diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..72152f15 100644 --- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml @@ -38,16 +38,34 @@ spec: status: description: Status of the credential issuer. properties: - kubeConfigInfo: + impersonationProxyInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using the impersonation proxy. properties: certificateAuthorityData: - description: The K8s API server CA bundle. + description: The CA bundle to validate connections to the impersonation + proxy. + minLength: 1 + type: string + endpoint: + description: The HTTPS endpoint of the impersonation proxy. + minLength: 1 + pattern: ^https:// + type: string + required: + - certificateAuthorityData + - endpoint + type: object + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using the TokenCredentialRequest API. + properties: + certificateAuthorityData: + description: The Kubernetes API server CA bundle. minLength: 1 type: string server: - description: The K8s API server URL. + description: The Kubernetes API server URL. minLength: 1 pattern: ^https://|^http:// type: string diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index d909c9de..7f5b6184 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo"] +==== CredentialIssuerImpersonationProxyInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | The HTTPS endpoint of the impersonation proxy. +| *`certificateAuthorityData`* __string__ | The CA bundle to validate connections to the impersonation proxy. +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -249,8 +267,8 @@ Describes the configuration status of a Pinniped credential issuer. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. +| *`server`* __string__ | The Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | The Kubernetes API server CA bundle. |=== @@ -270,7 +288,8 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. +| *`impersonationProxyInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo[$$CredentialIssuerImpersonationProxyInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. |=== diff --git a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..5af75b73 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -16,12 +16,15 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy") SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey") + ListeningStrategyReason = StrategyReason("Listening") + DisabledStrategyReason = StrategyReason("Disabled") ) // Status of a credential issuer. @@ -29,19 +32,35 @@ type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerStrategy `json:"strategies"` - // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + + // Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. + // +optional + ImpersonationProxyInfo *CredentialIssuerImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"` } -// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +// Information needed to connect to the TokenCredentialRequest API on this cluster. type CredentialIssuerKubeConfigInfo struct { - // The K8s API server URL. + // The Kubernetes API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` Server string `json:"server"` - // The K8s API server CA bundle. + // The Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` +} + +// Information needed to connect to the TokenCredentialRequest API on this cluster. +type CredentialIssuerImpersonationProxyInfo struct { + // The HTTPS endpoint of the impersonation proxy. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // The CA bundle to validate connections to the impersonation proxy. // +kubebuilder:validation:MinLength=1 CertificateAuthorityData string `json:"certificateAuthorityData"` } diff --git a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ffbbbc50 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,22 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopyInto(out *CredentialIssuerImpersonationProxyInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerImpersonationProxyInfo. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopy() *CredentialIssuerImpersonationProxyInfo { + if in == nil { + return nil + } + out := new(CredentialIssuerImpersonationProxyInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -102,6 +118,11 @@ func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = new(CredentialIssuerKubeConfigInfo) **out = **in } + if in.ImpersonationProxyInfo != nil { + in, out := &in.ImpersonationProxyInfo, &out.ImpersonationProxyInfo + *out = new(CredentialIssuerImpersonationProxyInfo) + **out = **in + } return } diff --git a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..72152f15 100644 --- a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -38,16 +38,34 @@ spec: status: description: Status of the credential issuer. properties: - kubeConfigInfo: + impersonationProxyInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using the impersonation proxy. properties: certificateAuthorityData: - description: The K8s API server CA bundle. + description: The CA bundle to validate connections to the impersonation + proxy. + minLength: 1 + type: string + endpoint: + description: The HTTPS endpoint of the impersonation proxy. + minLength: 1 + pattern: ^https:// + type: string + required: + - certificateAuthorityData + - endpoint + type: object + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using the TokenCredentialRequest API. + properties: + certificateAuthorityData: + description: The Kubernetes API server CA bundle. minLength: 1 type: string server: - description: The K8s API server URL. + description: The Kubernetes API server URL. minLength: 1 pattern: ^https://|^http:// type: string diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index a40e3568..044cb262 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo"] +==== CredentialIssuerImpersonationProxyInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | The HTTPS endpoint of the impersonation proxy. +| *`certificateAuthorityData`* __string__ | The CA bundle to validate connections to the impersonation proxy. +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -249,8 +267,8 @@ Describes the configuration status of a Pinniped credential issuer. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. +| *`server`* __string__ | The Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | The Kubernetes API server CA bundle. |=== @@ -270,7 +288,8 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. +| *`impersonationProxyInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo[$$CredentialIssuerImpersonationProxyInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. |=== diff --git a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..5af75b73 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -16,12 +16,15 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy") SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey") + ListeningStrategyReason = StrategyReason("Listening") + DisabledStrategyReason = StrategyReason("Disabled") ) // Status of a credential issuer. @@ -29,19 +32,35 @@ type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerStrategy `json:"strategies"` - // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + + // Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. + // +optional + ImpersonationProxyInfo *CredentialIssuerImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"` } -// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +// Information needed to connect to the TokenCredentialRequest API on this cluster. type CredentialIssuerKubeConfigInfo struct { - // The K8s API server URL. + // The Kubernetes API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` Server string `json:"server"` - // The K8s API server CA bundle. + // The Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` +} + +// Information needed to connect to the TokenCredentialRequest API on this cluster. +type CredentialIssuerImpersonationProxyInfo struct { + // The HTTPS endpoint of the impersonation proxy. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // The CA bundle to validate connections to the impersonation proxy. // +kubebuilder:validation:MinLength=1 CertificateAuthorityData string `json:"certificateAuthorityData"` } diff --git a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ffbbbc50 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,22 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopyInto(out *CredentialIssuerImpersonationProxyInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerImpersonationProxyInfo. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopy() *CredentialIssuerImpersonationProxyInfo { + if in == nil { + return nil + } + out := new(CredentialIssuerImpersonationProxyInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -102,6 +118,11 @@ func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = new(CredentialIssuerKubeConfigInfo) **out = **in } + if in.ImpersonationProxyInfo != nil { + in, out := &in.ImpersonationProxyInfo, &out.ImpersonationProxyInfo + *out = new(CredentialIssuerImpersonationProxyInfo) + **out = **in + } return } diff --git a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..72152f15 100644 --- a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -38,16 +38,34 @@ spec: status: description: Status of the credential issuer. properties: - kubeConfigInfo: + impersonationProxyInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using the impersonation proxy. properties: certificateAuthorityData: - description: The K8s API server CA bundle. + description: The CA bundle to validate connections to the impersonation + proxy. + minLength: 1 + type: string + endpoint: + description: The HTTPS endpoint of the impersonation proxy. + minLength: 1 + pattern: ^https:// + type: string + required: + - certificateAuthorityData + - endpoint + type: object + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using the TokenCredentialRequest API. + properties: + certificateAuthorityData: + description: The Kubernetes API server CA bundle. minLength: 1 type: string server: - description: The K8s API server URL. + description: The Kubernetes API server URL. minLength: 1 pattern: ^https://|^http:// type: string diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index 0b74cef3..5365664f 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo"] +==== CredentialIssuerImpersonationProxyInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | The HTTPS endpoint of the impersonation proxy. +| *`certificateAuthorityData`* __string__ | The CA bundle to validate connections to the impersonation proxy. +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -249,8 +267,8 @@ Describes the configuration status of a Pinniped credential issuer. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. +| *`server`* __string__ | The Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | The Kubernetes API server CA bundle. |=== @@ -270,7 +288,8 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. +| *`impersonationProxyInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo[$$CredentialIssuerImpersonationProxyInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. |=== diff --git a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..5af75b73 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -16,12 +16,15 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy") SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey") + ListeningStrategyReason = StrategyReason("Listening") + DisabledStrategyReason = StrategyReason("Disabled") ) // Status of a credential issuer. @@ -29,19 +32,35 @@ type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerStrategy `json:"strategies"` - // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + + // Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. + // +optional + ImpersonationProxyInfo *CredentialIssuerImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"` } -// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +// Information needed to connect to the TokenCredentialRequest API on this cluster. type CredentialIssuerKubeConfigInfo struct { - // The K8s API server URL. + // The Kubernetes API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` Server string `json:"server"` - // The K8s API server CA bundle. + // The Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` +} + +// Information needed to connect to the TokenCredentialRequest API on this cluster. +type CredentialIssuerImpersonationProxyInfo struct { + // The HTTPS endpoint of the impersonation proxy. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // The CA bundle to validate connections to the impersonation proxy. // +kubebuilder:validation:MinLength=1 CertificateAuthorityData string `json:"certificateAuthorityData"` } diff --git a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ffbbbc50 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,22 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopyInto(out *CredentialIssuerImpersonationProxyInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerImpersonationProxyInfo. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopy() *CredentialIssuerImpersonationProxyInfo { + if in == nil { + return nil + } + out := new(CredentialIssuerImpersonationProxyInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -102,6 +118,11 @@ func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = new(CredentialIssuerKubeConfigInfo) **out = **in } + if in.ImpersonationProxyInfo != nil { + in, out := &in.ImpersonationProxyInfo, &out.ImpersonationProxyInfo + *out = new(CredentialIssuerImpersonationProxyInfo) + **out = **in + } return } diff --git a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..72152f15 100644 --- a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -38,16 +38,34 @@ spec: status: description: Status of the credential issuer. properties: - kubeConfigInfo: + impersonationProxyInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using the impersonation proxy. properties: certificateAuthorityData: - description: The K8s API server CA bundle. + description: The CA bundle to validate connections to the impersonation + proxy. + minLength: 1 + type: string + endpoint: + description: The HTTPS endpoint of the impersonation proxy. + minLength: 1 + pattern: ^https:// + type: string + required: + - certificateAuthorityData + - endpoint + type: object + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using the TokenCredentialRequest API. + properties: + certificateAuthorityData: + description: The Kubernetes API server CA bundle. minLength: 1 type: string server: - description: The K8s API server URL. + description: The Kubernetes API server URL. minLength: 1 pattern: ^https://|^http:// type: string diff --git a/generated/1.20/README.adoc b/generated/1.20/README.adoc index 76a678f4..5e16c419 100644 --- a/generated/1.20/README.adoc +++ b/generated/1.20/README.adoc @@ -236,6 +236,24 @@ Describes the configuration status of a Pinniped credential issuer. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo"] +==== CredentialIssuerImpersonationProxyInfo + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | The HTTPS endpoint of the impersonation proxy. +| *`certificateAuthorityData`* __string__ | The CA bundle to validate connections to the impersonation proxy. +|=== + + [id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] ==== CredentialIssuerKubeConfigInfo @@ -249,8 +267,8 @@ Describes the configuration status of a Pinniped credential issuer. [cols="25a,75a", options="header"] |=== | Field | Description -| *`server`* __string__ | The K8s API server URL. -| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle. +| *`server`* __string__ | The Kubernetes API server URL. +| *`certificateAuthorityData`* __string__ | The Kubernetes API server CA bundle. |=== @@ -270,7 +288,8 @@ Status of a credential issuer. |=== | Field | Description | *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. +| *`impersonationProxyInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-config-v1alpha1-credentialissuerimpersonationproxyinfo[$$CredentialIssuerImpersonationProxyInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. |=== diff --git a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..5af75b73 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -16,12 +16,15 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy") SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey") + ListeningStrategyReason = StrategyReason("Listening") + DisabledStrategyReason = StrategyReason("Disabled") ) // Status of a credential issuer. @@ -29,19 +32,35 @@ type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerStrategy `json:"strategies"` - // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + + // Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. + // +optional + ImpersonationProxyInfo *CredentialIssuerImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"` } -// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +// Information needed to connect to the TokenCredentialRequest API on this cluster. type CredentialIssuerKubeConfigInfo struct { - // The K8s API server URL. + // The Kubernetes API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` Server string `json:"server"` - // The K8s API server CA bundle. + // The Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` +} + +// Information needed to connect to the TokenCredentialRequest API on this cluster. +type CredentialIssuerImpersonationProxyInfo struct { + // The HTTPS endpoint of the impersonation proxy. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // The CA bundle to validate connections to the impersonation proxy. // +kubebuilder:validation:MinLength=1 CertificateAuthorityData string `json:"certificateAuthorityData"` } diff --git a/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ffbbbc50 100644 --- a/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.20/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,22 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopyInto(out *CredentialIssuerImpersonationProxyInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerImpersonationProxyInfo. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopy() *CredentialIssuerImpersonationProxyInfo { + if in == nil { + return nil + } + out := new(CredentialIssuerImpersonationProxyInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -102,6 +118,11 @@ func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = new(CredentialIssuerKubeConfigInfo) **out = **in } + if in.ImpersonationProxyInfo != nil { + in, out := &in.ImpersonationProxyInfo, &out.ImpersonationProxyInfo + *out = new(CredentialIssuerImpersonationProxyInfo) + **out = **in + } return } diff --git a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 900db6cb..72152f15 100644 --- a/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml +++ b/generated/1.20/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -38,16 +38,34 @@ spec: status: description: Status of the credential issuer. properties: - kubeConfigInfo: + impersonationProxyInfo: description: Information needed to form a valid Pinniped-based kubeconfig - using this credential issuer. + using the impersonation proxy. properties: certificateAuthorityData: - description: The K8s API server CA bundle. + description: The CA bundle to validate connections to the impersonation + proxy. + minLength: 1 + type: string + endpoint: + description: The HTTPS endpoint of the impersonation proxy. + minLength: 1 + pattern: ^https:// + type: string + required: + - certificateAuthorityData + - endpoint + type: object + kubeConfigInfo: + description: Information needed to form a valid Pinniped-based kubeconfig + using the TokenCredentialRequest API. + properties: + certificateAuthorityData: + description: The Kubernetes API server CA bundle. minLength: 1 type: string server: - description: The K8s API server URL. + description: The Kubernetes API server URL. minLength: 1 pattern: ^https://|^http:// type: string diff --git a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go index 63d59446..5af75b73 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go +++ b/generated/latest/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -16,12 +16,15 @@ type StrategyReason string const ( KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate") + ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy") SuccessStrategyStatus = StrategyStatus("Success") ErrorStrategyStatus = StrategyStatus("Error") CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey") FetchedKeyStrategyReason = StrategyReason("FetchedKey") + ListeningStrategyReason = StrategyReason("Listening") + DisabledStrategyReason = StrategyReason("Disabled") ) // Status of a credential issuer. @@ -29,19 +32,35 @@ type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. Strategies []CredentialIssuerStrategy `json:"strategies"` - // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. + // Information needed to form a valid Pinniped-based kubeconfig using the TokenCredentialRequest API. // +optional KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + + // Information needed to form a valid Pinniped-based kubeconfig using the impersonation proxy. + // +optional + ImpersonationProxyInfo *CredentialIssuerImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"` } -// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +// Information needed to connect to the TokenCredentialRequest API on this cluster. type CredentialIssuerKubeConfigInfo struct { - // The K8s API server URL. + // The Kubernetes API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` Server string `json:"server"` - // The K8s API server CA bundle. + // The Kubernetes API server CA bundle. + // +kubebuilder:validation:MinLength=1 + CertificateAuthorityData string `json:"certificateAuthorityData"` +} + +// Information needed to connect to the TokenCredentialRequest API on this cluster. +type CredentialIssuerImpersonationProxyInfo struct { + // The HTTPS endpoint of the impersonation proxy. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // The CA bundle to validate connections to the impersonation proxy. // +kubebuilder:validation:MinLength=1 CertificateAuthorityData string `json:"certificateAuthorityData"` } diff --git a/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index eebbe7af..ffbbbc50 100644 --- a/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/latest/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -38,6 +38,22 @@ func (in *CredentialIssuer) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopyInto(out *CredentialIssuerImpersonationProxyInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerImpersonationProxyInfo. +func (in *CredentialIssuerImpersonationProxyInfo) DeepCopy() *CredentialIssuerImpersonationProxyInfo { + if in == nil { + return nil + } + out := new(CredentialIssuerImpersonationProxyInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in @@ -102,6 +118,11 @@ func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = new(CredentialIssuerKubeConfigInfo) **out = **in } + if in.ImpersonationProxyInfo != nil { + in, out := &in.ImpersonationProxyInfo, &out.ImpersonationProxyInfo + *out = new(CredentialIssuerImpersonationProxyInfo) + **out = **in + } return }