Change group names

Signed-off-by: Margo Crawford <margaretc@vmware.com>

apis/supervisor/clientsecret/doc.go.tmpl

@@ -0,0 +1,8 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=clientsecret.supervisor.pinniped.dev
+
+// Package clientsecret is the internal version of the Pinniped client secret API.
+package clientsecret

apis/supervisor/clientsecret/register.go.tmpl

@@ -1,14 +1,14 @@
 // Copyright 2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-package oauth
+package clientsecret
 
 import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "oauth.virtual.supervisor.pinniped.dev"
+const GroupName = "clientsecret.supervisor.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

apis/supervisor/clientsecret/types_oidcclientsecretrequest.go.tmpl

@@ -1,7 +1,7 @@
 // Copyright 2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-package oauth
+package clientsecret
 
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 

apis/supervisor/clientsecret/v1alpha1/doc.go.tmpl

@@ -3,9 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/supervisor/virtual/oauth
+// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/supervisor/clientsecret
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=oauth.virtual.supervisor.pinniped.dev
+// +groupName=clientsecret.supervisor.pinniped.dev
 
-// Package v1alpha1 is the v1alpha1 version of the Pinniped virtual oauth API.
+// Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
 package v1alpha1

apis/supervisor/clientsecret/v1alpha1/register.go.tmpl

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "oauth.virtual.supervisor.pinniped.dev"
+const GroupName = "clientsecret.supervisor.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

apis/supervisor/config/v1alpha1/register.go.tmpl

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&FederationDomain{},
 		&FederationDomainList{},
+		&OIDCClient{},
+		&OIDCClientList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

apis/supervisor/oauth/v1alpha1/doc.go.tmpl

@@ -1,10 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-// +k8s:defaulter-gen=TypeMeta
-// +groupName=oauth.supervisor.pinniped.dev
-
-// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
-package v1alpha1

apis/supervisor/oauth/v1alpha1/register.go.tmpl

@@ -1,43 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-const GroupName = "oauth.supervisor.pinniped.dev"
-
-// SchemeGroupVersion is group version used to register these objects.
-var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
-
-var (
-	SchemeBuilder      runtime.SchemeBuilder
-	localSchemeBuilder = &SchemeBuilder
-	AddToScheme        = localSchemeBuilder.AddToScheme
-)
-
-func init() {
-	// We only register manually written functions here. The registration of the
-	// generated functions takes place in the generated files. The separation
-	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addKnownTypes)
-}
-
-// Adds the list of known types to the given scheme.
-func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(SchemeGroupVersion,
-		&OIDCClient{},
-		&OIDCClientList{},
-	)
-	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
-	return nil
-}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource.
-func Resource(resource string) schema.GroupResource {
-	return SchemeGroupVersion.WithResource(resource).GroupResource()
-}

apis/supervisor/virtual/oauth/doc.go.tmpl

@@ -1,8 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=oauth.virtual.supervisor.pinniped.dev
-
-// Package oauth is the internal version of the Pinniped virtual oauth API.
-package oauth

deploy/supervisor/config.supervisor.pinniped.dev_oidcclients.yaml

@@ -5,9 +5,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
-  name: oidcclients.oauth.supervisor.pinniped.dev
+  name: oidcclients.config.supervisor.pinniped.dev
 spec:
-  group: oauth.supervisor.pinniped.dev
+  group: config.supervisor.pinniped.dev
   names:
     categories:
     - pinniped

deploy/supervisor/deployment.yaml

@@ -197,11 +197,11 @@ spec:
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
-  name: #@ pinnipedDevAPIGroupWithPrefix("v1alpha1.oauth.virtual.supervisor")
+  name: #@ pinnipedDevAPIGroupWithPrefix("v1alpha1.clientsecret.supervisor")
   labels: #@ labels()
 spec:
   version: v1alpha1
-  group: #@ pinnipedDevAPIGroupWithPrefix("oauth.virtual.supervisor")
+  group: #@ pinnipedDevAPIGroupWithPrefix("clientsecret.supervisor")
   groupPriorityMinimum: 9900
   versionPriority: 15
   #! caBundle: Do not include this key here. Starts out null, will be updated/owned by the golang code.

deploy/supervisor/z0_crd_overlay.yaml

@@ -41,11 +41,11 @@ metadata:
 spec:
   group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
 
-#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcclients.oauth.supervisor.pinniped.dev"}}), expects=1
+#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcclients.config.supervisor.pinniped.dev"}}), expects=1
 ---
 metadata:
   #@overlay/match missing_ok=True
   labels: #@ labels()
-  name: #@ pinnipedDevAPIGroupWithPrefix("oidcclients.oauth.supervisor")
+  name: #@ pinnipedDevAPIGroupWithPrefix("oidcclients.config.supervisor")
 spec:
-  group: #@ pinnipedDevAPIGroupWithPrefix("oauth.supervisor")
+  group: #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")

generated/1.17/README.adoc

@@ -6,15 +6,14 @@
 
 .Packages
 - xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
+- xref:{anchor_prefix}-clientsecret-supervisor-pinniped-dev-clientsecret[$$clientsecret.supervisor.pinniped.dev/clientsecret$$]
+- xref:{anchor_prefix}-clientsecret-supervisor-pinniped-dev-v1alpha1[$$clientsecret.supervisor.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1[$$config.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-supervisor-pinniped-dev-v1alpha1[$$config.supervisor.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-identity-concierge-pinniped-dev-identity[$$identity.concierge.pinniped.dev/identity$$]
 - xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-oauth[$$oauth.virtual.supervisor.pinniped.dev/oauth$$]
-- xref:{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-v1alpha1[$$oauth.virtual.supervisor.pinniped.dev/v1alpha1$$]
 
 
 [id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
@@ -213,6 +212,98 @@ Status of a webhook authenticator.
 
 
 
+[id="{anchor_prefix}-clientsecret-supervisor-pinniped-dev-clientsecret"]
+=== clientsecret.supervisor.pinniped.dev/clientsecret
+
+Package clientsecret is the internal version of the Pinniped client secret API.
+
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
+==== OIDCClientSecretRequestSpec 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generateNewSecret`* __boolean__ | 
+| *`revokeOldSecrets`* __boolean__ | 
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
+==== OIDCClientSecretRequestStatus 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generatedSecret`* __string__ | 
+| *`totalClientSecrets`* __integer__ | 
+|===
+
+
+
+[id="{anchor_prefix}-clientsecret-supervisor-pinniped-dev-v1alpha1"]
+=== clientsecret.supervisor.pinniped.dev/v1alpha1
+
+Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
+
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
+==== OIDCClientSecretRequestSpec 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generateNewSecret`* __boolean__ | 
+| *`revokeOldSecrets`* __boolean__ | 
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
+==== OIDCClientSecretRequestStatus 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generatedSecret`* __string__ | 
+| *`totalClientSecrets`* __integer__ | 
+|===
+
+
+
 [id="{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1"]
 === config.concierge.pinniped.dev/v1alpha1
 
@@ -546,6 +637,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
 |===
 
 
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclient"]
+==== OIDCClient 
+
+OIDCClient describes the configuration of an OIDC client.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclientspec"]
+==== OIDCClientSpec 
+
+OIDCClientSpec is a struct that describes an OIDC Client.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
+| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client. 
+ Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to   authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session.   This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   This grant must be listed if allowedScopes lists pinniped:request-audience.
+| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client. 
+ Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat).   This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow.   This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   openid, username and groups scopes must be listed when this scope is present.   This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username.   Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership,   if their group membership is discoverable by the Supervisor.   Without the groups scope being requested and allowed, the ID token will not contain groups.
+|===
+
+
+
+
 
 [id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
 === identity.concierge.pinniped.dev/identity
@@ -1335,148 +1471,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
 |===
 
 
-
-[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
-=== oauth.supervisor.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclient"]
-==== OIDCClient 
-
-OIDCClient describes the configuration of an OIDC client.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
-
-| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
-| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
-|===
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
-==== OIDCClientSpec 
-
-OIDCClientSpec is a struct that describes an OIDC Client.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
-| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client. 
- Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to   authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session.   This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   This grant must be listed if allowedScopes lists pinniped:request-audience.
-| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client. 
- Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat).   This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow.   This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   openid, username and groups scopes must be listed when this scope is present.   This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username.   Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership,   if their group membership is discoverable by the Supervisor.   Without the groups scope being requested and allowed, the ID token will not contain groups.
-|===
-
-
-
-
-
-[id="{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-oauth"]
-=== oauth.virtual.supervisor.pinniped.dev/oauth
-
-Package oauth is the internal version of the Pinniped virtual oauth API.
-
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-oidcclientsecretrequestspec"]
-==== OIDCClientSecretRequestSpec 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generateNewSecret`* __boolean__ | 
-| *`revokeOldSecrets`* __boolean__ | 
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-oidcclientsecretrequeststatus"]
-==== OIDCClientSecretRequestStatus 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generatedSecret`* __string__ | 
-| *`totalClientSecrets`* __integer__ | 
-|===
-
-
-
-[id="{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-v1alpha1"]
-=== oauth.virtual.supervisor.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped virtual oauth API.
-
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequestspec"]
-==== OIDCClientSecretRequestSpec 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generateNewSecret`* __boolean__ | 
-| *`revokeOldSecrets`* __boolean__ | 
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequeststatus"]
-==== OIDCClientSecretRequestStatus 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generatedSecret`* __string__ | 
-| *`totalClientSecrets`* __integer__ | 
-|===
-
-

generated/1.17/apis/supervisor/clientsecret/doc.go

@@ -0,0 +1,8 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=clientsecret.supervisor.pinniped.dev
+
+// Package clientsecret is the internal version of the Pinniped client secret API.
+package clientsecret

generated/1.17/apis/supervisor/clientsecret/register.go

@@ -1,14 +1,14 @@
 // Copyright 2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-package oauth
+package clientsecret
 
 import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "oauth.virtual.supervisor.pinniped.dev"
+const GroupName = "clientsecret.supervisor.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

generated/1.17/apis/supervisor/clientsecret/types_oidcclientsecretrequest.go

@@ -1,7 +1,7 @@
 // Copyright 2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-package oauth
+package clientsecret
 
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 

generated/1.17/apis/supervisor/clientsecret/v1alpha1/doc.go

@@ -3,9 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth
+// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=oauth.virtual.supervisor.pinniped.dev
+// +groupName=clientsecret.supervisor.pinniped.dev
 
-// Package v1alpha1 is the v1alpha1 version of the Pinniped virtual oauth API.
+// Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
 package v1alpha1

generated/1.17/apis/supervisor/clientsecret/v1alpha1/register.go

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "oauth.virtual.supervisor.pinniped.dev"
+const GroupName = "clientsecret.supervisor.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

generated/1.17/apis/supervisor/clientsecret/v1alpha1/zz_generated.conversion.go

@@ -0,0 +1,131 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by conversion-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	clientsecret "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret"
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+func init() {
+	localSchemeBuilder.Register(RegisterConversions)
+}
+
+// RegisterConversions adds conversion functions to the given scheme.
+// Public to allow building arbitrary schemes.
+func RegisterConversions(s *runtime.Scheme) error {
+	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequest)(nil), (*clientsecret.OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(a.(*OIDCClientSecretRequest), b.(*clientsecret.OIDCClientSecretRequest), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequest)(nil), (*OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(a.(*clientsecret.OIDCClientSecretRequest), b.(*OIDCClientSecretRequest), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestSpec)(nil), (*OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(a.(*clientsecret.OIDCClientSecretRequestSpec), b.(*OIDCClientSecretRequestSpec), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestStatus)(nil), (*clientsecret.OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(a.(*OIDCClientSecretRequestStatus), b.(*clientsecret.OIDCClientSecretRequestStatus), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestStatus)(nil), (*OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(a.(*clientsecret.OIDCClientSecretRequestStatus), b.(*OIDCClientSecretRequestStatus), scope)
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest is an autogenerated conversion function.
+func Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
+	return autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in, out, s)
+}
+
+func autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest is an autogenerated conversion function.
+func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
+	return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
+}
+
+func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	out.GenerateNewSecret = in.GenerateNewSecret
+	out.RevokeOldSecrets = in.RevokeOldSecrets
+	return nil
+}
+
+// Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec is an autogenerated conversion function.
+func Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	return autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in, out, s)
+}
+
+func autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	out.GenerateNewSecret = in.GenerateNewSecret
+	out.RevokeOldSecrets = in.RevokeOldSecrets
+	return nil
+}
+
+// Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec is an autogenerated conversion function.
+func Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	return autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in, out, s)
+}
+
+func autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	out.GeneratedSecret = in.GeneratedSecret
+	out.TotalClientSecrets = in.TotalClientSecrets
+	return nil
+}
+
+// Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus is an autogenerated conversion function.
+func Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	return autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in, out, s)
+}
+
+func autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	out.GeneratedSecret = in.GeneratedSecret
+	out.TotalClientSecrets = in.TotalClientSecrets
+	return nil
+}
+
+// Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus is an autogenerated conversion function.
+func Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	return autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in, out, s)
+}

generated/1.17/apis/supervisor/clientsecret/zz_generated.deepcopy.go

@@ -6,7 +6,7 @@
 
 // Code generated by deepcopy-gen. DO NOT EDIT.
 
-package oauth
+package clientsecret
 
 import (
 	runtime "k8s.io/apimachinery/pkg/runtime"

generated/1.17/apis/supervisor/config/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&FederationDomain{},
 		&FederationDomainList{},
+		&OIDCClient{},
+		&OIDCClientList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go

@@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
+func (in *OIDCClient) DeepCopy() *OIDCClient {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClient)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OIDCClient) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]OIDCClient, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
+func (in *OIDCClientList) DeepCopy() *OIDCClientList {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OIDCClientList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
+	*out = *in
+	if in.AllowedRedirectURIs != nil {
+		in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.AllowedGrantTypes != nil {
+		in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
+		*out = make([]GrantType, len(*in))
+		copy(*out, *in)
+	}
+	if in.AllowedScopes != nil {
+		in, out := &in.AllowedScopes, &out.AllowedScopes
+		*out = make([]Scope, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
+func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
+func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientStatus)
+	in.DeepCopyInto(out)
+	return out
+}

generated/1.17/apis/supervisor/oauth/v1alpha1/doc.go

@@ -1,10 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-// +k8s:defaulter-gen=TypeMeta
-// +groupName=oauth.supervisor.pinniped.dev
-
-// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
-package v1alpha1

generated/1.17/apis/supervisor/oauth/v1alpha1/register.go

@@ -1,43 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-const GroupName = "oauth.supervisor.pinniped.dev"
-
-// SchemeGroupVersion is group version used to register these objects.
-var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
-
-var (
-	SchemeBuilder      runtime.SchemeBuilder
-	localSchemeBuilder = &SchemeBuilder
-	AddToScheme        = localSchemeBuilder.AddToScheme
-)
-
-func init() {
-	// We only register manually written functions here. The registration of the
-	// generated functions takes place in the generated files. The separation
-	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addKnownTypes)
-}
-
-// Adds the list of known types to the given scheme.
-func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(SchemeGroupVersion,
-		&OIDCClient{},
-		&OIDCClientList{},
-	)
-	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
-	return nil
-}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource.
-func Resource(resource string) schema.GroupResource {
-	return SchemeGroupVersion.WithResource(resource).GroupResource()
-}

generated/1.17/apis/supervisor/oauth/v1alpha1/zz_generated.deepcopy.go

@@ -1,121 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
-func (in *OIDCClient) DeepCopy() *OIDCClient {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClient)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *OIDCClient) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]OIDCClient, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
-func (in *OIDCClientList) DeepCopy() *OIDCClientList {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *OIDCClientList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
-	*out = *in
-	if in.AllowedRedirectURIs != nil {
-		in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.AllowedGrantTypes != nil {
-		in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
-		*out = make([]GrantType, len(*in))
-		copy(*out, *in)
-	}
-	if in.AllowedScopes != nil {
-		in, out := &in.AllowedScopes, &out.AllowedScopes
-		*out = make([]Scope, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
-func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
-func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientStatus)
-	in.DeepCopyInto(out)
-	return out
-}

generated/1.17/apis/supervisor/virtual/oauth/doc.go

@@ -1,8 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=oauth.virtual.supervisor.pinniped.dev
-
-// Package oauth is the internal version of the Pinniped virtual oauth API.
-package oauth

generated/1.17/apis/supervisor/virtual/oauth/v1alpha1/zz_generated.conversion.go

@@ -1,131 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	oauth "go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth"
-	conversion "k8s.io/apimachinery/pkg/conversion"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-func init() {
-	localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequest)(nil), (*oauth.OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(a.(*OIDCClientSecretRequest), b.(*oauth.OIDCClientSecretRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*oauth.OIDCClientSecretRequest)(nil), (*OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(a.(*oauth.OIDCClientSecretRequest), b.(*OIDCClientSecretRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*oauth.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*oauth.OIDCClientSecretRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*oauth.OIDCClientSecretRequestSpec)(nil), (*OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(a.(*oauth.OIDCClientSecretRequestSpec), b.(*OIDCClientSecretRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestStatus)(nil), (*oauth.OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(a.(*OIDCClientSecretRequestStatus), b.(*oauth.OIDCClientSecretRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*oauth.OIDCClientSecretRequestStatus)(nil), (*OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(a.(*oauth.OIDCClientSecretRequestStatus), b.(*OIDCClientSecretRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *oauth.OIDCClientSecretRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *oauth.OIDCClientSecretRequest, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(in, out, s)
-}
-
-func autoConvert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *oauth.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest is an autogenerated conversion function.
-func Convert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *oauth.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
-	return autoConvert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *oauth.OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	out.GenerateNewSecret = in.GenerateNewSecret
-	out.RevokeOldSecrets = in.RevokeOldSecrets
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *oauth.OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(in, out, s)
-}
-
-func autoConvert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *oauth.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	out.GenerateNewSecret = in.GenerateNewSecret
-	out.RevokeOldSecrets = in.RevokeOldSecrets
-	return nil
-}
-
-// Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec is an autogenerated conversion function.
-func Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *oauth.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	return autoConvert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *oauth.OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	out.GeneratedSecret = in.GeneratedSecret
-	out.TotalClientSecrets = in.TotalClientSecrets
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *oauth.OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(in, out, s)
-}
-
-func autoConvert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *oauth.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	out.GeneratedSecret = in.GeneratedSecret
-	out.TotalClientSecrets = in.TotalClientSecrets
-	return nil
-}
-
-// Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus is an autogenerated conversion function.
-func Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *oauth.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	return autoConvert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in, out, s)
-}

generated/1.17/client/supervisor/clientset/versioned/clientset.go

@@ -8,9 +8,9 @@ package versioned
 import (
 	"fmt"
 
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
 	flowcontrol "k8s.io/client-go/util/flowcontrol"
@@ -18,18 +18,23 @@ import (
 
 type Interface interface {
 	Discovery() discovery.DiscoveryInterface
+	ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface
 	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
 	IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
-	OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
 }
 
 // Clientset contains the clients for groups. Each group has exactly one
 // version included in a Clientset.
 type Clientset struct {
 	*discovery.DiscoveryClient
-	configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
+	clientsecretV1alpha1 *clientsecretv1alpha1.ClientsecretV1alpha1Client
-	iDPV1alpha1    *idpv1alpha1.IDPV1alpha1Client
+	configV1alpha1       *configv1alpha1.ConfigV1alpha1Client
-	oauthV1alpha1  *oauthv1alpha1.OauthV1alpha1Client
+	iDPV1alpha1          *idpv1alpha1.IDPV1alpha1Client
+}
+
+// ClientsecretV1alpha1 retrieves the ClientsecretV1alpha1Client
+func (c *Clientset) ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface {
+	return c.clientsecretV1alpha1
 }
 
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
@@ -42,11 +47,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
 	return c.iDPV1alpha1
 }
 
-// OauthV1alpha1 retrieves the OauthV1alpha1Client
-func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
-	return c.oauthV1alpha1
-}
-
 // Discovery retrieves the DiscoveryClient
 func (c *Clientset) Discovery() discovery.DiscoveryInterface {
 	if c == nil {
@@ -68,6 +68,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	}
 	var cs Clientset
 	var err error
+	cs.clientsecretV1alpha1, err = clientsecretv1alpha1.NewForConfig(&configShallowCopy)
+	if err != nil {
+		return nil, err
+	}
 	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
@@ -76,10 +80,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	if err != nil {
 		return nil, err
 	}
-	cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
 
 	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
 	if err != nil {
@@ -92,9 +92,9 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 // panics if there is an error in the config.
 func NewForConfigOrDie(c *rest.Config) *Clientset {
 	var cs Clientset
+	cs.clientsecretV1alpha1 = clientsecretv1alpha1.NewForConfigOrDie(c)
 	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
 	cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
-	cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
 	return &cs
@@ -103,9 +103,9 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
 // New creates a new Clientset for the given RESTClient.
 func New(c rest.Interface) *Clientset {
 	var cs Clientset
+	cs.clientsecretV1alpha1 = clientsecretv1alpha1.New(c)
 	cs.configV1alpha1 = configv1alpha1.New(c)
 	cs.iDPV1alpha1 = idpv1alpha1.New(c)
-	cs.oauthV1alpha1 = oauthv1alpha1.New(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
 	return &cs

generated/1.17/client/supervisor/clientset/versioned/fake/clientset_generated.go

@@ -7,12 +7,12 @@ package fake
 
 import (
 	clientset "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned"
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
+	fakeclientsecretv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
 	fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
 	idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
 	fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
-	fakeoauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/discovery"
@@ -67,6 +67,11 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
 
 var _ clientset.Interface = &Clientset{}
 
+// ClientsecretV1alpha1 retrieves the ClientsecretV1alpha1Client
+func (c *Clientset) ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface {
+	return &fakeclientsecretv1alpha1.FakeClientsecretV1alpha1{Fake: &c.Fake}
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
@@ -76,8 +81,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
 	return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
 }
-
-// OauthV1alpha1 retrieves the OauthV1alpha1Client
-func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
-	return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
-}

generated/1.17/client/supervisor/clientset/versioned/fake/register.go

@@ -6,9 +6,9 @@
 package fake
 
 import (
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -20,9 +20,9 @@ var scheme = runtime.NewScheme()
 var codecs = serializer.NewCodecFactory(scheme)
 var parameterCodec = runtime.NewParameterCodec(scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	clientsecretv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
 	idpv1alpha1.AddToScheme,
-	oauthv1alpha1.AddToScheme,
 }
 
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition

generated/1.17/client/supervisor/clientset/versioned/scheme/register.go

@@ -6,9 +6,9 @@
 package scheme
 
 import (
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -20,9 +20,9 @@ var Scheme = runtime.NewScheme()
 var Codecs = serializer.NewCodecFactory(Scheme)
 var ParameterCodec = runtime.NewParameterCodec(Scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	clientsecretv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
 	idpv1alpha1.AddToScheme,
-	oauthv1alpha1.AddToScheme,
 }
 
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/clientsecret_client.go

@@ -6,27 +6,27 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/supervisor/virtual/clientset/versioned/scheme"
+	"go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 
-type OauthV1alpha1Interface interface {
+type ClientsecretV1alpha1Interface interface {
 	RESTClient() rest.Interface
 	OIDCClientSecretRequestsGetter
 }
 
-// OauthV1alpha1Client is used to interact with features provided by the oauth.virtual.supervisor.pinniped.dev group.
+// ClientsecretV1alpha1Client is used to interact with features provided by the clientsecret.supervisor.pinniped.dev group.
-type OauthV1alpha1Client struct {
+type ClientsecretV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *OauthV1alpha1Client) OIDCClientSecretRequests(namespace string) OIDCClientSecretRequestInterface {
+func (c *ClientsecretV1alpha1Client) OIDCClientSecretRequests(namespace string) OIDCClientSecretRequestInterface {
 	return newOIDCClientSecretRequests(c, namespace)
 }
 
-// NewForConfig creates a new OauthV1alpha1Client for the given config.
+// NewForConfig creates a new ClientsecretV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
+func NewForConfig(c *rest.Config) (*ClientsecretV1alpha1Client, error) {
 	config := *c
 	if err := setConfigDefaults(&config); err != nil {
 		return nil, err
@@ -35,12 +35,12 @@ func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &OauthV1alpha1Client{client}, nil
+	return &ClientsecretV1alpha1Client{client}, nil
 }
 
-// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
+// NewForConfigOrDie creates a new ClientsecretV1alpha1Client for the given config and
 // panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
+func NewForConfigOrDie(c *rest.Config) *ClientsecretV1alpha1Client {
 	client, err := NewForConfig(c)
 	if err != nil {
 		panic(err)
@@ -48,9 +48,9 @@ func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
 	return client
 }
 
-// New creates a new OauthV1alpha1Client for the given RESTClient.
+// New creates a new ClientsecretV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *OauthV1alpha1Client {
+func New(c rest.Interface) *ClientsecretV1alpha1Client {
-	return &OauthV1alpha1Client{c}
+	return &ClientsecretV1alpha1Client{c}
 }
 
 func setConfigDefaults(config *rest.Config) error {
@@ -68,7 +68,7 @@ func setConfigDefaults(config *rest.Config) error {
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
+func (c *ClientsecretV1alpha1Client) RESTClient() rest.Interface {
 	if c == nil {
 		return nil
 	}

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake/fake_clientsecret_client.go

@@ -6,22 +6,22 @@
 package fake
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )
 
-type FakeOauthV1alpha1 struct {
+type FakeClientsecretV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeOauthV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
+func (c *FakeClientsecretV1alpha1) OIDCClientSecretRequests(namespace string) v1alpha1.OIDCClientSecretRequestInterface {
-	return &FakeOIDCClients{c, namespace}
+	return &FakeOIDCClientSecretRequests{c, namespace}
 }
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
+func (c *FakeClientsecretV1alpha1) RESTClient() rest.Interface {
 	var ret *rest.RESTClient
 	return ret
 }

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake/fake_oidcclientsecretrequest.go

@@ -6,20 +6,20 @@
 package fake
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	testing "k8s.io/client-go/testing"
 )
 
 // FakeOIDCClientSecretRequests implements OIDCClientSecretRequestInterface
 type FakeOIDCClientSecretRequests struct {
-	Fake *FakeOauthV1alpha1
+	Fake *FakeClientsecretV1alpha1
 	ns   string
 }
 
-var oidcclientsecretrequestsResource = schema.GroupVersionResource{Group: "oauth.virtual.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclientsecretrequests"}
+var oidcclientsecretrequestsResource = schema.GroupVersionResource{Group: "clientsecret.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclientsecretrequests"}
 
-var oidcclientsecretrequestsKind = schema.GroupVersionKind{Group: "oauth.virtual.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClientSecretRequest"}
+var oidcclientsecretrequestsKind = schema.GroupVersionKind{Group: "clientsecret.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClientSecretRequest"}
 
 // Create takes the representation of a oIDCClientSecretRequest and creates it.  Returns the server's representation of the oIDCClientSecretRequest, and an error, if there is any.
 func (c *FakeOIDCClientSecretRequests) Create(oIDCClientSecretRequest *v1alpha1.OIDCClientSecretRequest) (result *v1alpha1.OIDCClientSecretRequest, err error) {

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/oidcclientsecretrequest.go

@@ -6,7 +6,7 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
 	rest "k8s.io/client-go/rest"
 )
 
@@ -29,7 +29,7 @@ type oIDCClientSecretRequests struct {
 }
 
 // newOIDCClientSecretRequests returns a OIDCClientSecretRequests
-func newOIDCClientSecretRequests(c *OauthV1alpha1Client, namespace string) *oIDCClientSecretRequests {
+func newOIDCClientSecretRequests(c *ClientsecretV1alpha1Client, namespace string) *oIDCClientSecretRequests {
 	return &oIDCClientSecretRequests{
 		client: c.RESTClient(),
 		ns:     namespace,

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go

@@ -14,6 +14,7 @@ import (
 type ConfigV1alpha1Interface interface {
 	RESTClient() rest.Interface
 	FederationDomainsGetter
+	OIDCClientsGetter
 }
 
 // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
@@ -25,6 +26,10 @@ func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDom
 	return newFederationDomains(c, namespace)
 }
 
+func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
+	return newOIDCClients(c, namespace)
+}
+
 // NewForConfig creates a new ConfigV1alpha1Client for the given config.
 func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
 	config := *c

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go

@@ -19,6 +19,10 @@ func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.Federa
 	return &FakeFederationDomains{c, namespace}
 }
 
+func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
+	return &FakeOIDCClients{c, namespace}
+}
+
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
 func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcclient.go

@@ -6,7 +6,7 @@
 package fake
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -17,13 +17,13 @@ import (
 
 // FakeOIDCClients implements OIDCClientInterface
 type FakeOIDCClients struct {
-	Fake *FakeOauthV1alpha1
+	Fake *FakeConfigV1alpha1
 	ns   string
 }
 
-var oidcclientsResource = schema.GroupVersionResource{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
+var oidcclientsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclients"}
 
-var oidcclientsKind = schema.GroupVersionKind{Group: "oauth.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
+var oidcclientsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClient"}
 
 // Get takes name of the oIDCClient, and returns the corresponding oIDCClient object, and an error if there is any.
 func (c *FakeOIDCClients) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCClient, err error) {

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go

@@ -6,3 +6,5 @@
 package v1alpha1
 
 type FederationDomainExpansion interface{}
+
+type OIDCClientExpansion interface{}

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcclient.go

@@ -8,7 +8,7 @@ package v1alpha1
 import (
 	"time"
 
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
@@ -43,7 +43,7 @@ type oIDCClients struct {
 }
 
 // newOIDCClients returns a OIDCClients
-func newOIDCClients(c *OauthV1alpha1Client, namespace string) *oIDCClients {
+func newOIDCClients(c *ConfigV1alpha1Client, namespace string) *oIDCClients {
 	return &oIDCClients{
 		client: c.RESTClient(),
 		ns:     namespace,

generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/generated_expansion.go

@@ -1,8 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-type OIDCClientExpansion interface{}

generated/1.17/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/oauth_client.go

@@ -1,76 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type OauthV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	OIDCClientsGetter
-}
-
-// OauthV1alpha1Client is used to interact with features provided by the oauth.supervisor.pinniped.dev group.
-type OauthV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *OauthV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
-	return newOIDCClients(c, namespace)
-}
-
-// NewForConfig creates a new OauthV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return &OauthV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new OauthV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *OauthV1alpha1Client {
-	return &OauthV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}

generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go

@@ -13,6 +13,8 @@ import (
 type Interface interface {
 	// FederationDomains returns a FederationDomainInformer.
 	FederationDomains() FederationDomainInformer
+	// OIDCClients returns a OIDCClientInformer.
+	OIDCClients() OIDCClientInformer
 }
 
 type version struct {
@@ -30,3 +32,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 func (v *version) FederationDomains() FederationDomainInformer {
 	return &federationDomainInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
 }
+
+// OIDCClients returns a OIDCClientInformer.
+func (v *version) OIDCClients() OIDCClientInformer {
+	return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}

generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcclient.go

@@ -8,10 +8,10 @@ package v1alpha1
 import (
 	time "time"
 
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
+	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned"
 	internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"
@@ -48,16 +48,16 @@ func NewFilteredOIDCClientInformer(client versioned.Interface, namespace string,
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.OauthV1alpha1().OIDCClients(namespace).List(options)
+				return client.ConfigV1alpha1().OIDCClients(namespace).List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.OauthV1alpha1().OIDCClients(namespace).Watch(options)
+				return client.ConfigV1alpha1().OIDCClients(namespace).Watch(options)
 			},
 		},
-		&oauthv1alpha1.OIDCClient{},
+		&configv1alpha1.OIDCClient{},
 		resyncPeriod,
 		indexers,
 	)
@@ -68,7 +68,7 @@ func (f *oIDCClientInformer) defaultInformer(client versioned.Interface, resyncP
 }
 
 func (f *oIDCClientInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&oauthv1alpha1.OIDCClient{}, f.defaultInformer)
+	return f.factory.InformerFor(&configv1alpha1.OIDCClient{}, f.defaultInformer)
 }
 
 func (f *oIDCClientInformer) Lister() v1alpha1.OIDCClientLister {

generated/1.17/client/supervisor/informers/externalversions/factory.go

@@ -14,7 +14,6 @@ import (
 	config "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/config"
 	idp "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/idp"
 	internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
-	oauth "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/oauth"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -163,7 +162,6 @@ type SharedInformerFactory interface {
 
 	Config() config.Interface
 	IDP() idp.Interface
-	Oauth() oauth.Interface
 }
 
 func (f *sharedInformerFactory) Config() config.Interface {
@@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Config() config.Interface {
 func (f *sharedInformerFactory) IDP() idp.Interface {
 	return idp.New(f, f.namespace, f.tweakListOptions)
 }
-
-func (f *sharedInformerFactory) Oauth() oauth.Interface {
-	return oauth.New(f, f.namespace, f.tweakListOptions)
-}

generated/1.17/client/supervisor/informers/externalversions/generic.go

@@ -10,7 +10,6 @@ import (
 
 	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/oauth/v1alpha1"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	cache "k8s.io/client-go/tools/cache"
 )
@@ -44,6 +43,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 	// Group=config.supervisor.pinniped.dev, Version=v1alpha1
 	case v1alpha1.SchemeGroupVersion.WithResource("federationdomains"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().FederationDomains().Informer()}, nil
+	case v1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCClients().Informer()}, nil
 
 		// Group=idp.supervisor.pinniped.dev, Version=v1alpha1
 	case idpv1alpha1.SchemeGroupVersion.WithResource("activedirectoryidentityproviders"):
@@ -53,10 +54,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 	case idpv1alpha1.SchemeGroupVersion.WithResource("oidcidentityproviders"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().OIDCIdentityProviders().Informer()}, nil
 
-		// Group=oauth.supervisor.pinniped.dev, Version=v1alpha1
-	case oauthv1alpha1.SchemeGroupVersion.WithResource("oidcclients"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.Oauth().V1alpha1().OIDCClients().Informer()}, nil
-
 	}
 
 	return nil, fmt.Errorf("no informer found for %v", resource)

generated/1.17/client/supervisor/informers/externalversions/oauth/interface.go

@@ -1,33 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package oauth
-
-import (
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/oauth/v1alpha1"
-)
-
-// Interface provides access to each of this group's versions.
-type Interface interface {
-	// V1alpha1 provides access to shared informers for resources in V1alpha1.
-	V1alpha1() v1alpha1.Interface
-}
-
-type group struct {
-	factory          internalinterfaces.SharedInformerFactory
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// New returns a new Interface.
-func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
-	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
-}
-
-// V1alpha1 returns a new v1alpha1.Interface.
-func (g *group) V1alpha1() v1alpha1.Interface {
-	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
-}

generated/1.17/client/supervisor/informers/externalversions/oauth/v1alpha1/interface.go

@@ -1,32 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces"
-)
-
-// Interface provides access to all the informers in this group version.
-type Interface interface {
-	// OIDCClients returns a OIDCClientInformer.
-	OIDCClients() OIDCClientInformer
-}
-
-type version struct {
-	factory          internalinterfaces.SharedInformerFactory
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// New returns a new Interface.
-func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
-	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
-}
-
-// OIDCClients returns a OIDCClientInformer.
-func (v *version) OIDCClients() OIDCClientInformer {
-	return &oIDCClientInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
-}

generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go

@@ -12,3 +12,11 @@ type FederationDomainListerExpansion interface{}
 // FederationDomainNamespaceListerExpansion allows custom methods to be added to
 // FederationDomainNamespaceLister.
 type FederationDomainNamespaceListerExpansion interface{}
+
+// OIDCClientListerExpansion allows custom methods to be added to
+// OIDCClientLister.
+type OIDCClientListerExpansion interface{}
+
+// OIDCClientNamespaceListerExpansion allows custom methods to be added to
+// OIDCClientNamespaceLister.
+type OIDCClientNamespaceListerExpansion interface{}

generated/1.17/client/supervisor/listers/config/v1alpha1/oidcclient.go

@@ -6,7 +6,7 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

generated/1.17/client/supervisor/listers/oauth/v1alpha1/expansion_generated.go

@@ -1,14 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by lister-gen. DO NOT EDIT.
-
-package v1alpha1
-
-// OIDCClientListerExpansion allows custom methods to be added to
-// OIDCClientLister.
-type OIDCClientListerExpansion interface{}
-
-// OIDCClientNamespaceListerExpansion allows custom methods to be added to
-// OIDCClientNamespaceLister.
-type OIDCClientNamespaceListerExpansion interface{}

generated/1.17/client/supervisor/virtual/clientset/versioned/clientset.go

@@ -1,84 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package versioned
-
-import (
-	"fmt"
-
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/virtual/clientset/versioned/typed/oauth/v1alpha1"
-	discovery "k8s.io/client-go/discovery"
-	rest "k8s.io/client-go/rest"
-	flowcontrol "k8s.io/client-go/util/flowcontrol"
-)
-
-type Interface interface {
-	Discovery() discovery.DiscoveryInterface
-	OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
-}
-
-// Clientset contains the clients for groups. Each group has exactly one
-// version included in a Clientset.
-type Clientset struct {
-	*discovery.DiscoveryClient
-	oauthV1alpha1 *oauthv1alpha1.OauthV1alpha1Client
-}
-
-// OauthV1alpha1 retrieves the OauthV1alpha1Client
-func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
-	return c.oauthV1alpha1
-}
-
-// Discovery retrieves the DiscoveryClient
-func (c *Clientset) Discovery() discovery.DiscoveryInterface {
-	if c == nil {
-		return nil
-	}
-	return c.DiscoveryClient
-}
-
-// NewForConfig creates a new Clientset for the given config.
-// If config's RateLimiter is not set and QPS and Burst are acceptable,
-// NewForConfig will generate a rate-limiter in configShallowCopy.
-func NewForConfig(c *rest.Config) (*Clientset, error) {
-	configShallowCopy := *c
-	if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
-		if configShallowCopy.Burst <= 0 {
-			return nil, fmt.Errorf("Burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
-		}
-		configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
-	}
-	var cs Clientset
-	var err error
-	cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-
-	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	return &cs, nil
-}
-
-// NewForConfigOrDie creates a new Clientset for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *Clientset {
-	var cs Clientset
-	cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
-
-	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
-	return &cs
-}
-
-// New creates a new Clientset for the given RESTClient.
-func New(c rest.Interface) *Clientset {
-	var cs Clientset
-	cs.oauthV1alpha1 = oauthv1alpha1.New(c)
-
-	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
-	return &cs
-}

generated/1.17/client/supervisor/virtual/clientset/versioned/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// This package has the automatically generated clientset.
-package versioned

generated/1.17/client/supervisor/virtual/clientset/versioned/fake/clientset_generated.go

@@ -1,69 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	clientset "go.pinniped.dev/generated/1.17/client/supervisor/virtual/clientset/versioned"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/virtual/clientset/versioned/typed/oauth/v1alpha1"
-	fakeoauthv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/virtual/clientset/versioned/typed/oauth/v1alpha1/fake"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/discovery"
-	fakediscovery "k8s.io/client-go/discovery/fake"
-	"k8s.io/client-go/testing"
-)
-
-// NewSimpleClientset returns a clientset that will respond with the provided objects.
-// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
-// without applying any validations and/or defaults. It shouldn't be considered a replacement
-// for a real clientset and is mostly useful in simple unit tests.
-func NewSimpleClientset(objects ...runtime.Object) *Clientset {
-	o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
-	for _, obj := range objects {
-		if err := o.Add(obj); err != nil {
-			panic(err)
-		}
-	}
-
-	cs := &Clientset{tracker: o}
-	cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
-	cs.AddReactor("*", "*", testing.ObjectReaction(o))
-	cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
-		gvr := action.GetResource()
-		ns := action.GetNamespace()
-		watch, err := o.Watch(gvr, ns)
-		if err != nil {
-			return false, nil, err
-		}
-		return true, watch, nil
-	})
-
-	return cs
-}
-
-// Clientset implements clientset.Interface. Meant to be embedded into a
-// struct to get a default implementation. This makes faking out just the method
-// you want to test easier.
-type Clientset struct {
-	testing.Fake
-	discovery *fakediscovery.FakeDiscovery
-	tracker   testing.ObjectTracker
-}
-
-func (c *Clientset) Discovery() discovery.DiscoveryInterface {
-	return c.discovery
-}
-
-func (c *Clientset) Tracker() testing.ObjectTracker {
-	return c.tracker
-}
-
-var _ clientset.Interface = &Clientset{}
-
-// OauthV1alpha1 retrieves the OauthV1alpha1Client
-func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
-	return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
-}

generated/1.17/client/supervisor/virtual/clientset/versioned/fake/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// This package has the automatically generated fake clientset.
-package fake

generated/1.17/client/supervisor/virtual/clientset/versioned/fake/register.go

@@ -1,43 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-var scheme = runtime.NewScheme()
-var codecs = serializer.NewCodecFactory(scheme)
-var parameterCodec = runtime.NewParameterCodec(scheme)
-var localSchemeBuilder = runtime.SchemeBuilder{
-	oauthv1alpha1.AddToScheme,
-}
-
-// AddToScheme adds all types of this clientset into the given scheme. This allows composition
-// of clientsets, like in:
-//
-//   import (
-//     "k8s.io/client-go/kubernetes"
-//     clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//     aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//   )
-//
-//   kclientset, _ := kubernetes.NewForConfig(c)
-//   _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
-//
-// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
-// correctly.
-var AddToScheme = localSchemeBuilder.AddToScheme
-
-func init() {
-	v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
-	utilruntime.Must(AddToScheme(scheme))
-}

generated/1.17/client/supervisor/virtual/clientset/versioned/scheme/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// This package contains the scheme of the automatically generated clientset.
-package scheme

generated/1.17/client/supervisor/virtual/clientset/versioned/scheme/register.go

@@ -1,43 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package scheme
-
-import (
-	oauthv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/virtual/oauth/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-var Scheme = runtime.NewScheme()
-var Codecs = serializer.NewCodecFactory(Scheme)
-var ParameterCodec = runtime.NewParameterCodec(Scheme)
-var localSchemeBuilder = runtime.SchemeBuilder{
-	oauthv1alpha1.AddToScheme,
-}
-
-// AddToScheme adds all types of this clientset into the given scheme. This allows composition
-// of clientsets, like in:
-//
-//   import (
-//     "k8s.io/client-go/kubernetes"
-//     clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//     aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//   )
-//
-//   kclientset, _ := kubernetes.NewForConfig(c)
-//   _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
-//
-// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
-// correctly.
-var AddToScheme = localSchemeBuilder.AddToScheme
-
-func init() {
-	v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
-	utilruntime.Must(AddToScheme(Scheme))
-}

generated/1.17/client/supervisor/virtual/clientset/versioned/typed/oauth/v1alpha1/fake/fake_oauth_client.go

@@ -1,27 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/virtual/clientset/versioned/typed/oauth/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeOauthV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeOauthV1alpha1) OIDCClientSecretRequests(namespace string) v1alpha1.OIDCClientSecretRequestInterface {
-	return &FakeOIDCClientSecretRequests{c, namespace}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeOauthV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/crds/config.supervisor.pinniped.dev_oidcclients.yaml

@@ -5,9 +5,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.8.0
   creationTimestamp: null
-  name: oidcclients.oauth.supervisor.pinniped.dev
+  name: oidcclients.config.supervisor.pinniped.dev
 spec:
-  group: oauth.supervisor.pinniped.dev
+  group: config.supervisor.pinniped.dev
   names:
     categories:
     - pinniped

generated/1.18/README.adoc

@@ -6,15 +6,14 @@
 
 .Packages
 - xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
+- xref:{anchor_prefix}-clientsecret-supervisor-pinniped-dev-clientsecret[$$clientsecret.supervisor.pinniped.dev/clientsecret$$]
+- xref:{anchor_prefix}-clientsecret-supervisor-pinniped-dev-v1alpha1[$$clientsecret.supervisor.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1[$$config.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-supervisor-pinniped-dev-v1alpha1[$$config.supervisor.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-identity-concierge-pinniped-dev-identity[$$identity.concierge.pinniped.dev/identity$$]
 - xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1[$$oauth.supervisor.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-oauth[$$oauth.virtual.supervisor.pinniped.dev/oauth$$]
-- xref:{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-v1alpha1[$$oauth.virtual.supervisor.pinniped.dev/v1alpha1$$]
 
 
 [id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
@@ -213,6 +212,98 @@ Status of a webhook authenticator.
 
 
 
+[id="{anchor_prefix}-clientsecret-supervisor-pinniped-dev-clientsecret"]
+=== clientsecret.supervisor.pinniped.dev/clientsecret
+
+Package clientsecret is the internal version of the Pinniped client secret API.
+
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
+==== OIDCClientSecretRequestSpec 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generateNewSecret`* __boolean__ | 
+| *`revokeOldSecrets`* __boolean__ | 
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
+==== OIDCClientSecretRequestStatus 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generatedSecret`* __string__ | 
+| *`totalClientSecrets`* __integer__ | 
+|===
+
+
+
+[id="{anchor_prefix}-clientsecret-supervisor-pinniped-dev-v1alpha1"]
+=== clientsecret.supervisor.pinniped.dev/v1alpha1
+
+Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
+
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
+==== OIDCClientSecretRequestSpec 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generateNewSecret`* __boolean__ | 
+| *`revokeOldSecrets`* __boolean__ | 
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
+==== OIDCClientSecretRequestStatus 
+
+
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`generatedSecret`* __string__ | 
+| *`totalClientSecrets`* __integer__ | 
+|===
+
+
+
 [id="{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1"]
 === config.concierge.pinniped.dev/v1alpha1
 
@@ -546,6 +637,51 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an
 |===
 
 
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclient"]
+==== OIDCClient 
+
+OIDCClient describes the configuration of an OIDC client.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientlist[$$OIDCClientList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclientspec"]
+==== OIDCClientSpec 
+
+OIDCClientSpec is a struct that describes an OIDC Client.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcclient[$$OIDCClient$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
+| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client. 
+ Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to   authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session.   This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   This grant must be listed if allowedScopes lists pinniped:request-audience.
+| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client. 
+ Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat).   This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow.   This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   openid, username and groups scopes must be listed when this scope is present.   This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username.   Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership,   if their group membership is discoverable by the Supervisor.   Without the groups scope being requested and allowed, the ID token will not contain groups.
+|===
+
+
+
+
 
 [id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"]
 === identity.concierge.pinniped.dev/identity
@@ -1335,148 +1471,3 @@ TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned
 |===
 
 
-
-[id="{anchor_prefix}-oauth-supervisor-pinniped-dev-v1alpha1"]
-=== oauth.supervisor.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclient"]
-==== OIDCClient 
-
-OIDCClient describes the configuration of an OIDC client.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientlist[$$OIDCClientList$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
-
-| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientspec[$$OIDCClientSpec$$]__ | Spec of the OIDC client.
-| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientstatus[$$OIDCClientStatus$$]__ | Status of the OIDC client.
-|===
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclientspec"]
-==== OIDCClientSpec 
-
-OIDCClientSpec is a struct that describes an OIDC Client.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-oauth-v1alpha1-oidcclient[$$OIDCClient$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`allowedRedirectURIs`* __string array__ | allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this client. Any other uris will be rejected. Must be https, unless it is a loopback.
-| *`allowedGrantTypes`* __GrantType array__ | allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this client. 
- Must only contain the following values: - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to   authenticate users. This grant must always be listed. - refresh_token: allows the client to perform refresh grants for the user to extend the user's session.   This grant must be listed if allowedScopes lists offline_access. - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   This grant must be listed if allowedScopes lists pinniped:request-audience.
-| *`allowedScopes`* __Scope array__ | allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client. 
- Must only contain the following values: - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat).   This scope must always be listed. - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow.   This scope must be listed if allowedGrantTypes lists refresh_token. - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange,   which is a step in the process to be able to get a cluster credential for the user.   openid, username and groups scopes must be listed when this scope is present.   This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange. - username: The client is allowed to request that ID tokens contain the user's username.   Without the username scope being requested and allowed, the ID token will not contain the user's username. - groups: The client is allowed to request that ID tokens contain the user's group membership,   if their group membership is discoverable by the Supervisor.   Without the groups scope being requested and allowed, the ID token will not contain groups.
-|===
-
-
-
-
-
-[id="{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-oauth"]
-=== oauth.virtual.supervisor.pinniped.dev/oauth
-
-Package oauth is the internal version of the Pinniped virtual oauth API.
-
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-oidcclientsecretrequestspec"]
-==== OIDCClientSecretRequestSpec 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generateNewSecret`* __boolean__ | 
-| *`revokeOldSecrets`* __boolean__ | 
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-oidcclientsecretrequeststatus"]
-==== OIDCClientSecretRequestStatus 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generatedSecret`* __string__ | 
-| *`totalClientSecrets`* __integer__ | 
-|===
-
-
-
-[id="{anchor_prefix}-oauth-virtual-supervisor-pinniped-dev-v1alpha1"]
-=== oauth.virtual.supervisor.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped virtual oauth API.
-
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequestspec"]
-==== OIDCClientSecretRequestSpec 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generateNewSecret`* __boolean__ | 
-| *`revokeOldSecrets`* __boolean__ | 
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequeststatus"]
-==== OIDCClientSecretRequestStatus 
-
-
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-virtual-oauth-v1alpha1-oidcclientsecretrequest[$$OIDCClientSecretRequest$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`generatedSecret`* __string__ | 
-| *`totalClientSecrets`* __integer__ | 
-|===
-
-

generated/1.18/apis/supervisor/clientsecret/doc.go

@@ -0,0 +1,8 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=clientsecret.supervisor.pinniped.dev
+
+// Package clientsecret is the internal version of the Pinniped client secret API.
+package clientsecret

generated/1.18/apis/supervisor/clientsecret/register.go

@@ -1,14 +1,14 @@
 // Copyright 2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-package oauth
+package clientsecret
 
 import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "oauth.virtual.supervisor.pinniped.dev"
+const GroupName = "clientsecret.supervisor.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

generated/1.18/apis/supervisor/clientsecret/types_oidcclientsecretrequest.go

@@ -1,7 +1,7 @@
 // Copyright 2022 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-package oauth
+package clientsecret
 
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 

generated/1.18/apis/supervisor/clientsecret/v1alpha1/doc.go

@@ -3,9 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/supervisor/virtual/oauth
+// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=oauth.virtual.supervisor.pinniped.dev
+// +groupName=clientsecret.supervisor.pinniped.dev
 
-// Package v1alpha1 is the v1alpha1 version of the Pinniped virtual oauth API.
+// Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
 package v1alpha1

generated/1.18/apis/supervisor/clientsecret/v1alpha1/register.go

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "oauth.virtual.supervisor.pinniped.dev"
+const GroupName = "clientsecret.supervisor.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

generated/1.18/apis/supervisor/clientsecret/v1alpha1/zz_generated.conversion.go

@@ -0,0 +1,131 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Code generated by conversion-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	clientsecret "go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret"
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+func init() {
+	localSchemeBuilder.Register(RegisterConversions)
+}
+
+// RegisterConversions adds conversion functions to the given scheme.
+// Public to allow building arbitrary schemes.
+func RegisterConversions(s *runtime.Scheme) error {
+	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequest)(nil), (*clientsecret.OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(a.(*OIDCClientSecretRequest), b.(*clientsecret.OIDCClientSecretRequest), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequest)(nil), (*OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(a.(*clientsecret.OIDCClientSecretRequest), b.(*OIDCClientSecretRequest), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestSpec)(nil), (*OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(a.(*clientsecret.OIDCClientSecretRequestSpec), b.(*OIDCClientSecretRequestSpec), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestStatus)(nil), (*clientsecret.OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(a.(*OIDCClientSecretRequestStatus), b.(*clientsecret.OIDCClientSecretRequestStatus), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestStatus)(nil), (*OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(a.(*clientsecret.OIDCClientSecretRequestStatus), b.(*OIDCClientSecretRequestStatus), scope)
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest is an autogenerated conversion function.
+func Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
+	return autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in, out, s)
+}
+
+func autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
+	out.ObjectMeta = in.ObjectMeta
+	if err := Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
+		return err
+	}
+	if err := Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest is an autogenerated conversion function.
+func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
+	return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
+}
+
+func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	out.GenerateNewSecret = in.GenerateNewSecret
+	out.RevokeOldSecrets = in.RevokeOldSecrets
+	return nil
+}
+
+// Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec is an autogenerated conversion function.
+func Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	return autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in, out, s)
+}
+
+func autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	out.GenerateNewSecret = in.GenerateNewSecret
+	out.RevokeOldSecrets = in.RevokeOldSecrets
+	return nil
+}
+
+// Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec is an autogenerated conversion function.
+func Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
+	return autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in, out, s)
+}
+
+func autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	out.GeneratedSecret = in.GeneratedSecret
+	out.TotalClientSecrets = in.TotalClientSecrets
+	return nil
+}
+
+// Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus is an autogenerated conversion function.
+func Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	return autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in, out, s)
+}
+
+func autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	out.GeneratedSecret = in.GeneratedSecret
+	out.TotalClientSecrets = in.TotalClientSecrets
+	return nil
+}
+
+// Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus is an autogenerated conversion function.
+func Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
+	return autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in, out, s)
+}

generated/1.18/apis/supervisor/clientsecret/zz_generated.deepcopy.go

@@ -6,7 +6,7 @@
 
 // Code generated by deepcopy-gen. DO NOT EDIT.
 
-package oauth
+package clientsecret
 
 import (
 	runtime "k8s.io/apimachinery/pkg/runtime"

generated/1.18/apis/supervisor/config/v1alpha1/register.go

@@ -32,6 +32,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&FederationDomain{},
 		&FederationDomainList{},
+		&OIDCClient{},
+		&OIDCClientList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go

@@ -150,3 +150,111 @@ func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
 	in.DeepCopyInto(out)
 	return out
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	out.Status = in.Status
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
+func (in *OIDCClient) DeepCopy() *OIDCClient {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClient)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OIDCClient) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]OIDCClient, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
+func (in *OIDCClientList) DeepCopy() *OIDCClientList {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OIDCClientList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
+	*out = *in
+	if in.AllowedRedirectURIs != nil {
+		in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.AllowedGrantTypes != nil {
+		in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
+		*out = make([]GrantType, len(*in))
+		copy(*out, *in)
+	}
+	if in.AllowedScopes != nil {
+		in, out := &in.AllowedScopes, &out.AllowedScopes
+		*out = make([]Scope, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
+func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
+func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(OIDCClientStatus)
+	in.DeepCopyInto(out)
+	return out
+}

generated/1.18/apis/supervisor/oauth/v1alpha1/doc.go

@@ -1,10 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-// +k8s:defaulter-gen=TypeMeta
-// +groupName=oauth.supervisor.pinniped.dev
-
-// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor oauth API.
-package v1alpha1

generated/1.18/apis/supervisor/oauth/v1alpha1/register.go

@@ -1,43 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-const GroupName = "oauth.supervisor.pinniped.dev"
-
-// SchemeGroupVersion is group version used to register these objects.
-var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
-
-var (
-	SchemeBuilder      runtime.SchemeBuilder
-	localSchemeBuilder = &SchemeBuilder
-	AddToScheme        = localSchemeBuilder.AddToScheme
-)
-
-func init() {
-	// We only register manually written functions here. The registration of the
-	// generated functions takes place in the generated files. The separation
-	// makes the code compile even when the generated files are missing.
-	localSchemeBuilder.Register(addKnownTypes)
-}
-
-// Adds the list of known types to the given scheme.
-func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(SchemeGroupVersion,
-		&OIDCClient{},
-		&OIDCClientList{},
-	)
-	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
-	return nil
-}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource.
-func Resource(resource string) schema.GroupResource {
-	return SchemeGroupVersion.WithResource(resource).GroupResource()
-}

generated/1.18/apis/supervisor/oauth/v1alpha1/zz_generated.deepcopy.go

@@ -1,121 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	out.Status = in.Status
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
-func (in *OIDCClient) DeepCopy() *OIDCClient {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClient)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *OIDCClient) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]OIDCClient, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
-func (in *OIDCClientList) DeepCopy() *OIDCClientList {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *OIDCClientList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
-	*out = *in
-	if in.AllowedRedirectURIs != nil {
-		in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.AllowedGrantTypes != nil {
-		in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
-		*out = make([]GrantType, len(*in))
-		copy(*out, *in)
-	}
-	if in.AllowedScopes != nil {
-		in, out := &in.AllowedScopes, &out.AllowedScopes
-		*out = make([]Scope, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
-func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
-func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientStatus)
-	in.DeepCopyInto(out)
-	return out
-}

generated/1.18/apis/supervisor/virtual/oauth/doc.go

@@ -1,8 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=oauth.virtual.supervisor.pinniped.dev
-
-// Package oauth is the internal version of the Pinniped virtual oauth API.
-package oauth

generated/1.18/apis/supervisor/virtual/oauth/v1alpha1/zz_generated.conversion.go

@@ -1,131 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	oauth "go.pinniped.dev/generated/1.18/apis/supervisor/virtual/oauth"
-	conversion "k8s.io/apimachinery/pkg/conversion"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-func init() {
-	localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequest)(nil), (*oauth.OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(a.(*OIDCClientSecretRequest), b.(*oauth.OIDCClientSecretRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*oauth.OIDCClientSecretRequest)(nil), (*OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(a.(*oauth.OIDCClientSecretRequest), b.(*OIDCClientSecretRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*oauth.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*oauth.OIDCClientSecretRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*oauth.OIDCClientSecretRequestSpec)(nil), (*OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(a.(*oauth.OIDCClientSecretRequestSpec), b.(*OIDCClientSecretRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestStatus)(nil), (*oauth.OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(a.(*OIDCClientSecretRequestStatus), b.(*oauth.OIDCClientSecretRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*oauth.OIDCClientSecretRequestStatus)(nil), (*OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(a.(*oauth.OIDCClientSecretRequestStatus), b.(*OIDCClientSecretRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *oauth.OIDCClientSecretRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *oauth.OIDCClientSecretRequest, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequest_To_oauth_OIDCClientSecretRequest(in, out, s)
-}
-
-func autoConvert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *oauth.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest is an autogenerated conversion function.
-func Convert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *oauth.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
-	return autoConvert_oauth_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *oauth.OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	out.GenerateNewSecret = in.GenerateNewSecret
-	out.RevokeOldSecrets = in.RevokeOldSecrets
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *oauth.OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_oauth_OIDCClientSecretRequestSpec(in, out, s)
-}
-
-func autoConvert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *oauth.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	out.GenerateNewSecret = in.GenerateNewSecret
-	out.RevokeOldSecrets = in.RevokeOldSecrets
-	return nil
-}
-
-// Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec is an autogenerated conversion function.
-func Convert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *oauth.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	return autoConvert_oauth_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *oauth.OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	out.GeneratedSecret = in.GeneratedSecret
-	out.TotalClientSecrets = in.TotalClientSecrets
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *oauth.OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_oauth_OIDCClientSecretRequestStatus(in, out, s)
-}
-
-func autoConvert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *oauth.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	out.GeneratedSecret = in.GeneratedSecret
-	out.TotalClientSecrets = in.TotalClientSecrets
-	return nil
-}
-
-// Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus is an autogenerated conversion function.
-func Convert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *oauth.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	return autoConvert_oauth_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in, out, s)
-}

generated/1.18/client/supervisor/clientset/versioned/clientset.go

@@ -8,9 +8,9 @@ package versioned
 import (
 	"fmt"
 
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
 	flowcontrol "k8s.io/client-go/util/flowcontrol"
@@ -18,18 +18,23 @@ import (
 
 type Interface interface {
 	Discovery() discovery.DiscoveryInterface
+	ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface
 	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
 	IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
-	OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface
 }
 
 // Clientset contains the clients for groups. Each group has exactly one
 // version included in a Clientset.
 type Clientset struct {
 	*discovery.DiscoveryClient
-	configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
+	clientsecretV1alpha1 *clientsecretv1alpha1.ClientsecretV1alpha1Client
-	iDPV1alpha1    *idpv1alpha1.IDPV1alpha1Client
+	configV1alpha1       *configv1alpha1.ConfigV1alpha1Client
-	oauthV1alpha1  *oauthv1alpha1.OauthV1alpha1Client
+	iDPV1alpha1          *idpv1alpha1.IDPV1alpha1Client
+}
+
+// ClientsecretV1alpha1 retrieves the ClientsecretV1alpha1Client
+func (c *Clientset) ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface {
+	return c.clientsecretV1alpha1
 }
 
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
@@ -42,11 +47,6 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
 	return c.iDPV1alpha1
 }
 
-// OauthV1alpha1 retrieves the OauthV1alpha1Client
-func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
-	return c.oauthV1alpha1
-}
-
 // Discovery retrieves the DiscoveryClient
 func (c *Clientset) Discovery() discovery.DiscoveryInterface {
 	if c == nil {
@@ -68,6 +68,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	}
 	var cs Clientset
 	var err error
+	cs.clientsecretV1alpha1, err = clientsecretv1alpha1.NewForConfig(&configShallowCopy)
+	if err != nil {
+		return nil, err
+	}
 	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
@@ -76,10 +80,6 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	if err != nil {
 		return nil, err
 	}
-	cs.oauthV1alpha1, err = oauthv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
 
 	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
 	if err != nil {
@@ -92,9 +92,9 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 // panics if there is an error in the config.
 func NewForConfigOrDie(c *rest.Config) *Clientset {
 	var cs Clientset
+	cs.clientsecretV1alpha1 = clientsecretv1alpha1.NewForConfigOrDie(c)
 	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
 	cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
-	cs.oauthV1alpha1 = oauthv1alpha1.NewForConfigOrDie(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
 	return &cs
@@ -103,9 +103,9 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
 // New creates a new Clientset for the given RESTClient.
 func New(c rest.Interface) *Clientset {
 	var cs Clientset
+	cs.clientsecretV1alpha1 = clientsecretv1alpha1.New(c)
 	cs.configV1alpha1 = configv1alpha1.New(c)
 	cs.iDPV1alpha1 = idpv1alpha1.New(c)
-	cs.oauthV1alpha1 = oauthv1alpha1.New(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
 	return &cs

generated/1.18/client/supervisor/clientset/versioned/fake/clientset_generated.go

@@ -7,12 +7,12 @@ package fake
 
 import (
 	clientset "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned"
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
+	fakeclientsecretv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1"
 	fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
 	idpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
 	fakeidpv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1"
-	fakeoauthv1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/typed/oauth/v1alpha1/fake"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/discovery"
@@ -67,6 +67,11 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
 
 var _ clientset.Interface = &Clientset{}
 
+// ClientsecretV1alpha1 retrieves the ClientsecretV1alpha1Client
+func (c *Clientset) ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface {
+	return &fakeclientsecretv1alpha1.FakeClientsecretV1alpha1{Fake: &c.Fake}
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
@@ -76,8 +81,3 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
 	return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
 }
-
-// OauthV1alpha1 retrieves the OauthV1alpha1Client
-func (c *Clientset) OauthV1alpha1() oauthv1alpha1.OauthV1alpha1Interface {
-	return &fakeoauthv1alpha1.FakeOauthV1alpha1{Fake: &c.Fake}
-}

generated/1.18/client/supervisor/clientset/versioned/fake/register.go

@@ -6,9 +6,9 @@
 package fake
 
 import (
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -20,9 +20,9 @@ var scheme = runtime.NewScheme()
 var codecs = serializer.NewCodecFactory(scheme)
 var parameterCodec = runtime.NewParameterCodec(scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	clientsecretv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
 	idpv1alpha1.AddToScheme,
-	oauthv1alpha1.AddToScheme,
 }
 
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition

generated/1.18/client/supervisor/clientset/versioned/scheme/register.go

@@ -6,9 +6,9 @@
 package scheme
 
 import (
+	clientsecretv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1"
 	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/idp/v1alpha1"
-	oauthv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/oauth/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -20,9 +20,9 @@ var Scheme = runtime.NewScheme()
 var Codecs = serializer.NewCodecFactory(Scheme)
 var ParameterCodec = runtime.NewParameterCodec(Scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	clientsecretv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
 	idpv1alpha1.AddToScheme,
-	oauthv1alpha1.AddToScheme,
 }
 
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition

generated/1.18/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/clientsecret_client.go

@@ -6,27 +6,27 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/virtual/oauth/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret/v1alpha1"
-	"go.pinniped.dev/generated/1.19/client/supervisor/virtual/clientset/versioned/scheme"
+	"go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 
-type OauthV1alpha1Interface interface {
+type ClientsecretV1alpha1Interface interface {
 	RESTClient() rest.Interface
 	OIDCClientSecretRequestsGetter
 }
 
-// OauthV1alpha1Client is used to interact with features provided by the oauth.virtual.supervisor.pinniped.dev group.
+// ClientsecretV1alpha1Client is used to interact with features provided by the clientsecret.supervisor.pinniped.dev group.
-type OauthV1alpha1Client struct {
+type ClientsecretV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *OauthV1alpha1Client) OIDCClientSecretRequests(namespace string) OIDCClientSecretRequestInterface {
+func (c *ClientsecretV1alpha1Client) OIDCClientSecretRequests(namespace string) OIDCClientSecretRequestInterface {
 	return newOIDCClientSecretRequests(c, namespace)
 }
 
-// NewForConfig creates a new OauthV1alpha1Client for the given config.
+// NewForConfig creates a new ClientsecretV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
+func NewForConfig(c *rest.Config) (*ClientsecretV1alpha1Client, error) {
 	config := *c
 	if err := setConfigDefaults(&config); err != nil {
 		return nil, err
@@ -35,12 +35,12 @@ func NewForConfig(c *rest.Config) (*OauthV1alpha1Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &OauthV1alpha1Client{client}, nil
+	return &ClientsecretV1alpha1Client{client}, nil
 }
 
-// NewForConfigOrDie creates a new OauthV1alpha1Client for the given config and
+// NewForConfigOrDie creates a new ClientsecretV1alpha1Client for the given config and
 // panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
+func NewForConfigOrDie(c *rest.Config) *ClientsecretV1alpha1Client {
 	client, err := NewForConfig(c)
 	if err != nil {
 		panic(err)
@@ -48,9 +48,9 @@ func NewForConfigOrDie(c *rest.Config) *OauthV1alpha1Client {
 	return client
 }
 
-// New creates a new OauthV1alpha1Client for the given RESTClient.
+// New creates a new ClientsecretV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *OauthV1alpha1Client {
+func New(c rest.Interface) *ClientsecretV1alpha1Client {
-	return &OauthV1alpha1Client{c}
+	return &ClientsecretV1alpha1Client{c}
 }
 
 func setConfigDefaults(config *rest.Config) error {
@@ -68,7 +68,7 @@ func setConfigDefaults(config *rest.Config) error {
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *OauthV1alpha1Client) RESTClient() rest.Interface {
+func (c *ClientsecretV1alpha1Client) RESTClient() rest.Interface {
 	if c == nil {
 		return nil
 	}