From 7174f857d8bf32e840c03e927c6ad386e93edd07 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 1 Mar 2021 16:17:04 -0600 Subject: [PATCH] Add generated code. Signed-off-by: Matt Moyer --- ...cierge.pinniped.dev_credentialissuers.yaml | 35 +++++++++++++++- generated/1.17/README.adoc | 39 ++++++++++++++++- .../config/v1alpha1/types_credentialissuer.go | 35 +++++++++++++++- .../config/v1alpha1/zz_generated.deepcopy.go | 42 +++++++++++++++++++ ...cierge.pinniped.dev_credentialissuers.yaml | 35 +++++++++++++++- generated/1.18/README.adoc | 39 ++++++++++++++++- .../config/v1alpha1/types_credentialissuer.go | 35 +++++++++++++++- .../config/v1alpha1/zz_generated.deepcopy.go | 42 +++++++++++++++++++ ...cierge.pinniped.dev_credentialissuers.yaml | 35 +++++++++++++++- generated/1.19/README.adoc | 39 ++++++++++++++++- .../config/v1alpha1/types_credentialissuer.go | 35 +++++++++++++++- .../config/v1alpha1/zz_generated.deepcopy.go | 42 +++++++++++++++++++ ...cierge.pinniped.dev_credentialissuers.yaml | 35 +++++++++++++++- generated/1.20/README.adoc | 39 ++++++++++++++++- .../config/v1alpha1/types_credentialissuer.go | 35 +++++++++++++++- .../config/v1alpha1/zz_generated.deepcopy.go | 42 +++++++++++++++++++ ...cierge.pinniped.dev_credentialissuers.yaml | 35 +++++++++++++++- .../config/v1alpha1/types_credentialissuer.go | 35 +++++++++++++++- .../config/v1alpha1/zz_generated.deepcopy.go | 42 +++++++++++++++++++ go.sum | 7 ---- 20 files changed, 697 insertions(+), 26 deletions(-) diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..d61a7835 100644 --- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml @@ -40,7 +40,8 @@ spec: properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using this credential issuer. This field is deprecated and will + be removed in a future version. properties: certificateAuthorityData: description: The K8s API server CA bundle. @@ -62,6 +63,38 @@ spec: description: Status of an integration strategy that was attempted by Pinniped. properties: + frontend: + description: Frontend describes how clients can connect using + this strategy. + properties: + tokenCredentialRequestInfo: + description: TokenCredentialRequestAPIInfo describes the + parameters for the TokenCredentialRequest API on this + Concierge. This field is only set when Type is "TokenCredentialRequestAPI". + properties: + certificateAuthorityData: + description: CertificateAuthorityData is the Kubernetes + API server CA bundle. + minLength: 1 + type: string + server: + description: Server is the Kubernetes API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + type: + description: Type describes which frontend mechanism clients + can use with a strategy. + enum: + - TokenCredentialRequestAPI + type: string + required: + - type + type: object lastUpdateTime: description: When the status was last checked. format: date-time diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index d909c9de..c2848d45 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerfrontend"] +==== CredentialIssuerFrontend + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __FrontendType__ | Type describes which frontend mechanism clients can use with a strategy. +| *`tokenCredentialRequestInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo[$$TokenCredentialRequestAPIInfo$$]__ | TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. This field is only set when Type is "TokenCredentialRequestAPI". +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -270,7 +288,7 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. This field is deprecated and will be removed in a future version. |=== @@ -292,6 +310,25 @@ Status of a credential issuer. | *`reason`* __StrategyReason__ | Reason for the current status. | *`message`* __string__ | Human-readable description of the current status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | When the status was last checked. +| *`frontend`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$]__ | Frontend describes how clients can connect using this strategy. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo"] +==== TokenCredentialRequestAPIInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`server`* __string__ | Server is the Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | CertificateAuthorityData is the Kubernetes API server CA bundle. |=== diff --git a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..39989501 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string +// +kubebuilder:validation:Enum=TokenCredentialRequestAPI +type FrontendType string + // +kubebuilder:validation:Enum=Success;Error type StrategyStatus string @@ -17,11 +20,14 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI") + SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") - CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") - FetchedKeyStrategyReason = StrategyReason("FetchedKey") + CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") + CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo") + FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) // Status of a credential issuer. @@ -30,6 +36,7 @@ type CredentialIssuerStatus struct { Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // This field is deprecated and will be removed in a future version. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } @@ -63,6 +70,30 @@ type CredentialIssuerStrategy struct { // When the status was last checked. LastUpdateTime metav1.Time `json:"lastUpdateTime"` + + // Frontend describes how clients can connect using this strategy. + Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"` +} + +type CredentialIssuerFrontend struct { + // Type describes which frontend mechanism clients can use with a strategy. + Type FrontendType `json:"type"` + + // TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. + // This field is only set when Type is "TokenCredentialRequestAPI". + TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"` +} + +// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. +type TokenCredentialRequestAPIInfo struct { + // Server is the Kubernetes API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` + + // CertificateAuthorityData is the Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } // Describes the configuration status of a Pinniped credential issuer. diff --git a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ad9a9f66 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,27 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerFrontend) DeepCopyInto(out *CredentialIssuerFrontend) { + *out = *in + if in.TokenCredentialRequestAPIInfo != nil { + in, out := &in.TokenCredentialRequestAPIInfo, &out.TokenCredentialRequestAPIInfo + *out = new(TokenCredentialRequestAPIInfo) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerFrontend. +func (in *CredentialIssuerFrontend) DeepCopy() *CredentialIssuerFrontend { + if in == nil { + return nil + } + out := new(CredentialIssuerFrontend) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -119,6 +140,11 @@ func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + if in.Frontend != nil { + in, out := &in.Frontend, &out.Frontend + *out = new(CredentialIssuerFrontend) + (*in).DeepCopyInto(*out) + } return } @@ -131,3 +157,19 @@ func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestAPIInfo. +func (in *TokenCredentialRequestAPIInfo) DeepCopy() *TokenCredentialRequestAPIInfo { + if in == nil { + return nil + } + out := new(TokenCredentialRequestAPIInfo) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..d61a7835 100644 --- a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -40,7 +40,8 @@ spec: properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using this credential issuer. This field is deprecated and will + be removed in a future version. properties: certificateAuthorityData: description: The K8s API server CA bundle. @@ -62,6 +63,38 @@ spec: description: Status of an integration strategy that was attempted by Pinniped. properties: + frontend: + description: Frontend describes how clients can connect using + this strategy. + properties: + tokenCredentialRequestInfo: + description: TokenCredentialRequestAPIInfo describes the + parameters for the TokenCredentialRequest API on this + Concierge. This field is only set when Type is "TokenCredentialRequestAPI". + properties: + certificateAuthorityData: + description: CertificateAuthorityData is the Kubernetes + API server CA bundle. + minLength: 1 + type: string + server: + description: Server is the Kubernetes API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + type: + description: Type describes which frontend mechanism clients + can use with a strategy. + enum: + - TokenCredentialRequestAPI + type: string + required: + - type + type: object lastUpdateTime: description: When the status was last checked. format: date-time diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index a40e3568..4a1580f2 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerfrontend"] +==== CredentialIssuerFrontend + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __FrontendType__ | Type describes which frontend mechanism clients can use with a strategy. +| *`tokenCredentialRequestInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo[$$TokenCredentialRequestAPIInfo$$]__ | TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. This field is only set when Type is "TokenCredentialRequestAPI". +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -270,7 +288,7 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. This field is deprecated and will be removed in a future version. |=== @@ -292,6 +310,25 @@ Status of a credential issuer. | *`reason`* __StrategyReason__ | Reason for the current status. | *`message`* __string__ | Human-readable description of the current status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | When the status was last checked. +| *`frontend`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$]__ | Frontend describes how clients can connect using this strategy. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo"] +==== TokenCredentialRequestAPIInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`server`* __string__ | Server is the Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | CertificateAuthorityData is the Kubernetes API server CA bundle. |=== diff --git a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..39989501 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string +// +kubebuilder:validation:Enum=TokenCredentialRequestAPI +type FrontendType string + // +kubebuilder:validation:Enum=Success;Error type StrategyStatus string @@ -17,11 +20,14 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI") + SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") - CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") - FetchedKeyStrategyReason = StrategyReason("FetchedKey") + CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") + CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo") + FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) // Status of a credential issuer. @@ -30,6 +36,7 @@ type CredentialIssuerStatus struct { Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // This field is deprecated and will be removed in a future version. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } @@ -63,6 +70,30 @@ type CredentialIssuerStrategy struct { // When the status was last checked. LastUpdateTime metav1.Time `json:"lastUpdateTime"` + + // Frontend describes how clients can connect using this strategy. + Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"` +} + +type CredentialIssuerFrontend struct { + // Type describes which frontend mechanism clients can use with a strategy. + Type FrontendType `json:"type"` + + // TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. + // This field is only set when Type is "TokenCredentialRequestAPI". + TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"` +} + +// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. +type TokenCredentialRequestAPIInfo struct { + // Server is the Kubernetes API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` + + // CertificateAuthorityData is the Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } // Describes the configuration status of a Pinniped credential issuer. diff --git a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ad9a9f66 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,27 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerFrontend) DeepCopyInto(out *CredentialIssuerFrontend) { + *out = *in + if in.TokenCredentialRequestAPIInfo != nil { + in, out := &in.TokenCredentialRequestAPIInfo, &out.TokenCredentialRequestAPIInfo + *out = new(TokenCredentialRequestAPIInfo) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerFrontend. +func (in *CredentialIssuerFrontend) DeepCopy() *CredentialIssuerFrontend { + if in == nil { + return nil + } + out := new(CredentialIssuerFrontend) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -119,6 +140,11 @@ func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + if in.Frontend != nil { + in, out := &in.Frontend, &out.Frontend + *out = new(CredentialIssuerFrontend) + (*in).DeepCopyInto(*out) + } return } @@ -131,3 +157,19 @@ func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestAPIInfo. +func (in *TokenCredentialRequestAPIInfo) DeepCopy() *TokenCredentialRequestAPIInfo { + if in == nil { + return nil + } + out := new(TokenCredentialRequestAPIInfo) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..d61a7835 100644 --- a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -40,7 +40,8 @@ spec: properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using this credential issuer. This field is deprecated and will + be removed in a future version. properties: certificateAuthorityData: description: The K8s API server CA bundle. @@ -62,6 +63,38 @@ spec: description: Status of an integration strategy that was attempted by Pinniped. properties: + frontend: + description: Frontend describes how clients can connect using + this strategy. + properties: + tokenCredentialRequestInfo: + description: TokenCredentialRequestAPIInfo describes the + parameters for the TokenCredentialRequest API on this + Concierge. This field is only set when Type is "TokenCredentialRequestAPI". + properties: + certificateAuthorityData: + description: CertificateAuthorityData is the Kubernetes + API server CA bundle. + minLength: 1 + type: string + server: + description: Server is the Kubernetes API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + type: + description: Type describes which frontend mechanism clients + can use with a strategy. + enum: + - TokenCredentialRequestAPI + type: string + required: + - type + type: object lastUpdateTime: description: When the status was last checked. format: date-time diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index 0b74cef3..a77f3f18 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerfrontend"] +==== CredentialIssuerFrontend + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __FrontendType__ | Type describes which frontend mechanism clients can use with a strategy. +| *`tokenCredentialRequestInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo[$$TokenCredentialRequestAPIInfo$$]__ | TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. This field is only set when Type is "TokenCredentialRequestAPI". +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -270,7 +288,7 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. This field is deprecated and will be removed in a future version. |=== @@ -292,6 +310,25 @@ Status of a credential issuer. | *`reason`* __StrategyReason__ | Reason for the current status. | *`message`* __string__ | Human-readable description of the current status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | When the status was last checked. +| *`frontend`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$]__ | Frontend describes how clients can connect using this strategy. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo"] +==== TokenCredentialRequestAPIInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`server`* __string__ | Server is the Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | CertificateAuthorityData is the Kubernetes API server CA bundle. |=== diff --git a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..39989501 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string +// +kubebuilder:validation:Enum=TokenCredentialRequestAPI +type FrontendType string + // +kubebuilder:validation:Enum=Success;Error type StrategyStatus string @@ -17,11 +20,14 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI") + SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") - CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") - FetchedKeyStrategyReason = StrategyReason("FetchedKey") + CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") + CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo") + FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) // Status of a credential issuer. @@ -30,6 +36,7 @@ type CredentialIssuerStatus struct { Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // This field is deprecated and will be removed in a future version. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } @@ -63,6 +70,30 @@ type CredentialIssuerStrategy struct { // When the status was last checked. LastUpdateTime metav1.Time `json:"lastUpdateTime"` + + // Frontend describes how clients can connect using this strategy. + Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"` +} + +type CredentialIssuerFrontend struct { + // Type describes which frontend mechanism clients can use with a strategy. + Type FrontendType `json:"type"` + + // TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. + // This field is only set when Type is "TokenCredentialRequestAPI". + TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"` +} + +// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. +type TokenCredentialRequestAPIInfo struct { + // Server is the Kubernetes API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` + + // CertificateAuthorityData is the Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } // Describes the configuration status of a Pinniped credential issuer. diff --git a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ad9a9f66 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,27 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerFrontend) DeepCopyInto(out *CredentialIssuerFrontend) { + *out = *in + if in.TokenCredentialRequestAPIInfo != nil { + in, out := &in.TokenCredentialRequestAPIInfo, &out.TokenCredentialRequestAPIInfo + *out = new(TokenCredentialRequestAPIInfo) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerFrontend. +func (in *CredentialIssuerFrontend) DeepCopy() *CredentialIssuerFrontend { + if in == nil { + return nil + } + out := new(CredentialIssuerFrontend) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -119,6 +140,11 @@ func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + if in.Frontend != nil { + in, out := &in.Frontend, &out.Frontend + *out = new(CredentialIssuerFrontend) + (*in).DeepCopyInto(*out) + } return } @@ -131,3 +157,19 @@ func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestAPIInfo. +func (in *TokenCredentialRequestAPIInfo) DeepCopy() *TokenCredentialRequestAPIInfo { + if in == nil { + return nil + } + out := new(TokenCredentialRequestAPIInfo) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..d61a7835 100644 --- a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -40,7 +40,8 @@ spec: properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using this credential issuer. This field is deprecated and will + be removed in a future version. properties: certificateAuthorityData: description: The K8s API server CA bundle. @@ -62,6 +63,38 @@ spec: description: Status of an integration strategy that was attempted by Pinniped. properties: + frontend: + description: Frontend describes how clients can connect using + this strategy. + properties: + tokenCredentialRequestInfo: + description: TokenCredentialRequestAPIInfo describes the + parameters for the TokenCredentialRequest API on this + Concierge. This field is only set when Type is "TokenCredentialRequestAPI". + properties: + certificateAuthorityData: + description: CertificateAuthorityData is the Kubernetes + API server CA bundle. + minLength: 1 + type: string + server: + description: Server is the Kubernetes API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + type: + description: Type describes which frontend mechanism clients + can use with a strategy. + enum: + - TokenCredentialRequestAPI + type: string + required: + - type + type: object lastUpdateTime: description: When the status was last checked. format: date-time diff --git a/generated/1.20/README.adoc b/generated/1.20/README.adoc index 76a678f4..7b35be86 100644 --- a/generated/1.20/README.adoc +++ b/generated/1.20/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerfrontend"] +==== CredentialIssuerFrontend + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __FrontendType__ | Type describes which frontend mechanism clients can use with a strategy. +| *`tokenCredentialRequestInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo[$$TokenCredentialRequestAPIInfo$$]__ | TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. This field is only set when Type is "TokenCredentialRequestAPI". +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -270,7 +288,7 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. This field is deprecated and will be removed in a future version. |=== @@ -292,6 +310,25 @@ Status of a credential issuer. | *`reason`* __StrategyReason__ | Reason for the current status. | *`message`* __string__ | Human-readable description of the current status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#time-v1-meta[$$Time$$]__ | When the status was last checked. +| *`frontend`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$]__ | Frontend describes how clients can connect using this strategy. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-tokencredentialrequestapiinfo"] +==== TokenCredentialRequestAPIInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerfrontend[$$CredentialIssuerFrontend$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`server`* __string__ | Server is the Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | CertificateAuthorityData is the Kubernetes API server CA bundle. |=== diff --git a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..39989501 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string +// +kubebuilder:validation:Enum=TokenCredentialRequestAPI +type FrontendType string + // +kubebuilder:validation:Enum=Success;Error type StrategyStatus string @@ -17,11 +20,14 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI") + SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") - CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") - FetchedKeyStrategyReason = StrategyReason("FetchedKey") + CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") + CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo") + FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) // Status of a credential issuer. @@ -30,6 +36,7 @@ type CredentialIssuerStatus struct { Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // This field is deprecated and will be removed in a future version. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } @@ -63,6 +70,30 @@ type CredentialIssuerStrategy struct { // When the status was last checked. LastUpdateTime metav1.Time `json:"lastUpdateTime"` + + // Frontend describes how clients can connect using this strategy. + Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"` +} + +type CredentialIssuerFrontend struct { + // Type describes which frontend mechanism clients can use with a strategy. + Type FrontendType `json:"type"` + + // TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. + // This field is only set when Type is "TokenCredentialRequestAPI". + TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"` +} + +// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. +type TokenCredentialRequestAPIInfo struct { + // Server is the Kubernetes API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` + + // CertificateAuthorityData is the Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } // Describes the configuration status of a Pinniped credential issuer. diff --git a/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ad9a9f66 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,27 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerFrontend) DeepCopyInto(out *CredentialIssuerFrontend) { + *out = *in + if in.TokenCredentialRequestAPIInfo != nil { + in, out := &in.TokenCredentialRequestAPIInfo, &out.TokenCredentialRequestAPIInfo + *out = new(TokenCredentialRequestAPIInfo) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerFrontend. +func (in *CredentialIssuerFrontend) DeepCopy() *CredentialIssuerFrontend { + if in == nil { + return nil + } + out := new(CredentialIssuerFrontend) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -119,6 +140,11 @@ func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + if in.Frontend != nil { + in, out := &in.Frontend, &out.Frontend + *out = new(CredentialIssuerFrontend) + (*in).DeepCopyInto(*out) + } return } @@ -131,3 +157,19 @@ func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestAPIInfo. +func (in *TokenCredentialRequestAPIInfo) DeepCopy() *TokenCredentialRequestAPIInfo { + if in == nil { + return nil + } + out := new(TokenCredentialRequestAPIInfo) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..d61a7835 100644 --- a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -40,7 +40,8 @@ spec: properties: kubeConfigInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using this credential issuer. This field is deprecated and will + be removed in a future version. properties: certificateAuthorityData: description: The K8s API server CA bundle. @@ -62,6 +63,38 @@ spec: description: Status of an integration strategy that was attempted by Pinniped. properties: + frontend: + description: Frontend describes how clients can connect using + this strategy. + properties: + tokenCredentialRequestInfo: + description: TokenCredentialRequestAPIInfo describes the + parameters for the TokenCredentialRequest API on this + Concierge. This field is only set when Type is "TokenCredentialRequestAPI". + properties: + certificateAuthorityData: + description: CertificateAuthorityData is the Kubernetes + API server CA bundle. + minLength: 1 + type: string + server: + description: Server is the Kubernetes API server URL. + minLength: 1 + pattern: ^https://|^http:// + type: string + required: + - certificateAuthorityData + - server + type: object + type: + description: Type describes which frontend mechanism clients + can use with a strategy. + enum: + - TokenCredentialRequestAPI + type: string + required: + - type + type: object lastUpdateTime: description: When the status was last checked. format: date-time diff --git a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..39989501 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -8,6 +8,9 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:validation:Enum=KubeClusterSigningCertificate type StrategyType string +// +kubebuilder:validation:Enum=TokenCredentialRequestAPI +type FrontendType string + // +kubebuilder:validation:Enum=Success;Error type StrategyStatus string @@ -17,11 +20,14 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI") + SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") - CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") - FetchedKeyStrategyReason = StrategyReason("FetchedKey") + CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") + CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo") + FetchedKeyStrategyReason = StrategyReason("FetchedKey") ) // Status of a credential issuer. @@ -30,6 +36,7 @@ type CredentialIssuerStatus struct { Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // This field is deprecated and will be removed in a future version. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } @@ -63,6 +70,30 @@ type CredentialIssuerStrategy struct { // When the status was last checked. LastUpdateTime metav1.Time `json:"lastUpdateTime"` + + // Frontend describes how clients can connect using this strategy. + Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"` +} + +type CredentialIssuerFrontend struct { + // Type describes which frontend mechanism clients can use with a strategy. + Type FrontendType `json:"type"` + + // TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. + // This field is only set when Type is "TokenCredentialRequestAPI". + TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"` +} + +// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge. +type TokenCredentialRequestAPIInfo struct { + // Server is the Kubernetes API server URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://|^http://` + Server string `json:"server"` + + // CertificateAuthorityData is the Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` } // Describes the configuration status of a Pinniped credential issuer. diff --git a/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ad9a9f66 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,27 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerFrontend) DeepCopyInto(out *CredentialIssuerFrontend) { + *out = *in + if in.TokenCredentialRequestAPIInfo != nil { + in, out := &in.TokenCredentialRequestAPIInfo, &out.TokenCredentialRequestAPIInfo + *out = new(TokenCredentialRequestAPIInfo) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerFrontend. +func (in *CredentialIssuerFrontend) DeepCopy() *CredentialIssuerFrontend { + if in == nil { + return nil + } + out := new(CredentialIssuerFrontend) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -119,6 +140,11 @@ func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) + if in.Frontend != nil { + in, out := &in.Frontend, &out.Frontend + *out = new(CredentialIssuerFrontend) + (*in).DeepCopyInto(*out) + } return } @@ -131,3 +157,19 @@ func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestAPIInfo. +func (in *TokenCredentialRequestAPIInfo) DeepCopy() *TokenCredentialRequestAPIInfo { + if in == nil { + return nil + } + out := new(TokenCredentialRequestAPIInfo) + in.DeepCopyInto(out) + return out +} diff --git a/go.sum b/go.sum index 00df0a18..1d0de09f 100644 --- a/go.sum +++ b/go.sum @@ -214,7 +214,6 @@ github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/stdr v0.4.0 h1:ijk9G/xzDRZdMU1QRhLYdHuWvNZWqte+NZMOGsiKWbc= github.com/go-logr/stdr v0.4.0/go.mod h1:NO1vneyJDqKVgJYnxhwXWWmQPOvNM391IG3H8ql3jiA= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -226,7 +225,6 @@ github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8 github.com/go-openapi/spec v0.20.3 h1:uH9RQ6vdyPSs2pSy9fL8QPspDF2AMIMPtmK5coSSjtQ= github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= @@ -693,7 +691,6 @@ github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzR github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= @@ -1178,7 +1175,6 @@ golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= @@ -1266,11 +1262,9 @@ golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201112073958-5cba982894dd h1:5CtCZbICpIOFdgO940moixOPjc0178IU44m4EjOO5IY= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 h1:/ZHdbVpdR/jk3g30/d4yUL0JU9kksj8+F/bnQUVLGDM= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1279,7 +1273,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=