).Return(false) @@ -416,8 +416,8 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { wantError: fmt.Sprintf("failed to create or update secret: failed to get secret %s/%s: some get error", namespace, goodSecret.Name), }, { - name: "OIDCProvider exists and secret does not exist and creating secret fails", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain exists and secret does not exist and creating secret fails", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *s = nil }, secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { @@ -435,7 +435,7 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { wantError: fmt.Sprintf("failed to create or update secret: failed to create secret %s/%s: some create error", namespace, goodSecret.Name), }, { - name: "OIDCProvider exists and invalid secret exists and updating secret fails", + name: "FederationDomain exists and invalid secret exists and updating secret fails", secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) secretHelper.EXPECT().IsValid(goodOP, goodSecret).Times(2).Return(false) @@ -452,14 +452,14 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { wantError: "failed to create or update secret: some update error", }, { - name: "OIDCProvider exists and invalid secret exists and updating secret fails due to conflict", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain exists and invalid secret exists and updating secret fails due to conflict", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *s = invalidSecret.DeepCopy() }, secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) secretHelper.EXPECT().IsValid(goodOP, invalidSecret).Times(3).Return(false) - secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentOIDCProvider(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) + secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentFederationDomain(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) }, client: func(_ *pinnipedfake.Clientset, c *kubernetesfake.Clientset) { once := sync.Once{} @@ -481,17 +481,17 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { }, }, { - name: "OIDCProvider exists and invalid secret exists and getting OIDCProvider fails", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain exists and invalid secret exists and getting FederationDomain fails", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *s = invalidSecret.DeepCopy() }, secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) secretHelper.EXPECT().IsValid(goodOP, invalidSecret).Times(2).Return(false) - secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentOIDCProvider(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) + secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentFederationDomain(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) }, client: func(c *pinnipedfake.Clientset, _ *kubernetesfake.Clientset) { - c.PrependReactor("get", "oidcproviders", func(_ kubetesting.Action) (bool, runtime.Object, error) { + c.PrependReactor("get", "federationdomains", func(_ kubetesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }) }, @@ -502,21 +502,21 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { kubetesting.NewGetAction(secretGVR, namespace, goodSecret.Name), kubetesting.NewUpdateAction(secretGVR, namespace, goodSecret), }, - wantError: fmt.Sprintf("failed to update oidcprovider: failed to get oidcprovider %s/%s: some get error", goodOPWithStatus.Namespace, goodOPWithStatus.Name), + wantError: fmt.Sprintf("failed to update federationdomain: failed to get federationdomain %s/%s: some get error", goodOPWithStatus.Namespace, goodOPWithStatus.Name), }, { - name: "OIDCProvider exists and invalid secret exists and updating OIDCProvider fails due to conflict", - storage: func(op **configv1alpha1.OIDCProvider, s **corev1.Secret) { + name: "FederationDomain exists and invalid secret exists and updating FederationDomain fails due to conflict", + storage: func(op **configv1alpha1.FederationDomain, s **corev1.Secret) { *s = invalidSecret.DeepCopy() }, secretHelper: func(secretHelper *mocksecrethelper.MockSecretHelper) { secretHelper.EXPECT().Generate(goodOP).Times(1).Return(goodSecret, nil) secretHelper.EXPECT().IsValid(goodOP, invalidSecret).Times(2).Return(false) - secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentOIDCProvider(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) + secretHelper.EXPECT().ObserveActiveSecretAndUpdateParentFederationDomain(goodOP, goodSecret).Times(1).Return(goodOPWithStatus) }, client: func(c *pinnipedfake.Clientset, _ *kubernetesfake.Clientset) { once := sync.Once{} - c.PrependReactor("update", "oidcproviders", func(_ kubetesting.Action) (bool, runtime.Object, error) { + c.PrependReactor("update", "federationdomains", func(_ kubetesting.Action) (bool, runtime.Object, error) { var err error once.Do(func() { err = k8serrors.NewConflict(secretGVR.GroupResource(), namespace, errors.New("some error")) }) return true, nil, err @@ -583,12 +583,12 @@ func TestOIDCProviderSecretsControllerSync(t *testing.T) { test.secretHelper(secretHelper) } - c := NewOIDCProviderSecretsController( + c := NewFederationDomainSecretsController( secretHelper, kubeAPIClient, pinnipedAPIClient, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviders(), + pinnipedInformers.Config().V1alpha1().FederationDomains(), controllerlib.WithInformer, ) diff --git a/internal/controller/supervisorconfig/generator/secret_helper.go b/internal/controller/supervisorconfig/generator/secret_helper.go index 3a3362a6..c5952e2e 100644 --- a/internal/controller/supervisorconfig/generator/secret_helper.go +++ b/internal/controller/supervisorconfig/generator/secret_helper.go @@ -21,9 +21,9 @@ import ( // A SecretHelper has a NamePrefix() that can be used to identify it from other SecretHelper instances. type SecretHelper interface { NamePrefix() string - Generate(*configv1alpha1.OIDCProvider) (*corev1.Secret, error) - IsValid(*configv1alpha1.OIDCProvider, *corev1.Secret) bool - ObserveActiveSecretAndUpdateParentOIDCProvider(*configv1alpha1.OIDCProvider, *corev1.Secret) *configv1alpha1.OIDCProvider + Generate(*configv1alpha1.FederationDomain) (*corev1.Secret, error) + IsValid(*configv1alpha1.FederationDomain, *corev1.Secret) bool + ObserveActiveSecretAndUpdateParentFederationDomain(*configv1alpha1.FederationDomain, *corev1.Secret) *configv1alpha1.FederationDomain } const ( @@ -39,7 +39,7 @@ const ( ) // SecretUsage describes how a cryptographic secret is going to be used. It is currently used to -// indicate to a SecretHelper which status field to set on the parent OIDCProvider for a Secret. +// indicate to a SecretHelper which status field to set on the parent FederationDomain for a Secret. type SecretUsage int const ( @@ -77,7 +77,7 @@ type symmetricSecretHelper struct { func (s *symmetricSecretHelper) NamePrefix() string { return s.namePrefix } // Generate implements SecretHelper.Generate(). -func (s *symmetricSecretHelper) Generate(parent *configv1alpha1.OIDCProvider) (*corev1.Secret, error) { +func (s *symmetricSecretHelper) Generate(parent *configv1alpha1.FederationDomain) (*corev1.Secret, error) { key := make([]byte, symmetricKeySize) if _, err := s.rand.Read(key); err != nil { return nil, err @@ -92,7 +92,7 @@ func (s *symmetricSecretHelper) Generate(parent *configv1alpha1.OIDCProvider) (* *metav1.NewControllerRef(parent, schema.GroupVersionKind{ Group: configv1alpha1.SchemeGroupVersion.Group, Version: configv1alpha1.SchemeGroupVersion.Version, - Kind: "OIDCProvider", + Kind: "FederationDomain", }), }, }, @@ -104,7 +104,7 @@ func (s *symmetricSecretHelper) Generate(parent *configv1alpha1.OIDCProvider) (* } // IsValid implements SecretHelper.IsValid(). -func (s *symmetricSecretHelper) IsValid(parent *configv1alpha1.OIDCProvider, secret *corev1.Secret) bool { +func (s *symmetricSecretHelper) IsValid(parent *configv1alpha1.FederationDomain, secret *corev1.Secret) bool { if !metav1.IsControlledBy(secret, parent) { return false } @@ -124,11 +124,11 @@ func (s *symmetricSecretHelper) IsValid(parent *configv1alpha1.OIDCProvider, sec return true } -// ObserveActiveSecretAndUpdateParentOIDCProvider implements SecretHelper.ObserveActiveSecretAndUpdateParentOIDCProvider(). -func (s *symmetricSecretHelper) ObserveActiveSecretAndUpdateParentOIDCProvider( - op *configv1alpha1.OIDCProvider, +// ObserveActiveSecretAndUpdateParentFederationDomain implements SecretHelper.ObserveActiveSecretAndUpdateParentFederationDomain(). +func (s *symmetricSecretHelper) ObserveActiveSecretAndUpdateParentFederationDomain( + op *configv1alpha1.FederationDomain, secret *corev1.Secret, -) *configv1alpha1.OIDCProvider { +) *configv1alpha1.FederationDomain { var cacheKey string if op != nil { cacheKey = op.Spec.Issuer diff --git a/internal/controller/supervisorconfig/generator/secret_helper_test.go b/internal/controller/supervisorconfig/generator/secret_helper_test.go index bbaeb4e1..50ff7d33 100644 --- a/internal/controller/supervisorconfig/generator/secret_helper_test.go +++ b/internal/controller/supervisorconfig/generator/secret_helper_test.go @@ -21,28 +21,28 @@ func TestSymmetricSecretHelper(t *testing.T) { t.Parallel() tests := []struct { - name string - secretUsage SecretUsage - wantSetOIDCProviderField func(*configv1alpha1.OIDCProvider) string + name string + secretUsage SecretUsage + wantSetFederationDomainField func(*configv1alpha1.FederationDomain) string }{ { name: "token signing key", secretUsage: SecretUsageTokenSigningKey, - wantSetOIDCProviderField: func(op *configv1alpha1.OIDCProvider) string { + wantSetFederationDomainField: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.TokenSigningKey.Name }, }, { name: "state signing key", secretUsage: SecretUsageStateSigningKey, - wantSetOIDCProviderField: func(op *configv1alpha1.OIDCProvider) string { + wantSetFederationDomainField: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.StateSigningKey.Name }, }, { name: "state encryption key", secretUsage: SecretUsageStateEncryptionKey, - wantSetOIDCProviderField: func(op *configv1alpha1.OIDCProvider) string { + wantSetFederationDomainField: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.StateEncryptionKey.Name }, }, @@ -57,21 +57,21 @@ func TestSymmetricSecretHelper(t *testing.T) { "some-label-key-2": "some-label-value-2", } randSource := strings.NewReader(keyWith32Bytes) - var oidcProviderIssuerValue string + var federationDomainIssuerValue string var symmetricKeyValue []byte h := NewSymmetricSecretHelper( "some-name-prefix-", labels, randSource, test.secretUsage, - func(oidcProviderIssuer string, symmetricKey []byte) { - require.True(t, oidcProviderIssuer == "" && symmetricKeyValue == nil, "expected notify func not to have been called yet") - oidcProviderIssuerValue = oidcProviderIssuer + func(federationDomainIssuer string, symmetricKey []byte) { + require.True(t, federationDomainIssuer == "" && symmetricKeyValue == nil, "expected notify func not to have been called yet") + federationDomainIssuerValue = federationDomainIssuer symmetricKeyValue = symmetricKey }, ) - parent := &configv1alpha1.OIDCProvider{ + parent := &configv1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ UID: "some-uid", Namespace: "some-namespace", @@ -88,7 +88,7 @@ func TestSymmetricSecretHelper(t *testing.T) { *metav1.NewControllerRef(parent, schema.GroupVersionKind{ Group: configv1alpha1.SchemeGroupVersion.Group, Version: configv1alpha1.SchemeGroupVersion.Version, - Kind: "OIDCProvider", + Kind: "FederationDomain", }), }, }, @@ -100,9 +100,9 @@ func TestSymmetricSecretHelper(t *testing.T) { require.True(t, h.IsValid(parent, child)) - h.ObserveActiveSecretAndUpdateParentOIDCProvider(parent, child) - require.Equal(t, parent.Spec.Issuer, oidcProviderIssuerValue) - require.Equal(t, child.Name, test.wantSetOIDCProviderField(parent)) + h.ObserveActiveSecretAndUpdateParentFederationDomain(parent, child) + require.Equal(t, parent.Spec.Issuer, federationDomainIssuerValue) + require.Equal(t, child.Name, test.wantSetFederationDomainField(parent)) require.Equal(t, child.Data["key"], symmetricKeyValue) }) } @@ -112,7 +112,7 @@ func TestSymmetricSecretHelperIsValid(t *testing.T) { tests := []struct { name string child func(*corev1.Secret) - parent func(*configv1alpha1.OIDCProvider) + parent func(*configv1alpha1.FederationDomain) want bool }{ { @@ -145,7 +145,7 @@ func TestSymmetricSecretHelperIsValid(t *testing.T) { }, { name: "child not owned by parent", - parent: func(op *configv1alpha1.OIDCProvider) { + parent: func(op *configv1alpha1.FederationDomain) { op.UID = "wrong" }, want: false, @@ -160,7 +160,7 @@ func TestSymmetricSecretHelperIsValid(t *testing.T) { t.Run(test.name, func(t *testing.T) { h := NewSymmetricSecretHelper("none of these args matter", nil, nil, SecretUsageTokenSigningKey, nil) - parent := &configv1alpha1.OIDCProvider{ + parent := &configv1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ Name: "some-parent-name", Namespace: "some-namespace", @@ -175,7 +175,7 @@ func TestSymmetricSecretHelperIsValid(t *testing.T) { *metav1.NewControllerRef(parent, schema.GroupVersionKind{ Group: configv1alpha1.SchemeGroupVersion.Group, Version: configv1alpha1.SchemeGroupVersion.Version, - Kind: "OIDCProvider", + Kind: "FederationDomain", }), }, }, diff --git a/internal/controller/supervisorconfig/jwks_observer.go b/internal/controller/supervisorconfig/jwks_observer.go index efbdfae9..e095078e 100644 --- a/internal/controller/supervisorconfig/jwks_observer.go +++ b/internal/controller/supervisorconfig/jwks_observer.go @@ -18,9 +18,9 @@ import ( ) type jwksObserverController struct { - issuerToJWKSSetter IssuerToJWKSMapSetter - oidcProviderInformer v1alpha1.OIDCProviderInformer - secretInformer corev1informers.SecretInformer + issuerToJWKSSetter IssuerToJWKSMapSetter + federationDomainInformer v1alpha1.FederationDomainInformer + secretInformer corev1informers.SecretInformer } type IssuerToJWKSMapSetter interface { @@ -30,7 +30,7 @@ type IssuerToJWKSMapSetter interface { ) } -// Returns a controller which watches all of the OIDCProviders and their corresponding Secrets +// Returns a controller which watches all of the FederationDomains and their corresponding Secrets // and fills an in-memory cache of the JWKS info for each currently configured issuer. // This controller assumes that the informers passed to it are already scoped down to the // appropriate namespace. It also assumes that the IssuerToJWKSMapSetter passed to it has an @@ -38,16 +38,16 @@ type IssuerToJWKSMapSetter interface { func NewJWKSObserverController( issuerToJWKSSetter IssuerToJWKSMapSetter, secretInformer corev1informers.SecretInformer, - oidcProviderInformer v1alpha1.OIDCProviderInformer, + federationDomainInformer v1alpha1.FederationDomainInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ Name: "jwks-observer-controller", Syncer: &jwksObserverController{ - issuerToJWKSSetter: issuerToJWKSSetter, - oidcProviderInformer: oidcProviderInformer, - secretInformer: secretInformer, + issuerToJWKSSetter: issuerToJWKSSetter, + federationDomainInformer: federationDomainInformer, + secretInformer: secretInformer, }, }, withInformer( @@ -56,7 +56,7 @@ func NewJWKSObserverController( controllerlib.InformerOption{}, ), withInformer( - oidcProviderInformer, + federationDomainInformer, pinnipedcontroller.MatchAnythingFilter(nil), controllerlib.InformerOption{}, ), @@ -65,12 +65,12 @@ func NewJWKSObserverController( func (c *jwksObserverController) Sync(ctx controllerlib.Context) error { ns := ctx.Key.Namespace - allProviders, err := c.oidcProviderInformer.Lister().OIDCProviders(ns).List(labels.Everything()) + allProviders, err := c.federationDomainInformer.Lister().FederationDomains(ns).List(labels.Everything()) if err != nil { - return fmt.Errorf("failed to list OIDCProviders: %w", err) + return fmt.Errorf("failed to list FederationDomains: %w", err) } - // Rebuild the whole map on any change to any Secret or OIDCProvider, because either can have changes that + // Rebuild the whole map on any change to any Secret or FederationDomain, because either can have changes that // can cause the map to need to be updated. issuerToJWKSMap := map[string]*jose.JSONWebKeySet{} issuerToActiveJWKMap := map[string]*jose.JSONWebKey{} diff --git a/internal/controller/supervisorconfig/jwks_observer_test.go b/internal/controller/supervisorconfig/jwks_observer_test.go index fa2ebea1..eaca4e7a 100644 --- a/internal/controller/supervisorconfig/jwks_observer_test.go +++ b/internal/controller/supervisorconfig/jwks_observer_test.go @@ -28,25 +28,25 @@ import ( func TestJWKSObserverControllerInformerFilters(t *testing.T) { spec.Run(t, "informer filters", func(t *testing.T, when spec.G, it spec.S) { var ( - r *require.Assertions - observableWithInformerOption *testutil.ObservableWithInformerOption - secretsInformerFilter controllerlib.Filter - oidcProviderInformerFilter controllerlib.Filter + r *require.Assertions + observableWithInformerOption *testutil.ObservableWithInformerOption + secretsInformerFilter controllerlib.Filter + federationDomainInformerFilter controllerlib.Filter ) it.Before(func() { r = require.New(t) observableWithInformerOption = testutil.NewObservableWithInformerOption() secretsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Secrets() - oidcProviderInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().OIDCProviders() + federationDomainInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().FederationDomains() _ = NewJWKSObserverController( nil, secretsInformer, - oidcProviderInformer, + federationDomainInformer, observableWithInformerOption.WithInformer, // make it possible to observe the behavior of the Filters ) secretsInformerFilter = observableWithInformerOption.GetFilterForInformer(secretsInformer) - oidcProviderInformerFilter = observableWithInformerOption.GetFilterForInformer(oidcProviderInformer) + federationDomainInformerFilter = observableWithInformerOption.GetFilterForInformer(federationDomainInformer) }) when("watching Secret objects", func() { @@ -71,19 +71,19 @@ func TestJWKSObserverControllerInformerFilters(t *testing.T) { }) }) - when("watching OIDCProvider objects", func() { + when("watching FederationDomain objects", func() { var ( subject controllerlib.Filter - provider, otherProvider *v1alpha1.OIDCProvider + provider, otherProvider *v1alpha1.FederationDomain ) it.Before(func() { - subject = oidcProviderInformerFilter - provider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} - otherProvider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} + subject = federationDomainInformerFilter + provider = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} + otherProvider = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} }) - when("any OIDCProvider changes", func() { + when("any FederationDomain changes", func() { it("returns true to trigger the sync method", func() { r.True(subject.Add(provider)) r.True(subject.Update(provider, otherProvider)) @@ -134,7 +134,7 @@ func TestJWKSObserverControllerSync(t *testing.T) { subject = NewJWKSObserverController( issuerToJWKSSetter, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviders(), + pinnipedInformers.Config().V1alpha1().FederationDomains(), controllerlib.WithInformer, ) @@ -178,7 +178,7 @@ func TestJWKSObserverControllerSync(t *testing.T) { timeoutContextCancel() }) - when("there are no OIDCProviders and no JWKS Secrets yet", func() { + when("there are no FederationDomains and no JWKS Secrets yet", func() { it("sets the issuerToJWKSSetter's map to be empty", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) @@ -190,84 +190,84 @@ func TestJWKSObserverControllerSync(t *testing.T) { }) }) - when("there are OIDCProviders where some have corresponding JWKS Secrets and some don't", func() { + when("there are FederationDomains where some have corresponding JWKS Secrets and some don't", func() { var ( expectedJWK1, expectedJWK2 string ) it.Before(func() { - oidcProviderWithoutSecret1 := &v1alpha1.OIDCProvider{ + federationDomainWithoutSecret1 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcprovider1", + Name: "no-secret-federationdomain1", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://no-secret-issuer1.com"}, - Status: v1alpha1.OIDCProviderStatus{}, // no Secrets.JWKS field + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://no-secret-issuer1.com"}, + Status: v1alpha1.FederationDomainStatus{}, // no Secrets.JWKS field } - oidcProviderWithoutSecret2 := &v1alpha1.OIDCProvider{ + federationDomainWithoutSecret2 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcprovider2", + Name: "no-secret-federationdomain2", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://no-secret-issuer2.com"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://no-secret-issuer2.com"}, // no Status field } - oidcProviderWithBadSecret := &v1alpha1.OIDCProvider{ + federationDomainWithBadSecret := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-secret-oidcprovider", + Name: "bad-secret-federationdomain", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://bad-secret-issuer.com"}, - Status: v1alpha1.OIDCProviderStatus{ - Secrets: v1alpha1.OIDCProviderSecrets{ + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://bad-secret-issuer.com"}, + Status: v1alpha1.FederationDomainStatus{ + Secrets: v1alpha1.FederationDomainSecrets{ JWKS: corev1.LocalObjectReference{Name: "bad-secret-name"}, }, }, } - oidcProviderWithBadJWKSSecret := &v1alpha1.OIDCProvider{ + federationDomainWithBadJWKSSecret := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-jwks-secret-oidcprovider", + Name: "bad-jwks-secret-federationdomain", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://bad-jwks-secret-issuer.com"}, - Status: v1alpha1.OIDCProviderStatus{ - Secrets: v1alpha1.OIDCProviderSecrets{ + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://bad-jwks-secret-issuer.com"}, + Status: v1alpha1.FederationDomainStatus{ + Secrets: v1alpha1.FederationDomainSecrets{ JWKS: corev1.LocalObjectReference{Name: "bad-jwks-secret-name"}, }, }, } - oidcProviderWithBadActiveJWKSecret := &v1alpha1.OIDCProvider{ + federationDomainWithBadActiveJWKSecret := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-active-jwk-secret-oidcprovider", + Name: "bad-active-jwk-secret-federationdomain", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://bad-active-jwk-secret-issuer.com"}, - Status: v1alpha1.OIDCProviderStatus{ - Secrets: v1alpha1.OIDCProviderSecrets{ + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://bad-active-jwk-secret-issuer.com"}, + Status: v1alpha1.FederationDomainStatus{ + Secrets: v1alpha1.FederationDomainSecrets{ JWKS: corev1.LocalObjectReference{Name: "bad-active-jwk-secret-name"}, }, }, } - oidcProviderWithGoodSecret1 := &v1alpha1.OIDCProvider{ + federationDomainWithGoodSecret1 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcprovider1", + Name: "good-secret-federationdomain1", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-with-good-secret1.com"}, - Status: v1alpha1.OIDCProviderStatus{ - Secrets: v1alpha1.OIDCProviderSecrets{ + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer-with-good-secret1.com"}, + Status: v1alpha1.FederationDomainStatus{ + Secrets: v1alpha1.FederationDomainSecrets{ JWKS: corev1.LocalObjectReference{Name: "good-jwks-secret-name1"}, }, }, } - oidcProviderWithGoodSecret2 := &v1alpha1.OIDCProvider{ + federationDomainWithGoodSecret2 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcprovider2", + Name: "good-secret-federationdomain2", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-with-good-secret2.com"}, - Status: v1alpha1.OIDCProviderStatus{ - Secrets: v1alpha1.OIDCProviderSecrets{ + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer-with-good-secret2.com"}, + Status: v1alpha1.FederationDomainStatus{ + Secrets: v1alpha1.FederationDomainSecrets{ JWKS: corev1.LocalObjectReference{Name: "good-jwks-secret-name2"}, }, }, @@ -323,13 +323,13 @@ func TestJWKSObserverControllerSync(t *testing.T) { "jwks": []byte(`{"keys": [` + expectedJWK2 + `]}`), }, } - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret2)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadSecret)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadJWKSSecret)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadActiveJWKSecret)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithoutSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithoutSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithBadSecret)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithBadJWKSSecret)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithBadActiveJWKSecret)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithGoodSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithGoodSecret2)) r.NoError(kubeInformerClient.Tracker().Add(goodJWKSSecret1)) r.NoError(kubeInformerClient.Tracker().Add(goodJWKSSecret2)) r.NoError(kubeInformerClient.Tracker().Add(badSecret)) diff --git a/internal/controller/supervisorconfig/jwks_writer.go b/internal/controller/supervisorconfig/jwks_writer.go index 2a33b77f..179f65e4 100644 --- a/internal/controller/supervisorconfig/jwks_writer.go +++ b/internal/controller/supervisorconfig/jwks_writer.go @@ -43,7 +43,7 @@ const ( ) const ( - opcKind = "OIDCProvider" + opcKind = "FederationDomain" ) // generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key. @@ -60,7 +60,7 @@ type jwksWriterController struct { jwksSecretLabels map[string]string pinnipedClient pinnipedclientset.Interface kubeClient kubernetes.Interface - opcInformer configinformers.OIDCProviderInformer + opcInformer configinformers.FederationDomainInformer secretInformer corev1informers.SecretInformer } @@ -71,7 +71,7 @@ func NewJWKSWriterController( kubeClient kubernetes.Interface, pinnipedClient pinnipedclientset.Interface, secretInformer corev1informers.SecretInformer, - opcInformer configinformers.OIDCProviderInformer, + opcInformer configinformers.FederationDomainInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( @@ -119,11 +119,11 @@ func NewJWKSWriterController( // Sync implements controllerlib.Syncer. func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { - opc, err := c.opcInformer.Lister().OIDCProviders(ctx.Key.Namespace).Get(ctx.Key.Name) + opc, err := c.opcInformer.Lister().FederationDomains(ctx.Key.Namespace).Get(ctx.Key.Name) notFound := k8serrors.IsNotFound(err) if err != nil && !notFound { return fmt.Errorf( - "failed to get %s/%s OIDCProvider: %w", + "failed to get %s/%s FederationDomain: %w", ctx.Key.Namespace, ctx.Key.Name, err, @@ -134,8 +134,8 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { // The corresponding secret to this OPC should have been garbage collected since it should have // had this OPC as its owner. plog.Debug( - "oidcprovider deleted", - "oidcprovider", + "federationdomain deleted", + "federationdomain", klog.KRef(ctx.Key.Namespace, ctx.Key.Name), ) return nil @@ -149,7 +149,7 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { // Secret is up to date - we are good to go. plog.Debug( "secret is up to date", - "oidcprovider", + "federationdomain", klog.KRef(ctx.Key.Namespace, ctx.Key.Name), ) return nil @@ -173,12 +173,12 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { if err := c.updateOPC(ctx.Context, newOPC); err != nil { return fmt.Errorf("cannot update opc: %w", err) } - plog.Debug("updated oidcprovider", "oidcprovider", klog.KObj(newOPC)) + plog.Debug("updated federationdomain", "federationdomain", klog.KObj(newOPC)) return nil } -func (c *jwksWriterController) secretNeedsUpdate(opc *configv1alpha1.OIDCProvider) (bool, error) { +func (c *jwksWriterController) secretNeedsUpdate(opc *configv1alpha1.FederationDomain) (bool, error) { if opc.Status.Secrets.JWKS.Name == "" { // If the OPC says it doesn't have a secret associated with it, then let's create one. return true, nil @@ -203,7 +203,7 @@ func (c *jwksWriterController) secretNeedsUpdate(opc *configv1alpha1.OIDCProvide return false, nil } -func (c *jwksWriterController) generateSecret(opc *configv1alpha1.OIDCProvider) (*corev1.Secret, error) { +func (c *jwksWriterController) generateSecret(opc *configv1alpha1.FederationDomain) (*corev1.Secret, error) { // Note! This is where we could potentially add more handling of OPC spec fields which tell us how // this OIDC provider should sign and verify ID tokens (e.g., hardcoded token secret, gRPC // connection to KMS, etc). @@ -292,9 +292,9 @@ func (c *jwksWriterController) createOrUpdateSecret( func (c *jwksWriterController) updateOPC( ctx context.Context, - newOPC *configv1alpha1.OIDCProvider, + newOPC *configv1alpha1.FederationDomain, ) error { - opcClient := c.pinnipedClient.ConfigV1alpha1().OIDCProviders(newOPC.Namespace) + opcClient := c.pinnipedClient.ConfigV1alpha1().FederationDomains(newOPC.Namespace) return retry.RetryOnConflict(retry.DefaultRetry, func() error { oldOPC, err := opcClient.Get(ctx, newOPC.Name, metav1.GetOptions{}) if err != nil { diff --git a/internal/controller/supervisorconfig/jwks_writer_test.go b/internal/controller/supervisorconfig/jwks_writer_test.go index 615a1f3d..ededdc16 100644 --- a/internal/controller/supervisorconfig/jwks_writer_test.go +++ b/internal/controller/supervisorconfig/jwks_writer_test.go @@ -54,7 +54,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { Namespace: "some-namespace", OwnerReferences: []metav1.OwnerReference{ { - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", Controller: boolPtr(true), }, @@ -85,7 +85,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", }, }, @@ -100,7 +100,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", Controller: boolPtr(true), }, @@ -123,7 +123,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { }, { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: "some-name", Controller: boolPtr(true), }, @@ -148,7 +148,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { opcInformer := pinnipedinformers.NewSharedInformerFactory( pinnipedfake.NewSimpleClientset(), 0, - ).Config().V1alpha1().OIDCProviders() + ).Config().V1alpha1().FederationDomains() withInformer := testutil.NewObservableWithInformerOption() _ = NewJWKSWriterController( nil, // labels, not needed @@ -175,7 +175,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { tests := []struct { name string - opc configv1alpha1.OIDCProvider + opc configv1alpha1.FederationDomain wantAdd bool wantUpdate bool wantDelete bool @@ -183,7 +183,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { }{ { name: "anything goes", - opc: configv1alpha1.OIDCProvider{}, + opc: configv1alpha1.FederationDomain{}, wantAdd: true, wantUpdate: true, wantDelete: true, @@ -202,7 +202,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { opcInformer := pinnipedinformers.NewSharedInformerFactory( pinnipedfake.NewSimpleClientset(), 0, - ).Config().V1alpha1().OIDCProviders() + ).Config().V1alpha1().FederationDomains() withInformer := testutil.NewObservableWithInformerOption() _ = NewJWKSWriterController( nil, // labels, not needed @@ -213,7 +213,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { withInformer.WithInformer, ) - unrelated := configv1alpha1.OIDCProvider{} + unrelated := configv1alpha1.FederationDomain{} filter := withInformer.GetFilterForInformer(opcInformer) require.Equal(t, test.wantAdd, filter.Add(&test.opc)) require.Equal(t, test.wantUpdate, filter.Update(&unrelated, &test.opc)) @@ -239,16 +239,16 @@ func TestJWKSWriterControllerSync(t *testing.T) { opcGVR := schema.GroupVersionResource{ Group: configv1alpha1.SchemeGroupVersion.Group, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "oidcproviders", + Resource: "federationdomains", } - goodOPC := &configv1alpha1.OIDCProvider{ + goodOPC := &configv1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ Name: "good-opc", Namespace: namespace, UID: "good-opc-uid", }, - Spec: configv1alpha1.OIDCProviderSpec{ + Spec: configv1alpha1.FederationDomainSpec{ Issuer: "https://some-issuer.com", }, } @@ -273,7 +273,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: opcGVR.GroupVersion().String(), - Kind: "OIDCProvider", + Kind: "FederationDomain", Name: goodOPC.Name, UID: goodOPC.UID, BlockOwnerDeletion: boolPtr(true), @@ -300,7 +300,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { secrets []*corev1.Secret configKubeClient func(*kubernetesfake.Clientset) configPinnipedClient func(*pinnipedfake.Clientset) - opcs []*configv1alpha1.OIDCProvider + opcs []*configv1alpha1.FederationDomain generateKeyErr error wantGenerateKeyCount int wantSecretActions []kubetesting.Action @@ -310,7 +310,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "new opc with no secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, wantGenerateKeyCount: 1, @@ -326,7 +326,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "opc without status with existing secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, secrets: []*corev1.Secret{ @@ -344,7 +344,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "existing opc with no secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, wantGenerateKeyCount: 1, @@ -359,7 +359,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "existing opc with existing secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -374,7 +374,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "missing jwk in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -392,7 +392,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "missing jwks in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -410,7 +410,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwk JSON in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -428,7 +428,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwks JSON in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -446,7 +446,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "public jwk in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -464,7 +464,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "private jwks in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -482,7 +482,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwk key in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -500,7 +500,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwks key in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -518,7 +518,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "missing active jwks in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -536,7 +536,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "generate key fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPCWithStatus, }, generateKeyErr: errors.New("some generate error"), @@ -545,7 +545,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "get secret fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, configKubeClient: func(client *kubernetesfake.Clientset) { @@ -558,7 +558,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "create secret fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, configKubeClient: func(client *kubernetesfake.Clientset) { @@ -571,7 +571,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "update secret fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, secrets: []*corev1.Secret{ @@ -587,11 +587,11 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "get opc fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, configPinnipedClient: func(client *pinnipedfake.Clientset) { - client.PrependReactor("get", "oidcproviders", func(_ kubetesting.Action) (bool, runtime.Object, error) { + client.PrependReactor("get", "federationdomains", func(_ kubetesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }) }, @@ -600,11 +600,11 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "update opc fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProvider{ + opcs: []*configv1alpha1.FederationDomain{ goodOPC, }, configPinnipedClient: func(client *pinnipedfake.Clientset) { - client.PrependReactor("update", "oidcproviders", func(_ kubetesting.Action) (bool, runtime.Object, error) { + client.PrependReactor("update", "federationdomains", func(_ kubetesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }) }, @@ -661,7 +661,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { kubeAPIClient, pinnipedAPIClient, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviders(), + pinnipedInformers.Config().V1alpha1().FederationDomains(), controllerlib.WithInformer, ) diff --git a/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go b/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go index a80ed0c3..ec3d16b8 100644 --- a/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go +++ b/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go @@ -29,29 +29,29 @@ import ( // If there are no longer any valid issuers, then it can be called with no arguments. // Implementations of this type should be thread-safe to support calls from multiple goroutines. type ProvidersSetter interface { - SetProviders(oidcProviders ...*provider.OIDCProvider) + SetProviders(federationDomains ...*provider.FederationDomain) } -type oidcProviderWatcherController struct { +type federationDomainWatcherController struct { providerSetter ProvidersSetter clock clock.Clock client pinnipedclientset.Interface - opcInformer configinformers.OIDCProviderInformer + opcInformer configinformers.FederationDomainInformer } -// NewOIDCProviderWatcherController creates a controllerlib.Controller that watches -// OIDCProvider objects and notifies a callback object of the collection of provider configs. -func NewOIDCProviderWatcherController( +// NewFederationDomainWatcherController creates a controllerlib.Controller that watches +// FederationDomain objects and notifies a callback object of the collection of provider configs. +func NewFederationDomainWatcherController( providerSetter ProvidersSetter, clock clock.Clock, client pinnipedclientset.Interface, - opcInformer configinformers.OIDCProviderInformer, + opcInformer configinformers.FederationDomainInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ - Name: "OIDCProviderWatcherController", - Syncer: &oidcProviderWatcherController{ + Name: "FederationDomainWatcherController", + Syncer: &federationDomainWatcherController{ providerSetter: providerSetter, clock: clock, client: client, @@ -67,7 +67,7 @@ func NewOIDCProviderWatcherController( } // Sync implements controllerlib.Syncer. -func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { +func (c *federationDomainWatcherController) Sync(ctx controllerlib.Context) error { all, err := c.opcInformer.Lister().List(labels.Everything()) if err != nil { return err @@ -82,7 +82,7 @@ func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { } // Make a map of issuer hostnames -> set of unique secret names. This will help us complain when - // multiple OIDCProviders have the same issuer hostname (excluding port) but specify + // multiple FederationDomains have the same issuer hostname (excluding port) but specify // different TLS serving Secrets. Doesn't make sense to have the one address use more than one // TLS cert. Ignore ports because SNI information on the incoming requests is not going to include // port numbers. Also make a helper function for forming keys into this map. @@ -109,7 +109,7 @@ func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { errs := multierror.New() - oidcProviders := make([]*provider.OIDCProvider, 0) + federationDomains := make([]*provider.FederationDomain, 0) for _, opc := range all { issuerURL, urlParseErr := url.Parse(opc.Spec.Issuer) @@ -120,7 +120,7 @@ func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.DuplicateOIDCProviderStatusCondition, + configv1alpha1.DuplicateFederationDomainStatusCondition, "Duplicate issuer: "+opc.Spec.Issuer, ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -135,7 +135,7 @@ func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition, + configv1alpha1.SameIssuerHostMustUseSameSecretFederationDomainStatusCondition, "Issuers with the same DNS hostname (address not including port) must use the same secretName: "+issuerURLToHostnameKey(issuerURL), ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -143,13 +143,13 @@ func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { continue } - oidcProvider, err := provider.NewOIDCProvider(opc.Spec.Issuer) // This validates the Issuer URL. + federationDomain, err := provider.NewFederationDomain(opc.Spec.Issuer) // This validates the Issuer URL. if err != nil { if err := c.updateStatus( ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.InvalidOIDCProviderStatusCondition, + configv1alpha1.InvalidFederationDomainStatusCondition, "Invalid: "+err.Error(), ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -161,28 +161,28 @@ func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.SuccessOIDCProviderStatusCondition, + configv1alpha1.SuccessFederationDomainStatusCondition, "Provider successfully created", ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) continue } - oidcProviders = append(oidcProviders, oidcProvider) + federationDomains = append(federationDomains, federationDomain) } - c.providerSetter.SetProviders(oidcProviders...) + c.providerSetter.SetProviders(federationDomains...) return errs.ErrOrNil() } -func (c *oidcProviderWatcherController) updateStatus( +func (c *federationDomainWatcherController) updateStatus( ctx context.Context, namespace, name string, - status configv1alpha1.OIDCProviderStatusCondition, + status configv1alpha1.FederationDomainStatusCondition, message string, ) error { return retry.RetryOnConflict(retry.DefaultRetry, func() error { - opc, err := c.client.ConfigV1alpha1().OIDCProviders(namespace).Get(ctx, name, metav1.GetOptions{}) + opc, err := c.client.ConfigV1alpha1().FederationDomains(namespace).Get(ctx, name, metav1.GetOptions{}) if err != nil { return fmt.Errorf("get failed: %w", err) } @@ -193,7 +193,7 @@ func (c *oidcProviderWatcherController) updateStatus( plog.Debug( "attempting status update", - "openidproviderconfig", + "federationdomainconfig", klog.KRef(namespace, name), "status", status, @@ -203,7 +203,7 @@ func (c *oidcProviderWatcherController) updateStatus( opc.Status.Status = status opc.Status.Message = message opc.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now())) - _, err = c.client.ConfigV1alpha1().OIDCProviders(namespace).Update(ctx, opc, metav1.UpdateOptions{}) + _, err = c.client.ConfigV1alpha1().FederationDomains(namespace).Update(ctx, opc, metav1.UpdateOptions{}) return err }) } diff --git a/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go b/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go index 91270999..623d750a 100644 --- a/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go @@ -40,8 +40,8 @@ func TestInformerFilters(t *testing.T) { it.Before(func() { r = require.New(t) observableWithInformerOption = testutil.NewObservableWithInformerOption() - opcInformer := pinnipedinformers.NewSharedInformerFactoryWithOptions(nil, 0).Config().V1alpha1().OIDCProviders() - _ = NewOIDCProviderWatcherController( + opcInformer := pinnipedinformers.NewSharedInformerFactoryWithOptions(nil, 0).Config().V1alpha1().FederationDomains() + _ = NewFederationDomainWatcherController( nil, nil, nil, @@ -51,18 +51,18 @@ func TestInformerFilters(t *testing.T) { configMapInformerFilter = observableWithInformerOption.GetFilterForInformer(opcInformer) }) - when("watching OIDCProvider objects", func() { + when("watching FederationDomain objects", func() { var subject controllerlib.Filter - var target, otherNamespace, otherName *v1alpha1.OIDCProvider + var target, otherNamespace, otherName *v1alpha1.FederationDomain it.Before(func() { subject = configMapInformerFilter - target = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"}} - otherNamespace = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "other-namespace"}} - otherName = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "other-name", Namespace: "some-namespace"}} + target = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"}} + otherNamespace = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "other-namespace"}} + otherName = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "other-name", Namespace: "some-namespace"}} }) - when("any OIDCProvider changes", func() { + when("any FederationDomain changes", func() { it("returns true to trigger the sync method", func() { r.True(subject.Add(target)) r.True(subject.Add(otherName)) @@ -83,13 +83,13 @@ func TestInformerFilters(t *testing.T) { } type fakeProvidersSetter struct { - SetProvidersWasCalled bool - OIDCProvidersReceived []*provider.OIDCProvider + SetProvidersWasCalled bool + FederationDomainsReceived []*provider.FederationDomain } -func (f *fakeProvidersSetter) SetProviders(oidcProviders ...*provider.OIDCProvider) { +func (f *fakeProvidersSetter) SetProviders(federationDomains ...*provider.FederationDomain) { f.SetProvidersWasCalled = true - f.OIDCProvidersReceived = oidcProviders + f.FederationDomainsReceived = federationDomains } func TestSync(t *testing.T) { @@ -107,17 +107,17 @@ func TestSync(t *testing.T) { var syncContext *controllerlib.Context var frozenNow time.Time var providersSetter *fakeProvidersSetter - var oidcProviderGVR schema.GroupVersionResource + var federationDomainGVR schema.GroupVersionResource // Defer starting the informers until the last possible moment so that the // nested Before's can keep adding things to the informer caches. var startInformersAndController = func() { // Set this at the last second to allow for injection of server override. - subject = NewOIDCProviderWatcherController( + subject = NewFederationDomainWatcherController( providersSetter, clock.NewFakeClock(frozenNow), pinnipedAPIClient, - opcInformers.Config().V1alpha1().OIDCProviders(), + opcInformers.Config().V1alpha1().FederationDomains(), controllerlib.WithInformer, ) @@ -148,10 +148,10 @@ func TestSync(t *testing.T) { opcInformers = pinnipedinformers.NewSharedInformerFactory(opcInformerClient, 0) pinnipedAPIClient = pinnipedfake.NewSimpleClientset() - oidcProviderGVR = schema.GroupVersionResource{ + federationDomainGVR = schema.GroupVersionResource{ Group: v1alpha1.SchemeGroupVersion.Group, Version: v1alpha1.SchemeGroupVersion.Version, - Resource: "oidcproviders", + Resource: "federationdomains", } }) @@ -159,26 +159,26 @@ func TestSync(t *testing.T) { timeoutContextCancel() }) - when("there are some valid OIDCProviders in the informer", func() { + when("there are some valid FederationDomains in the informer", func() { var ( - oidcProvider1 *v1alpha1.OIDCProvider - oidcProvider2 *v1alpha1.OIDCProvider + federationDomain1 *v1alpha1.FederationDomain + federationDomain2 *v1alpha1.FederationDomain ) it.Before(func() { - oidcProvider1 = &v1alpha1.OIDCProvider{ + federationDomain1 = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "config1", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer1.com"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer1.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider1)) - r.NoError(opcInformerClient.Tracker().Add(oidcProvider1)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomain1)) + r.NoError(opcInformerClient.Tracker().Add(federationDomain1)) - oidcProvider2 = &v1alpha1.OIDCProvider{ + federationDomain2 = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "config2", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer2.com"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer2.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider2)) - r.NoError(opcInformerClient.Tracker().Add(oidcProvider2)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomain2)) + r.NoError(opcInformerClient.Tracker().Add(federationDomain2)) }) it("calls the ProvidersSetter", func() { @@ -186,127 +186,127 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - provider1, err := provider.NewOIDCProvider(oidcProvider1.Spec.Issuer) + provider1, err := provider.NewFederationDomain(federationDomain1.Spec.Issuer) r.NoError(err) - provider2, err := provider.NewOIDCProvider(oidcProvider2.Spec.Issuer) + provider2, err := provider.NewFederationDomain(federationDomain2.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) r.ElementsMatch( - []*provider.OIDCProvider{ + []*provider.FederationDomain{ provider1, provider2, }, - providersSetter.OIDCProvidersReceived, + providersSetter.FederationDomainsReceived, ) }) - it("updates the status to success in the OIDCProviders", func() { + it("updates the status to success in the FederationDomains", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProvider1.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider1.Status.Message = "Provider successfully created" - oidcProvider1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain1.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain1.Status.Message = "Provider successfully created" + federationDomain1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProvider2.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider2.Status.Message = "Provider successfully created" - oidcProvider2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain2.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain2.Status.Message = "Provider successfully created" + federationDomain2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider1.Namespace, - oidcProvider1.Name, + federationDomainGVR, + federationDomain1.Namespace, + federationDomain1.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider1.Namespace, - oidcProvider1, + federationDomainGVR, + federationDomain1.Namespace, + federationDomain1, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider2.Namespace, - oidcProvider2.Name, + federationDomainGVR, + federationDomain2.Namespace, + federationDomain2.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider2.Namespace, - oidcProvider2, + federationDomainGVR, + federationDomain2.Namespace, + federationDomain2, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) }) - when("one OIDCProvider is already up to date", func() { + when("one FederationDomain is already up to date", func() { it.Before(func() { - oidcProvider1.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider1.Status.Message = "Provider successfully created" - oidcProvider1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain1.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain1.Status.Message = "Provider successfully created" + federationDomain1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - r.NoError(pinnipedAPIClient.Tracker().Update(oidcProviderGVR, oidcProvider1, oidcProvider1.Namespace)) - r.NoError(opcInformerClient.Tracker().Update(oidcProviderGVR, oidcProvider1, oidcProvider1.Namespace)) + r.NoError(pinnipedAPIClient.Tracker().Update(federationDomainGVR, federationDomain1, federationDomain1.Namespace)) + r.NoError(opcInformerClient.Tracker().Update(federationDomainGVR, federationDomain1, federationDomain1.Namespace)) }) - it("only updates the out-of-date OIDCProvider", func() { + it("only updates the out-of-date FederationDomain", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProvider2.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider2.Status.Message = "Provider successfully created" - oidcProvider2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain2.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain2.Status.Message = "Provider successfully created" + federationDomain2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider1.Namespace, - oidcProvider1.Name, + federationDomainGVR, + federationDomain1.Namespace, + federationDomain1.Name, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider2.Namespace, - oidcProvider2.Name, + federationDomainGVR, + federationDomain2.Namespace, + federationDomain2.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider2.Namespace, - oidcProvider2, + federationDomainGVR, + federationDomain2.Namespace, + federationDomain2, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) }) - it("calls the ProvidersSetter with both OIDCProvider's", func() { + it("calls the ProvidersSetter with both FederationDomain's", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - provider1, err := provider.NewOIDCProvider(oidcProvider1.Spec.Issuer) + provider1, err := provider.NewFederationDomain(federationDomain1.Spec.Issuer) r.NoError(err) - provider2, err := provider.NewOIDCProvider(oidcProvider2.Spec.Issuer) + provider2, err := provider.NewFederationDomain(federationDomain2.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) r.ElementsMatch( - []*provider.OIDCProvider{ + []*provider.FederationDomain{ provider1, provider2, }, - providersSetter.OIDCProvidersReceived, + providersSetter.FederationDomainsReceived, ) }) }) - when("updating only one OIDCProvider fails for a reason other than conflict", func() { + when("updating only one FederationDomain fails for a reason other than conflict", func() { it.Before(func() { once := sync.Once{} pinnipedAPIClient.PrependReactor( "update", - "oidcproviders", + "federationdomains", func(_ coretesting.Action) (bool, runtime.Object, error) { var err error once.Do(func() { @@ -322,17 +322,17 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - provider1, err := provider.NewOIDCProvider(oidcProvider1.Spec.Issuer) + provider1, err := provider.NewFederationDomain(federationDomain1.Spec.Issuer) r.NoError(err) - provider2, err := provider.NewOIDCProvider(oidcProvider2.Spec.Issuer) + provider2, err := provider.NewFederationDomain(federationDomain2.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) - r.Len(providersSetter.OIDCProvidersReceived, 1) + r.Len(providersSetter.FederationDomainsReceived, 1) r.True( - reflect.DeepEqual(providersSetter.OIDCProvidersReceived[0], provider1) || - reflect.DeepEqual(providersSetter.OIDCProvidersReceived[0], provider2), + reflect.DeepEqual(providersSetter.FederationDomainsReceived[0], provider1) || + reflect.DeepEqual(providersSetter.FederationDomainsReceived[0], provider2), ) }) @@ -341,34 +341,34 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - oidcProvider1.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider1.Status.Message = "Provider successfully created" - oidcProvider1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain1.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain1.Status.Message = "Provider successfully created" + federationDomain1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProvider2.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider2.Status.Message = "Provider successfully created" - oidcProvider2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain2.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain2.Status.Message = "Provider successfully created" + federationDomain2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider1.Namespace, - oidcProvider1.Name, + federationDomainGVR, + federationDomain1.Namespace, + federationDomain1.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider1.Namespace, - oidcProvider1, + federationDomainGVR, + federationDomain1.Namespace, + federationDomain1, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider2.Namespace, - oidcProvider2.Name, + federationDomainGVR, + federationDomain2.Namespace, + federationDomain2.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider2.Namespace, - oidcProvider2, + federationDomainGVR, + federationDomain2.Namespace, + federationDomain2, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -376,26 +376,26 @@ func TestSync(t *testing.T) { }) }) - when("there are errors updating the OIDCProviders", func() { + when("there are errors updating the FederationDomains", func() { var ( - oidcProvider *v1alpha1.OIDCProvider + federationDomain *v1alpha1.FederationDomain ) it.Before(func() { - oidcProvider = &v1alpha1.OIDCProvider{ + federationDomain = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "config", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer.com"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider)) - r.NoError(opcInformerClient.Tracker().Add(oidcProvider)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomain)) + r.NoError(opcInformerClient.Tracker().Add(federationDomain)) }) - when("there is a conflict while updating an OIDCProvider", func() { + when("there is a conflict while updating an FederationDomain", func() { it.Before(func() { once := sync.Once{} pinnipedAPIClient.PrependReactor( "update", - "oidcproviders", + "federationdomains", func(_ coretesting.Action) (bool, runtime.Object, error) { var err error once.Do(func() { @@ -406,46 +406,46 @@ func TestSync(t *testing.T) { ) }) - it("retries updating the OIDCProvider", func() { + it("retries updating the FederationDomain", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider.Status.Message = "Provider successfully created" - oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain.Status.Message = "Provider successfully created" + federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider.Name, + federationDomainGVR, + federationDomain.Namespace, + federationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider, + federationDomainGVR, + federationDomain.Namespace, + federationDomain, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider.Name, + federationDomainGVR, + federationDomain.Namespace, + federationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider, + federationDomainGVR, + federationDomain.Namespace, + federationDomain, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) }) }) - when("updating the OIDCProvider fails for a reason other than conflict", func() { + when("updating the FederationDomain fails for a reason other than conflict", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "oidcproviders", + "federationdomains", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }, @@ -457,31 +457,31 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider.Status.Message = "Provider successfully created" - oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain.Status.Message = "Provider successfully created" + federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider.Name, + federationDomainGVR, + federationDomain.Namespace, + federationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider, + federationDomainGVR, + federationDomain.Namespace, + federationDomain, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) }) }) - when("there is an error when getting the OIDCProvider", func() { + when("there is an error when getting the FederationDomain", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "oidcproviders", + "federationdomains", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -493,15 +493,15 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: get failed: some get error") - oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider.Status.Message = "Provider successfully created" - oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain.Status.Message = "Provider successfully created" + federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider.Name, + federationDomainGVR, + federationDomain.Namespace, + federationDomain.Name, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) @@ -509,26 +509,26 @@ func TestSync(t *testing.T) { }) }) - when("there are both valid and invalid OIDCProviders in the informer", func() { + when("there are both valid and invalid FederationDomains in the informer", func() { var ( - validOIDCProvider *v1alpha1.OIDCProvider - invalidOIDCProvider *v1alpha1.OIDCProvider + validFederationDomain *v1alpha1.FederationDomain + invalidFederationDomain *v1alpha1.FederationDomain ) it.Before(func() { - validOIDCProvider = &v1alpha1.OIDCProvider{ + validFederationDomain = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "valid-config", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://valid-issuer.com"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://valid-issuer.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(validOIDCProvider)) - r.NoError(opcInformerClient.Tracker().Add(validOIDCProvider)) + r.NoError(pinnipedAPIClient.Tracker().Add(validFederationDomain)) + r.NoError(opcInformerClient.Tracker().Add(validFederationDomain)) - invalidOIDCProvider = &v1alpha1.OIDCProvider{ + invalidFederationDomain = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "invalid-config", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://invalid-issuer.com?some=query"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://invalid-issuer.com?some=query"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(invalidOIDCProvider)) - r.NoError(opcInformerClient.Tracker().Add(invalidOIDCProvider)) + r.NoError(pinnipedAPIClient.Tracker().Add(invalidFederationDomain)) + r.NoError(opcInformerClient.Tracker().Add(invalidFederationDomain)) }) it("calls the ProvidersSetter with the valid provider", func() { @@ -536,65 +536,65 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - validProvider, err := provider.NewOIDCProvider(validOIDCProvider.Spec.Issuer) + validProvider, err := provider.NewFederationDomain(validFederationDomain.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) r.Equal( - []*provider.OIDCProvider{ + []*provider.FederationDomain{ validProvider, }, - providersSetter.OIDCProvidersReceived, + providersSetter.FederationDomainsReceived, ) }) - it("updates the status to success/invalid in the OIDCProviders", func() { + it("updates the status to success/invalid in the FederationDomains", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - validOIDCProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - validOIDCProvider.Status.Message = "Provider successfully created" - validOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + validFederationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + validFederationDomain.Status.Message = "Provider successfully created" + validFederationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - invalidOIDCProvider.Status.Status = v1alpha1.InvalidOIDCProviderStatusCondition - invalidOIDCProvider.Status.Message = "Invalid: issuer must not have query" - invalidOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + invalidFederationDomain.Status.Status = v1alpha1.InvalidFederationDomainStatusCondition + invalidFederationDomain.Status.Message = "Invalid: issuer must not have query" + invalidFederationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - invalidOIDCProvider.Namespace, - invalidOIDCProvider.Name, + federationDomainGVR, + invalidFederationDomain.Namespace, + invalidFederationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - invalidOIDCProvider.Namespace, - invalidOIDCProvider, + federationDomainGVR, + invalidFederationDomain.Namespace, + invalidFederationDomain, ), coretesting.NewGetAction( - oidcProviderGVR, - validOIDCProvider.Namespace, - validOIDCProvider.Name, + federationDomainGVR, + validFederationDomain.Namespace, + validFederationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - validOIDCProvider.Namespace, - validOIDCProvider, + federationDomainGVR, + validFederationDomain.Namespace, + validFederationDomain, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) }) - when("updating only the invalid OIDCProvider fails for a reason other than conflict", func() { + when("updating only the invalid FederationDomain fails for a reason other than conflict", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "oidcproviders", + "federationdomains", func(action coretesting.Action) (bool, runtime.Object, error) { updateAction := action.(coretesting.UpdateActionImpl) - opc := updateAction.Object.(*v1alpha1.OIDCProvider) - if opc.Name == validOIDCProvider.Name { + opc := updateAction.Object.(*v1alpha1.FederationDomain) + if opc.Name == validFederationDomain.Name { return true, nil, nil } @@ -608,15 +608,15 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - validProvider, err := provider.NewOIDCProvider(validOIDCProvider.Spec.Issuer) + validProvider, err := provider.NewFederationDomain(validFederationDomain.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) r.Equal( - []*provider.OIDCProvider{ + []*provider.FederationDomain{ validProvider, }, - providersSetter.OIDCProvidersReceived, + providersSetter.FederationDomainsReceived, ) }) @@ -625,34 +625,34 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - validOIDCProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - validOIDCProvider.Status.Message = "Provider successfully created" - validOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + validFederationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + validFederationDomain.Status.Message = "Provider successfully created" + validFederationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - invalidOIDCProvider.Status.Status = v1alpha1.InvalidOIDCProviderStatusCondition - invalidOIDCProvider.Status.Message = "Invalid: issuer must not have query" - invalidOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + invalidFederationDomain.Status.Status = v1alpha1.InvalidFederationDomainStatusCondition + invalidFederationDomain.Status.Message = "Invalid: issuer must not have query" + invalidFederationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - invalidOIDCProvider.Namespace, - invalidOIDCProvider.Name, + federationDomainGVR, + invalidFederationDomain.Namespace, + invalidFederationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - invalidOIDCProvider.Namespace, - invalidOIDCProvider, + federationDomainGVR, + invalidFederationDomain.Namespace, + invalidFederationDomain, ), coretesting.NewGetAction( - oidcProviderGVR, - validOIDCProvider.Namespace, - validOIDCProvider.Name, + federationDomainGVR, + validFederationDomain.Namespace, + validFederationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - validOIDCProvider.Namespace, - validOIDCProvider, + federationDomainGVR, + validFederationDomain.Namespace, + validFederationDomain, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -660,35 +660,35 @@ func TestSync(t *testing.T) { }) }) - when("there are OIDCProviders with duplicate issuer names in the informer", func() { + when("there are FederationDomains with duplicate issuer names in the informer", func() { var ( - oidcProviderDuplicate1 *v1alpha1.OIDCProvider - oidcProviderDuplicate2 *v1alpha1.OIDCProvider - oidcProvider *v1alpha1.OIDCProvider + federationDomainDuplicate1 *v1alpha1.FederationDomain + federationDomainDuplicate2 *v1alpha1.FederationDomain + federationDomain *v1alpha1.FederationDomain ) it.Before(func() { // Hostnames are case-insensitive, so consider them to be duplicates if they only differ by case. // Paths are case-sensitive, so having a path that differs only by case makes a new issuer. - oidcProviderDuplicate1 = &v1alpha1.OIDCProvider{ + federationDomainDuplicate1 = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "duplicate1", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://iSSueR-duPlicAte.cOm/a"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://iSSueR-duPlicAte.cOm/a"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderDuplicate1)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderDuplicate1)) - oidcProviderDuplicate2 = &v1alpha1.OIDCProvider{ + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomainDuplicate1)) + r.NoError(opcInformerClient.Tracker().Add(federationDomainDuplicate1)) + federationDomainDuplicate2 = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "duplicate2", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-duplicate.com/a"}, + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer-duplicate.com/a"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderDuplicate2)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderDuplicate2)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomainDuplicate2)) + r.NoError(opcInformerClient.Tracker().Add(federationDomainDuplicate2)) - oidcProvider = &v1alpha1.OIDCProvider{ + federationDomain = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "not-duplicate", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-duplicate.com/A"}, // different path + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://issuer-duplicate.com/A"}, // different path } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider)) - r.NoError(opcInformerClient.Tracker().Add(oidcProvider)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomain)) + r.NoError(opcInformerClient.Tracker().Add(federationDomain)) }) it("calls the ProvidersSetter with the non-duplicate", func() { @@ -696,15 +696,15 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - nonDuplicateProvider, err := provider.NewOIDCProvider(oidcProvider.Spec.Issuer) + nonDuplicateProvider, err := provider.NewFederationDomain(federationDomain.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) r.Equal( - []*provider.OIDCProvider{ + []*provider.FederationDomain{ nonDuplicateProvider, }, - providersSetter.OIDCProvidersReceived, + providersSetter.FederationDomainsReceived, ) }) @@ -713,48 +713,48 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider.Status.Message = "Provider successfully created" - oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain.Status.Message = "Provider successfully created" + federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderDuplicate1.Status.Status = v1alpha1.DuplicateOIDCProviderStatusCondition - oidcProviderDuplicate1.Status.Message = "Duplicate issuer: https://iSSueR-duPlicAte.cOm/a" - oidcProviderDuplicate1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainDuplicate1.Status.Status = v1alpha1.DuplicateFederationDomainStatusCondition + federationDomainDuplicate1.Status.Message = "Duplicate issuer: https://iSSueR-duPlicAte.cOm/a" + federationDomainDuplicate1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderDuplicate2.Status.Status = v1alpha1.DuplicateOIDCProviderStatusCondition - oidcProviderDuplicate2.Status.Message = "Duplicate issuer: https://issuer-duplicate.com/a" - oidcProviderDuplicate2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainDuplicate2.Status.Status = v1alpha1.DuplicateFederationDomainStatusCondition + federationDomainDuplicate2.Status.Message = "Duplicate issuer: https://issuer-duplicate.com/a" + federationDomainDuplicate2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderDuplicate1.Namespace, - oidcProviderDuplicate1.Name, + federationDomainGVR, + federationDomainDuplicate1.Namespace, + federationDomainDuplicate1.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProviderDuplicate1.Namespace, - oidcProviderDuplicate1, + federationDomainGVR, + federationDomainDuplicate1.Namespace, + federationDomainDuplicate1, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderDuplicate2.Namespace, - oidcProviderDuplicate2.Name, + federationDomainGVR, + federationDomainDuplicate2.Namespace, + federationDomainDuplicate2.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProviderDuplicate2.Namespace, - oidcProviderDuplicate2, + federationDomainGVR, + federationDomainDuplicate2.Namespace, + federationDomainDuplicate2, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider.Name, + federationDomainGVR, + federationDomain.Namespace, + federationDomain.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider, + federationDomainGVR, + federationDomain.Namespace, + federationDomain, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -764,7 +764,7 @@ func TestSync(t *testing.T) { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "oidcproviders", + "federationdomains", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -781,25 +781,25 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, expectedError) - oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProvider.Status.Message = "Provider successfully created" - oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomain.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomain.Status.Message = "Provider successfully created" + federationDomain.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderDuplicate1.Namespace, - oidcProviderDuplicate1.Name, + federationDomainGVR, + federationDomainDuplicate1.Namespace, + federationDomainDuplicate1.Name, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderDuplicate2.Namespace, - oidcProviderDuplicate2.Name, + federationDomainGVR, + federationDomainDuplicate2.Namespace, + federationDomainDuplicate2.Name, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProvider.Namespace, - oidcProvider.Name, + federationDomainGVR, + federationDomain.Namespace, + federationDomain.Name, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -807,60 +807,60 @@ func TestSync(t *testing.T) { }) }) - when("there are OIDCProviders with the same issuer DNS hostname using different secretNames", func() { + when("there are FederationDomains with the same issuer DNS hostname using different secretNames", func() { var ( - oidcProviderSameIssuerAddress1 *v1alpha1.OIDCProvider - oidcProviderSameIssuerAddress2 *v1alpha1.OIDCProvider - oidcProviderDifferentIssuerAddress *v1alpha1.OIDCProvider - oidcProviderWithInvalidIssuerURL *v1alpha1.OIDCProvider + federationDomainSameIssuerAddress1 *v1alpha1.FederationDomain + federationDomainSameIssuerAddress2 *v1alpha1.FederationDomain + federationDomainDifferentIssuerAddress *v1alpha1.FederationDomain + federationDomainWithInvalidIssuerURL *v1alpha1.FederationDomain ) it.Before(func() { - oidcProviderSameIssuerAddress1 = &v1alpha1.OIDCProvider{ + federationDomainSameIssuerAddress1 = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "provider1", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: "https://iSSueR-duPlicAte-adDress.cOm/path1", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret1"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "secret1"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderSameIssuerAddress1)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderSameIssuerAddress1)) - oidcProviderSameIssuerAddress2 = &v1alpha1.OIDCProvider{ + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomainSameIssuerAddress1)) + r.NoError(opcInformerClient.Tracker().Add(federationDomainSameIssuerAddress1)) + federationDomainSameIssuerAddress2 = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "provider2", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ // Validation treats these as the same DNS hostname even though they have different port numbers, // because SNI information on the incoming requests is not going to include port numbers. Issuer: "https://issuer-duplicate-address.com:1234/path2", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret2"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "secret2"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderSameIssuerAddress2)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderSameIssuerAddress2)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomainSameIssuerAddress2)) + r.NoError(opcInformerClient.Tracker().Add(federationDomainSameIssuerAddress2)) - oidcProviderDifferentIssuerAddress = &v1alpha1.OIDCProvider{ + federationDomainDifferentIssuerAddress = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "differentIssuerAddressProvider", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: "https://issuer-not-duplicate.com", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret1"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "secret1"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderDifferentIssuerAddress)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderDifferentIssuerAddress)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomainDifferentIssuerAddress)) + r.NoError(opcInformerClient.Tracker().Add(federationDomainDifferentIssuerAddress)) // Also add one with a URL that cannot be parsed to make sure that the error handling // for the duplicate issuers and secret names are not confused by invalid URLs. invalidIssuerURL := ":/host//path" _, err := url.Parse(invalidIssuerURL) //nolint:staticcheck // Yes, this URL is intentionally invalid. r.Error(err) - oidcProviderWithInvalidIssuerURL = &v1alpha1.OIDCProvider{ + federationDomainWithInvalidIssuerURL = &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{Name: "invalidIssuerURLProvider", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: invalidIssuerURL, - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret1"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "secret1"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderWithInvalidIssuerURL)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderWithInvalidIssuerURL)) + r.NoError(pinnipedAPIClient.Tracker().Add(federationDomainWithInvalidIssuerURL)) + r.NoError(opcInformerClient.Tracker().Add(federationDomainWithInvalidIssuerURL)) }) it("calls the ProvidersSetter with the non-duplicate", func() { @@ -868,15 +868,15 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - nonDuplicateProvider, err := provider.NewOIDCProvider(oidcProviderDifferentIssuerAddress.Spec.Issuer) + nonDuplicateProvider, err := provider.NewFederationDomain(federationDomainDifferentIssuerAddress.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) r.Equal( - []*provider.OIDCProvider{ + []*provider.FederationDomain{ nonDuplicateProvider, }, - providersSetter.OIDCProvidersReceived, + providersSetter.FederationDomainsReceived, ) }) @@ -885,62 +885,62 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProviderDifferentIssuerAddress.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProviderDifferentIssuerAddress.Status.Message = "Provider successfully created" - oidcProviderDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainDifferentIssuerAddress.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomainDifferentIssuerAddress.Status.Message = "Provider successfully created" + federationDomainDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderSameIssuerAddress1.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition - oidcProviderSameIssuerAddress1.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" - oidcProviderSameIssuerAddress1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainSameIssuerAddress1.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretFederationDomainStatusCondition + federationDomainSameIssuerAddress1.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" + federationDomainSameIssuerAddress1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderSameIssuerAddress2.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition - oidcProviderSameIssuerAddress2.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" - oidcProviderSameIssuerAddress2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainSameIssuerAddress2.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretFederationDomainStatusCondition + federationDomainSameIssuerAddress2.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" + federationDomainSameIssuerAddress2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderWithInvalidIssuerURL.Status.Status = v1alpha1.InvalidOIDCProviderStatusCondition - oidcProviderWithInvalidIssuerURL.Status.Message = `Invalid: could not parse issuer as URL: parse ":/host//path": missing protocol scheme` - oidcProviderWithInvalidIssuerURL.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainWithInvalidIssuerURL.Status.Status = v1alpha1.InvalidFederationDomainStatusCondition + federationDomainWithInvalidIssuerURL.Status.Message = `Invalid: could not parse issuer as URL: parse ":/host//path": missing protocol scheme` + federationDomainWithInvalidIssuerURL.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderSameIssuerAddress1.Namespace, - oidcProviderSameIssuerAddress1.Name, + federationDomainGVR, + federationDomainSameIssuerAddress1.Namespace, + federationDomainSameIssuerAddress1.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProviderSameIssuerAddress1.Namespace, - oidcProviderSameIssuerAddress1, + federationDomainGVR, + federationDomainSameIssuerAddress1.Namespace, + federationDomainSameIssuerAddress1, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderSameIssuerAddress2.Namespace, - oidcProviderSameIssuerAddress2.Name, + federationDomainGVR, + federationDomainSameIssuerAddress2.Namespace, + federationDomainSameIssuerAddress2.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProviderSameIssuerAddress2.Namespace, - oidcProviderSameIssuerAddress2, + federationDomainGVR, + federationDomainSameIssuerAddress2.Namespace, + federationDomainSameIssuerAddress2, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderDifferentIssuerAddress.Namespace, - oidcProviderDifferentIssuerAddress.Name, + federationDomainGVR, + federationDomainDifferentIssuerAddress.Namespace, + federationDomainDifferentIssuerAddress.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProviderDifferentIssuerAddress.Namespace, - oidcProviderDifferentIssuerAddress, + federationDomainGVR, + federationDomainDifferentIssuerAddress.Namespace, + federationDomainDifferentIssuerAddress, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderWithInvalidIssuerURL.Namespace, - oidcProviderWithInvalidIssuerURL.Name, + federationDomainGVR, + federationDomainWithInvalidIssuerURL.Namespace, + federationDomainWithInvalidIssuerURL.Name, ), coretesting.NewUpdateAction( - oidcProviderGVR, - oidcProviderWithInvalidIssuerURL.Namespace, - oidcProviderWithInvalidIssuerURL, + federationDomainGVR, + federationDomainWithInvalidIssuerURL.Namespace, + federationDomainWithInvalidIssuerURL, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -950,7 +950,7 @@ func TestSync(t *testing.T) { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "oidcproviders", + "federationdomains", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -968,30 +968,30 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, expectedError) - oidcProviderDifferentIssuerAddress.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition - oidcProviderDifferentIssuerAddress.Status.Message = "Provider successfully created" - oidcProviderDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + federationDomainDifferentIssuerAddress.Status.Status = v1alpha1.SuccessFederationDomainStatusCondition + federationDomainDifferentIssuerAddress.Status.Message = "Provider successfully created" + federationDomainDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderSameIssuerAddress1.Namespace, - oidcProviderSameIssuerAddress1.Name, + federationDomainGVR, + federationDomainSameIssuerAddress1.Namespace, + federationDomainSameIssuerAddress1.Name, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderSameIssuerAddress2.Namespace, - oidcProviderSameIssuerAddress2.Name, + federationDomainGVR, + federationDomainSameIssuerAddress2.Namespace, + federationDomainSameIssuerAddress2.Name, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderDifferentIssuerAddress.Namespace, - oidcProviderDifferentIssuerAddress.Name, + federationDomainGVR, + federationDomainDifferentIssuerAddress.Namespace, + federationDomainDifferentIssuerAddress.Name, ), coretesting.NewGetAction( - oidcProviderGVR, - oidcProviderWithInvalidIssuerURL.Namespace, - oidcProviderWithInvalidIssuerURL.Name, + federationDomainGVR, + federationDomainWithInvalidIssuerURL.Namespace, + federationDomainWithInvalidIssuerURL.Name, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -999,14 +999,14 @@ func TestSync(t *testing.T) { }) }) - when("there are no OIDCProviders in the informer", func() { + when("there are no FederationDomains in the informer", func() { it("keeps waiting for one", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) r.Empty(pinnipedAPIClient.Actions()) r.True(providersSetter.SetProvidersWasCalled) - r.Empty(providersSetter.OIDCProvidersReceived) + r.Empty(providersSetter.FederationDomainsReceived) }) }) }, spec.Parallel(), spec.Report(report.Terminal{})) diff --git a/internal/controller/supervisorconfig/tls_cert_observer.go b/internal/controller/supervisorconfig/tls_cert_observer.go index d50ca780..37018b2e 100644 --- a/internal/controller/supervisorconfig/tls_cert_observer.go +++ b/internal/controller/supervisorconfig/tls_cert_observer.go @@ -21,7 +21,7 @@ import ( type tlsCertObserverController struct { issuerTLSCertSetter IssuerTLSCertSetter defaultTLSCertificateSecretName string - oidcProviderInformer v1alpha1.OIDCProviderInformer + federationDomainInformer v1alpha1.FederationDomainInformer secretInformer corev1informers.SecretInformer } @@ -34,7 +34,7 @@ func NewTLSCertObserverController( issuerTLSCertSetter IssuerTLSCertSetter, defaultTLSCertificateSecretName string, secretInformer corev1informers.SecretInformer, - oidcProviderInformer v1alpha1.OIDCProviderInformer, + federationDomainInformer v1alpha1.FederationDomainInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( @@ -43,7 +43,7 @@ func NewTLSCertObserverController( Syncer: &tlsCertObserverController{ issuerTLSCertSetter: issuerTLSCertSetter, defaultTLSCertificateSecretName: defaultTLSCertificateSecretName, - oidcProviderInformer: oidcProviderInformer, + federationDomainInformer: federationDomainInformer, secretInformer: secretInformer, }, }, @@ -53,7 +53,7 @@ func NewTLSCertObserverController( controllerlib.InformerOption{}, ), withInformer( - oidcProviderInformer, + federationDomainInformer, pinnipedcontroller.MatchAnythingFilter(nil), controllerlib.InformerOption{}, ), @@ -62,12 +62,12 @@ func NewTLSCertObserverController( func (c *tlsCertObserverController) Sync(ctx controllerlib.Context) error { ns := ctx.Key.Namespace - allProviders, err := c.oidcProviderInformer.Lister().OIDCProviders(ns).List(labels.Everything()) + allProviders, err := c.federationDomainInformer.Lister().FederationDomains(ns).List(labels.Everything()) if err != nil { - return fmt.Errorf("failed to list OIDCProviders: %w", err) + return fmt.Errorf("failed to list FederationDomains: %w", err) } - // Rebuild the whole map on any change to any Secret or OIDCProvider, because either can have changes that + // Rebuild the whole map on any change to any Secret or FederationDomain, because either can have changes that // can cause the map to need to be updated. issuerHostToTLSCertMap := map[string]*tls.Certificate{} diff --git a/internal/controller/supervisorconfig/tls_cert_observer_test.go b/internal/controller/supervisorconfig/tls_cert_observer_test.go index 7950af29..07c5e547 100644 --- a/internal/controller/supervisorconfig/tls_cert_observer_test.go +++ b/internal/controller/supervisorconfig/tls_cert_observer_test.go @@ -29,26 +29,26 @@ import ( func TestTLSCertObserverControllerInformerFilters(t *testing.T) { spec.Run(t, "informer filters", func(t *testing.T, when spec.G, it spec.S) { var ( - r *require.Assertions - observableWithInformerOption *testutil.ObservableWithInformerOption - secretsInformerFilter controllerlib.Filter - oidcProviderInformerFilter controllerlib.Filter + r *require.Assertions + observableWithInformerOption *testutil.ObservableWithInformerOption + secretsInformerFilter controllerlib.Filter + federationDomainInformerFilter controllerlib.Filter ) it.Before(func() { r = require.New(t) observableWithInformerOption = testutil.NewObservableWithInformerOption() secretsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Secrets() - oidcProviderInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().OIDCProviders() + federationDomainInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().FederationDomains() _ = NewTLSCertObserverController( nil, "", // don't care about the secret name for this test secretsInformer, - oidcProviderInformer, + federationDomainInformer, observableWithInformerOption.WithInformer, // make it possible to observe the behavior of the Filters ) secretsInformerFilter = observableWithInformerOption.GetFilterForInformer(secretsInformer) - oidcProviderInformerFilter = observableWithInformerOption.GetFilterForInformer(oidcProviderInformer) + federationDomainInformerFilter = observableWithInformerOption.GetFilterForInformer(federationDomainInformer) }) when("watching Secret objects", func() { @@ -73,19 +73,19 @@ func TestTLSCertObserverControllerInformerFilters(t *testing.T) { }) }) - when("watching OIDCProvider objects", func() { + when("watching FederationDomain objects", func() { var ( subject controllerlib.Filter - provider, otherProvider *v1alpha1.OIDCProvider + provider, otherProvider *v1alpha1.FederationDomain ) it.Before(func() { - subject = oidcProviderInformerFilter - provider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} - otherProvider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} + subject = federationDomainInformerFilter + provider = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} + otherProvider = &v1alpha1.FederationDomain{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} }) - when("any OIDCProvider changes", func() { + when("any FederationDomain changes", func() { it("returns true to trigger the sync method", func() { r.True(subject.Add(provider)) r.True(subject.Update(provider, otherProvider)) @@ -142,7 +142,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { issuerTLSCertSetter, defaultTLSSecretName, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviders(), + pinnipedInformers.Config().V1alpha1().FederationDomains(), controllerlib.WithInformer, ) @@ -192,7 +192,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { timeoutContextCancel() }) - when("there are no OIDCProviders and no TLS Secrets yet", func() { + when("there are no FederationDomains and no TLS Secrets yet", func() { it("sets the issuerTLSCertSetter's map to be empty", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) @@ -205,71 +205,71 @@ func TestTLSCertObserverControllerSync(t *testing.T) { }) }) - when("there are OIDCProviders where some have corresponding TLS Secrets and some don't", func() { + when("there are FederationDomains where some have corresponding TLS Secrets and some don't", func() { var ( expectedCertificate1, expectedCertificate2 tls.Certificate ) it.Before(func() { var err error - oidcProviderWithoutSecret1 := &v1alpha1.OIDCProvider{ + federationDomainWithoutSecret1 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcprovider1", + Name: "no-secret-federationdomain1", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://no-secret-issuer1.com"}, // no SNICertificateSecretName field + Spec: v1alpha1.FederationDomainSpec{Issuer: "https://no-secret-issuer1.com"}, // no SNICertificateSecretName field } - oidcProviderWithoutSecret2 := &v1alpha1.OIDCProvider{ + federationDomainWithoutSecret2 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcprovider2", + Name: "no-secret-federationdomain2", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: "https://no-secret-issuer2.com", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: ""}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: ""}, }, } - oidcProviderWithBadSecret := &v1alpha1.OIDCProvider{ + federationDomainWithBadSecret := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-secret-oidcprovider", + Name: "bad-secret-federationdomain", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: "https://bad-secret-issuer.com", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "bad-tls-secret-name"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "bad-tls-secret-name"}, }, } // Also add one with a URL that cannot be parsed to make sure that the controller is not confused by invalid URLs. invalidIssuerURL := ":/host//path" _, err = url.Parse(invalidIssuerURL) //nolint:staticcheck // Yes, this URL is intentionally invalid. r.Error(err) - oidcProviderWithBadIssuer := &v1alpha1.OIDCProvider{ + federationDomainWithBadIssuer := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-issuer-oidcprovider", + Name: "bad-issuer-federationdomain", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderSpec{Issuer: invalidIssuerURL}, + Spec: v1alpha1.FederationDomainSpec{Issuer: invalidIssuerURL}, } - oidcProviderWithGoodSecret1 := &v1alpha1.OIDCProvider{ + federationDomainWithGoodSecret1 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcprovider1", + Name: "good-secret-federationdomain1", Namespace: installedInNamespace, }, // Issuer hostname should be treated in a case-insensitive way and SNI ignores port numbers. Test without a port number. - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: "https://www.iSSuer-wiTh-goOd-secRet1.cOm/path", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "good-tls-secret-name1"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "good-tls-secret-name1"}, }, } - oidcProviderWithGoodSecret2 := &v1alpha1.OIDCProvider{ + federationDomainWithGoodSecret2 := &v1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcprovider2", + Name: "good-secret-federationdomain2", Namespace: installedInNamespace, }, // Issuer hostname should be treated in a case-insensitive way and SNI ignores port numbers. Test with a port number. - Spec: v1alpha1.OIDCProviderSpec{ + Spec: v1alpha1.FederationDomainSpec{ Issuer: "https://www.issUEr-WIth-gOOd-seCret2.com:1234/path", - TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "good-tls-secret-name2"}, + TLS: &v1alpha1.FederationDomainTLSSpec{SecretName: "good-tls-secret-name2"}, }, } testCrt1 := readTestFile("testdata/test.crt") @@ -296,12 +296,12 @@ func TestTLSCertObserverControllerSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{Name: "bad-tls-secret-name", Namespace: installedInNamespace}, Data: map[string][]byte{"junk": nil}, } - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret2)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadSecret)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadIssuer)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithoutSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithoutSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithBadSecret)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithBadIssuer)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithGoodSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(federationDomainWithGoodSecret2)) r.NoError(kubeInformerClient.Tracker().Add(goodTLSSecret1)) r.NoError(kubeInformerClient.Tracker().Add(goodTLSSecret2)) r.NoError(kubeInformerClient.Tracker().Add(badTLSSecret)) diff --git a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go index 7faa4d9c..69252317 100644 --- a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go +++ b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher.go @@ -1,7 +1,7 @@ // Copyright 2020 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -// Package upstreamwatcher implements a controller that watches UpstreamOIDCProvider objects. +// Package upstreamwatcher implements a controller that watches OIDCIdentityProvider objects. package upstreamwatcher import ( @@ -58,7 +58,7 @@ const ( reasonInvalidResponse = "InvalidResponse" // Errors that are generated by our reconcile process. - errFailureStatus = constable.Error("UpstreamOIDCProvider has a failing condition") + errFailureStatus = constable.Error("OIDCIdentityProvider has a failing condition") errNoCertificates = constable.Error("no certificates found") ) @@ -75,7 +75,7 @@ type lruValidatorCacheEntry struct { client *http.Client } -func (c *lruValidatorCache) getProvider(spec *v1alpha1.UpstreamOIDCProviderSpec) (*oidc.Provider, *http.Client) { +func (c *lruValidatorCache) getProvider(spec *v1alpha1.OIDCIdentityProviderSpec) (*oidc.Provider, *http.Client) { if result, ok := c.cache.Get(c.cacheKey(spec)); ok { entry := result.(*lruValidatorCacheEntry) return entry.provider, entry.client @@ -83,11 +83,11 @@ func (c *lruValidatorCache) getProvider(spec *v1alpha1.UpstreamOIDCProviderSpec) return nil, nil } -func (c *lruValidatorCache) putProvider(spec *v1alpha1.UpstreamOIDCProviderSpec, provider *oidc.Provider, client *http.Client) { +func (c *lruValidatorCache) putProvider(spec *v1alpha1.OIDCIdentityProviderSpec, provider *oidc.Provider, client *http.Client) { c.cache.Set(c.cacheKey(spec), &lruValidatorCacheEntry{provider: provider, client: client}, validatorCacheTTL) } -func (c *lruValidatorCache) cacheKey(spec *v1alpha1.UpstreamOIDCProviderSpec) interface{} { +func (c *lruValidatorCache) cacheKey(spec *v1alpha1.OIDCIdentityProviderSpec) interface{} { var key struct{ issuer, caBundle string } key.issuer = spec.Issuer if spec.TLS != nil { @@ -100,11 +100,11 @@ type controller struct { cache IDPCache log logr.Logger client pinnipedclientset.Interface - providers idpinformers.UpstreamOIDCProviderInformer + providers idpinformers.OIDCIdentityProviderInformer secrets corev1informers.SecretInformer validatorCache interface { - getProvider(*v1alpha1.UpstreamOIDCProviderSpec) (*oidc.Provider, *http.Client) - putProvider(*v1alpha1.UpstreamOIDCProviderSpec, *oidc.Provider, *http.Client) + getProvider(*v1alpha1.OIDCIdentityProviderSpec) (*oidc.Provider, *http.Client) + putProvider(*v1alpha1.OIDCIdentityProviderSpec, *oidc.Provider, *http.Client) } } @@ -112,7 +112,7 @@ type controller struct { func New( idpCache IDPCache, client pinnipedclientset.Interface, - providers idpinformers.UpstreamOIDCProviderInformer, + providers idpinformers.OIDCIdentityProviderInformer, secrets corev1informers.SecretInformer, log logr.Logger, ) controllerlib.Controller { @@ -136,7 +136,7 @@ func New( func (c *controller) Sync(ctx controllerlib.Context) error { actualUpstreams, err := c.providers.Lister().List(labels.Everything()) if err != nil { - return fmt.Errorf("failed to list UpstreamOIDCProviders: %w", err) + return fmt.Errorf("failed to list OIDCIdentityProviders: %w", err) } requeue := false @@ -156,9 +156,9 @@ func (c *controller) Sync(ctx controllerlib.Context) error { return nil } -// validateUpstream validates the provided v1alpha1.UpstreamOIDCProvider and returns the validated configuration as a -// provider.UpstreamOIDCIdentityProvider. As a side effect, it also updates the status of the v1alpha1.UpstreamOIDCProvider. -func (c *controller) validateUpstream(ctx controllerlib.Context, upstream *v1alpha1.UpstreamOIDCProvider) *upstreamoidc.ProviderConfig { +// validateUpstream validates the provided v1alpha1.OIDCIdentityProvider and returns the validated configuration as a +// provider.UpstreamOIDCIdentityProvider. As a side effect, it also updates the status of the v1alpha1.OIDCIdentityProvider. +func (c *controller) validateUpstream(ctx controllerlib.Context, upstream *v1alpha1.OIDCIdentityProvider) *upstreamoidc.ProviderConfig { result := upstreamoidc.ProviderConfig{ Name: upstream.Name, Config: &oauth2.Config{ @@ -192,7 +192,7 @@ func (c *controller) validateUpstream(ctx controllerlib.Context, upstream *v1alp } // validateSecret validates the .spec.client.secretName field and returns the appropriate ClientCredentialsValid condition. -func (c *controller) validateSecret(upstream *v1alpha1.UpstreamOIDCProvider, result *upstreamoidc.ProviderConfig) *v1alpha1.Condition { +func (c *controller) validateSecret(upstream *v1alpha1.OIDCIdentityProvider, result *upstreamoidc.ProviderConfig) *v1alpha1.Condition { secretName := upstream.Spec.Client.SecretName // Fetch the Secret from informer cache. @@ -240,7 +240,7 @@ func (c *controller) validateSecret(upstream *v1alpha1.UpstreamOIDCProvider, res } // validateIssuer validates the .spec.issuer field, performs OIDC discovery, and returns the appropriate OIDCDiscoverySucceeded condition. -func (c *controller) validateIssuer(ctx context.Context, upstream *v1alpha1.UpstreamOIDCProvider, result *upstreamoidc.ProviderConfig) *v1alpha1.Condition { +func (c *controller) validateIssuer(ctx context.Context, upstream *v1alpha1.OIDCIdentityProvider, result *upstreamoidc.ProviderConfig) *v1alpha1.Condition { // Get the provider and HTTP Client from cache if possible. discoveredProvider, httpClient := c.validatorCache.getProvider(&upstream.Spec) @@ -302,7 +302,7 @@ func (c *controller) validateIssuer(ctx context.Context, upstream *v1alpha1.Upst } } -func getTLSConfig(upstream *v1alpha1.UpstreamOIDCProvider) (*tls.Config, error) { +func getTLSConfig(upstream *v1alpha1.OIDCIdentityProvider) (*tls.Config, error) { result := tls.Config{ MinVersion: tls.VersionTLS12, } @@ -324,7 +324,7 @@ func getTLSConfig(upstream *v1alpha1.UpstreamOIDCProvider) (*tls.Config, error) return &result, nil } -func (c *controller) updateStatus(ctx context.Context, upstream *v1alpha1.UpstreamOIDCProvider, conditions []*v1alpha1.Condition) { +func (c *controller) updateStatus(ctx context.Context, upstream *v1alpha1.OIDCIdentityProvider, conditions []*v1alpha1.Condition) { log := c.log.WithValues("namespace", upstream.Namespace, "name", upstream.Name) updated := upstream.DeepCopy() @@ -352,7 +352,7 @@ func (c *controller) updateStatus(ctx context.Context, upstream *v1alpha1.Upstre _, err := c.client. IDPV1alpha1(). - UpstreamOIDCProviders(upstream.Namespace). + OIDCIdentityProviders(upstream.Namespace). UpdateStatus(ctx, updated, metav1.UpdateOptions{}) if err != nil { log.Error(err, "failed to update status") diff --git a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go index 3ecfa91a..4ac03145 100644 --- a/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go +++ b/internal/controller/supervisorconfig/upstreamwatcher/upstreamwatcher_test.go @@ -61,16 +61,16 @@ func TestController(t *testing.T) { wantErr string wantLogs []string wantResultingCache []provider.UpstreamOIDCIdentityProviderI - wantResultingUpstreams []v1alpha1.UpstreamOIDCProvider + wantResultingUpstreams []v1alpha1.OIDCIdentityProvider }{ { name: "no upstreams", }, { name: "missing secret", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, @@ -82,12 +82,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="secret \"test-client-secret\" not found" "reason"="SecretNotFound" "status"="False" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="secret \"test-client-secret\" not found" "name"="test-name" "namespace"="test-namespace" "reason"="SecretNotFound" "type"="ClientCredentialsValid"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="secret \"test-client-secret\" not found" "name"="test-name" "namespace"="test-namespace" "reason"="SecretNotFound" "type"="ClientCredentialsValid"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -110,9 +110,9 @@ func TestController(t *testing.T) { }, { name: "secret has wrong type", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, @@ -128,12 +128,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")" "reason"="SecretWrongType" "status"="False" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")" "name"="test-name" "namespace"="test-namespace" "reason"="SecretWrongType" "type"="ClientCredentialsValid"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="referenced Secret \"test-client-secret\" has wrong type \"some-other-type\" (should be \"secrets.pinniped.dev/oidc-client\")" "name"="test-name" "namespace"="test-namespace" "reason"="SecretWrongType" "type"="ClientCredentialsValid"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -156,9 +156,9 @@ func TestController(t *testing.T) { }, { name: "secret is missing key", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, @@ -173,12 +173,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]" "reason"="SecretMissingKeys" "status"="False" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="discovered issuer configuration" "reason"="Success" "status"="True" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]" "name"="test-name" "namespace"="test-namespace" "reason"="SecretMissingKeys" "type"="ClientCredentialsValid"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="referenced Secret \"test-client-secret\" is missing required keys [\"clientID\" \"clientSecret\"]" "name"="test-name" "namespace"="test-namespace" "reason"="SecretMissingKeys" "type"="ClientCredentialsValid"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -201,9 +201,9 @@ func TestController(t *testing.T) { }, { name: "TLS CA bundle is invalid base64", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: "test-name"}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{ CertificateAuthorityData: "invalid-base64", @@ -221,12 +221,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7" "reason"="InvalidTLSConfig" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidTLSConfig" "type"="OIDCDiscoverySucceeded"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="spec.certificateAuthorityData is invalid: illegal base64 data at input byte 7" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidTLSConfig" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -249,9 +249,9 @@ func TestController(t *testing.T) { }, { name: "TLS CA bundle does not have any certificates", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: "test-name"}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{ CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte("not-a-pem-ca-bundle")), @@ -269,12 +269,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="spec.certificateAuthorityData is invalid: no certificates found" "reason"="InvalidTLSConfig" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="spec.certificateAuthorityData is invalid: no certificates found" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidTLSConfig" "type"="OIDCDiscoverySucceeded"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="spec.certificateAuthorityData is invalid: no certificates found" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidTLSConfig" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -297,9 +297,9 @@ func TestController(t *testing.T) { }, { name: "issuer is invalid URL", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: "invalid-url", Client: v1alpha1.OIDCClient{SecretName: testSecretName}, AuthorizationConfig: v1alpha1.OIDCAuthorizationConfig{AdditionalScopes: testAdditionalScopes}, @@ -314,12 +314,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to perform OIDC discovery against \"invalid-url\"" "reason"="Unreachable" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="failed to perform OIDC discovery against \"invalid-url\"" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="failed to perform OIDC discovery against \"invalid-url\"" "name"="test-name" "namespace"="test-namespace" "reason"="Unreachable" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -342,9 +342,9 @@ func TestController(t *testing.T) { }, { name: "issuer returns invalid authorize URL", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL + "/invalid", TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, @@ -360,12 +360,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="failed to parse authorization endpoint URL: parse \"%\": invalid URL escape \"%\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -388,9 +388,9 @@ func TestController(t *testing.T) { }, { name: "issuer returns insecure authorize URL", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL + "/insecure", TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, @@ -406,12 +406,12 @@ func TestController(t *testing.T) { wantLogs: []string{ `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="loaded client credentials" "reason"="Success" "status"="True" "type"="ClientCredentialsValid"`, `upstream-observer "level"=0 "msg"="updated condition" "name"="test-name" "namespace"="test-namespace" "message"="authorization endpoint URL scheme must be \"https\", not \"http\"" "reason"="InvalidResponse" "status"="False" "type"="OIDCDiscoverySucceeded"`, - `upstream-observer "error"="UpstreamOIDCProvider has a failing condition" "msg"="found failing condition" "message"="authorization endpoint URL scheme must be \"https\", not \"http\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, + `upstream-observer "error"="OIDCIdentityProvider has a failing condition" "msg"="found failing condition" "message"="authorization endpoint URL scheme must be \"https\", not \"http\"" "name"="test-name" "namespace"="test-namespace" "reason"="InvalidResponse" "type"="OIDCDiscoverySucceeded"`, }, wantResultingCache: []provider.UpstreamOIDCIdentityProviderI{}, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ { @@ -434,16 +434,16 @@ func TestController(t *testing.T) { }, { name: "upstream becomes valid", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: "test-name"}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, AuthorizationConfig: v1alpha1.OIDCAuthorizationConfig{AdditionalScopes: append(testAdditionalScopes, "xyz", "openid")}, Claims: v1alpha1.OIDCClaims{Groups: testGroupsClaim, Username: testUsernameClaim}, }, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Error", Conditions: []v1alpha1.Condition{ {Type: "ClientCredentialsValid", Status: "False", LastTransitionTime: earlier, Reason: "SomeError1", Message: "some previous error 1"}, @@ -470,9 +470,9 @@ func TestController(t *testing.T) { GroupsClaim: testGroupsClaim, }, }, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Ready", Conditions: []v1alpha1.Condition{ {Type: "ClientCredentialsValid", Status: "True", LastTransitionTime: now, Reason: "Success", Message: "loaded client credentials"}, @@ -483,16 +483,16 @@ func TestController(t *testing.T) { }, { name: "existing valid upstream", - inputUpstreams: []runtime.Object{&v1alpha1.UpstreamOIDCProvider{ + inputUpstreams: []runtime.Object{&v1alpha1.OIDCIdentityProvider{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName, Generation: 1234}, - Spec: v1alpha1.UpstreamOIDCProviderSpec{ + Spec: v1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &v1alpha1.TLSSpec{CertificateAuthorityData: testIssuerCABase64}, Client: v1alpha1.OIDCClient{SecretName: testSecretName}, AuthorizationConfig: v1alpha1.OIDCAuthorizationConfig{AdditionalScopes: testAdditionalScopes}, Claims: v1alpha1.OIDCClaims{Groups: testGroupsClaim, Username: testUsernameClaim}, }, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Ready", Conditions: []v1alpha1.Condition{ {Type: "ClientCredentialsValid", Status: "True", LastTransitionTime: earlier, Reason: "Success", Message: "loaded client credentials"}, @@ -519,9 +519,9 @@ func TestController(t *testing.T) { GroupsClaim: testGroupsClaim, }, }, - wantResultingUpstreams: []v1alpha1.UpstreamOIDCProvider{{ + wantResultingUpstreams: []v1alpha1.OIDCIdentityProvider{{ ObjectMeta: metav1.ObjectMeta{Namespace: testNamespace, Name: testName, Generation: 1234}, - Status: v1alpha1.UpstreamOIDCProviderStatus{ + Status: v1alpha1.OIDCIdentityProviderStatus{ Phase: "Ready", Conditions: []v1alpha1.Condition{ {Type: "ClientCredentialsValid", Status: "True", LastTransitionTime: earlier, Reason: "Success", Message: "loaded client credentials", ObservedGeneration: 1234}, @@ -548,7 +548,7 @@ func TestController(t *testing.T) { controller := New( cache, fakePinnipedClient, - pinnipedInformers.IDP().V1alpha1().UpstreamOIDCProviders(), + pinnipedInformers.IDP().V1alpha1().OIDCIdentityProviders(), kubeInformers.Core().V1().Secrets(), testLog) @@ -580,7 +580,7 @@ func TestController(t *testing.T) { require.ElementsMatch(t, tt.wantResultingCache[i].GetScopes(), actualIDP.GetScopes()) } - actualUpstreams, err := fakePinnipedClient.IDPV1alpha1().UpstreamOIDCProviders(testNamespace).List(ctx, metav1.ListOptions{}) + actualUpstreams, err := fakePinnipedClient.IDPV1alpha1().OIDCIdentityProviders(testNamespace).List(ctx, metav1.ListOptions{}) require.NoError(t, err) // Preprocess the set of upstreams a bit so that they're easier to assert against. @@ -597,13 +597,13 @@ func TestController(t *testing.T) { } } -func normalizeUpstreams(upstreams []v1alpha1.UpstreamOIDCProvider, now metav1.Time) []v1alpha1.UpstreamOIDCProvider { - result := make([]v1alpha1.UpstreamOIDCProvider, 0, len(upstreams)) +func normalizeUpstreams(upstreams []v1alpha1.OIDCIdentityProvider, now metav1.Time) []v1alpha1.OIDCIdentityProvider { + result := make([]v1alpha1.OIDCIdentityProvider, 0, len(upstreams)) for _, u := range upstreams { normalized := u.DeepCopy() // We're only interested in comparing the status, so zero out the spec. - normalized.Spec = v1alpha1.UpstreamOIDCProviderSpec{} + normalized.Spec = v1alpha1.OIDCIdentityProviderSpec{} // Round down the LastTransitionTime values to `now` if they were just updated. This makes // it much easier to encode assertions about the expected timestamps. diff --git a/internal/mocks/mocksecrethelper/mocksecrethelper.go b/internal/mocks/mocksecrethelper/mocksecrethelper.go index 68b6cfbd..75c0d1cf 100644 --- a/internal/mocks/mocksecrethelper/mocksecrethelper.go +++ b/internal/mocks/mocksecrethelper/mocksecrethelper.go @@ -9,10 +9,12 @@ package mocksecrethelper import ( - gomock "github.com/golang/mock/gomock" - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - v1 "k8s.io/api/core/v1" reflect "reflect" + + gomock "github.com/golang/mock/gomock" + v1 "k8s.io/api/core/v1" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" ) // MockSecretHelper is a mock of SecretHelper interface @@ -39,7 +41,7 @@ func (m *MockSecretHelper) EXPECT() *MockSecretHelperMockRecorder { } // Generate mocks base method -func (m *MockSecretHelper) Generate(arg0 *v1alpha1.OIDCProvider) (*v1.Secret, error) { +func (m *MockSecretHelper) Generate(arg0 *v1alpha1.FederationDomain) (*v1.Secret, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "Generate", arg0) ret0, _ := ret[0].(*v1.Secret) @@ -54,7 +56,7 @@ func (mr *MockSecretHelperMockRecorder) Generate(arg0 interface{}) *gomock.Call } // IsValid mocks base method -func (m *MockSecretHelper) IsValid(arg0 *v1alpha1.OIDCProvider, arg1 *v1.Secret) bool { +func (m *MockSecretHelper) IsValid(arg0 *v1alpha1.FederationDomain, arg1 *v1.Secret) bool { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "IsValid", arg0, arg1) ret0, _ := ret[0].(bool) @@ -81,16 +83,16 @@ func (mr *MockSecretHelperMockRecorder) NamePrefix() *gomock.Call { return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NamePrefix", reflect.TypeOf((*MockSecretHelper)(nil).NamePrefix)) } -// ObserveActiveSecretAndUpdateParentOIDCProvider mocks base method -func (m *MockSecretHelper) ObserveActiveSecretAndUpdateParentOIDCProvider(arg0 *v1alpha1.OIDCProvider, arg1 *v1.Secret) *v1alpha1.OIDCProvider { +// ObserveActiveSecretAndUpdateParentFederationDomain mocks base method +func (m *MockSecretHelper) ObserveActiveSecretAndUpdateParentFederationDomain(arg0 *v1alpha1.FederationDomain, arg1 *v1.Secret) *v1alpha1.FederationDomain { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "ObserveActiveSecretAndUpdateParentOIDCProvider", arg0, arg1) - ret0, _ := ret[0].(*v1alpha1.OIDCProvider) + ret := m.ctrl.Call(m, "ObserveActiveSecretAndUpdateParentFederationDomain", arg0, arg1) + ret0, _ := ret[0].(*v1alpha1.FederationDomain) return ret0 } -// ObserveActiveSecretAndUpdateParentOIDCProvider indicates an expected call of ObserveActiveSecretAndUpdateParentOIDCProvider -func (mr *MockSecretHelperMockRecorder) ObserveActiveSecretAndUpdateParentOIDCProvider(arg0, arg1 interface{}) *gomock.Call { +// ObserveActiveSecretAndUpdateParentFederationDomain indicates an expected call of ObserveActiveSecretAndUpdateParentFederationDomain +func (mr *MockSecretHelperMockRecorder) ObserveActiveSecretAndUpdateParentFederationDomain(arg0, arg1 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ObserveActiveSecretAndUpdateParentOIDCProvider", reflect.TypeOf((*MockSecretHelper)(nil).ObserveActiveSecretAndUpdateParentOIDCProvider), arg0, arg1) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ObserveActiveSecretAndUpdateParentFederationDomain", reflect.TypeOf((*MockSecretHelper)(nil).ObserveActiveSecretAndUpdateParentFederationDomain), arg0, arg1) } diff --git a/internal/oidc/callback/callback_handler_test.go b/internal/oidc/callback/callback_handler_test.go index cce60f17..07bb61e4 100644 --- a/internal/oidc/callback/callback_handler_test.go +++ b/internal/oidc/callback/callback_handler_test.go @@ -368,7 +368,7 @@ func TestCallbackEndpoint(t *testing.T) { wantExchangeAndValidateTokensCall: happyExchangeAndValidateTokensArgs, }, { - name: "the UpstreamOIDCProvider CRD has been deleted", + name: "the OIDCIdentityProvider CRD has been deleted", idp: otherUpstreamOIDCIdentityProvider, method: http.MethodGet, path: newRequestPath().WithState(happyState).String(), diff --git a/internal/oidc/dynamic_oauth2_hmac_strategy.go b/internal/oidc/dynamic_oauth2_hmac_strategy.go index 8d67dc2e..1690e747 100644 --- a/internal/oidc/dynamic_oauth2_hmac_strategy.go +++ b/internal/oidc/dynamic_oauth2_hmac_strategy.go @@ -13,12 +13,12 @@ import ( // dynamicOauth2HMACStrategy is an oauth2.CoreStrategy that can dynamically load an HMAC key to sign // stuff (access tokens, refresh tokens, and auth codes). We want this dynamic capability since our -// controllers for loading OIDCProvider's and signing keys run in parallel, and thus the signing key -// might not be ready when an OIDCProvider is otherwise ready. +// controllers for loading FederationDomain's and signing keys run in parallel, and thus the signing key +// might not be ready when an FederationDomain is otherwise ready. // -// If we ever update OIDCProvider's to hold their signing key, we might not need this type, since we -// could have an invariant that routes to an OIDCProvider's endpoints are only wired up if an -// OIDCProvider has a valid signing key. +// If we ever update FederationDomain's to hold their signing key, we might not need this type, since we +// could have an invariant that routes to an FederationDomain's endpoints are only wired up if an +// FederationDomain has a valid signing key. type dynamicOauth2HMACStrategy struct { fositeConfig *compose.Config keyFunc func() []byte diff --git a/internal/oidc/dynamic_open_id_connect_ecdsa_strategy.go b/internal/oidc/dynamic_open_id_connect_ecdsa_strategy.go index 302044db..f0c22938 100644 --- a/internal/oidc/dynamic_open_id_connect_ecdsa_strategy.go +++ b/internal/oidc/dynamic_open_id_connect_ecdsa_strategy.go @@ -20,12 +20,12 @@ import ( // dynamicOpenIDConnectECDSAStrategy is an openid.OpenIDConnectTokenStrategy that can dynamically // load a signing key to issue ID tokens. We want this dynamic capability since our controllers for -// loading OIDCProvider's and signing keys run in parallel, and thus the signing key might not be -// ready when an OIDCProvider is otherwise ready. +// loading FederationDomain's and signing keys run in parallel, and thus the signing key might not be +// ready when an FederationDomain is otherwise ready. // -// If we ever update OIDCProvider's to hold their signing key, we might not need this type, since we -// could have an invariant that routes to an OIDCProvider's endpoints are only wired up if an -// OIDCProvider has a valid signing key. +// If we ever update FederationDomain's to hold their signing key, we might not need this type, since we +// could have an invariant that routes to an FederationDomain's endpoints are only wired up if an +// FederationDomain has a valid signing key. type dynamicOpenIDConnectECDSAStrategy struct { fositeConfig *compose.Config jwksProvider jwks.DynamicJWKSProvider diff --git a/internal/oidc/provider/dynamic_upstream_idp_provider.go b/internal/oidc/provider/dynamic_upstream_idp_provider.go index d5ab6f50..fd367d88 100644 --- a/internal/oidc/provider/dynamic_upstream_idp_provider.go +++ b/internal/oidc/provider/dynamic_upstream_idp_provider.go @@ -54,24 +54,24 @@ type DynamicUpstreamIDPProvider interface { } type dynamicUpstreamIDPProvider struct { - oidcProviders []UpstreamOIDCIdentityProviderI - mutex sync.RWMutex + federationDomains []UpstreamOIDCIdentityProviderI + mutex sync.RWMutex } func NewDynamicUpstreamIDPProvider() DynamicUpstreamIDPProvider { return &dynamicUpstreamIDPProvider{ - oidcProviders: []UpstreamOIDCIdentityProviderI{}, + federationDomains: []UpstreamOIDCIdentityProviderI{}, } } func (p *dynamicUpstreamIDPProvider) SetIDPList(oidcIDPs []UpstreamOIDCIdentityProviderI) { p.mutex.Lock() // acquire a write lock defer p.mutex.Unlock() - p.oidcProviders = oidcIDPs + p.federationDomains = oidcIDPs } func (p *dynamicUpstreamIDPProvider) GetIDPList() []UpstreamOIDCIdentityProviderI { p.mutex.RLock() // acquire a read lock defer p.mutex.RUnlock() - return p.oidcProviders + return p.federationDomains } diff --git a/internal/oidc/provider/manager/manager.go b/internal/oidc/provider/manager/manager.go index e27d6b9d..e5533374 100644 --- a/internal/oidc/provider/manager/manager.go +++ b/internal/oidc/provider/manager/manager.go @@ -32,7 +32,7 @@ import ( // It is thread-safe. type Manager struct { mu sync.RWMutex - providers []*provider.OIDCProvider + providers []*provider.FederationDomain providerHandlers map[string]http.Handler // map of all routes for all providers nextHandler http.Handler // the next handler in a chain, called when this manager didn't know how to handle a request dynamicJWKSProvider jwks.DynamicJWKSProvider // in-memory cache of per-issuer JWKS data @@ -68,13 +68,13 @@ func NewManager( // It also removes any providerHandlers that were previously added but were not passed in to // the current invocation. // -// This method assumes that all of the OIDCProvider arguments have already been validated +// This method assumes that all of the FederationDomain arguments have already been validated // by someone else before they are passed to this method. -func (m *Manager) SetProviders(oidcProviders ...*provider.OIDCProvider) { +func (m *Manager) SetProviders(federationDomains ...*provider.FederationDomain) { m.mu.Lock() defer m.mu.Unlock() - m.providers = oidcProviders + m.providers = federationDomains m.providerHandlers = make(map[string]http.Handler) var csrfCookieEncoder = dynamiccodec.New( @@ -83,7 +83,7 @@ func (m *Manager) SetProviders(oidcProviders ...*provider.OIDCProvider) { func() []byte { return nil }, ) - for _, incomingProvider := range oidcProviders { + for _, incomingProvider := range federationDomains { issuer := incomingProvider.Issuer() issuerHostWithPath := strings.ToLower(incomingProvider.IssuerHost()) + "/" + incomingProvider.IssuerPath() diff --git a/internal/oidc/provider/manager/manager_test.go b/internal/oidc/provider/manager/manager_test.go index c64f4e29..21b8b608 100644 --- a/internal/oidc/provider/manager/manager_test.go +++ b/internal/oidc/provider/manager/manager_test.go @@ -348,9 +348,9 @@ func TestManager(t *testing.T) { when("given some valid providers via SetProviders()", func() { it.Before(func() { - p1, err := provider.NewOIDCProvider(issuer1) + p1, err := provider.NewFederationDomain(issuer1) r.NoError(err) - p2, err := provider.NewOIDCProvider(issuer2) + p2, err := provider.NewFederationDomain(issuer2) r.NoError(err) subject.SetProviders(p1, p2) @@ -391,9 +391,9 @@ func TestManager(t *testing.T) { when("given the same valid providers as arguments to SetProviders() in reverse order", func() { it.Before(func() { - p1, err := provider.NewOIDCProvider(issuer1) + p1, err := provider.NewFederationDomain(issuer1) r.NoError(err) - p2, err := provider.NewOIDCProvider(issuer2) + p2, err := provider.NewFederationDomain(issuer2) r.NoError(err) subject.SetProviders(p2, p1) diff --git a/internal/oidc/provider/oidcprovider.go b/internal/oidc/provider/oidcprovider.go index 3e53c5e2..0c1a6151 100644 --- a/internal/oidc/provider/oidcprovider.go +++ b/internal/oidc/provider/oidcprovider.go @@ -11,15 +11,15 @@ import ( "go.pinniped.dev/internal/constable" ) -// OIDCProvider represents all of the settings and state for an OIDC provider. -type OIDCProvider struct { +// FederationDomain represents all of the settings and state for an OIDC provider. +type FederationDomain struct { issuer string issuerHost string issuerPath string } -func NewOIDCProvider(issuer string) (*OIDCProvider, error) { - p := OIDCProvider{issuer: issuer} +func NewFederationDomain(issuer string) (*FederationDomain, error) { + p := FederationDomain{issuer: issuer} err := p.validate() if err != nil { return nil, err @@ -27,7 +27,7 @@ func NewOIDCProvider(issuer string) (*OIDCProvider, error) { return &p, nil } -func (p *OIDCProvider) validate() error { +func (p *FederationDomain) validate() error { if p.issuer == "" { return constable.Error("provider must have an issuer") } @@ -63,14 +63,14 @@ func (p *OIDCProvider) validate() error { return nil } -func (p *OIDCProvider) Issuer() string { +func (p *FederationDomain) Issuer() string { return p.issuer } -func (p *OIDCProvider) IssuerHost() string { +func (p *FederationDomain) IssuerHost() string { return p.issuerHost } -func (p *OIDCProvider) IssuerPath() string { +func (p *FederationDomain) IssuerPath() string { return p.issuerPath } diff --git a/internal/oidc/provider/oidcprovider_test.go b/internal/oidc/provider/oidcprovider_test.go index 828bd671..db24384a 100644 --- a/internal/oidc/provider/oidcprovider_test.go +++ b/internal/oidc/provider/oidcprovider_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/require" ) -func TestOIDCProviderValidations(t *testing.T) { +func TestFederationDomainValidations(t *testing.T) { tests := []struct { name string issuer string @@ -72,7 +72,7 @@ func TestOIDCProviderValidations(t *testing.T) { for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { - _, err := NewOIDCProvider(tt.issuer) + _, err := NewFederationDomain(tt.issuer) if tt.wantError != "" { require.EqualError(t, err, tt.wantError) } else { diff --git a/internal/secret/cache.go b/internal/secret/cache.go index 6c0f4063..7e87fe72 100644 --- a/internal/secret/cache.go +++ b/internal/secret/cache.go @@ -10,13 +10,13 @@ import ( type Cache struct { csrfCookieEncoderHashKey atomic.Value - oidcProviderCacheMap sync.Map + federationDomainCacheMap sync.Map } // New returns an empty Cache. func New() *Cache { return &Cache{} } -type oidcProviderCache struct { +type federationDomainCache struct { tokenHMACKey atomic.Value stateEncoderHashKey atomic.Value stateEncoderBlockKey atomic.Value @@ -31,36 +31,36 @@ func (c *Cache) SetCSRFCookieEncoderHashKey(key []byte) { } func (c *Cache) GetTokenHMACKey(oidcIssuer string) []byte { - return bytesOrNil(c.getOIDCProviderCache(oidcIssuer).tokenHMACKey.Load()) + return bytesOrNil(c.getFederationDomainCache(oidcIssuer).tokenHMACKey.Load()) } func (c *Cache) SetTokenHMACKey(oidcIssuer string, key []byte) { - c.getOIDCProviderCache(oidcIssuer).tokenHMACKey.Store(key) + c.getFederationDomainCache(oidcIssuer).tokenHMACKey.Store(key) } func (c *Cache) GetStateEncoderHashKey(oidcIssuer string) []byte { - return bytesOrNil(c.getOIDCProviderCache(oidcIssuer).stateEncoderHashKey.Load()) + return bytesOrNil(c.getFederationDomainCache(oidcIssuer).stateEncoderHashKey.Load()) } func (c *Cache) SetStateEncoderHashKey(oidcIssuer string, key []byte) { - c.getOIDCProviderCache(oidcIssuer).stateEncoderHashKey.Store(key) + c.getFederationDomainCache(oidcIssuer).stateEncoderHashKey.Store(key) } func (c *Cache) GetStateEncoderBlockKey(oidcIssuer string) []byte { - return bytesOrNil(c.getOIDCProviderCache(oidcIssuer).stateEncoderBlockKey.Load()) + return bytesOrNil(c.getFederationDomainCache(oidcIssuer).stateEncoderBlockKey.Load()) } func (c *Cache) SetStateEncoderBlockKey(oidcIssuer string, key []byte) { - c.getOIDCProviderCache(oidcIssuer).stateEncoderBlockKey.Store(key) + c.getFederationDomainCache(oidcIssuer).stateEncoderBlockKey.Store(key) } -func (c *Cache) getOIDCProviderCache(oidcIssuer string) *oidcProviderCache { - value, ok := c.oidcProviderCacheMap.Load(oidcIssuer) +func (c *Cache) getFederationDomainCache(oidcIssuer string) *federationDomainCache { + value, ok := c.federationDomainCacheMap.Load(oidcIssuer) if !ok { - value = &oidcProviderCache{} - c.oidcProviderCacheMap.Store(oidcIssuer, value) + value = &federationDomainCache{} + c.federationDomainCacheMap.Store(oidcIssuer, value) } - return value.(*oidcProviderCache) + return value.(*federationDomainCache) } func bytesOrNil(b interface{}) []byte { diff --git a/internal/secret/cache_test.go b/internal/secret/cache_test.go index 40fdf612..0934bd58 100644 --- a/internal/secret/cache_test.go +++ b/internal/secret/cache_test.go @@ -58,7 +58,7 @@ func TestCache(t *testing.T) { require.Nil(t, c.GetStateEncoderBlockKey(otherIssuer)) } -// TestCacheSynchronized should mimic the behavior of an OIDCProvider: multiple goroutines +// TestCacheSynchronized should mimic the behavior of an FederationDomain: multiple goroutines // read the same fields, sequentially, from the cache. func TestCacheSynchronized(t *testing.T) { c := New() diff --git a/test/integration/e2e_test.go b/test/integration/e2e_test.go index e77f1a6e..b702b973 100644 --- a/test/integration/e2e_test.go +++ b/test/integration/e2e_test.go @@ -88,15 +88,15 @@ func TestE2EFullIntegration(t *testing.T) { map[string]string{"tls.crt": string(certPEM), "tls.key": string(keyPEM)}, ) - // Create the downstream OIDCProvider and expect it to go into the success status condition. - downstream := library.CreateTestOIDCProvider(ctx, t, + // Create the downstream FederationDomain and expect it to go into the success status condition. + downstream := library.CreateTestFederationDomain(ctx, t, issuerURL.String(), certSecret.Name, - configv1alpha1.SuccessOIDCProviderStatusCondition, + configv1alpha1.SuccessFederationDomainStatusCondition, ) // Create upstream OIDC provider and wait for it to become ready. - library.CreateTestUpstreamOIDCProvider(t, idpv1alpha1.UpstreamOIDCProviderSpec{ + library.CreateTestOIDCIdentityProvider(t, idpv1alpha1.OIDCIdentityProviderSpec{ Issuer: env.SupervisorTestUpstream.Issuer, TLS: &idpv1alpha1.TLSSpec{ CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)), diff --git a/test/integration/kube_api_discovery_test.go b/test/integration/kube_api_discovery_test.go index cefa4964..fd58b065 100644 --- a/test/integration/kube_api_discovery_test.go +++ b/test/integration/kube_api_discovery_test.go @@ -68,10 +68,10 @@ func TestGetAPIResourceList(t *testing.T) { resourceByVersion: map[string][]metav1.APIResource{ "config.supervisor.pinniped.dev/v1alpha1": { { - Name: "oidcproviders", - SingularName: "oidcprovider", + Name: "federationdomains", + SingularName: "federationdomain", Namespaced: true, - Kind: "OIDCProvider", + Kind: "FederationDomain", Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, Categories: []string{"pinniped"}, }, @@ -95,17 +95,17 @@ func TestGetAPIResourceList(t *testing.T) { resourceByVersion: map[string][]metav1.APIResource{ "idp.supervisor.pinniped.dev/v1alpha1": { { - Name: "upstreamoidcproviders", - SingularName: "upstreamoidcprovider", + Name: "oidcidentityproviders", + SingularName: "oidcidentityprovider", Namespaced: true, - Kind: "UpstreamOIDCProvider", + Kind: "OIDCIdentityProvider", Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, Categories: []string{"pinniped", "pinniped-idp", "pinniped-idps"}, }, { - Name: "upstreamoidcproviders/status", + Name: "oidcidentityproviders/status", Namespaced: true, - Kind: "UpstreamOIDCProvider", + Kind: "OIDCIdentityProvider", Verbs: []string{"get", "patch", "update"}, }, }, diff --git a/test/integration/supervisor_discovery_test.go b/test/integration/supervisor_discovery_test.go index fa378245..9e85f0d1 100644 --- a/test/integration/supervisor_discovery_test.go +++ b/test/integration/supervisor_discovery_test.go @@ -48,7 +48,7 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), client, library.NewClientset(t)) + temporarilyRemoveAllFederationDomainsAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), client, library.NewClientset(t)) tests := []struct { Scheme string @@ -69,7 +69,7 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { continue } - // Test that there is no default discovery endpoint available when there are no OIDCProviders. + // Test that there is no default discovery endpoint available when there are no FederationDomains. requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, fmt.Sprintf("%s://%s", scheme, addr)) // Define several unique issuer strings. Always use https in the issuer name even when we are accessing the http port. @@ -81,48 +81,48 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { issuer6 := fmt.Sprintf("https://%s/issuer6", addr) badIssuer := fmt.Sprintf("https://%s/badIssuer?cannot-use=queries", addr) - // When OIDCProvider are created in sequence they each cause a discovery endpoint to appear only for as long as the OIDCProvider exists. - config1, jwks1 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer1, client) - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config1, client, ns, scheme, addr, caBundle, issuer1) - config2, jwks2 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer2, client) - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config2, client, ns, scheme, addr, caBundle, issuer2) + // When FederationDomain are created in sequence they each cause a discovery endpoint to appear only for as long as the FederationDomain exists. + config1, jwks1 := requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer1, client) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, config1, client, ns, scheme, addr, caBundle, issuer1) + config2, jwks2 := requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer2, client) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, config2, client, ns, scheme, addr, caBundle, issuer2) // The auto-created JWK's were different from each other. require.NotEqual(t, jwks1.Keys[0]["x"], jwks2.Keys[0]["x"]) require.NotEqual(t, jwks1.Keys[0]["y"], jwks2.Keys[0]["y"]) - // When multiple OIDCProviders exist at the same time they each serve a unique discovery endpoint. - config3, jwks3 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer3, client) - config4, jwks4 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer4, client) + // When multiple FederationDomains exist at the same time they each serve a unique discovery endpoint. + config3, jwks3 := requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer3, client) + config4, jwks4 := requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer4, client) requireDiscoveryEndpointsAreWorking(t, scheme, addr, caBundle, issuer3, nil) // discovery for issuer3 is still working after issuer4 started working // The auto-created JWK's were different from each other. require.NotEqual(t, jwks3.Keys[0]["x"], jwks4.Keys[0]["x"]) require.NotEqual(t, jwks3.Keys[0]["y"], jwks4.Keys[0]["y"]) // Editing a provider to change the issuer name updates the endpoints that are being served. - updatedConfig4 := editOIDCProviderIssuerName(t, config4, client, ns, issuer5) + updatedConfig4 := editFederationDomainIssuerName(t, config4, client, ns, issuer5) requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, issuer4) jwks5 := requireDiscoveryEndpointsAreWorking(t, scheme, addr, caBundle, issuer5, nil) // The JWK did not change when the issuer name was updated. require.Equal(t, jwks4.Keys[0], jwks5.Keys[0]) // When they are deleted they stop serving discovery endpoints. - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config3, client, ns, scheme, addr, caBundle, issuer3) - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, updatedConfig4, client, ns, scheme, addr, caBundle, issuer5) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, config3, client, ns, scheme, addr, caBundle, issuer3) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, updatedConfig4, client, ns, scheme, addr, caBundle, issuer5) // When the same issuer is added twice, both issuers are marked as duplicates, and neither provider is serving. - config6Duplicate1, _ := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer6, client) - config6Duplicate2 := library.CreateTestOIDCProvider(ctx, t, issuer6, "", "") - requireStatus(t, client, ns, config6Duplicate1.Name, v1alpha1.DuplicateOIDCProviderStatusCondition) - requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.DuplicateOIDCProviderStatusCondition) + config6Duplicate1, _ := requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer6, client) + config6Duplicate2 := library.CreateTestFederationDomain(ctx, t, issuer6, "", "") + requireStatus(t, client, ns, config6Duplicate1.Name, v1alpha1.DuplicateFederationDomainStatusCondition) + requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.DuplicateFederationDomainStatusCondition) requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, issuer6) // If we delete the first duplicate issuer, the second duplicate issuer starts serving. requireDelete(t, client, ns, config6Duplicate1.Name) requireWellKnownEndpointIsWorking(t, scheme, addr, caBundle, issuer6, nil) - requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.SuccessOIDCProviderStatusCondition) + requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.SuccessFederationDomainStatusCondition) // When we finally delete all issuers, the endpoint should be down. - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config6Duplicate2, client, ns, scheme, addr, caBundle, issuer6) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, config6Duplicate2, client, ns, scheme, addr, caBundle, issuer6) // Only test this for http endpoints because https endpoints are going through an Ingress, // and while it is possible to configure an Ingress to serve multiple hostnames with matching TLS certs @@ -131,15 +131,15 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { if scheme == "http" { // "Host" headers can be used to send requests to discovery endpoints when the public address is different from the issuer name. issuer7 := "https://some-issuer-host-and-port-that-doesnt-match-public-supervisor-address.com:2684/issuer7" - config7, _ := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer7, client) - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config7, client, ns, scheme, addr, caBundle, issuer7) + config7, _ := requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer7, client) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, config7, client, ns, scheme, addr, caBundle, issuer7) } // When we create a provider with an invalid issuer, the status is set to invalid. - badConfig := library.CreateTestOIDCProvider(ctx, t, badIssuer, "", "") - requireStatus(t, client, ns, badConfig.Name, v1alpha1.InvalidOIDCProviderStatusCondition) + badConfig := library.CreateTestFederationDomain(ctx, t, badIssuer, "", "") + requireStatus(t, client, ns, badConfig.Name, v1alpha1.InvalidFederationDomainStatusCondition) requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, badIssuer) - requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, badConfig, client, ns, scheme, addr, caBundle, badIssuer) + requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear(t, badConfig, client, ns, scheme, addr, caBundle, badIssuer) } } @@ -152,7 +152,7 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) + temporarilyRemoveAllFederationDomainsAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) scheme := "https" address := env.SupervisorHTTPSAddress // hostname and port for direct access to the supervisor's port 8443 @@ -161,9 +161,9 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { issuer1 := fmt.Sprintf("%s://%s/issuer1", scheme, address) certSecretName1 := "integration-test-cert-1" - // Create an OIDCProvider with a spec.tls.secretName. - oidcProvider1 := library.CreateTestOIDCProvider(ctx, t, issuer1, certSecretName1, "") - requireStatus(t, pinnipedClient, oidcProvider1.Namespace, oidcProvider1.Name, v1alpha1.SuccessOIDCProviderStatusCondition) + // Create an FederationDomain with a spec.tls.secretName. + federationDomain1 := library.CreateTestFederationDomain(ctx, t, issuer1, certSecretName1, "") + requireStatus(t, pinnipedClient, federationDomain1.Namespace, federationDomain1.Name, v1alpha1.SuccessFederationDomainStatusCondition) // The spec.tls.secretName Secret does not exist, so the endpoints should fail with TLS errors. requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuer1) @@ -176,10 +176,10 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { // Update the config to with a new .spec.tls.secretName. certSecretName1update := "integration-test-cert-1-update" - oidcProvider1LatestVersion, err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Get(ctx, oidcProvider1.Name, metav1.GetOptions{}) + federationDomain1LatestVersion, err := pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Get(ctx, federationDomain1.Name, metav1.GetOptions{}) require.NoError(t, err) - oidcProvider1LatestVersion.Spec.TLS = &v1alpha1.OIDCProviderTLSSpec{SecretName: certSecretName1update} - _, err = pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Update(ctx, oidcProvider1LatestVersion, metav1.UpdateOptions{}) + federationDomain1LatestVersion.Spec.TLS = &v1alpha1.FederationDomainTLSSpec{SecretName: certSecretName1update} + _, err = pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Update(ctx, federationDomain1LatestVersion, metav1.UpdateOptions{}) require.NoError(t, err) // The the endpoints should fail with TLS errors again. @@ -197,9 +197,9 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { issuer2 := fmt.Sprintf("%s://%s:%s/issuer2", scheme, hostname2, hostnamePort2) certSecretName2 := "integration-test-cert-2" - // Create an OIDCProvider with a spec.tls.secretName. - oidcProvider2 := library.CreateTestOIDCProvider(ctx, t, issuer2, certSecretName2, "") - requireStatus(t, pinnipedClient, oidcProvider2.Namespace, oidcProvider2.Name, v1alpha1.SuccessOIDCProviderStatusCondition) + // Create an FederationDomain with a spec.tls.secretName. + federationDomain2 := library.CreateTestFederationDomain(ctx, t, issuer2, certSecretName2, "") + requireStatus(t, pinnipedClient, federationDomain2.Namespace, federationDomain2.Name, v1alpha1.SuccessFederationDomainStatusCondition) // Create the Secret. ca2 := createTLSCertificateSecret(ctx, t, ns, hostname2, nil, certSecretName2, kubeClient) @@ -219,7 +219,7 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) + temporarilyRemoveAllFederationDomainsAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) scheme := "https" address := env.SupervisorHTTPSAddress // hostname and port for direct access to the supervisor's port 8443 @@ -240,9 +240,9 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) { issuerUsingIPAddress := fmt.Sprintf("%s://%s/issuer1", scheme, ipWithPort) issuerUsingHostname := fmt.Sprintf("%s://%s/issuer1", scheme, address) - // Create an OIDCProvider without a spec.tls.secretName. - oidcProvider1 := library.CreateTestOIDCProvider(ctx, t, issuerUsingIPAddress, "", "") - requireStatus(t, pinnipedClient, oidcProvider1.Namespace, oidcProvider1.Name, v1alpha1.SuccessOIDCProviderStatusCondition) + // Create an FederationDomain without a spec.tls.secretName. + federationDomain1 := library.CreateTestFederationDomain(ctx, t, issuerUsingIPAddress, "", "") + requireStatus(t, pinnipedClient, federationDomain1.Namespace, federationDomain1.Name, v1alpha1.SuccessFederationDomainStatusCondition) // There is no default TLS cert and the spec.tls.secretName was not set, so the endpoints should fail with TLS errors. requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuerUsingIPAddress) @@ -253,10 +253,10 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) { // Now that the Secret exists, we should be able to access the endpoints by IP address using the CA. _ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil) - // Create an OIDCProvider with a spec.tls.secretName. + // Create an FederationDomain with a spec.tls.secretName. certSecretName := "integration-test-cert-1" - oidcProvider2 := library.CreateTestOIDCProvider(ctx, t, issuerUsingHostname, certSecretName, "") - requireStatus(t, pinnipedClient, oidcProvider2.Namespace, oidcProvider2.Name, v1alpha1.SuccessOIDCProviderStatusCondition) + federationDomain2 := library.CreateTestFederationDomain(ctx, t, issuerUsingHostname, certSecretName, "") + requireStatus(t, pinnipedClient, federationDomain2.Namespace, federationDomain2.Name, v1alpha1.SuccessFederationDomainStatusCondition) // Create the Secret. certCA := createTLSCertificateSecret(ctx, t, ns, hostname, nil, certSecretName, kubeClient) @@ -312,7 +312,7 @@ func createTLSCertificateSecret(ctx context.Context, t *testing.T, ns string, ho return ca } -func temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret( +func temporarilyRemoveAllFederationDomainsAndDefaultTLSCertSecret( ctx context.Context, t *testing.T, ns string, @@ -320,11 +320,11 @@ func temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret( pinnipedClient pinnipedclientset.Interface, kubeClient kubernetes.Interface, ) { - // Temporarily remove any existing OIDCProviders from the cluster so we can test from a clean slate. - originalConfigList, err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).List(ctx, metav1.ListOptions{}) + // Temporarily remove any existing FederationDomains from the cluster so we can test from a clean slate. + originalConfigList, err := pinnipedClient.ConfigV1alpha1().FederationDomains(ns).List(ctx, metav1.ListOptions{}) require.NoError(t, err) for _, config := range originalConfigList.Items { - err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Delete(ctx, config.Name, metav1.DeleteOptions{}) + err := pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Delete(ctx, config.Name, metav1.DeleteOptions{}) require.NoError(t, err) } @@ -339,7 +339,7 @@ func temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret( require.NoError(t, err) } - // When this test has finished, recreate any OIDCProviders and default secret that had existed on the cluster before this test. + // When this test has finished, recreate any FederationDomains and default secret that had existed on the cluster before this test. t.Cleanup(func() { cleanupCtx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() @@ -347,7 +347,7 @@ func temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret( for _, config := range originalConfigList.Items { thisConfig := config thisConfig.ResourceVersion = "" // Get rid of resource version since we can't create an object with one. - _, err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Create(cleanupCtx, &thisConfig, metav1.CreateOptions{}) + _, err := pinnipedClient.ConfigV1alpha1().FederationDomains(ns).Create(cleanupCtx, &thisConfig, metav1.CreateOptions{}) require.NoError(t, err) } @@ -420,18 +420,18 @@ func requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t *testing.T, url require.EqualError(t, err, fmt.Sprintf(`Get "%s": remote error: tls: unrecognized name`, url)) } -func requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear( +func requireCreatingFederationDomainCausesDiscoveryEndpointsToAppear( ctx context.Context, t *testing.T, supervisorScheme, supervisorAddress, supervisorCABundle string, issuerName string, client pinnipedclientset.Interface, -) (*v1alpha1.OIDCProvider, *ExpectedJWKSResponseFormat) { +) (*v1alpha1.FederationDomain, *ExpectedJWKSResponseFormat) { t.Helper() - newOIDCProvider := library.CreateTestOIDCProvider(ctx, t, issuerName, "", "") + newFederationDomain := library.CreateTestFederationDomain(ctx, t, issuerName, "", "") jwksResult := requireDiscoveryEndpointsAreWorking(t, supervisorScheme, supervisorAddress, supervisorCABundle, issuerName, nil) - requireStatus(t, client, newOIDCProvider.Namespace, newOIDCProvider.Name, v1alpha1.SuccessOIDCProviderStatusCondition) - return newOIDCProvider, jwksResult + requireStatus(t, client, newFederationDomain.Namespace, newFederationDomain.Name, v1alpha1.SuccessFederationDomainStatusCondition) + return newFederationDomain, jwksResult } func requireDiscoveryEndpointsAreWorking(t *testing.T, supervisorScheme, supervisorAddress, supervisorCABundle, issuerName string, dnsOverrides map[string]string) *ExpectedJWKSResponseFormat { @@ -440,9 +440,9 @@ func requireDiscoveryEndpointsAreWorking(t *testing.T, supervisorScheme, supervi return jwksResult } -func requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear( +func requireDeletingFederationDomainCausesDiscoveryEndpointsToDisappear( t *testing.T, - existingOIDCProvider *v1alpha1.OIDCProvider, + existingFederationDomain *v1alpha1.FederationDomain, client pinnipedclientset.Interface, ns string, supervisorScheme, supervisorAddress, supervisorCABundle string, @@ -452,8 +452,8 @@ func requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear( ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - // Delete the OIDCProvider. - err := client.ConfigV1alpha1().OIDCProviders(ns).Delete(ctx, existingOIDCProvider.Name, metav1.DeleteOptions{}) + // Delete the FederationDomain. + err := client.ConfigV1alpha1().FederationDomains(ns).Delete(ctx, existingFederationDomain.Name, metav1.DeleteOptions{}) require.NoError(t, err) // Fetch that same discovery endpoint as before, but now it should not exist anymore. Give it some time for the endpoint to go away. @@ -528,7 +528,7 @@ func requireSuccessEndpointResponse(t *testing.T, endpointURL, issuer, caBundle ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - // Define a request to the new discovery endpoint which should have been created by an OIDCProvider. + // Define a request to the new discovery endpoint which should have been created by an FederationDomain. requestDiscoveryEndpoint, err := http.NewRequestWithContext( ctx, http.MethodGet, @@ -560,22 +560,22 @@ func requireSuccessEndpointResponse(t *testing.T, endpointURL, issuer, caBundle return response, string(responseBody) } -func editOIDCProviderIssuerName( +func editFederationDomainIssuerName( t *testing.T, - existingOIDCProvider *v1alpha1.OIDCProvider, + existingFederationDomain *v1alpha1.FederationDomain, client pinnipedclientset.Interface, ns string, newIssuerName string, -) *v1alpha1.OIDCProvider { +) *v1alpha1.FederationDomain { t.Helper() ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - mostRecentVersion, err := client.ConfigV1alpha1().OIDCProviders(ns).Get(ctx, existingOIDCProvider.Name, metav1.GetOptions{}) + mostRecentVersion, err := client.ConfigV1alpha1().FederationDomains(ns).Get(ctx, existingFederationDomain.Name, metav1.GetOptions{}) require.NoError(t, err) mostRecentVersion.Spec.Issuer = newIssuerName - updated, err := client.ConfigV1alpha1().OIDCProviders(ns).Update(ctx, mostRecentVersion, metav1.UpdateOptions{}) + updated, err := client.ConfigV1alpha1().FederationDomains(ns).Update(ctx, mostRecentVersion, metav1.UpdateOptions{}) require.NoError(t, err) return updated @@ -586,21 +586,21 @@ func requireDelete(t *testing.T, client pinnipedclientset.Interface, ns, name st ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - err := client.ConfigV1alpha1().OIDCProviders(ns).Delete(ctx, name, metav1.DeleteOptions{}) + err := client.ConfigV1alpha1().FederationDomains(ns).Delete(ctx, name, metav1.DeleteOptions{}) require.NoError(t, err) } -func requireStatus(t *testing.T, client pinnipedclientset.Interface, ns, name string, status v1alpha1.OIDCProviderStatusCondition) { +func requireStatus(t *testing.T, client pinnipedclientset.Interface, ns, name string, status v1alpha1.FederationDomainStatusCondition) { t.Helper() ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() - var opc *v1alpha1.OIDCProvider + var opc *v1alpha1.FederationDomain var err error assert.Eventually(t, func() bool { - opc, err = client.ConfigV1alpha1().OIDCProviders(ns).Get(ctx, name, metav1.GetOptions{}) + opc, err = client.ConfigV1alpha1().FederationDomains(ns).Get(ctx, name, metav1.GetOptions{}) if err != nil { - t.Logf("error trying to get OIDCProvider: %s", err.Error()) + t.Logf("error trying to get FederationDomain: %s", err.Error()) } return err == nil && opc.Status.Status == status }, 10*time.Second, 200*time.Millisecond) diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 00b2317d..fc3cc16a 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -98,15 +98,15 @@ func TestSupervisorLogin(t *testing.T) { map[string]string{"tls.crt": string(certPEM), "tls.key": string(keyPEM)}, ) - // Create the downstream OIDCProvider and expect it to go into the success status condition. - downstream := library.CreateTestOIDCProvider(ctx, t, + // Create the downstream FederationDomain and expect it to go into the success status condition. + downstream := library.CreateTestFederationDomain(ctx, t, issuerURL.String(), certSecret.Name, - configv1alpha1.SuccessOIDCProviderStatusCondition, + configv1alpha1.SuccessFederationDomainStatusCondition, ) // Create upstream OIDC provider and wait for it to become ready. - library.CreateTestUpstreamOIDCProvider(t, idpv1alpha1.UpstreamOIDCProviderSpec{ + library.CreateTestOIDCIdentityProvider(t, idpv1alpha1.OIDCIdentityProviderSpec{ Issuer: env.SupervisorTestUpstream.Issuer, TLS: &idpv1alpha1.TLSSpec{ CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)), diff --git a/test/integration/supervisor_secrets_test.go b/test/integration/supervisor_secrets_test.go index 038b6fac..1c8f4ffb 100644 --- a/test/integration/supervisor_secrets_test.go +++ b/test/integration/supervisor_secrets_test.go @@ -28,44 +28,44 @@ func TestSupervisorSecrets(t *testing.T) { defer cancel() // Create our OP under test. - op := library.CreateTestOIDCProvider(ctx, t, "", "", "") + op := library.CreateTestFederationDomain(ctx, t, "", "", "") tests := []struct { name string - secretName func(op *configv1alpha1.OIDCProvider) string + secretName func(op *configv1alpha1.FederationDomain) string ensureValid func(t *testing.T, secret *corev1.Secret) }{ { name: "csrf cookie signing key", - secretName: func(op *configv1alpha1.OIDCProvider) string { + secretName: func(op *configv1alpha1.FederationDomain) string { return env.SupervisorAppName + "-key" }, ensureValid: ensureValidSymmetricKey, }, { name: "jwks", - secretName: func(op *configv1alpha1.OIDCProvider) string { + secretName: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.JWKS.Name }, ensureValid: ensureValidJWKS, }, { name: "hmac signing secret", - secretName: func(op *configv1alpha1.OIDCProvider) string { + secretName: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.TokenSigningKey.Name }, ensureValid: ensureValidSymmetricKey, }, { name: "state signature secret", - secretName: func(op *configv1alpha1.OIDCProvider) string { + secretName: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.StateSigningKey.Name }, ensureValid: ensureValidSymmetricKey, }, { name: "state encryption secret", - secretName: func(op *configv1alpha1.OIDCProvider) string { + secretName: func(op *configv1alpha1.FederationDomain) string { return op.Status.Secrets.StateEncryptionKey.Name }, ensureValid: ensureValidSymmetricKey, @@ -75,12 +75,12 @@ func TestSupervisorSecrets(t *testing.T) { test := test t.Run(test.name, func(t *testing.T) { // Ensure a secret is created with the OP's JWKS. - var updatedOP *configv1alpha1.OIDCProvider + var updatedOP *configv1alpha1.FederationDomain var err error assert.Eventually(t, func() bool { updatedOP, err = supervisorClient. ConfigV1alpha1(). - OIDCProviders(env.SupervisorNamespace). + FederationDomains(env.SupervisorNamespace). Get(ctx, op.Name, metav1.GetOptions{}) return err == nil && test.secretName(updatedOP) != "" }, time.Second*10, time.Millisecond*500) diff --git a/test/integration/supervisor_upstream_test.go b/test/integration/supervisor_upstream_test.go index dd3fa528..ba59b472 100644 --- a/test/integration/supervisor_upstream_test.go +++ b/test/integration/supervisor_upstream_test.go @@ -19,13 +19,13 @@ func TestSupervisorUpstreamOIDCDiscovery(t *testing.T) { t.Run("invalid missing secret and bad issuer", func(t *testing.T) { t.Parallel() - spec := v1alpha1.UpstreamOIDCProviderSpec{ + spec := v1alpha1.OIDCIdentityProviderSpec{ Issuer: "https://127.0.0.1:444444/issuer", Client: v1alpha1.OIDCClient{ SecretName: "does-not-exist", }, } - upstream := library.CreateTestUpstreamOIDCProvider(t, spec, v1alpha1.PhaseError) + upstream := library.CreateTestOIDCIdentityProvider(t, spec, v1alpha1.PhaseError) expectUpstreamConditions(t, upstream, []v1alpha1.Condition{ { Type: "ClientCredentialsValid", @@ -44,7 +44,7 @@ func TestSupervisorUpstreamOIDCDiscovery(t *testing.T) { t.Run("valid", func(t *testing.T) { t.Parallel() - spec := v1alpha1.UpstreamOIDCProviderSpec{ + spec := v1alpha1.OIDCIdentityProviderSpec{ Issuer: env.SupervisorTestUpstream.Issuer, TLS: &v1alpha1.TLSSpec{ CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)), @@ -56,7 +56,7 @@ func TestSupervisorUpstreamOIDCDiscovery(t *testing.T) { SecretName: library.CreateClientCredsSecret(t, "test-client-id", "test-client-secret").Name, }, } - upstream := library.CreateTestUpstreamOIDCProvider(t, spec, v1alpha1.PhaseReady) + upstream := library.CreateTestOIDCIdentityProvider(t, spec, v1alpha1.PhaseReady) expectUpstreamConditions(t, upstream, []v1alpha1.Condition{ { Type: "ClientCredentialsValid", @@ -74,7 +74,7 @@ func TestSupervisorUpstreamOIDCDiscovery(t *testing.T) { }) } -func expectUpstreamConditions(t *testing.T, upstream *v1alpha1.UpstreamOIDCProvider, expected []v1alpha1.Condition) { +func expectUpstreamConditions(t *testing.T, upstream *v1alpha1.OIDCIdentityProvider, expected []v1alpha1.Condition) { t.Helper() normalized := make([]v1alpha1.Condition, 0, len(upstream.Status.Conditions)) for _, c := range upstream.Status.Conditions { diff --git a/test/library/client.go b/test/library/client.go index 9f6baa57..af63b67f 100644 --- a/test/library/client.go +++ b/test/library/client.go @@ -232,13 +232,13 @@ func CreateTestJWTAuthenticator(ctx context.Context, t *testing.T, spec auth1alp } } -// CreateTestOIDCProvider creates and returns a test OIDCProvider in +// CreateTestFederationDomain creates and returns a test FederationDomain in // $PINNIPED_TEST_SUPERVISOR_NAMESPACE, which will be automatically deleted at the end of the -// current test's lifetime. It generates a random, valid, issuer for the OIDCProvider. +// current test's lifetime. It generates a random, valid, issuer for the FederationDomain. // // If the provided issuer is not the empty string, then it will be used for the -// OIDCProvider.Spec.Issuer field. Else, a random issuer will be generated. -func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer string, certSecretName string, expectStatus configv1alpha1.OIDCProviderStatusCondition) *configv1alpha1.OIDCProvider { +// FederationDomain.Spec.Issuer field. Else, a random issuer will be generated. +func CreateTestFederationDomain(ctx context.Context, t *testing.T, issuer string, certSecretName string, expectStatus configv1alpha1.FederationDomainStatusCondition) *configv1alpha1.FederationDomain { t.Helper() testEnv := IntegrationEnv(t) @@ -249,47 +249,47 @@ func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer string, ce issuer = fmt.Sprintf("http://test-issuer-%s.pinniped.dev", RandHex(t, 8)) } - opcs := NewSupervisorClientset(t).ConfigV1alpha1().OIDCProviders(testEnv.SupervisorNamespace) - opc, err := opcs.Create(createContext, &configv1alpha1.OIDCProvider{ + opcs := NewSupervisorClientset(t).ConfigV1alpha1().FederationDomains(testEnv.SupervisorNamespace) + opc, err := opcs.Create(createContext, &configv1alpha1.FederationDomain{ ObjectMeta: testObjectMeta(t, "oidc-provider"), - Spec: configv1alpha1.OIDCProviderSpec{ + Spec: configv1alpha1.FederationDomainSpec{ Issuer: issuer, - TLS: &configv1alpha1.OIDCProviderTLSSpec{SecretName: certSecretName}, + TLS: &configv1alpha1.FederationDomainTLSSpec{SecretName: certSecretName}, }, }, metav1.CreateOptions{}) - require.NoError(t, err, "could not create test OIDCProvider") - t.Logf("created test OIDCProvider %s/%s", opc.Namespace, opc.Name) + require.NoError(t, err, "could not create test FederationDomain") + t.Logf("created test FederationDomain %s/%s", opc.Namespace, opc.Name) t.Cleanup(func() { t.Helper() - t.Logf("cleaning up test OIDCProvider %s/%s", opc.Namespace, opc.Name) + t.Logf("cleaning up test FederationDomain %s/%s", opc.Namespace, opc.Name) deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() err := opcs.Delete(deleteCtx, opc.Name, metav1.DeleteOptions{}) notFound := k8serrors.IsNotFound(err) // It's okay if it is not found, because it might have been deleted by another part of this test. if !notFound { - require.NoErrorf(t, err, "could not cleanup test OIDCProvider %s/%s", opc.Namespace, opc.Name) + require.NoErrorf(t, err, "could not cleanup test FederationDomain %s/%s", opc.Namespace, opc.Name) } }) - // If we're not expecting any particular status, just return the new OIDCProvider immediately. + // If we're not expecting any particular status, just return the new FederationDomain immediately. if expectStatus == "" { return opc } - // Wait for the OIDCProvider to enter the expected phase (or time out). - var result *configv1alpha1.OIDCProvider + // Wait for the FederationDomain to enter the expected phase (or time out). + var result *configv1alpha1.FederationDomain assert.Eventuallyf(t, func() bool { var err error result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{}) require.NoError(t, err) return result.Status.Status == expectStatus - }, 60*time.Second, 1*time.Second, "expected the OIDCProvider to have status %q", expectStatus) + }, 60*time.Second, 1*time.Second, "expected the FederationDomain to have status %q", expectStatus) require.Equal(t, expectStatus, result.Status.Status) - // If the OIDCProvider was successfully created, ensure all secrets are present before continuing - if result.Status.Status == configv1alpha1.SuccessOIDCProviderStatusCondition { + // If the FederationDomain was successfully created, ensure all secrets are present before continuing + if result.Status.Status == configv1alpha1.SuccessFederationDomainStatusCondition { assert.Eventually(t, func() bool { var err error result, err = opcs.Get(ctx, opc.Name, metav1.GetOptions{}) @@ -298,7 +298,7 @@ func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer string, ce result.Status.Secrets.TokenSigningKey.Name != "" && result.Status.Secrets.StateSigningKey.Name != "" && result.Status.Secrets.StateEncryptionKey.Name != "" - }, 60*time.Second, 1*time.Second, "expected the OIDCProvider to have secrets populated") + }, 60*time.Second, 1*time.Second, "expected the FederationDomain to have secrets populated") require.NotEmpty(t, result.Status.Secrets.JWKS.Name) require.NotEmpty(t, result.Status.Secrets.TokenSigningKey.Name) require.NotEmpty(t, result.Status.Secrets.StateSigningKey.Name) @@ -350,17 +350,17 @@ func CreateClientCredsSecret(t *testing.T, clientID string, clientSecret string) ) } -func CreateTestUpstreamOIDCProvider(t *testing.T, spec idpv1alpha1.UpstreamOIDCProviderSpec, expectedPhase idpv1alpha1.UpstreamOIDCProviderPhase) *idpv1alpha1.UpstreamOIDCProvider { +func CreateTestOIDCIdentityProvider(t *testing.T, spec idpv1alpha1.OIDCIdentityProviderSpec, expectedPhase idpv1alpha1.OIDCIdentityProviderPhase) *idpv1alpha1.OIDCIdentityProvider { t.Helper() env := IntegrationEnv(t) client := NewSupervisorClientset(t) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - // Create the UpstreamOIDCProvider using GenerateName to get a random name. - upstreams := client.IDPV1alpha1().UpstreamOIDCProviders(env.SupervisorNamespace) + // Create the OIDCIdentityProvider using GenerateName to get a random name. + upstreams := client.IDPV1alpha1().OIDCIdentityProviders(env.SupervisorNamespace) - created, err := upstreams.Create(ctx, &idpv1alpha1.UpstreamOIDCProvider{ + created, err := upstreams.Create(ctx, &idpv1alpha1.OIDCIdentityProvider{ ObjectMeta: testObjectMeta(t, "upstream"), Spec: spec, }, metav1.CreateOptions{}) @@ -368,20 +368,20 @@ func CreateTestUpstreamOIDCProvider(t *testing.T, spec idpv1alpha1.UpstreamOIDCP // Always clean this up after this point. t.Cleanup(func() { - t.Logf("cleaning up test UpstreamOIDCProvider %s/%s", created.Namespace, created.Name) + t.Logf("cleaning up test OIDCIdentityProvider %s/%s", created.Namespace, created.Name) err := upstreams.Delete(context.Background(), created.Name, metav1.DeleteOptions{}) require.NoError(t, err) }) - t.Logf("created test UpstreamOIDCProvider %s", created.Name) + t.Logf("created test OIDCIdentityProvider %s", created.Name) - // Wait for the UpstreamOIDCProvider to enter the expected phase (or time out). - var result *idpv1alpha1.UpstreamOIDCProvider + // Wait for the OIDCIdentityProvider to enter the expected phase (or time out). + var result *idpv1alpha1.OIDCIdentityProvider require.Eventuallyf(t, func() bool { var err error result, err = upstreams.Get(ctx, created.Name, metav1.GetOptions{}) require.NoError(t, err) return result.Status.Phase == expectedPhase - }, 60*time.Second, 1*time.Second, "expected the UpstreamOIDCProvider to go into phase %s", expectedPhase) + }, 60*time.Second, 1*time.Second, "expected the OIDCIdentityProvider to go into phase %s", expectedPhase) return result }