Merge pull request #1646 from vmware-tanzu/jtc/support-k8s-1-21-and-up
Remove generated code prior to K8s 1.21
This commit is contained in:
commit
a42e3edf56
1778
generated/1.17/README.adoc
generated
1778
generated/1.17/README.adoc
generated
File diff suppressed because it is too large
Load Diff
@ -1,10 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=authentication.concierge.pinniped.dev
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
|
|
||||||
package v1alpha1
|
|
@ -1,45 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "authentication.concierge.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&WebhookAuthenticator{},
|
|
||||||
&WebhookAuthenticatorList{},
|
|
||||||
&JWTAuthenticator{},
|
|
||||||
&JWTAuthenticatorList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,85 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// Status of a JWT authenticator.
|
|
||||||
type JWTAuthenticatorStatus struct {
|
|
||||||
// Represents the observations of the authenticator's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring a JWT authenticator.
|
|
||||||
type JWTAuthenticatorSpec struct {
|
|
||||||
// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
|
|
||||||
// also used to validate the "iss" JWT claim.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Issuer string `json:"issuer"`
|
|
||||||
|
|
||||||
// Audience is the required value of the "aud" JWT claim.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Audience string `json:"audience"`
|
|
||||||
|
|
||||||
// Claims allows customization of the claims that will be mapped to user identity
|
|
||||||
// for Kubernetes access.
|
|
||||||
// +optional
|
|
||||||
Claims JWTTokenClaims `json:"claims"`
|
|
||||||
|
|
||||||
// TLS configuration for communicating with the OIDC provider.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTTokenClaims allows customization of the claims that will be mapped to user identity
|
|
||||||
// for Kubernetes access.
|
|
||||||
type JWTTokenClaims struct {
|
|
||||||
// Groups is the name of the claim which should be read to extract the user's
|
|
||||||
// group membership from the JWT token. When not specified, it will default to "groups".
|
|
||||||
// +optional
|
|
||||||
Groups string `json:"groups"`
|
|
||||||
|
|
||||||
// Username is the name of the claim which should be read to extract the
|
|
||||||
// username from the JWT token. When not specified, it will default to "username".
|
|
||||||
// +optional
|
|
||||||
Username string `json:"username"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTAuthenticator describes the configuration of a JWT authenticator.
|
|
||||||
//
|
|
||||||
// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid
|
|
||||||
// signature, existence of claims, etc.) and extract the username and groups from the token.
|
|
||||||
//
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
|
||||||
// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type JWTAuthenticator struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the authenticator.
|
|
||||||
Spec JWTAuthenticatorSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the authenticator.
|
|
||||||
Status JWTAuthenticatorStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of JWTAuthenticator objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type JWTAuthenticatorList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []JWTAuthenticator `json:"items"`
|
|
||||||
}
|
|
@ -1,75 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// ConditionStatus is effectively an enum type for Condition.Status.
|
|
||||||
type ConditionStatus string
|
|
||||||
|
|
||||||
// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
|
|
||||||
// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
|
|
||||||
// can't decide if a resource is in the condition or not. In the future, we could add other
|
|
||||||
// intermediate conditions, e.g. ConditionDegraded.
|
|
||||||
const (
|
|
||||||
ConditionTrue ConditionStatus = "True"
|
|
||||||
ConditionFalse ConditionStatus = "False"
|
|
||||||
ConditionUnknown ConditionStatus = "Unknown"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
|
|
||||||
// version we can switch to using the upstream type.
|
|
||||||
// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
|
|
||||||
type Condition struct {
|
|
||||||
// type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
// ---
|
|
||||||
// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
|
|
||||||
// useful (see .node.status.conditions), the ability to deconflict is important.
|
|
||||||
// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
|
|
||||||
// +kubebuilder:validation:MaxLength=316
|
|
||||||
Type string `json:"type"`
|
|
||||||
|
|
||||||
// status of the condition, one of True, False, Unknown.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Enum=True;False;Unknown
|
|
||||||
Status ConditionStatus `json:"status"`
|
|
||||||
|
|
||||||
// observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
// with respect to the current state of the instance.
|
|
||||||
// +optional
|
|
||||||
// +kubebuilder:validation:Minimum=0
|
|
||||||
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
|
|
||||||
|
|
||||||
// lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
// This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Type=string
|
|
||||||
// +kubebuilder:validation:Format=date-time
|
|
||||||
LastTransitionTime metav1.Time `json:"lastTransitionTime"`
|
|
||||||
|
|
||||||
// reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
// Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
// and whether the values are considered a guaranteed API.
|
|
||||||
// The value should be a CamelCase string.
|
|
||||||
// This field may not be empty.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:MaxLength=1024
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
|
|
||||||
Reason string `json:"reason"`
|
|
||||||
|
|
||||||
// message is a human readable message indicating details about the transition.
|
|
||||||
// This may be an empty string.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:MaxLength=32768
|
|
||||||
Message string `json:"message"`
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
// Configuration for configuring TLS on various authenticators.
|
|
||||||
type TLSSpec struct {
|
|
||||||
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
|
||||||
// +optional
|
|
||||||
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
|
||||||
}
|
|
@ -1,56 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// Status of a webhook authenticator.
|
|
||||||
type WebhookAuthenticatorStatus struct {
|
|
||||||
// Represents the observations of the authenticator's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring a webhook authenticator.
|
|
||||||
type WebhookAuthenticatorSpec struct {
|
|
||||||
// Webhook server endpoint URL.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Endpoint string `json:"endpoint"`
|
|
||||||
|
|
||||||
// TLS configuration.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// WebhookAuthenticator describes the configuration of a webhook authenticator.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type WebhookAuthenticator struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the authenticator.
|
|
||||||
Spec WebhookAuthenticatorSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the authenticator.
|
|
||||||
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of WebhookAuthenticator objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WebhookAuthenticatorList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []WebhookAuthenticator `json:"items"`
|
|
||||||
}
|
|
@ -1,273 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *Condition) DeepCopyInto(out *Condition) {
|
|
||||||
*out = *in
|
|
||||||
in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
|
|
||||||
func (in *Condition) DeepCopy() *Condition {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(Condition)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.
|
|
||||||
func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(JWTAuthenticator)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *JWTAuthenticator) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *JWTAuthenticatorList) DeepCopyInto(out *JWTAuthenticatorList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]JWTAuthenticator, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorList.
|
|
||||||
func (in *JWTAuthenticatorList) DeepCopy() *JWTAuthenticatorList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(JWTAuthenticatorList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *JWTAuthenticatorList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *JWTAuthenticatorSpec) DeepCopyInto(out *JWTAuthenticatorSpec) {
|
|
||||||
*out = *in
|
|
||||||
out.Claims = in.Claims
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(TLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorSpec.
|
|
||||||
func (in *JWTAuthenticatorSpec) DeepCopy() *JWTAuthenticatorSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(JWTAuthenticatorSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *JWTAuthenticatorStatus) DeepCopyInto(out *JWTAuthenticatorStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Conditions != nil {
|
|
||||||
in, out := &in.Conditions, &out.Conditions
|
|
||||||
*out = make([]Condition, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorStatus.
|
|
||||||
func (in *JWTAuthenticatorStatus) DeepCopy() *JWTAuthenticatorStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(JWTAuthenticatorStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *JWTTokenClaims) DeepCopyInto(out *JWTTokenClaims) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTTokenClaims.
|
|
||||||
func (in *JWTTokenClaims) DeepCopy() *JWTTokenClaims {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(JWTTokenClaims)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TLSSpec) DeepCopyInto(out *TLSSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
|
|
||||||
func (in *TLSSpec) DeepCopy() *TLSSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TLSSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WebhookAuthenticator) DeepCopyInto(out *WebhookAuthenticator) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticator.
|
|
||||||
func (in *WebhookAuthenticator) DeepCopy() *WebhookAuthenticator {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WebhookAuthenticator)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *WebhookAuthenticator) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WebhookAuthenticatorList) DeepCopyInto(out *WebhookAuthenticatorList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]WebhookAuthenticator, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorList.
|
|
||||||
func (in *WebhookAuthenticatorList) DeepCopy() *WebhookAuthenticatorList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WebhookAuthenticatorList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *WebhookAuthenticatorList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WebhookAuthenticatorSpec) DeepCopyInto(out *WebhookAuthenticatorSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(TLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorSpec.
|
|
||||||
func (in *WebhookAuthenticatorSpec) DeepCopy() *WebhookAuthenticatorSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WebhookAuthenticatorSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WebhookAuthenticatorStatus) DeepCopyInto(out *WebhookAuthenticatorStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Conditions != nil {
|
|
||||||
in, out := &in.Conditions, &out.Conditions
|
|
||||||
*out = make([]Condition, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorStatus.
|
|
||||||
func (in *WebhookAuthenticatorStatus) DeepCopy() *WebhookAuthenticatorStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WebhookAuthenticatorStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
10
generated/1.17/apis/concierge/config/v1alpha1/doc.go
generated
10
generated/1.17/apis/concierge/config/v1alpha1/doc.go
generated
@ -1,10 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=config.concierge.pinniped.dev
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration API.
|
|
||||||
package v1alpha1
|
|
@ -1,43 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "config.concierge.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&CredentialIssuer{},
|
|
||||||
&CredentialIssuerList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,273 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// StrategyType enumerates a type of "strategy" used to implement credential access on a cluster.
|
|
||||||
// +kubebuilder:validation:Enum=KubeClusterSigningCertificate;ImpersonationProxy
|
|
||||||
type StrategyType string
|
|
||||||
|
|
||||||
// FrontendType enumerates a type of "frontend" used to provide access to users of a cluster.
|
|
||||||
// +kubebuilder:validation:Enum=TokenCredentialRequestAPI;ImpersonationProxy
|
|
||||||
type FrontendType string
|
|
||||||
|
|
||||||
// StrategyStatus enumerates whether a strategy is working on a cluster.
|
|
||||||
// +kubebuilder:validation:Enum=Success;Error
|
|
||||||
type StrategyStatus string
|
|
||||||
|
|
||||||
// StrategyReason enumerates the detailed reason why a strategy is in a particular status.
|
|
||||||
// +kubebuilder:validation:Enum=Listening;Pending;Disabled;ErrorDuringSetup;CouldNotFetchKey;CouldNotGetClusterInfo;FetchedKey
|
|
||||||
type StrategyReason string
|
|
||||||
|
|
||||||
const (
|
|
||||||
KubeClusterSigningCertificateStrategyType = StrategyType("KubeClusterSigningCertificate")
|
|
||||||
ImpersonationProxyStrategyType = StrategyType("ImpersonationProxy")
|
|
||||||
|
|
||||||
TokenCredentialRequestAPIFrontendType = FrontendType("TokenCredentialRequestAPI")
|
|
||||||
ImpersonationProxyFrontendType = FrontendType("ImpersonationProxy")
|
|
||||||
|
|
||||||
SuccessStrategyStatus = StrategyStatus("Success")
|
|
||||||
ErrorStrategyStatus = StrategyStatus("Error")
|
|
||||||
|
|
||||||
ListeningStrategyReason = StrategyReason("Listening")
|
|
||||||
PendingStrategyReason = StrategyReason("Pending")
|
|
||||||
DisabledStrategyReason = StrategyReason("Disabled")
|
|
||||||
ErrorDuringSetupStrategyReason = StrategyReason("ErrorDuringSetup")
|
|
||||||
CouldNotFetchKeyStrategyReason = StrategyReason("CouldNotFetchKey")
|
|
||||||
CouldNotGetClusterInfoStrategyReason = StrategyReason("CouldNotGetClusterInfo")
|
|
||||||
FetchedKeyStrategyReason = StrategyReason("FetchedKey")
|
|
||||||
)
|
|
||||||
|
|
||||||
// CredentialIssuerSpec describes the intended configuration of the Concierge.
|
|
||||||
type CredentialIssuerSpec struct {
|
|
||||||
// ImpersonationProxy describes the intended configuration of the Concierge impersonation proxy.
|
|
||||||
ImpersonationProxy *ImpersonationProxySpec `json:"impersonationProxy"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ImpersonationProxyMode enumerates the configuration modes for the impersonation proxy.
|
|
||||||
//
|
|
||||||
// +kubebuilder:validation:Enum=auto;enabled;disabled
|
|
||||||
type ImpersonationProxyMode string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// ImpersonationProxyModeDisabled explicitly disables the impersonation proxy.
|
|
||||||
ImpersonationProxyModeDisabled = ImpersonationProxyMode("disabled")
|
|
||||||
|
|
||||||
// ImpersonationProxyModeEnabled explicitly enables the impersonation proxy.
|
|
||||||
ImpersonationProxyModeEnabled = ImpersonationProxyMode("enabled")
|
|
||||||
|
|
||||||
// ImpersonationProxyModeAuto enables or disables the impersonation proxy based upon the cluster in which it is running.
|
|
||||||
ImpersonationProxyModeAuto = ImpersonationProxyMode("auto")
|
|
||||||
)
|
|
||||||
|
|
||||||
// ImpersonationProxyServiceType enumerates the types of service that can be provisioned for the impersonation proxy.
|
|
||||||
//
|
|
||||||
// +kubebuilder:validation:Enum=LoadBalancer;ClusterIP;None
|
|
||||||
type ImpersonationProxyServiceType string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// ImpersonationProxyServiceTypeLoadBalancer provisions a service of type LoadBalancer.
|
|
||||||
ImpersonationProxyServiceTypeLoadBalancer = ImpersonationProxyServiceType("LoadBalancer")
|
|
||||||
|
|
||||||
// ImpersonationProxyServiceTypeClusterIP provisions a service of type ClusterIP.
|
|
||||||
ImpersonationProxyServiceTypeClusterIP = ImpersonationProxyServiceType("ClusterIP")
|
|
||||||
|
|
||||||
// ImpersonationProxyServiceTypeNone does not automatically provision any service.
|
|
||||||
ImpersonationProxyServiceTypeNone = ImpersonationProxyServiceType("None")
|
|
||||||
)
|
|
||||||
|
|
||||||
// ImpersonationProxyTLSSpec contains information about how the Concierge impersonation proxy should
|
|
||||||
// serve TLS.
|
|
||||||
//
|
|
||||||
// If CertificateAuthorityData is not provided, the Concierge impersonation proxy will check the secret
|
|
||||||
// for a field called "ca.crt", which will be used as the CertificateAuthorityData.
|
|
||||||
//
|
|
||||||
// If neither CertificateAuthorityData nor ca.crt is provided, no CA bundle will be advertised for
|
|
||||||
// the impersonation proxy endpoint.
|
|
||||||
type ImpersonationProxyTLSSpec struct {
|
|
||||||
// X.509 Certificate Authority (base64-encoded PEM bundle).
|
|
||||||
// Used to advertise the CA bundle for the impersonation proxy endpoint.
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
|
||||||
|
|
||||||
// SecretName is the name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
|
|
||||||
// the TLS serving certificate for the Concierge impersonation proxy endpoint.
|
|
||||||
//
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
SecretName string `json:"secretName,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ImpersonationProxySpec describes the intended configuration of the Concierge impersonation proxy.
|
|
||||||
type ImpersonationProxySpec struct {
|
|
||||||
// Mode configures whether the impersonation proxy should be started:
|
|
||||||
// - "disabled" explicitly disables the impersonation proxy. This is the default.
|
|
||||||
// - "enabled" explicitly enables the impersonation proxy.
|
|
||||||
// - "auto" enables or disables the impersonation proxy based upon the cluster in which it is running.
|
|
||||||
Mode ImpersonationProxyMode `json:"mode"`
|
|
||||||
|
|
||||||
// Service describes the configuration of the Service provisioned to expose the impersonation proxy to clients.
|
|
||||||
//
|
|
||||||
// +kubebuilder:default:={"type": "LoadBalancer"}
|
|
||||||
Service ImpersonationProxyServiceSpec `json:"service"`
|
|
||||||
|
|
||||||
// ExternalEndpoint describes the HTTPS endpoint where the proxy will be exposed. If not set, the proxy will
|
|
||||||
// be served using the external name of the LoadBalancer service or the cluster service DNS name.
|
|
||||||
//
|
|
||||||
// This field must be non-empty when spec.impersonationProxy.service.type is "None".
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
ExternalEndpoint string `json:"externalEndpoint,omitempty"`
|
|
||||||
|
|
||||||
// TLS contains information about how the Concierge impersonation proxy should serve TLS.
|
|
||||||
//
|
|
||||||
// If this field is empty, the impersonation proxy will generate its own TLS certificate.
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
TLS *ImpersonationProxyTLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ImpersonationProxyServiceSpec describes how the Concierge should provision a Service to expose the impersonation proxy.
|
|
||||||
type ImpersonationProxyServiceSpec struct {
|
|
||||||
// Type specifies the type of Service to provision for the impersonation proxy.
|
|
||||||
//
|
|
||||||
// If the type is "None", then the "spec.impersonationProxy.externalEndpoint" field must be set to a non-empty
|
|
||||||
// value so that the Concierge can properly advertise the endpoint in the CredentialIssuer's status.
|
|
||||||
//
|
|
||||||
// +kubebuilder:default:="LoadBalancer"
|
|
||||||
Type ImpersonationProxyServiceType `json:"type,omitempty"`
|
|
||||||
|
|
||||||
// LoadBalancerIP specifies the IP address to set in the spec.loadBalancerIP field of the provisioned Service.
|
|
||||||
// This is not supported on all cloud providers.
|
|
||||||
//
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:MaxLength=255
|
|
||||||
// +optional
|
|
||||||
LoadBalancerIP string `json:"loadBalancerIP,omitempty"`
|
|
||||||
|
|
||||||
// Annotations specifies zero or more key/value pairs to set as annotations on the provisioned Service.
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
Annotations map[string]string `json:"annotations,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuerStatus describes the status of the Concierge.
|
|
||||||
type CredentialIssuerStatus struct {
|
|
||||||
// List of integration strategies that were attempted by Pinniped.
|
|
||||||
Strategies []CredentialIssuerStrategy `json:"strategies"`
|
|
||||||
|
|
||||||
// Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|
|
||||||
// This field is deprecated and will be removed in a future version.
|
|
||||||
// +optional
|
|
||||||
KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuerKubeConfigInfo provides the information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|
|
||||||
// This type is deprecated and will be removed in a future version.
|
|
||||||
type CredentialIssuerKubeConfigInfo struct {
|
|
||||||
// The K8s API server URL.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://|^http://`
|
|
||||||
Server string `json:"server"`
|
|
||||||
|
|
||||||
// The K8s API server CA bundle.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
CertificateAuthorityData string `json:"certificateAuthorityData"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuerStrategy describes the status of an integration strategy that was attempted by Pinniped.
|
|
||||||
type CredentialIssuerStrategy struct {
|
|
||||||
// Type of integration attempted.
|
|
||||||
Type StrategyType `json:"type"`
|
|
||||||
|
|
||||||
// Status of the attempted integration strategy.
|
|
||||||
Status StrategyStatus `json:"status"`
|
|
||||||
|
|
||||||
// Reason for the current status.
|
|
||||||
Reason StrategyReason `json:"reason"`
|
|
||||||
|
|
||||||
// Human-readable description of the current status.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Message string `json:"message"`
|
|
||||||
|
|
||||||
// When the status was last checked.
|
|
||||||
LastUpdateTime metav1.Time `json:"lastUpdateTime"`
|
|
||||||
|
|
||||||
// Frontend describes how clients can connect using this strategy.
|
|
||||||
Frontend *CredentialIssuerFrontend `json:"frontend,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuerFrontend describes how to connect using a particular integration strategy.
|
|
||||||
type CredentialIssuerFrontend struct {
|
|
||||||
// Type describes which frontend mechanism clients can use with a strategy.
|
|
||||||
Type FrontendType `json:"type"`
|
|
||||||
|
|
||||||
// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge.
|
|
||||||
// This field is only set when Type is "TokenCredentialRequestAPI".
|
|
||||||
TokenCredentialRequestAPIInfo *TokenCredentialRequestAPIInfo `json:"tokenCredentialRequestInfo,omitempty"`
|
|
||||||
|
|
||||||
// ImpersonationProxyInfo describes the parameters for the impersonation proxy on this Concierge.
|
|
||||||
// This field is only set when Type is "ImpersonationProxy".
|
|
||||||
ImpersonationProxyInfo *ImpersonationProxyInfo `json:"impersonationProxyInfo,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// TokenCredentialRequestAPIInfo describes the parameters for the TokenCredentialRequest API on this Concierge.
|
|
||||||
type TokenCredentialRequestAPIInfo struct {
|
|
||||||
// Server is the Kubernetes API server URL.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://|^http://`
|
|
||||||
Server string `json:"server"`
|
|
||||||
|
|
||||||
// CertificateAuthorityData is the base64-encoded Kubernetes API server CA bundle.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
CertificateAuthorityData string `json:"certificateAuthorityData"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ImpersonationProxyInfo describes the parameters for the impersonation proxy on this Concierge.
|
|
||||||
type ImpersonationProxyInfo struct {
|
|
||||||
// Endpoint is the HTTPS endpoint of the impersonation proxy.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Endpoint string `json:"endpoint"`
|
|
||||||
|
|
||||||
// CertificateAuthorityData is the base64-encoded PEM CA bundle of the impersonation proxy.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
CertificateAuthorityData string `json:"certificateAuthorityData"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuer describes the configuration and status of the Pinniped Concierge credential issuer.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped,scope=Cluster
|
|
||||||
// +kubebuilder:printcolumn:name="ProxyMode",type=string,JSONPath=`.spec.impersonationProxy.mode`
|
|
||||||
// +kubebuilder:printcolumn:name="DefaultStrategy",type=string,JSONPath=`.status.strategies[?(@.status == "Success")].type`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type CredentialIssuer struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec describes the intended configuration of the Concierge.
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
Spec CredentialIssuerSpec `json:"spec"`
|
|
||||||
|
|
||||||
// CredentialIssuerStatus describes the status of the Concierge.
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
Status CredentialIssuerStatus `json:"status"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuerList is a list of CredentialIssuer objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type CredentialIssuerList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []CredentialIssuer `json:"items"`
|
|
||||||
}
|
|
@ -1,280 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuer) DeepCopyInto(out *CredentialIssuer) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuer.
|
|
||||||
func (in *CredentialIssuer) DeepCopy() *CredentialIssuer {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuer)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *CredentialIssuer) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuerFrontend) DeepCopyInto(out *CredentialIssuerFrontend) {
|
|
||||||
*out = *in
|
|
||||||
if in.TokenCredentialRequestAPIInfo != nil {
|
|
||||||
in, out := &in.TokenCredentialRequestAPIInfo, &out.TokenCredentialRequestAPIInfo
|
|
||||||
*out = new(TokenCredentialRequestAPIInfo)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
if in.ImpersonationProxyInfo != nil {
|
|
||||||
in, out := &in.ImpersonationProxyInfo, &out.ImpersonationProxyInfo
|
|
||||||
*out = new(ImpersonationProxyInfo)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerFrontend.
|
|
||||||
func (in *CredentialIssuerFrontend) DeepCopy() *CredentialIssuerFrontend {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuerFrontend)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerKubeConfigInfo.
|
|
||||||
func (in *CredentialIssuerKubeConfigInfo) DeepCopy() *CredentialIssuerKubeConfigInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuerKubeConfigInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuerList) DeepCopyInto(out *CredentialIssuerList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]CredentialIssuer, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerList.
|
|
||||||
func (in *CredentialIssuerList) DeepCopy() *CredentialIssuerList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuerList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *CredentialIssuerList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuerSpec) DeepCopyInto(out *CredentialIssuerSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.ImpersonationProxy != nil {
|
|
||||||
in, out := &in.ImpersonationProxy, &out.ImpersonationProxy
|
|
||||||
*out = new(ImpersonationProxySpec)
|
|
||||||
(*in).DeepCopyInto(*out)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerSpec.
|
|
||||||
func (in *CredentialIssuerSpec) DeepCopy() *CredentialIssuerSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuerSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Strategies != nil {
|
|
||||||
in, out := &in.Strategies, &out.Strategies
|
|
||||||
*out = make([]CredentialIssuerStrategy, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if in.KubeConfigInfo != nil {
|
|
||||||
in, out := &in.KubeConfigInfo, &out.KubeConfigInfo
|
|
||||||
*out = new(CredentialIssuerKubeConfigInfo)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStatus.
|
|
||||||
func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuerStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) {
|
|
||||||
*out = *in
|
|
||||||
in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime)
|
|
||||||
if in.Frontend != nil {
|
|
||||||
in, out := &in.Frontend, &out.Frontend
|
|
||||||
*out = new(CredentialIssuerFrontend)
|
|
||||||
(*in).DeepCopyInto(*out)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStrategy.
|
|
||||||
func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(CredentialIssuerStrategy)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ImpersonationProxyInfo) DeepCopyInto(out *ImpersonationProxyInfo) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyInfo.
|
|
||||||
func (in *ImpersonationProxyInfo) DeepCopy() *ImpersonationProxyInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ImpersonationProxyInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ImpersonationProxyServiceSpec) DeepCopyInto(out *ImpersonationProxyServiceSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.Annotations != nil {
|
|
||||||
in, out := &in.Annotations, &out.Annotations
|
|
||||||
*out = make(map[string]string, len(*in))
|
|
||||||
for key, val := range *in {
|
|
||||||
(*out)[key] = val
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyServiceSpec.
|
|
||||||
func (in *ImpersonationProxyServiceSpec) DeepCopy() *ImpersonationProxyServiceSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ImpersonationProxyServiceSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ImpersonationProxySpec) DeepCopyInto(out *ImpersonationProxySpec) {
|
|
||||||
*out = *in
|
|
||||||
in.Service.DeepCopyInto(&out.Service)
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(ImpersonationProxyTLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxySpec.
|
|
||||||
func (in *ImpersonationProxySpec) DeepCopy() *ImpersonationProxySpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ImpersonationProxySpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ImpersonationProxyTLSSpec) DeepCopyInto(out *ImpersonationProxyTLSSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImpersonationProxyTLSSpec.
|
|
||||||
func (in *ImpersonationProxyTLSSpec) DeepCopy() *ImpersonationProxyTLSSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ImpersonationProxyTLSSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestAPIInfo) DeepCopyInto(out *TokenCredentialRequestAPIInfo) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestAPIInfo.
|
|
||||||
func (in *TokenCredentialRequestAPIInfo) DeepCopy() *TokenCredentialRequestAPIInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestAPIInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
8
generated/1.17/apis/concierge/identity/doc.go
generated
8
generated/1.17/apis/concierge/identity/doc.go
generated
@ -1,8 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +groupName=identity.concierge.pinniped.dev
|
|
||||||
|
|
||||||
// Package identity is the internal version of the Pinniped identity API.
|
|
||||||
package identity
|
|
38
generated/1.17/apis/concierge/identity/register.go
generated
38
generated/1.17/apis/concierge/identity/register.go
generated
@ -1,38 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package identity
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "identity.concierge.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
|
|
||||||
|
|
||||||
// Kind takes an unqualified kind and returns back a Group qualified GroupKind.
|
|
||||||
func Kind(kind string) schema.GroupKind {
|
|
||||||
return SchemeGroupVersion.WithKind(kind).GroupKind()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
|
|
||||||
AddToScheme = SchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&WhoAmIRequest{},
|
|
||||||
&WhoAmIRequestList{},
|
|
||||||
)
|
|
||||||
return nil
|
|
||||||
}
|
|
@ -1,37 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package identity
|
|
||||||
|
|
||||||
import "fmt"
|
|
||||||
|
|
||||||
// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it.
|
|
||||||
// Copied from the Kubernetes token review API.
|
|
||||||
type KubernetesUserInfo struct {
|
|
||||||
// User is the UserInfo associated with the current user.
|
|
||||||
User UserInfo
|
|
||||||
// Audiences are audience identifiers chosen by the authenticator.
|
|
||||||
Audiences []string
|
|
||||||
}
|
|
||||||
|
|
||||||
// UserInfo holds the information about the user needed to implement the
|
|
||||||
// user.Info interface.
|
|
||||||
type UserInfo struct {
|
|
||||||
// The name that uniquely identifies this user among all active users.
|
|
||||||
Username string
|
|
||||||
// A unique value that identifies this user across time. If this user is
|
|
||||||
// deleted and another user by the same name is added, they will have
|
|
||||||
// different UIDs.
|
|
||||||
UID string
|
|
||||||
// The names of groups this user is a part of.
|
|
||||||
Groups []string
|
|
||||||
// Any additional information provided by the authenticator.
|
|
||||||
Extra map[string]ExtraValue
|
|
||||||
}
|
|
||||||
|
|
||||||
// ExtraValue masks the value so protobuf can generate
|
|
||||||
type ExtraValue []string
|
|
||||||
|
|
||||||
func (t ExtraValue) String() string {
|
|
||||||
return fmt.Sprintf("%v", []string(t))
|
|
||||||
}
|
|
@ -1,42 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package identity
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WhoAmIRequest struct {
|
|
||||||
metav1.TypeMeta
|
|
||||||
metav1.ObjectMeta
|
|
||||||
|
|
||||||
Spec WhoAmIRequestSpec
|
|
||||||
Status WhoAmIRequestStatus
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec is always empty for a WhoAmIRequest.
|
|
||||||
type WhoAmIRequestSpec struct {
|
|
||||||
// empty for now but we may add some config here in the future
|
|
||||||
// any such config must be safe in the context of an unauthenticated user
|
|
||||||
}
|
|
||||||
|
|
||||||
// Status is set by the server in the response to a WhoAmIRequest.
|
|
||||||
type WhoAmIRequestStatus struct {
|
|
||||||
// The current authenticated user, exactly as Kubernetes understands it.
|
|
||||||
KubernetesUserInfo KubernetesUserInfo
|
|
||||||
|
|
||||||
// We may add concierge specific information here in the future.
|
|
||||||
}
|
|
||||||
|
|
||||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WhoAmIRequestList struct {
|
|
||||||
metav1.TypeMeta
|
|
||||||
metav1.ListMeta
|
|
||||||
|
|
||||||
// Items is a list of WhoAmIRequest.
|
|
||||||
Items []WhoAmIRequest
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
@ -1,12 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
func addDefaultingFuncs(scheme *runtime.Scheme) error {
|
|
||||||
return RegisterDefaults(scheme)
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/identity
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=identity.concierge.pinniped.dev
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API.
|
|
||||||
package v1alpha1
|
|
@ -1,43 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "identity.concierge.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&WhoAmIRequest{},
|
|
||||||
&WhoAmIRequestList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,41 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import "fmt"
|
|
||||||
|
|
||||||
// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it.
|
|
||||||
// Copied from the Kubernetes token review API.
|
|
||||||
type KubernetesUserInfo struct {
|
|
||||||
// User is the UserInfo associated with the current user.
|
|
||||||
User UserInfo `json:"user"`
|
|
||||||
// Audiences are audience identifiers chosen by the authenticator.
|
|
||||||
// +optional
|
|
||||||
Audiences []string `json:"audiences,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// UserInfo holds the information about the user needed to implement the
|
|
||||||
// user.Info interface.
|
|
||||||
type UserInfo struct {
|
|
||||||
// The name that uniquely identifies this user among all active users.
|
|
||||||
Username string `json:"username"`
|
|
||||||
// A unique value that identifies this user across time. If this user is
|
|
||||||
// deleted and another user by the same name is added, they will have
|
|
||||||
// different UIDs.
|
|
||||||
// +optional
|
|
||||||
UID string `json:"uid,omitempty"`
|
|
||||||
// The names of groups this user is a part of.
|
|
||||||
// +optional
|
|
||||||
Groups []string `json:"groups,omitempty"`
|
|
||||||
// Any additional information provided by the authenticator.
|
|
||||||
// +optional
|
|
||||||
Extra map[string]ExtraValue `json:"extra,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ExtraValue masks the value so protobuf can generate
|
|
||||||
type ExtraValue []string
|
|
||||||
|
|
||||||
func (t ExtraValue) String() string {
|
|
||||||
return fmt.Sprintf("%v", []string(t))
|
|
||||||
}
|
|
@ -1,45 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +genclient:onlyVerbs=create
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WhoAmIRequest struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
|
||||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec is always empty for a WhoAmIRequest.
|
|
||||||
type WhoAmIRequestSpec struct {
|
|
||||||
// empty for now but we may add some config here in the future
|
|
||||||
// any such config must be safe in the context of an unauthenticated user
|
|
||||||
}
|
|
||||||
|
|
||||||
// Status is set by the server in the response to a WhoAmIRequest.
|
|
||||||
type WhoAmIRequestStatus struct {
|
|
||||||
// The current authenticated user, exactly as Kubernetes understands it.
|
|
||||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
|
||||||
|
|
||||||
// We may add concierge specific information here in the future.
|
|
||||||
}
|
|
||||||
|
|
||||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type WhoAmIRequestList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Items is a list of WhoAmIRequest.
|
|
||||||
Items []WhoAmIRequest `json:"items"`
|
|
||||||
}
|
|
@ -1,235 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by conversion-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
unsafe "unsafe"
|
|
||||||
|
|
||||||
identity "go.pinniped.dev/generated/1.17/apis/concierge/identity"
|
|
||||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
localSchemeBuilder.Register(RegisterConversions)
|
|
||||||
}
|
|
||||||
|
|
||||||
// RegisterConversions adds conversion functions to the given scheme.
|
|
||||||
// Public to allow building arbitrary schemes.
|
|
||||||
func RegisterConversions(s *runtime.Scheme) error {
|
|
||||||
if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error {
|
|
||||||
if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error {
|
|
||||||
if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function.
|
|
||||||
func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error {
|
|
||||||
return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error {
|
|
||||||
out.Username = in.Username
|
|
||||||
out.UID = in.UID
|
|
||||||
out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups))
|
|
||||||
out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error {
|
|
||||||
out.Username = in.Username
|
|
||||||
out.UID = in.UID
|
|
||||||
out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups))
|
|
||||||
out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function.
|
|
||||||
func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error {
|
|
||||||
return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error {
|
|
||||||
out.ObjectMeta = in.ObjectMeta
|
|
||||||
if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error {
|
|
||||||
out.ObjectMeta = in.ObjectMeta
|
|
||||||
if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function.
|
|
||||||
func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error {
|
|
||||||
return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error {
|
|
||||||
out.ListMeta = in.ListMeta
|
|
||||||
out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error {
|
|
||||||
out.ListMeta = in.ListMeta
|
|
||||||
out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function.
|
|
||||||
func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error {
|
|
||||||
return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function.
|
|
||||||
func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error {
|
|
||||||
if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error {
|
|
||||||
if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function.
|
|
||||||
func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error {
|
|
||||||
return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s)
|
|
||||||
}
|
|
@ -1,185 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in ExtraValue) DeepCopyInto(out *ExtraValue) {
|
|
||||||
{
|
|
||||||
in := &in
|
|
||||||
*out = make(ExtraValue, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
|
|
||||||
func (in ExtraValue) DeepCopy() ExtraValue {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ExtraValue)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return *out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) {
|
|
||||||
*out = *in
|
|
||||||
in.User.DeepCopyInto(&out.User)
|
|
||||||
if in.Audiences != nil {
|
|
||||||
in, out := &in.Audiences, &out.Audiences
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo.
|
|
||||||
func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(KubernetesUserInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *UserInfo) DeepCopyInto(out *UserInfo) {
|
|
||||||
*out = *in
|
|
||||||
if in.Groups != nil {
|
|
||||||
in, out := &in.Groups, &out.Groups
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.Extra != nil {
|
|
||||||
in, out := &in.Extra, &out.Extra
|
|
||||||
*out = make(map[string]ExtraValue, len(*in))
|
|
||||||
for key, val := range *in {
|
|
||||||
var outVal []string
|
|
||||||
if val == nil {
|
|
||||||
(*out)[key] = nil
|
|
||||||
} else {
|
|
||||||
in, out := &val, &outVal
|
|
||||||
*out = make(ExtraValue, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
(*out)[key] = outVal
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.
|
|
||||||
func (in *UserInfo) DeepCopy() *UserInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(UserInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
out.Spec = in.Spec
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest.
|
|
||||||
func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequest)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *WhoAmIRequest) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]WhoAmIRequest, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList.
|
|
||||||
func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequestList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec.
|
|
||||||
func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequestSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) {
|
|
||||||
*out = *in
|
|
||||||
in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus.
|
|
||||||
func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequestStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by defaulter-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// RegisterDefaults adds defaulters functions to the given scheme.
|
|
||||||
// Public to allow building arbitrary schemes.
|
|
||||||
// All generated defaulters are covering - they call all nested defaulters.
|
|
||||||
func RegisterDefaults(scheme *runtime.Scheme) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
@ -1,14 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package validation
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
|
||||||
|
|
||||||
identityapi "go.pinniped.dev/generated/1.17/apis/concierge/identity"
|
|
||||||
)
|
|
||||||
|
|
||||||
func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList {
|
|
||||||
return nil // add validation for spec here if we expand it
|
|
||||||
}
|
|
@ -1,185 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package identity
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in ExtraValue) DeepCopyInto(out *ExtraValue) {
|
|
||||||
{
|
|
||||||
in := &in
|
|
||||||
*out = make(ExtraValue, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue.
|
|
||||||
func (in ExtraValue) DeepCopy() ExtraValue {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ExtraValue)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return *out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) {
|
|
||||||
*out = *in
|
|
||||||
in.User.DeepCopyInto(&out.User)
|
|
||||||
if in.Audiences != nil {
|
|
||||||
in, out := &in.Audiences, &out.Audiences
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo.
|
|
||||||
func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(KubernetesUserInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *UserInfo) DeepCopyInto(out *UserInfo) {
|
|
||||||
*out = *in
|
|
||||||
if in.Groups != nil {
|
|
||||||
in, out := &in.Groups, &out.Groups
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.Extra != nil {
|
|
||||||
in, out := &in.Extra, &out.Extra
|
|
||||||
*out = make(map[string]ExtraValue, len(*in))
|
|
||||||
for key, val := range *in {
|
|
||||||
var outVal []string
|
|
||||||
if val == nil {
|
|
||||||
(*out)[key] = nil
|
|
||||||
} else {
|
|
||||||
in, out := &val, &outVal
|
|
||||||
*out = make(ExtraValue, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
(*out)[key] = outVal
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo.
|
|
||||||
func (in *UserInfo) DeepCopy() *UserInfo {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(UserInfo)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
out.Spec = in.Spec
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest.
|
|
||||||
func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequest)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *WhoAmIRequest) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]WhoAmIRequest, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList.
|
|
||||||
func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequestList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec.
|
|
||||||
func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequestSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) {
|
|
||||||
*out = *in
|
|
||||||
in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus.
|
|
||||||
func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(WhoAmIRequestStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
8
generated/1.17/apis/concierge/login/doc.go
generated
8
generated/1.17/apis/concierge/login/doc.go
generated
@ -1,8 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +groupName=login.concierge.pinniped.dev
|
|
||||||
|
|
||||||
// Package login is the internal version of the Pinniped login API.
|
|
||||||
package login
|
|
38
generated/1.17/apis/concierge/login/register.go
generated
38
generated/1.17/apis/concierge/login/register.go
generated
@ -1,38 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package login
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "login.concierge.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
|
|
||||||
|
|
||||||
// Kind takes an unqualified kind and returns back a Group qualified GroupKind.
|
|
||||||
func Kind(kind string) schema.GroupKind {
|
|
||||||
return SchemeGroupVersion.WithKind(kind).GroupKind()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
|
|
||||||
AddToScheme = SchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&TokenCredentialRequest{},
|
|
||||||
&TokenCredentialRequestList{},
|
|
||||||
)
|
|
||||||
return nil
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package login
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
|
||||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
|
||||||
type ClusterCredential struct {
|
|
||||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
|
||||||
ExpirationTimestamp metav1.Time
|
|
||||||
|
|
||||||
// Token is a bearer token used by the client for request authentication.
|
|
||||||
Token string
|
|
||||||
|
|
||||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
|
||||||
ClientCertificateData string
|
|
||||||
|
|
||||||
// PEM-encoded private key for the above certificate.
|
|
||||||
ClientKeyData string
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package login
|
|
||||||
|
|
||||||
import (
|
|
||||||
corev1 "k8s.io/api/core/v1"
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
|
||||||
type TokenCredentialRequestSpec struct {
|
|
||||||
// Bearer token supplied with the credential request.
|
|
||||||
Token string
|
|
||||||
|
|
||||||
// Reference to an authenticator which can validate this credential request.
|
|
||||||
Authenticator corev1.TypedLocalObjectReference
|
|
||||||
}
|
|
||||||
|
|
||||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
|
||||||
type TokenCredentialRequestStatus struct {
|
|
||||||
// A Credential will be returned for a successful credential request.
|
|
||||||
// +optional
|
|
||||||
Credential *ClusterCredential
|
|
||||||
|
|
||||||
// An error message will be returned for an unsuccessful credential request.
|
|
||||||
// +optional
|
|
||||||
Message *string
|
|
||||||
}
|
|
||||||
|
|
||||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type TokenCredentialRequest struct {
|
|
||||||
metav1.TypeMeta
|
|
||||||
metav1.ObjectMeta
|
|
||||||
|
|
||||||
Spec TokenCredentialRequestSpec
|
|
||||||
Status TokenCredentialRequestStatus
|
|
||||||
}
|
|
||||||
|
|
||||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type TokenCredentialRequestList struct {
|
|
||||||
metav1.TypeMeta
|
|
||||||
metav1.ListMeta
|
|
||||||
|
|
||||||
// Items is a list of TokenCredentialRequest.
|
|
||||||
Items []TokenCredentialRequest
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
@ -1,12 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
func addDefaultingFuncs(scheme *runtime.Scheme) error {
|
|
||||||
return RegisterDefaults(scheme)
|
|
||||||
}
|
|
11
generated/1.17/apis/concierge/login/v1alpha1/doc.go
generated
11
generated/1.17/apis/concierge/login/v1alpha1/doc.go
generated
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/login
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=login.concierge.pinniped.dev
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
|
|
||||||
package v1alpha1
|
|
@ -1,43 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "login.concierge.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&TokenCredentialRequest{},
|
|
||||||
&TokenCredentialRequestList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
|
||||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
|
||||||
type ClusterCredential struct {
|
|
||||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
|
||||||
ExpirationTimestamp metav1.Time `json:"expirationTimestamp,omitempty"`
|
|
||||||
|
|
||||||
// Token is a bearer token used by the client for request authentication.
|
|
||||||
Token string `json:"token,omitempty"`
|
|
||||||
|
|
||||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
|
||||||
ClientCertificateData string `json:"clientCertificateData,omitempty"`
|
|
||||||
|
|
||||||
// PEM-encoded private key for the above certificate.
|
|
||||||
ClientKeyData string `json:"clientKeyData,omitempty"`
|
|
||||||
}
|
|
@ -1,52 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
corev1 "k8s.io/api/core/v1"
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
|
||||||
type TokenCredentialRequestSpec struct {
|
|
||||||
// Bearer token supplied with the credential request.
|
|
||||||
Token string `json:"token,omitempty"`
|
|
||||||
|
|
||||||
// Reference to an authenticator which can validate this credential request.
|
|
||||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
|
||||||
type TokenCredentialRequestStatus struct {
|
|
||||||
// A Credential will be returned for a successful credential request.
|
|
||||||
// +optional
|
|
||||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
|
||||||
|
|
||||||
// An error message will be returned for an unsuccessful credential request.
|
|
||||||
// +optional
|
|
||||||
Message *string `json:"message,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
// +genclient:onlyVerbs=create
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type TokenCredentialRequest struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
|
||||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type TokenCredentialRequestList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Items is a list of TokenCredentialRequest.
|
|
||||||
Items []TokenCredentialRequest `json:"items"`
|
|
||||||
}
|
|
@ -1,201 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by conversion-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
unsafe "unsafe"
|
|
||||||
|
|
||||||
login "go.pinniped.dev/generated/1.17/apis/concierge/login"
|
|
||||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
localSchemeBuilder.Register(RegisterConversions)
|
|
||||||
}
|
|
||||||
|
|
||||||
// RegisterConversions adds conversion functions to the given scheme.
|
|
||||||
// Public to allow building arbitrary schemes.
|
|
||||||
func RegisterConversions(s *runtime.Scheme) error {
|
|
||||||
if err := s.AddGeneratedConversionFunc((*ClusterCredential)(nil), (*login.ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(a.(*ClusterCredential), b.(*login.ClusterCredential), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*login.ClusterCredential)(nil), (*ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(a.(*login.ClusterCredential), b.(*ClusterCredential), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*TokenCredentialRequest)(nil), (*login.TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(a.(*TokenCredentialRequest), b.(*login.TokenCredentialRequest), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequest)(nil), (*TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(a.(*login.TokenCredentialRequest), b.(*TokenCredentialRequest), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestList)(nil), (*login.TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(a.(*TokenCredentialRequestList), b.(*login.TokenCredentialRequestList), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestList)(nil), (*TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(a.(*login.TokenCredentialRequestList), b.(*TokenCredentialRequestList), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestSpec)(nil), (*login.TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(a.(*TokenCredentialRequestSpec), b.(*login.TokenCredentialRequestSpec), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestSpec)(nil), (*TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(a.(*login.TokenCredentialRequestSpec), b.(*TokenCredentialRequestSpec), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestStatus)(nil), (*login.TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(a.(*TokenCredentialRequestStatus), b.(*login.TokenCredentialRequestStatus), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestStatus)(nil), (*TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(a.(*login.TokenCredentialRequestStatus), b.(*TokenCredentialRequestStatus), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error {
|
|
||||||
out.ExpirationTimestamp = in.ExpirationTimestamp
|
|
||||||
out.Token = in.Token
|
|
||||||
out.ClientCertificateData = in.ClientCertificateData
|
|
||||||
out.ClientKeyData = in.ClientKeyData
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error {
|
|
||||||
out.ExpirationTimestamp = in.ExpirationTimestamp
|
|
||||||
out.Token = in.Token
|
|
||||||
out.ClientCertificateData = in.ClientCertificateData
|
|
||||||
out.ClientKeyData = in.ClientKeyData
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential is an autogenerated conversion function.
|
|
||||||
func Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error {
|
|
||||||
return autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error {
|
|
||||||
out.ObjectMeta = in.ObjectMeta
|
|
||||||
if err := Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error {
|
|
||||||
out.ObjectMeta = in.ObjectMeta
|
|
||||||
if err := Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest is an autogenerated conversion function.
|
|
||||||
func Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error {
|
|
||||||
return autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error {
|
|
||||||
out.ListMeta = in.ListMeta
|
|
||||||
out.Items = *(*[]login.TokenCredentialRequest)(unsafe.Pointer(&in.Items))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error {
|
|
||||||
out.ListMeta = in.ListMeta
|
|
||||||
out.Items = *(*[]TokenCredentialRequest)(unsafe.Pointer(&in.Items))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList is an autogenerated conversion function.
|
|
||||||
func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error {
|
|
||||||
return autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
|
|
||||||
out.Token = in.Token
|
|
||||||
out.Authenticator = in.Authenticator
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
|
|
||||||
out.Token = in.Token
|
|
||||||
out.Authenticator = in.Authenticator
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec is an autogenerated conversion function.
|
|
||||||
func Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error {
|
|
||||||
out.Credential = (*login.ClusterCredential)(unsafe.Pointer(in.Credential))
|
|
||||||
out.Message = (*string)(unsafe.Pointer(in.Message))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error {
|
|
||||||
out.Credential = (*ClusterCredential)(unsafe.Pointer(in.Credential))
|
|
||||||
out.Message = (*string)(unsafe.Pointer(in.Message))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus is an autogenerated conversion function.
|
|
||||||
func Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error {
|
|
||||||
return autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in, out, s)
|
|
||||||
}
|
|
@ -1,134 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) {
|
|
||||||
*out = *in
|
|
||||||
in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential.
|
|
||||||
func (in *ClusterCredential) DeepCopy() *ClusterCredential {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ClusterCredential)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest.
|
|
||||||
func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequest)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]TokenCredentialRequest, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList.
|
|
||||||
func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
|
|
||||||
*out = *in
|
|
||||||
in.Authenticator.DeepCopyInto(&out.Authenticator)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec.
|
|
||||||
func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Credential != nil {
|
|
||||||
in, out := &in.Credential, &out.Credential
|
|
||||||
*out = new(ClusterCredential)
|
|
||||||
(*in).DeepCopyInto(*out)
|
|
||||||
}
|
|
||||||
if in.Message != nil {
|
|
||||||
in, out := &in.Message, &out.Message
|
|
||||||
*out = new(string)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus.
|
|
||||||
func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by defaulter-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// RegisterDefaults adds defaulters functions to the given scheme.
|
|
||||||
// Public to allow building arbitrary schemes.
|
|
||||||
// All generated defaulters are covering - they call all nested defaulters.
|
|
||||||
func RegisterDefaults(scheme *runtime.Scheme) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
@ -1,134 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package login
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) {
|
|
||||||
*out = *in
|
|
||||||
in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential.
|
|
||||||
func (in *ClusterCredential) DeepCopy() *ClusterCredential {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ClusterCredential)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest.
|
|
||||||
func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequest)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]TokenCredentialRequest, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList.
|
|
||||||
func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
|
|
||||||
*out = *in
|
|
||||||
in.Authenticator.DeepCopyInto(&out.Authenticator)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec.
|
|
||||||
func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Credential != nil {
|
|
||||||
in, out := &in.Credential, &out.Credential
|
|
||||||
*out = new(ClusterCredential)
|
|
||||||
(*in).DeepCopyInto(*out)
|
|
||||||
}
|
|
||||||
if in.Message != nil {
|
|
||||||
in, out := &in.Message, &out.Message
|
|
||||||
*out = new(string)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus.
|
|
||||||
func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TokenCredentialRequestStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
9
generated/1.17/apis/go.mod
generated
9
generated/1.17/apis/go.mod
generated
@ -1,9 +0,0 @@
|
|||||||
// This go.mod file is generated by ./hack/codegen.sh.
|
|
||||||
module go.pinniped.dev/generated/1.17/apis
|
|
||||||
|
|
||||||
go 1.13
|
|
||||||
|
|
||||||
require (
|
|
||||||
k8s.io/api v0.17.17
|
|
||||||
k8s.io/apimachinery v0.17.17
|
|
||||||
)
|
|
105
generated/1.17/apis/go.sum
generated
105
generated/1.17/apis/go.sum
generated
@ -1,105 +0,0 @@
|
|||||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
|
||||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
|
||||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
|
||||||
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
|
|
||||||
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
|
||||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
|
||||||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
|
||||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
|
||||||
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
|
||||||
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
|
|
||||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
|
|
||||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
|
|
||||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
|
|
||||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
|
|
||||||
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
|
|
||||||
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
|
|
||||||
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
|
||||||
github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
|
||||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
|
||||||
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
|
||||||
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
|
|
||||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
|
||||||
github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
|
|
||||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
|
||||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
|
||||||
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
|
|
||||||
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
|
||||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
|
||||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
|
||||||
github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
|
|
||||||
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
|
||||||
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
|
|
||||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
|
||||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
|
||||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
|
||||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
|
||||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
|
||||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
|
||||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
|
||||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
|
||||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
|
||||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
|
||||||
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
|
||||||
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
|
|
||||||
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
|
||||||
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
|
|
||||||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
|
|
||||||
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
|
||||||
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
|
||||||
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
|
||||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
|
|
||||||
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
|
||||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
|
||||||
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
|
||||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
|
||||||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
|
||||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
|
||||||
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
|
|
||||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
|
||||||
golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
|
||||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
|
||||||
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
|
|
||||||
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
|
||||||
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
||||||
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
|
||||||
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
|
||||||
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
|
||||||
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
|
|
||||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
|
||||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
|
||||||
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
|
||||||
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
|
|
||||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
||||||
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
|
|
||||||
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
|
|
||||||
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
|
|
||||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
|
||||||
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|
||||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|
||||||
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
|
|
||||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
|
||||||
k8s.io/api v0.17.17 h1:S+Yv5pdfvy9OG1t148zMFk3/l/VYpF1N4j5Y/q8IMdg=
|
|
||||||
k8s.io/api v0.17.17/go.mod h1:kk4nQM0EVx+BEY7o8CN5YL99CWmWEQ2a4NCak58yB6E=
|
|
||||||
k8s.io/apimachinery v0.17.17 h1:HMpFl9yqNI5G2+2WllKOe2XYLkCyaWzfXvk7SosyVko=
|
|
||||||
k8s.io/apimachinery v0.17.17/go.mod h1:T54ZSpncArE25c5r2PbUPsLeTpkPWY/ivafigSX6+xk=
|
|
||||||
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
|
||||||
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
|
|
||||||
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
|
|
||||||
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
|
|
||||||
k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29/go.mod h1:F+5wygcW0wmRTnM3cOgIqGivxkwSWIWT5YdsDbeAOaU=
|
|
||||||
sigs.k8s.io/structured-merge-diff/v2 v2.0.1/go.mod h1:Wb7vfKAodbKgf6tn1Kl0VvGj7mRH6DGaRcixXEJXTsE=
|
|
||||||
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
|
|
||||||
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
|
|
@ -1,8 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +groupName=clientsecret.supervisor.pinniped.dev
|
|
||||||
|
|
||||||
// Package clientsecret is the internal version of the Pinniped client secret API.
|
|
||||||
package clientsecret
|
|
@ -1,38 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package clientsecret
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "clientsecret.supervisor.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
|
|
||||||
|
|
||||||
// Kind takes an unqualified kind and returns back a Group qualified GroupKind.
|
|
||||||
func Kind(kind string) schema.GroupKind {
|
|
||||||
return SchemeGroupVersion.WithKind(kind).GroupKind()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
|
|
||||||
AddToScheme = SchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&OIDCClientSecretRequest{},
|
|
||||||
&OIDCClientSecretRequestList{},
|
|
||||||
)
|
|
||||||
return nil
|
|
||||||
}
|
|
@ -1,50 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package clientsecret
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type OIDCClientSecretRequest struct {
|
|
||||||
metav1.TypeMeta
|
|
||||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
|
||||||
|
|
||||||
Spec OIDCClientSecretRequestSpec
|
|
||||||
|
|
||||||
// +optional
|
|
||||||
Status OIDCClientSecretRequestStatus
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec of the OIDCClientSecretRequest.
|
|
||||||
type OIDCClientSecretRequestSpec struct {
|
|
||||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
|
||||||
// +optional
|
|
||||||
GenerateNewSecret bool
|
|
||||||
|
|
||||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
|
||||||
// +optional
|
|
||||||
RevokeOldSecrets bool
|
|
||||||
}
|
|
||||||
|
|
||||||
// Status of the OIDCClientSecretRequest.
|
|
||||||
type OIDCClientSecretRequestStatus struct {
|
|
||||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
|
||||||
GeneratedSecret string
|
|
||||||
|
|
||||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
|
||||||
TotalClientSecrets int
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type OIDCClientSecretRequestList struct {
|
|
||||||
metav1.TypeMeta
|
|
||||||
metav1.ListMeta
|
|
||||||
|
|
||||||
// Items is a list of OIDCClientSecretRequest.
|
|
||||||
Items []OIDCClientSecretRequest
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
@ -1,12 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
func addDefaultingFuncs(scheme *runtime.Scheme) error {
|
|
||||||
return RegisterDefaults(scheme)
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=clientsecret.supervisor.pinniped.dev
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
|
||||||
package v1alpha1
|
|
@ -1,43 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "clientsecret.supervisor.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = SchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&OIDCClientSecretRequest{},
|
|
||||||
&OIDCClientSecretRequestList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,53 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
|
||||||
// +genclient
|
|
||||||
// +genclient:onlyVerbs=create
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type OIDCClientSecretRequest struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
|
||||||
|
|
||||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
|
||||||
|
|
||||||
// +optional
|
|
||||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec of the OIDCClientSecretRequest.
|
|
||||||
type OIDCClientSecretRequestSpec struct {
|
|
||||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
|
||||||
// +optional
|
|
||||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
|
||||||
|
|
||||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
|
||||||
// +optional
|
|
||||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Status of the OIDCClientSecretRequest.
|
|
||||||
type OIDCClientSecretRequestStatus struct {
|
|
||||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
|
||||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
|
||||||
|
|
||||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
|
||||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type OIDCClientSecretRequestList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Items is a list of OIDCClientSecretRequest.
|
|
||||||
Items []OIDCClientSecretRequest `json:"items"`
|
|
||||||
}
|
|
@ -1,165 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by conversion-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
unsafe "unsafe"
|
|
||||||
|
|
||||||
clientsecret "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret"
|
|
||||||
conversion "k8s.io/apimachinery/pkg/conversion"
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
localSchemeBuilder.Register(RegisterConversions)
|
|
||||||
}
|
|
||||||
|
|
||||||
// RegisterConversions adds conversion functions to the given scheme.
|
|
||||||
// Public to allow building arbitrary schemes.
|
|
||||||
func RegisterConversions(s *runtime.Scheme) error {
|
|
||||||
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequest)(nil), (*clientsecret.OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(a.(*OIDCClientSecretRequest), b.(*clientsecret.OIDCClientSecretRequest), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequest)(nil), (*OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(a.(*clientsecret.OIDCClientSecretRequest), b.(*OIDCClientSecretRequest), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestSpec)(nil), (*OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(a.(*clientsecret.OIDCClientSecretRequestSpec), b.(*OIDCClientSecretRequestSpec), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestStatus)(nil), (*clientsecret.OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(a.(*OIDCClientSecretRequestStatus), b.(*clientsecret.OIDCClientSecretRequestStatus), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestStatus)(nil), (*OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
|
||||||
return Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(a.(*clientsecret.OIDCClientSecretRequestStatus), b.(*OIDCClientSecretRequestStatus), scope)
|
|
||||||
}); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
|
|
||||||
out.ObjectMeta = in.ObjectMeta
|
|
||||||
if err := Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
|
|
||||||
out.ObjectMeta = in.ObjectMeta
|
|
||||||
if err := Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err := Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest is an autogenerated conversion function.
|
|
||||||
func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
|
|
||||||
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
|
|
||||||
out.ListMeta = in.ListMeta
|
|
||||||
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
|
|
||||||
out.ListMeta = in.ListMeta
|
|
||||||
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
|
|
||||||
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
|
|
||||||
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
|
|
||||||
out.GenerateNewSecret = in.GenerateNewSecret
|
|
||||||
out.RevokeOldSecrets = in.RevokeOldSecrets
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
|
|
||||||
out.GenerateNewSecret = in.GenerateNewSecret
|
|
||||||
out.RevokeOldSecrets = in.RevokeOldSecrets
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec is an autogenerated conversion function.
|
|
||||||
func Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
|
|
||||||
out.GeneratedSecret = in.GeneratedSecret
|
|
||||||
out.TotalClientSecrets = in.TotalClientSecrets
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus is an autogenerated conversion function.
|
|
||||||
func Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
|
|
||||||
return autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
|
|
||||||
out.GeneratedSecret = in.GeneratedSecret
|
|
||||||
out.TotalClientSecrets = in.TotalClientSecrets
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus is an autogenerated conversion function.
|
|
||||||
func Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
|
|
||||||
return autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in, out, s)
|
|
||||||
}
|
|
@ -1,106 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequest) DeepCopyInto(out *OIDCClientSecretRequest) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
out.Spec = in.Spec
|
|
||||||
out.Status = in.Status
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequest.
|
|
||||||
func (in *OIDCClientSecretRequest) DeepCopy() *OIDCClientSecretRequest {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequest)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]OIDCClientSecretRequest, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
|
|
||||||
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequestList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestSpec.
|
|
||||||
func (in *OIDCClientSecretRequestSpec) DeepCopy() *OIDCClientSecretRequestSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequestSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequestStatus) DeepCopyInto(out *OIDCClientSecretRequestStatus) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestStatus.
|
|
||||||
func (in *OIDCClientSecretRequestStatus) DeepCopy() *OIDCClientSecretRequestStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequestStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
@ -1,20 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by defaulter-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// RegisterDefaults adds defaulters functions to the given scheme.
|
|
||||||
// Public to allow building arbitrary schemes.
|
|
||||||
// All generated defaulters are covering - they call all nested defaulters.
|
|
||||||
func RegisterDefaults(scheme *runtime.Scheme) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
@ -1,106 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package clientsecret
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequest) DeepCopyInto(out *OIDCClientSecretRequest) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
out.Spec = in.Spec
|
|
||||||
out.Status = in.Status
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequest.
|
|
||||||
func (in *OIDCClientSecretRequest) DeepCopy() *OIDCClientSecretRequest {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequest)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]OIDCClientSecretRequest, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
|
|
||||||
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequestList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestSpec.
|
|
||||||
func (in *OIDCClientSecretRequestSpec) DeepCopy() *OIDCClientSecretRequestSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequestSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSecretRequestStatus) DeepCopyInto(out *OIDCClientSecretRequestStatus) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestStatus.
|
|
||||||
func (in *OIDCClientSecretRequestStatus) DeepCopy() *OIDCClientSecretRequestStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSecretRequestStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/supervisor/config
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=config.supervisor.pinniped.dev
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API.
|
|
||||||
package v1alpha1
|
|
@ -1,45 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "config.supervisor.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&FederationDomain{},
|
|
||||||
&FederationDomainList{},
|
|
||||||
&OIDCClient{},
|
|
||||||
&OIDCClientList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,135 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
corev1 "k8s.io/api/core/v1"
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
|
|
||||||
type FederationDomainStatusCondition string
|
|
||||||
|
|
||||||
const (
|
|
||||||
SuccessFederationDomainStatusCondition = FederationDomainStatusCondition("Success")
|
|
||||||
DuplicateFederationDomainStatusCondition = FederationDomainStatusCondition("Duplicate")
|
|
||||||
SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret")
|
|
||||||
InvalidFederationDomainStatusCondition = FederationDomainStatusCondition("Invalid")
|
|
||||||
)
|
|
||||||
|
|
||||||
// FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.
|
|
||||||
type FederationDomainTLSSpec struct {
|
|
||||||
// SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
|
|
||||||
// the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret
|
|
||||||
// named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use
|
|
||||||
// for TLS.
|
|
||||||
//
|
|
||||||
// Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
|
|
||||||
//
|
|
||||||
// SecretName is required if you would like to use different TLS certificates for issuers of different hostnames.
|
|
||||||
// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
|
|
||||||
// SecretName value even if they have different port numbers.
|
|
||||||
//
|
|
||||||
// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
|
|
||||||
// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
|
|
||||||
// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
|
|
||||||
// use the default TLS certificate, which is configured elsewhere.
|
|
||||||
//
|
|
||||||
// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
|
|
||||||
//
|
|
||||||
// +optional
|
|
||||||
SecretName string `json:"secretName,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// FederationDomainSpec is a struct that describes an OIDC Provider.
|
|
||||||
type FederationDomainSpec struct {
|
|
||||||
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
|
||||||
// identifier that it will use for the iss claim in issued JWTs. This field will also be used as
|
|
||||||
// the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is
|
|
||||||
// https://example.com/foo, then your authorization endpoint will look like
|
|
||||||
// https://example.com/foo/some/path/to/auth/endpoint).
|
|
||||||
//
|
|
||||||
// See
|
|
||||||
// https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Issuer string `json:"issuer"`
|
|
||||||
|
|
||||||
// TLS configures how this FederationDomain is served over Transport Layer Security (TLS).
|
|
||||||
// +optional
|
|
||||||
TLS *FederationDomainTLSSpec `json:"tls,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// FederationDomainSecrets holds information about this OIDC Provider's secrets.
|
|
||||||
type FederationDomainSecrets struct {
|
|
||||||
// JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are
|
|
||||||
// stored. If it is empty, then the signing/verification keys are either unknown or they don't
|
|
||||||
// exist.
|
|
||||||
// +optional
|
|
||||||
JWKS corev1.LocalObjectReference `json:"jwks,omitempty"`
|
|
||||||
|
|
||||||
// TokenSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
|
|
||||||
// signing tokens is stored.
|
|
||||||
// +optional
|
|
||||||
TokenSigningKey corev1.LocalObjectReference `json:"tokenSigningKey,omitempty"`
|
|
||||||
|
|
||||||
// StateSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
|
|
||||||
// signing state parameters is stored.
|
|
||||||
// +optional
|
|
||||||
StateSigningKey corev1.LocalObjectReference `json:"stateSigningKey,omitempty"`
|
|
||||||
|
|
||||||
// StateSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
|
|
||||||
// encrypting state parameters is stored.
|
|
||||||
// +optional
|
|
||||||
StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// FederationDomainStatus is a struct that describes the actual state of an OIDC Provider.
|
|
||||||
type FederationDomainStatus struct {
|
|
||||||
// Status holds an enum that describes the state of this OIDC Provider. Note that this Status can
|
|
||||||
// represent success or failure.
|
|
||||||
// +optional
|
|
||||||
Status FederationDomainStatusCondition `json:"status,omitempty"`
|
|
||||||
|
|
||||||
// Message provides human-readable details about the Status.
|
|
||||||
// +optional
|
|
||||||
Message string `json:"message,omitempty"`
|
|
||||||
|
|
||||||
// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
|
|
||||||
// around some undesirable behavior with respect to the empty metav1.Time value (see
|
|
||||||
// https://github.com/kubernetes/kubernetes/issues/86811).
|
|
||||||
// +optional
|
|
||||||
LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
|
|
||||||
|
|
||||||
// Secrets contains information about this OIDC Provider's secrets.
|
|
||||||
// +optional
|
|
||||||
Secrets FederationDomainSecrets `json:"secrets,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// FederationDomain describes the configuration of an OIDC provider.
|
|
||||||
// +genclient
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped
|
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
|
||||||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type FederationDomain struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec of the OIDC provider.
|
|
||||||
Spec FederationDomainSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the OIDC provider.
|
|
||||||
Status FederationDomainStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of FederationDomain objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type FederationDomainList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []FederationDomain `json:"items"`
|
|
||||||
}
|
|
@ -1,75 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// ConditionStatus is effectively an enum type for Condition.Status.
|
|
||||||
type ConditionStatus string
|
|
||||||
|
|
||||||
// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
|
|
||||||
// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
|
|
||||||
// can't decide if a resource is in the condition or not. In the future, we could add other
|
|
||||||
// intermediate conditions, e.g. ConditionDegraded.
|
|
||||||
const (
|
|
||||||
ConditionTrue ConditionStatus = "True"
|
|
||||||
ConditionFalse ConditionStatus = "False"
|
|
||||||
ConditionUnknown ConditionStatus = "Unknown"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
|
|
||||||
// version we can switch to using the upstream type.
|
|
||||||
// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
|
|
||||||
type Condition struct {
|
|
||||||
// type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
// ---
|
|
||||||
// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
|
|
||||||
// useful (see .node.status.conditions), the ability to deconflict is important.
|
|
||||||
// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
|
|
||||||
// +kubebuilder:validation:MaxLength=316
|
|
||||||
Type string `json:"type"`
|
|
||||||
|
|
||||||
// status of the condition, one of True, False, Unknown.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Enum=True;False;Unknown
|
|
||||||
Status ConditionStatus `json:"status"`
|
|
||||||
|
|
||||||
// observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
// with respect to the current state of the instance.
|
|
||||||
// +optional
|
|
||||||
// +kubebuilder:validation:Minimum=0
|
|
||||||
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
|
|
||||||
|
|
||||||
// lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
// This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Type=string
|
|
||||||
// +kubebuilder:validation:Format=date-time
|
|
||||||
LastTransitionTime metav1.Time `json:"lastTransitionTime"`
|
|
||||||
|
|
||||||
// reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
// Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
// and whether the values are considered a guaranteed API.
|
|
||||||
// The value should be a CamelCase string.
|
|
||||||
// This field may not be empty.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:MaxLength=1024
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
|
|
||||||
Reason string `json:"reason"`
|
|
||||||
|
|
||||||
// message is a human readable message indicating details about the transition.
|
|
||||||
// This may be an empty string.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:MaxLength=32768
|
|
||||||
Message string `json:"message"`
|
|
||||||
}
|
|
@ -1,122 +0,0 @@
|
|||||||
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
type OIDCClientPhase string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// PhasePending is the default phase for newly-created OIDCClient resources.
|
|
||||||
PhasePending OIDCClientPhase = "Pending"
|
|
||||||
|
|
||||||
// PhaseReady is the phase for an OIDCClient resource in a healthy state.
|
|
||||||
PhaseReady OIDCClientPhase = "Ready"
|
|
||||||
|
|
||||||
// PhaseError is the phase for an OIDCClient in an unhealthy state.
|
|
||||||
PhaseError OIDCClientPhase = "Error"
|
|
||||||
)
|
|
||||||
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://.+|^http://(127\.0\.0\.1|\[::1\])(:\d+)?/`
|
|
||||||
type RedirectURI string
|
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum="authorization_code";"refresh_token";"urn:ietf:params:oauth:grant-type:token-exchange"
|
|
||||||
type GrantType string
|
|
||||||
|
|
||||||
// +kubebuilder:validation:Enum="openid";"offline_access";"username";"groups";"pinniped:request-audience"
|
|
||||||
type Scope string
|
|
||||||
|
|
||||||
// OIDCClientSpec is a struct that describes an OIDCClient.
|
|
||||||
type OIDCClientSpec struct {
|
|
||||||
// allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this
|
|
||||||
// client. Any other uris will be rejected.
|
|
||||||
// Must be a URI with the https scheme, unless the hostname is 127.0.0.1 or ::1 which may use the http scheme.
|
|
||||||
// Port numbers are not required for 127.0.0.1 or ::1 and are ignored when checking for a matching redirect_uri.
|
|
||||||
// +listType=set
|
|
||||||
// +kubebuilder:validation:MinItems=1
|
|
||||||
AllowedRedirectURIs []RedirectURI `json:"allowedRedirectURIs"`
|
|
||||||
|
|
||||||
// allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this
|
|
||||||
// client.
|
|
||||||
//
|
|
||||||
// Must only contain the following values:
|
|
||||||
// - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to
|
|
||||||
// authenticate users. This grant must always be listed.
|
|
||||||
// - refresh_token: allows the client to perform refresh grants for the user to extend the user's session.
|
|
||||||
// This grant must be listed if allowedScopes lists offline_access.
|
|
||||||
// - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange,
|
|
||||||
// which is a step in the process to be able to get a cluster credential for the user.
|
|
||||||
// This grant must be listed if allowedScopes lists pinniped:request-audience.
|
|
||||||
// +listType=set
|
|
||||||
// +kubebuilder:validation:MinItems=1
|
|
||||||
AllowedGrantTypes []GrantType `json:"allowedGrantTypes"`
|
|
||||||
|
|
||||||
// allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
|
|
||||||
//
|
|
||||||
// Must only contain the following values:
|
|
||||||
// - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat).
|
|
||||||
// This scope must always be listed.
|
|
||||||
// - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow.
|
|
||||||
// This scope must be listed if allowedGrantTypes lists refresh_token.
|
|
||||||
// - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange,
|
|
||||||
// which is a step in the process to be able to get a cluster credential for the user.
|
|
||||||
// openid, username and groups scopes must be listed when this scope is present.
|
|
||||||
// This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange.
|
|
||||||
// - username: The client is allowed to request that ID tokens contain the user's username.
|
|
||||||
// Without the username scope being requested and allowed, the ID token will not contain the user's username.
|
|
||||||
// - groups: The client is allowed to request that ID tokens contain the user's group membership,
|
|
||||||
// if their group membership is discoverable by the Supervisor.
|
|
||||||
// Without the groups scope being requested and allowed, the ID token will not contain groups.
|
|
||||||
// +listType=set
|
|
||||||
// +kubebuilder:validation:MinItems=1
|
|
||||||
AllowedScopes []Scope `json:"allowedScopes"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCClientStatus is a struct that describes the actual state of an OIDCClient.
|
|
||||||
type OIDCClientStatus struct {
|
|
||||||
// phase summarizes the overall status of the OIDCClient.
|
|
||||||
// +kubebuilder:default=Pending
|
|
||||||
// +kubebuilder:validation:Enum=Pending;Ready;Error
|
|
||||||
Phase OIDCClientPhase `json:"phase,omitempty"`
|
|
||||||
|
|
||||||
// conditions represent the observations of an OIDCClient's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
|
|
||||||
// totalClientSecrets is the current number of client secrets that are detected for this OIDCClient.
|
|
||||||
// +optional
|
|
||||||
TotalClientSecrets int32 `json:"totalClientSecrets"` // do not omitempty to allow it to show in the printer column even when it is 0
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCClient describes the configuration of an OIDC client.
|
|
||||||
// +genclient
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped
|
|
||||||
// +kubebuilder:printcolumn:name="Privileged Scopes",type=string,JSONPath=`.spec.allowedScopes[?(@ == "pinniped:request-audience")]`
|
|
||||||
// +kubebuilder:printcolumn:name="Client Secrets",type=integer,JSONPath=`.status.totalClientSecrets`
|
|
||||||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type OIDCClient struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec of the OIDC client.
|
|
||||||
Spec OIDCClientSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the OIDC client.
|
|
||||||
Status OIDCClientStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of OIDCClient objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type OIDCClientList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []OIDCClient `json:"items"`
|
|
||||||
}
|
|
@ -1,284 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *Condition) DeepCopyInto(out *Condition) {
|
|
||||||
*out = *in
|
|
||||||
in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
|
|
||||||
func (in *Condition) DeepCopy() *Condition {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(Condition)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederationDomain) DeepCopyInto(out *FederationDomain) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomain.
|
|
||||||
func (in *FederationDomain) DeepCopy() *FederationDomain {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederationDomain)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *FederationDomain) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederationDomainList) DeepCopyInto(out *FederationDomainList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]FederationDomain, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainList.
|
|
||||||
func (in *FederationDomainList) DeepCopy() *FederationDomainList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederationDomainList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *FederationDomainList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederationDomainSecrets) DeepCopyInto(out *FederationDomainSecrets) {
|
|
||||||
*out = *in
|
|
||||||
out.JWKS = in.JWKS
|
|
||||||
out.TokenSigningKey = in.TokenSigningKey
|
|
||||||
out.StateSigningKey = in.StateSigningKey
|
|
||||||
out.StateEncryptionKey = in.StateEncryptionKey
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSecrets.
|
|
||||||
func (in *FederationDomainSecrets) DeepCopy() *FederationDomainSecrets {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederationDomainSecrets)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederationDomainSpec) DeepCopyInto(out *FederationDomainSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(FederationDomainTLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSpec.
|
|
||||||
func (in *FederationDomainSpec) DeepCopy() *FederationDomainSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederationDomainSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederationDomainStatus) DeepCopyInto(out *FederationDomainStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.LastUpdateTime != nil {
|
|
||||||
in, out := &in.LastUpdateTime, &out.LastUpdateTime
|
|
||||||
*out = (*in).DeepCopy()
|
|
||||||
}
|
|
||||||
out.Secrets = in.Secrets
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainStatus.
|
|
||||||
func (in *FederationDomainStatus) DeepCopy() *FederationDomainStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederationDomainStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederationDomainTLSSpec) DeepCopyInto(out *FederationDomainTLSSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainTLSSpec.
|
|
||||||
func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederationDomainTLSSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
|
||||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClient)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCClient) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]OIDCClient, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
|
|
||||||
func (in *OIDCClientList) DeepCopy() *OIDCClientList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCClientList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.AllowedRedirectURIs != nil {
|
|
||||||
in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
|
|
||||||
*out = make([]RedirectURI, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.AllowedGrantTypes != nil {
|
|
||||||
in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
|
|
||||||
*out = make([]GrantType, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.AllowedScopes != nil {
|
|
||||||
in, out := &in.AllowedScopes, &out.AllowedScopes
|
|
||||||
*out = make([]Scope, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
|
|
||||||
func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Conditions != nil {
|
|
||||||
in, out := &in.Conditions, &out.Conditions
|
|
||||||
*out = make([]Condition, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
|
|
||||||
func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClientStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
11
generated/1.17/apis/supervisor/idp/v1alpha1/doc.go
generated
11
generated/1.17/apis/supervisor/idp/v1alpha1/doc.go
generated
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// +k8s:openapi-gen=true
|
|
||||||
// +k8s:deepcopy-gen=package
|
|
||||||
// +k8s:defaulter-gen=TypeMeta
|
|
||||||
// +groupName=idp.supervisor.pinniped.dev
|
|
||||||
// +groupGoName=IDP
|
|
||||||
|
|
||||||
// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor identity provider (IDP) API.
|
|
||||||
package v1alpha1
|
|
@ -1,47 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
)
|
|
||||||
|
|
||||||
const GroupName = "idp.supervisor.pinniped.dev"
|
|
||||||
|
|
||||||
// SchemeGroupVersion is group version used to register these objects.
|
|
||||||
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
|
|
||||||
|
|
||||||
var (
|
|
||||||
SchemeBuilder runtime.SchemeBuilder
|
|
||||||
localSchemeBuilder = &SchemeBuilder
|
|
||||||
AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
// We only register manually written functions here. The registration of the
|
|
||||||
// generated functions takes place in the generated files. The separation
|
|
||||||
// makes the code compile even when the generated files are missing.
|
|
||||||
localSchemeBuilder.Register(addKnownTypes)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Adds the list of known types to the given scheme.
|
|
||||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
|
||||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
|
||||||
&OIDCIdentityProvider{},
|
|
||||||
&OIDCIdentityProviderList{},
|
|
||||||
&LDAPIdentityProvider{},
|
|
||||||
&LDAPIdentityProviderList{},
|
|
||||||
&ActiveDirectoryIdentityProvider{},
|
|
||||||
&ActiveDirectoryIdentityProviderList{},
|
|
||||||
)
|
|
||||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource.
|
|
||||||
func Resource(resource string) schema.GroupResource {
|
|
||||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
|
||||||
}
|
|
@ -1,219 +0,0 @@
|
|||||||
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderPhase string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// ActiveDirectoryPhasePending is the default phase for newly-created ActiveDirectoryIdentityProvider resources.
|
|
||||||
ActiveDirectoryPhasePending ActiveDirectoryIdentityProviderPhase = "Pending"
|
|
||||||
|
|
||||||
// ActiveDirectoryPhaseReady is the phase for an ActiveDirectoryIdentityProvider resource in a healthy state.
|
|
||||||
ActiveDirectoryPhaseReady ActiveDirectoryIdentityProviderPhase = "Ready"
|
|
||||||
|
|
||||||
// ActiveDirectoryPhaseError is the phase for an ActiveDirectoryIdentityProvider in an unhealthy state.
|
|
||||||
ActiveDirectoryPhaseError ActiveDirectoryIdentityProviderPhase = "Error"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Status of an Active Directory identity provider.
|
|
||||||
type ActiveDirectoryIdentityProviderStatus struct {
|
|
||||||
// Phase summarizes the overall status of the ActiveDirectoryIdentityProvider.
|
|
||||||
// +kubebuilder:default=Pending
|
|
||||||
// +kubebuilder:validation:Enum=Pending;Ready;Error
|
|
||||||
Phase ActiveDirectoryIdentityProviderPhase `json:"phase,omitempty"`
|
|
||||||
|
|
||||||
// Represents the observations of an identity provider's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderBind struct {
|
|
||||||
// SecretName contains the name of a namespace-local Secret object that provides the username and
|
|
||||||
// password for an Active Directory bind user. This account will be used to perform LDAP searches. The Secret should be
|
|
||||||
// of type "kubernetes.io/basic-auth" which includes "username" and "password" keys. The username value
|
|
||||||
// should be the full dn (distinguished name) of your bind account, e.g. "cn=bind-account,ou=users,dc=example,dc=com".
|
|
||||||
// The password must be non-empty.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
SecretName string `json:"secretName"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearchAttributes struct {
|
|
||||||
// Username specifies the name of the attribute in Active Directory entry whose value shall become the username
|
|
||||||
// of the user after a successful authentication.
|
|
||||||
// Optional, when empty this defaults to "userPrincipalName".
|
|
||||||
// +optional
|
|
||||||
Username string `json:"username,omitempty"`
|
|
||||||
|
|
||||||
// UID specifies the name of the attribute in the ActiveDirectory entry which whose value shall be used to uniquely
|
|
||||||
// identify the user within this ActiveDirectory provider after a successful authentication.
|
|
||||||
// Optional, when empty this defaults to "objectGUID".
|
|
||||||
// +optional
|
|
||||||
UID string `json:"uid,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearchAttributes struct {
|
|
||||||
// GroupName specifies the name of the attribute in the Active Directory entries whose value shall become a group name
|
|
||||||
// in the user's list of groups after a successful authentication.
|
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the ActiveDirectory
|
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
|
||||||
// Optional. When not specified, this defaults to a custom field that looks like "sAMAccountName@domain",
|
|
||||||
// where domain is constructed from the domain components of the group DN.
|
|
||||||
// +optional
|
|
||||||
GroupName string `json:"groupName,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderUserSearch struct {
|
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
|
||||||
// Optional, when not specified it will be based on the result of a query for the defaultNamingContext
|
|
||||||
// (see https://docs.microsoft.com/en-us/windows/win32/adschema/rootdse).
|
|
||||||
// The default behavior searches your entire domain for users.
|
|
||||||
// It may make sense to specify a subtree as a search base if you wish to exclude some users
|
|
||||||
// or to make searches faster.
|
|
||||||
// +optional
|
|
||||||
Base string `json:"base,omitempty"`
|
|
||||||
|
|
||||||
// Filter is the search filter which should be applied when searching for users. The pattern "{}" must occur
|
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
|
||||||
// https://ldap.com/ldap-filters.
|
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
|
||||||
// Optional. When not specified, the default will be
|
|
||||||
// '(&(objectClass=person)(!(objectClass=computer))(!(showInAdvancedViewOnly=TRUE))(|(sAMAccountName={}")(mail={})(userPrincipalName={})(sAMAccountType=805306368))'
|
|
||||||
// This means that the user is a person, is not a computer, the sAMAccountType is for a normal user account,
|
|
||||||
// and is not shown in advanced view only
|
|
||||||
// (which would likely mean its a system created service account with advanced permissions).
|
|
||||||
// Also, either the sAMAccountName, the userPrincipalName, or the mail attribute matches the input username.
|
|
||||||
// +optional
|
|
||||||
Filter string `json:"filter,omitempty"`
|
|
||||||
|
|
||||||
// Attributes specifies how the user's information should be read from the ActiveDirectory entry which was found as
|
|
||||||
// the result of the user search.
|
|
||||||
// +optional
|
|
||||||
Attributes ActiveDirectoryIdentityProviderUserSearchAttributes `json:"attributes,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type ActiveDirectoryIdentityProviderGroupSearch struct {
|
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
|
||||||
// "ou=groups,dc=example,dc=com".
|
|
||||||
// Optional, when not specified it will be based on the result of a query for the defaultNamingContext
|
|
||||||
// (see https://docs.microsoft.com/en-us/windows/win32/adschema/rootdse).
|
|
||||||
// The default behavior searches your entire domain for groups.
|
|
||||||
// It may make sense to specify a subtree as a search base if you wish to exclude some groups
|
|
||||||
// for security reasons or to make searches faster.
|
|
||||||
// +optional
|
|
||||||
Base string `json:"base,omitempty"`
|
|
||||||
|
|
||||||
// Filter is the ActiveDirectory search filter which should be applied when searching for groups for a user.
|
|
||||||
// The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the
|
|
||||||
// value of an attribute of the user entry found as a result of the user search. Which attribute's
|
|
||||||
// value is used to replace the placeholder(s) depends on the value of UserAttributeForFilter.
|
|
||||||
// E.g. "member={}" or "&(objectClass=groupOfNames)(member={})".
|
|
||||||
// For more information about ActiveDirectory filters, see https://ldap.com/ldap-filters.
|
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
|
||||||
// Optional. When not specified, the default will act as if the filter were specified as
|
|
||||||
// "(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={})".
|
|
||||||
// This searches nested groups by default.
|
|
||||||
// Note that nested group search can be slow for some Active Directory servers. To disable it,
|
|
||||||
// you can set the filter to
|
|
||||||
// "(&(objectClass=group)(member={})"
|
|
||||||
// +optional
|
|
||||||
Filter string `json:"filter,omitempty"`
|
|
||||||
|
|
||||||
// UserAttributeForFilter specifies which attribute's value from the user entry found as a result of
|
|
||||||
// the user search will be used to replace the "{}" placeholder(s) in the group search Filter.
|
|
||||||
// For example, specifying "uid" as the UserAttributeForFilter while specifying
|
|
||||||
// "&(objectClass=posixGroup)(memberUid={})" as the Filter would search for groups by replacing
|
|
||||||
// the "{}" placeholder in the Filter with the value of the user's "uid" attribute.
|
|
||||||
// Optional. When not specified, the default will act as if "dn" were specified. For example, leaving
|
|
||||||
// UserAttributeForFilter unspecified while specifying "&(objectClass=groupOfNames)(member={})" as the Filter
|
|
||||||
// would search for groups by replacing the "{}" placeholder(s) with the dn (distinguished name) of the user.
|
|
||||||
// +optional
|
|
||||||
UserAttributeForFilter string `json:"userAttributeForFilter,omitempty"`
|
|
||||||
|
|
||||||
// Attributes specifies how the group's information should be read from each ActiveDirectory entry which was found as
|
|
||||||
// the result of the group search.
|
|
||||||
// +optional
|
|
||||||
Attributes ActiveDirectoryIdentityProviderGroupSearchAttributes `json:"attributes,omitempty"`
|
|
||||||
|
|
||||||
// The user's group membership is refreshed as they interact with the supervisor
|
|
||||||
// to obtain new credentials (as their old credentials expire). This allows group
|
|
||||||
// membership changes to be quickly reflected into Kubernetes clusters. Since
|
|
||||||
// group membership is often used to bind authorization policies, it is important
|
|
||||||
// to keep the groups observed in Kubernetes clusters in-sync with the identity
|
|
||||||
// provider.
|
|
||||||
//
|
|
||||||
// In some environments, frequent group membership queries may result in a
|
|
||||||
// significant performance impact on the identity provider and/or the supervisor.
|
|
||||||
// The best approach to handle performance impacts is to tweak the group query
|
|
||||||
// to be more performant, for example by disabling nested group search or by
|
|
||||||
// using a more targeted group search base.
|
|
||||||
//
|
|
||||||
// If the group search query cannot be made performant and you are willing to
|
|
||||||
// have group memberships remain static for approximately a day, then set
|
|
||||||
// skipGroupRefresh to true. This is an insecure configuration as authorization
|
|
||||||
// policies that are bound to group membership will not notice if a user has
|
|
||||||
// been removed from a particular group until their next login.
|
|
||||||
//
|
|
||||||
// This is an experimental feature that may be removed or significantly altered
|
|
||||||
// in the future. Consumers of this configuration should carefully read all
|
|
||||||
// release notes before upgrading to ensure that the meaning of this field has
|
|
||||||
// not changed.
|
|
||||||
SkipGroupRefresh bool `json:"skipGroupRefresh,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring an ActiveDirectory identity provider.
|
|
||||||
type ActiveDirectoryIdentityProviderSpec struct {
|
|
||||||
// Host is the hostname of this Active Directory identity provider, i.e., where to connect. For example: ldap.example.com:636.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Host string `json:"host"`
|
|
||||||
|
|
||||||
// TLS contains the connection settings for how to establish the connection to the Host.
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
|
|
||||||
// Bind contains the configuration for how to provide access credentials during an initial bind to the ActiveDirectory server
|
|
||||||
// to be allowed to perform searches and binds to validate a user's credentials during a user's authentication attempt.
|
|
||||||
Bind ActiveDirectoryIdentityProviderBind `json:"bind,omitempty"`
|
|
||||||
|
|
||||||
// UserSearch contains the configuration for searching for a user by name in Active Directory.
|
|
||||||
UserSearch ActiveDirectoryIdentityProviderUserSearch `json:"userSearch,omitempty"`
|
|
||||||
|
|
||||||
// GroupSearch contains the configuration for searching for a user's group membership in ActiveDirectory.
|
|
||||||
GroupSearch ActiveDirectoryIdentityProviderGroupSearch `json:"groupSearch,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// ActiveDirectoryIdentityProvider describes the configuration of an upstream Microsoft Active Directory identity provider.
|
|
||||||
// +genclient
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
|
|
||||||
// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
|
|
||||||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type ActiveDirectoryIdentityProvider struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the identity provider.
|
|
||||||
Spec ActiveDirectoryIdentityProviderSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the identity provider.
|
|
||||||
Status ActiveDirectoryIdentityProviderStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of ActiveDirectoryIdentityProvider objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type ActiveDirectoryIdentityProviderList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []ActiveDirectoryIdentityProvider `json:"items"`
|
|
||||||
}
|
|
@ -1,207 +0,0 @@
|
|||||||
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
type LDAPIdentityProviderPhase string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
|
|
||||||
LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
|
|
||||||
|
|
||||||
// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
|
|
||||||
LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
|
|
||||||
|
|
||||||
// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
|
|
||||||
LDAPPhaseError LDAPIdentityProviderPhase = "Error"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Status of an LDAP identity provider.
|
|
||||||
type LDAPIdentityProviderStatus struct {
|
|
||||||
// Phase summarizes the overall status of the LDAPIdentityProvider.
|
|
||||||
// +kubebuilder:default=Pending
|
|
||||||
// +kubebuilder:validation:Enum=Pending;Ready;Error
|
|
||||||
Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
|
|
||||||
|
|
||||||
// Represents the observations of an identity provider's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type LDAPIdentityProviderBind struct {
|
|
||||||
// SecretName contains the name of a namespace-local Secret object that provides the username and
|
|
||||||
// password for an LDAP bind user. This account will be used to perform LDAP searches. The Secret should be
|
|
||||||
// of type "kubernetes.io/basic-auth" which includes "username" and "password" keys. The username value
|
|
||||||
// should be the full dn (distinguished name) of your bind account, e.g. "cn=bind-account,ou=users,dc=example,dc=com".
|
|
||||||
// The password must be non-empty.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
SecretName string `json:"secretName"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type LDAPIdentityProviderUserSearchAttributes struct {
|
|
||||||
// Username specifies the name of the attribute in the LDAP entry whose value shall become the username
|
|
||||||
// of the user after a successful authentication. This would typically be the same attribute name used in
|
|
||||||
// the user search filter, although it can be different. E.g. "mail" or "uid" or "userPrincipalName".
|
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
|
|
||||||
// server in the user's entry. Distinguished names can be used by specifying lower-case "dn". When this field
|
|
||||||
// is set to "dn" then the LDAPIdentityProviderUserSearch's Filter field cannot be blank, since the default
|
|
||||||
// value of "dn={}" would not work.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Username string `json:"username,omitempty"`
|
|
||||||
|
|
||||||
// UID specifies the name of the attribute in the LDAP entry which whose value shall be used to uniquely
|
|
||||||
// identify the user within this LDAP provider after a successful authentication. E.g. "uidNumber" or "objectGUID".
|
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
|
|
||||||
// server in the user's entry. Distinguished names can be used by specifying lower-case "dn".
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
UID string `json:"uid,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type LDAPIdentityProviderGroupSearchAttributes struct {
|
|
||||||
// GroupName specifies the name of the attribute in the LDAP entries whose value shall become a group name
|
|
||||||
// in the user's list of groups after a successful authentication.
|
|
||||||
// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
|
|
||||||
// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
|
|
||||||
// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
|
|
||||||
// +optional
|
|
||||||
GroupName string `json:"groupName,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type LDAPIdentityProviderUserSearch struct {
|
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for users.
|
|
||||||
// E.g. "ou=users,dc=example,dc=com".
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Base string `json:"base,omitempty"`
|
|
||||||
|
|
||||||
// Filter is the LDAP search filter which should be applied when searching for users. The pattern "{}" must occur
|
|
||||||
// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
|
|
||||||
// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
|
|
||||||
// https://ldap.com/ldap-filters.
|
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as the value from
|
|
||||||
// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
|
|
||||||
// explicitly specified, since the default value of "dn={}" would not work.
|
|
||||||
// +optional
|
|
||||||
Filter string `json:"filter,omitempty"`
|
|
||||||
|
|
||||||
// Attributes specifies how the user's information should be read from the LDAP entry which was found as
|
|
||||||
// the result of the user search.
|
|
||||||
// +optional
|
|
||||||
Attributes LDAPIdentityProviderUserSearchAttributes `json:"attributes,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type LDAPIdentityProviderGroupSearch struct {
|
|
||||||
// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
|
|
||||||
// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
|
|
||||||
// authenticated users will not belong to any groups from the LDAP provider. Also, when not specified,
|
|
||||||
// the values of Filter, UserAttributeForFilter, Attributes, and SkipGroupRefresh are ignored.
|
|
||||||
// +optional
|
|
||||||
Base string `json:"base,omitempty"`
|
|
||||||
|
|
||||||
// Filter is the LDAP search filter which should be applied when searching for groups for a user.
|
|
||||||
// The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the
|
|
||||||
// value of an attribute of the user entry found as a result of the user search. Which attribute's
|
|
||||||
// value is used to replace the placeholder(s) depends on the value of UserAttributeForFilter.
|
|
||||||
// For more information about LDAP filters, see https://ldap.com/ldap-filters.
|
|
||||||
// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
|
|
||||||
// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
|
|
||||||
// +optional
|
|
||||||
Filter string `json:"filter,omitempty"`
|
|
||||||
|
|
||||||
// UserAttributeForFilter specifies which attribute's value from the user entry found as a result of
|
|
||||||
// the user search will be used to replace the "{}" placeholder(s) in the group search Filter.
|
|
||||||
// For example, specifying "uid" as the UserAttributeForFilter while specifying
|
|
||||||
// "&(objectClass=posixGroup)(memberUid={})" as the Filter would search for groups by replacing
|
|
||||||
// the "{}" placeholder in the Filter with the value of the user's "uid" attribute.
|
|
||||||
// Optional. When not specified, the default will act as if "dn" were specified. For example, leaving
|
|
||||||
// UserAttributeForFilter unspecified while specifying "&(objectClass=groupOfNames)(member={})" as the Filter
|
|
||||||
// would search for groups by replacing the "{}" placeholder(s) with the dn (distinguished name) of the user.
|
|
||||||
// +optional
|
|
||||||
UserAttributeForFilter string `json:"userAttributeForFilter,omitempty"`
|
|
||||||
|
|
||||||
// Attributes specifies how the group's information should be read from each LDAP entry which was found as
|
|
||||||
// the result of the group search.
|
|
||||||
// +optional
|
|
||||||
Attributes LDAPIdentityProviderGroupSearchAttributes `json:"attributes,omitempty"`
|
|
||||||
|
|
||||||
// The user's group membership is refreshed as they interact with the supervisor
|
|
||||||
// to obtain new credentials (as their old credentials expire). This allows group
|
|
||||||
// membership changes to be quickly reflected into Kubernetes clusters. Since
|
|
||||||
// group membership is often used to bind authorization policies, it is important
|
|
||||||
// to keep the groups observed in Kubernetes clusters in-sync with the identity
|
|
||||||
// provider.
|
|
||||||
//
|
|
||||||
// In some environments, frequent group membership queries may result in a
|
|
||||||
// significant performance impact on the identity provider and/or the supervisor.
|
|
||||||
// The best approach to handle performance impacts is to tweak the group query
|
|
||||||
// to be more performant, for example by disabling nested group search or by
|
|
||||||
// using a more targeted group search base.
|
|
||||||
//
|
|
||||||
// If the group search query cannot be made performant and you are willing to
|
|
||||||
// have group memberships remain static for approximately a day, then set
|
|
||||||
// skipGroupRefresh to true. This is an insecure configuration as authorization
|
|
||||||
// policies that are bound to group membership will not notice if a user has
|
|
||||||
// been removed from a particular group until their next login.
|
|
||||||
//
|
|
||||||
// This is an experimental feature that may be removed or significantly altered
|
|
||||||
// in the future. Consumers of this configuration should carefully read all
|
|
||||||
// release notes before upgrading to ensure that the meaning of this field has
|
|
||||||
// not changed.
|
|
||||||
SkipGroupRefresh bool `json:"skipGroupRefresh,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Spec for configuring an LDAP identity provider.
|
|
||||||
type LDAPIdentityProviderSpec struct {
|
|
||||||
// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Host string `json:"host"`
|
|
||||||
|
|
||||||
// TLS contains the connection settings for how to establish the connection to the Host.
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
|
|
||||||
// Bind contains the configuration for how to provide access credentials during an initial bind to the LDAP server
|
|
||||||
// to be allowed to perform searches and binds to validate a user's credentials during a user's authentication attempt.
|
|
||||||
Bind LDAPIdentityProviderBind `json:"bind,omitempty"`
|
|
||||||
|
|
||||||
// UserSearch contains the configuration for searching for a user by name in the LDAP provider.
|
|
||||||
UserSearch LDAPIdentityProviderUserSearch `json:"userSearch,omitempty"`
|
|
||||||
|
|
||||||
// GroupSearch contains the configuration for searching for a user's group membership in the LDAP provider.
|
|
||||||
GroupSearch LDAPIdentityProviderGroupSearch `json:"groupSearch,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
|
|
||||||
// Protocol (LDAP) identity provider.
|
|
||||||
// +genclient
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
|
|
||||||
// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
|
|
||||||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type LDAPIdentityProvider struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the identity provider.
|
|
||||||
Spec LDAPIdentityProviderSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the identity provider.
|
|
||||||
Status LDAPIdentityProviderStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// List of LDAPIdentityProvider objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type LDAPIdentityProviderList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []LDAPIdentityProvider `json:"items"`
|
|
||||||
}
|
|
@ -1,75 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
|
|
||||||
// ConditionStatus is effectively an enum type for Condition.Status.
|
|
||||||
type ConditionStatus string
|
|
||||||
|
|
||||||
// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
|
|
||||||
// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
|
|
||||||
// can't decide if a resource is in the condition or not. In the future, we could add other
|
|
||||||
// intermediate conditions, e.g. ConditionDegraded.
|
|
||||||
const (
|
|
||||||
ConditionTrue ConditionStatus = "True"
|
|
||||||
ConditionFalse ConditionStatus = "False"
|
|
||||||
ConditionUnknown ConditionStatus = "Unknown"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
|
|
||||||
// version we can switch to using the upstream type.
|
|
||||||
// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
|
|
||||||
type Condition struct {
|
|
||||||
// type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
||||||
// ---
|
|
||||||
// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
|
|
||||||
// useful (see .node.status.conditions), the ability to deconflict is important.
|
|
||||||
// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
|
|
||||||
// +kubebuilder:validation:MaxLength=316
|
|
||||||
Type string `json:"type"`
|
|
||||||
|
|
||||||
// status of the condition, one of True, False, Unknown.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Enum=True;False;Unknown
|
|
||||||
Status ConditionStatus `json:"status"`
|
|
||||||
|
|
||||||
// observedGeneration represents the .metadata.generation that the condition was set based upon.
|
|
||||||
// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
|
|
||||||
// with respect to the current state of the instance.
|
|
||||||
// +optional
|
|
||||||
// +kubebuilder:validation:Minimum=0
|
|
||||||
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
|
|
||||||
|
|
||||||
// lastTransitionTime is the last time the condition transitioned from one status to another.
|
|
||||||
// This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:Type=string
|
|
||||||
// +kubebuilder:validation:Format=date-time
|
|
||||||
LastTransitionTime metav1.Time `json:"lastTransitionTime"`
|
|
||||||
|
|
||||||
// reason contains a programmatic identifier indicating the reason for the condition's last transition.
|
|
||||||
// Producers of specific condition types may define expected values and meanings for this field,
|
|
||||||
// and whether the values are considered a guaranteed API.
|
|
||||||
// The value should be a CamelCase string.
|
|
||||||
// This field may not be empty.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:MaxLength=1024
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
|
|
||||||
Reason string `json:"reason"`
|
|
||||||
|
|
||||||
// message is a human readable message indicating details about the transition.
|
|
||||||
// This may be an empty string.
|
|
||||||
// +required
|
|
||||||
// +kubebuilder:validation:Required
|
|
||||||
// +kubebuilder:validation:MaxLength=32768
|
|
||||||
Message string `json:"message"`
|
|
||||||
}
|
|
@ -1,217 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
)
|
|
||||||
|
|
||||||
type OIDCIdentityProviderPhase string
|
|
||||||
|
|
||||||
const (
|
|
||||||
// PhasePending is the default phase for newly-created OIDCIdentityProvider resources.
|
|
||||||
PhasePending OIDCIdentityProviderPhase = "Pending"
|
|
||||||
|
|
||||||
// PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state.
|
|
||||||
PhaseReady OIDCIdentityProviderPhase = "Ready"
|
|
||||||
|
|
||||||
// PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state.
|
|
||||||
PhaseError OIDCIdentityProviderPhase = "Error"
|
|
||||||
)
|
|
||||||
|
|
||||||
// OIDCIdentityProviderStatus is the status of an OIDC identity provider.
|
|
||||||
type OIDCIdentityProviderStatus struct {
|
|
||||||
// Phase summarizes the overall status of the OIDCIdentityProvider.
|
|
||||||
// +kubebuilder:default=Pending
|
|
||||||
// +kubebuilder:validation:Enum=Pending;Ready;Error
|
|
||||||
Phase OIDCIdentityProviderPhase `json:"phase,omitempty"`
|
|
||||||
|
|
||||||
// Represents the observations of an identity provider's current state.
|
|
||||||
// +patchMergeKey=type
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=type
|
|
||||||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCAuthorizationConfig provides information about how to form the OAuth2 authorization
|
|
||||||
// request parameters.
|
|
||||||
type OIDCAuthorizationConfig struct {
|
|
||||||
// additionalScopes are the additional scopes that will be requested from your OIDC provider in the authorization
|
|
||||||
// request during an OIDC Authorization Code Flow and in the token request during a Resource Owner Password Credentials
|
|
||||||
// Grant. Note that the "openid" scope will always be requested regardless of the value in this setting, since it is
|
|
||||||
// always required according to the OIDC spec. By default, when this field is not set, the Supervisor will request
|
|
||||||
// the following scopes: "openid", "offline_access", "email", and "profile". See
|
|
||||||
// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims for a description of the "profile" and "email"
|
|
||||||
// scopes. See https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess for a description of the
|
|
||||||
// "offline_access" scope. This default value may change in future versions of Pinniped as the standard evolves,
|
|
||||||
// or as common patterns used by providers who implement the standard in the ecosystem evolve.
|
|
||||||
// By setting this list to anything other than an empty list, you are overriding the
|
|
||||||
// default value, so you may wish to include some of "offline_access", "email", and "profile" in your override list.
|
|
||||||
// If you do not want any of these scopes to be requested, you may set this list to contain only "openid".
|
|
||||||
// Some OIDC providers may also require a scope to get access to the user's group membership, in which case you
|
|
||||||
// may wish to include it in this list. Sometimes the scope to request the user's group membership is called
|
|
||||||
// "groups", but unfortunately this is not specified in the OIDC standard.
|
|
||||||
// Generally speaking, you should include any scopes required to cause the appropriate claims to be the returned by
|
|
||||||
// your OIDC provider in the ID token or userinfo endpoint results for those claims which you would like to use in
|
|
||||||
// the oidcClaims settings to determine the usernames and group memberships of your Kubernetes users. See
|
|
||||||
// your OIDC provider's documentation for more information about what scopes are available to request claims.
|
|
||||||
// Additionally, the Pinniped Supervisor requires that your OIDC provider returns refresh tokens to the Supervisor
|
|
||||||
// from these authorization flows. For most OIDC providers, the scope required to receive refresh tokens will be
|
|
||||||
// "offline_access". See the documentation of your OIDC provider's authorization and token endpoints for its
|
|
||||||
// requirements for what to include in the request in order to receive a refresh token in the response, if anything.
|
|
||||||
// Note that it may be safe to send "offline_access" even to providers which do not require it, since the provider
|
|
||||||
// may ignore scopes that it does not understand or require (see
|
|
||||||
// https://datatracker.ietf.org/doc/html/rfc6749#section-3.3). In the unusual case that you must avoid sending the
|
|
||||||
// "offline_access" scope, then you must override the default value of this setting. This is required if your OIDC
|
|
||||||
// provider will reject the request when it includes "offline_access" (e.g. GitLab's OIDC provider).
|
|
||||||
// +optional
|
|
||||||
AdditionalScopes []string `json:"additionalScopes,omitempty"`
|
|
||||||
|
|
||||||
// additionalAuthorizeParameters are extra query parameters that should be included in the authorize request to your
|
|
||||||
// OIDC provider in the authorization request during an OIDC Authorization Code Flow. By default, no extra
|
|
||||||
// parameters are sent. The standard parameters that will be sent are "response_type", "scope", "client_id",
|
|
||||||
// "state", "nonce", "code_challenge", "code_challenge_method", and "redirect_uri". These parameters cannot be
|
|
||||||
// included in this setting. Additionally, the "hd" parameter cannot be included in this setting at this time.
|
|
||||||
// The "hd" parameter is used by Google's OIDC provider to provide a hint as to which "hosted domain" the user
|
|
||||||
// should use during login. However, Pinniped does not yet support validating the hosted domain in the resulting
|
|
||||||
// ID token, so it is not yet safe to use this feature of Google's OIDC provider with Pinniped.
|
|
||||||
// This setting does not influence the parameters sent to the token endpoint in the Resource Owner Password
|
|
||||||
// Credentials Grant. The Pinniped Supervisor requires that your OIDC provider returns refresh tokens to the
|
|
||||||
// Supervisor from the authorization flows. Some OIDC providers may require a certain value for the "prompt"
|
|
||||||
// parameter in order to properly request refresh tokens. See the documentation of your OIDC provider's
|
|
||||||
// authorization endpoint for its requirements for what to include in the request in order to receive a refresh
|
|
||||||
// token in the response, if anything. If your provider requires the prompt parameter to request a refresh token,
|
|
||||||
// then include it here. Also note that most providers also require a certain scope to be requested in order to
|
|
||||||
// receive refresh tokens. See the additionalScopes setting for more information about using scopes to request
|
|
||||||
// refresh tokens.
|
|
||||||
// +optional
|
|
||||||
// +patchMergeKey=name
|
|
||||||
// +patchStrategy=merge
|
|
||||||
// +listType=map
|
|
||||||
// +listMapKey=name
|
|
||||||
AdditionalAuthorizeParameters []Parameter `json:"additionalAuthorizeParameters,omitempty"`
|
|
||||||
|
|
||||||
// allowPasswordGrant, when true, will allow the use of OAuth 2.0's Resource Owner Password Credentials Grant
|
|
||||||
// (see https://datatracker.ietf.org/doc/html/rfc6749#section-4.3) to authenticate to the OIDC provider using a
|
|
||||||
// username and password without a web browser, in addition to the usual browser-based OIDC Authorization Code Flow.
|
|
||||||
// The Resource Owner Password Credentials Grant is not officially part of the OIDC specification, so it may not be
|
|
||||||
// supported by your OIDC provider. If your OIDC provider supports returning ID tokens from a Resource Owner Password
|
|
||||||
// Credentials Grant token request, then you can choose to set this field to true. This will allow end users to choose
|
|
||||||
// to present their username and password to the kubectl CLI (using the Pinniped plugin) to authenticate to the
|
|
||||||
// cluster, without using a web browser to log in as is customary in OIDC Authorization Code Flow. This may be
|
|
||||||
// convenient for users, especially for identities from your OIDC provider which are not intended to represent a human
|
|
||||||
// actor, such as service accounts performing actions in a CI/CD environment. Even if your OIDC provider supports it,
|
|
||||||
// you may wish to disable this behavior by setting this field to false when you prefer to only allow users of this
|
|
||||||
// OIDCIdentityProvider to log in via the browser-based OIDC Authorization Code Flow. Using the Resource Owner Password
|
|
||||||
// Credentials Grant means that the Pinniped CLI and Pinniped Supervisor will directly handle your end users' passwords
|
|
||||||
// (similar to LDAPIdentityProvider), and you will not be able to require multi-factor authentication or use the other
|
|
||||||
// web-based login features of your OIDC provider during Resource Owner Password Credentials Grant logins.
|
|
||||||
// allowPasswordGrant defaults to false.
|
|
||||||
// +optional
|
|
||||||
AllowPasswordGrant bool `json:"allowPasswordGrant,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// Parameter is a key/value pair which represents a parameter in an HTTP request.
|
|
||||||
type Parameter struct {
|
|
||||||
// The name of the parameter. Required.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
Name string `json:"name"`
|
|
||||||
|
|
||||||
// The value of the parameter.
|
|
||||||
// +optional
|
|
||||||
Value string `json:"value,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCClaims provides a mapping from upstream claims into identities.
|
|
||||||
type OIDCClaims struct {
|
|
||||||
// Groups provides the name of the ID token claim or userinfo endpoint response claim that will be used to ascertain
|
|
||||||
// the groups to which an identity belongs. By default, the identities will not include any group memberships when
|
|
||||||
// this setting is not configured.
|
|
||||||
// +optional
|
|
||||||
Groups string `json:"groups"`
|
|
||||||
|
|
||||||
// Username provides the name of the ID token claim or userinfo endpoint response claim that will be used to
|
|
||||||
// ascertain an identity's username. When not set, the username will be an automatically constructed unique string
|
|
||||||
// which will include the issuer URL of your OIDC provider along with the value of the "sub" (subject) claim from
|
|
||||||
// the ID token.
|
|
||||||
// +optional
|
|
||||||
Username string `json:"username"`
|
|
||||||
|
|
||||||
// AdditionalClaimMappings allows for additional arbitrary upstream claim values to be mapped into the
|
|
||||||
// "additionalClaims" claim of the ID tokens generated by the Supervisor. This should be specified as a map of
|
|
||||||
// new claim names as the keys, and upstream claim names as the values. These new claim names will be nested
|
|
||||||
// under the top-level "additionalClaims" claim in ID tokens generated by the Supervisor when this
|
|
||||||
// OIDCIdentityProvider was used for user authentication. These claims will be made available to all clients.
|
|
||||||
// This feature is not required to use the Supervisor to provide authentication for Kubernetes clusters, but can be
|
|
||||||
// used when using the Supervisor for other authentication purposes. When this map is empty or the upstream claims
|
|
||||||
// are not available, the "additionalClaims" claim will be excluded from the ID tokens generated by the Supervisor.
|
|
||||||
// +optional
|
|
||||||
AdditionalClaimMappings map[string]string `json:"additionalClaimMappings,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCClient contains information about an OIDC client (e.g., client ID and client
|
|
||||||
// secret).
|
|
||||||
type OIDCClient struct {
|
|
||||||
// SecretName contains the name of a namespace-local Secret object that provides the clientID and
|
|
||||||
// clientSecret for an OIDC client. If only the SecretName is specified in an OIDCClient
|
|
||||||
// struct, then it is expected that the Secret is of type "secrets.pinniped.dev/oidc-client" with keys
|
|
||||||
// "clientID" and "clientSecret".
|
|
||||||
SecretName string `json:"secretName"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCIdentityProviderSpec is the spec for configuring an OIDC identity provider.
|
|
||||||
type OIDCIdentityProviderSpec struct {
|
|
||||||
// Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch
|
|
||||||
// /.well-known/openid-configuration.
|
|
||||||
// +kubebuilder:validation:MinLength=1
|
|
||||||
// +kubebuilder:validation:Pattern=`^https://`
|
|
||||||
Issuer string `json:"issuer"`
|
|
||||||
|
|
||||||
// TLS configuration for discovery/JWKS requests to the issuer.
|
|
||||||
// +optional
|
|
||||||
TLS *TLSSpec `json:"tls,omitempty"`
|
|
||||||
|
|
||||||
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
|
||||||
// parameters to be used with this OIDC identity provider.
|
|
||||||
// +optional
|
|
||||||
AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"`
|
|
||||||
|
|
||||||
// Claims provides the names of token claims that will be used when inspecting an identity from
|
|
||||||
// this OIDC identity provider.
|
|
||||||
// +optional
|
|
||||||
Claims OIDCClaims `json:"claims"`
|
|
||||||
|
|
||||||
// OIDCClient contains OIDC client information to be used used with this OIDC identity
|
|
||||||
// provider.
|
|
||||||
Client OIDCClient `json:"client"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider.
|
|
||||||
// +genclient
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
|
|
||||||
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
|
|
||||||
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
|
|
||||||
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
|
|
||||||
// +kubebuilder:subresource:status
|
|
||||||
type OIDCIdentityProvider struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
// Spec for configuring the identity provider.
|
|
||||||
Spec OIDCIdentityProviderSpec `json:"spec"`
|
|
||||||
|
|
||||||
// Status of the identity provider.
|
|
||||||
Status OIDCIdentityProviderStatus `json:"status,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCIdentityProviderList lists OIDCIdentityProvider objects.
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
type OIDCIdentityProviderList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
|
|
||||||
Items []OIDCIdentityProvider `json:"items"`
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
// Configuration for TLS parameters related to identity provider integration.
|
|
||||||
type TLSSpec struct {
|
|
||||||
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
|
||||||
// +optional
|
|
||||||
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
|
||||||
}
|
|
@ -1,615 +0,0 @@
|
|||||||
//go:build !ignore_autogenerated
|
|
||||||
// +build !ignore_autogenerated
|
|
||||||
|
|
||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProvider) DeepCopyInto(out *ActiveDirectoryIdentityProvider) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProvider.
|
|
||||||
func (in *ActiveDirectoryIdentityProvider) DeepCopy() *ActiveDirectoryIdentityProvider {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProvider)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *ActiveDirectoryIdentityProvider) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderBind) DeepCopyInto(out *ActiveDirectoryIdentityProviderBind) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderBind.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderBind) DeepCopy() *ActiveDirectoryIdentityProviderBind {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderBind)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderGroupSearch) DeepCopyInto(out *ActiveDirectoryIdentityProviderGroupSearch) {
|
|
||||||
*out = *in
|
|
||||||
out.Attributes = in.Attributes
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderGroupSearch.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderGroupSearch) DeepCopy() *ActiveDirectoryIdentityProviderGroupSearch {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderGroupSearch)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderGroupSearchAttributes) DeepCopyInto(out *ActiveDirectoryIdentityProviderGroupSearchAttributes) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderGroupSearchAttributes.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderGroupSearchAttributes) DeepCopy() *ActiveDirectoryIdentityProviderGroupSearchAttributes {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderGroupSearchAttributes)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderList) DeepCopyInto(out *ActiveDirectoryIdentityProviderList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]ActiveDirectoryIdentityProvider, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderList.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderList) DeepCopy() *ActiveDirectoryIdentityProviderList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderSpec) DeepCopyInto(out *ActiveDirectoryIdentityProviderSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(TLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
out.Bind = in.Bind
|
|
||||||
out.UserSearch = in.UserSearch
|
|
||||||
out.GroupSearch = in.GroupSearch
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderSpec.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderSpec) DeepCopy() *ActiveDirectoryIdentityProviderSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderStatus) DeepCopyInto(out *ActiveDirectoryIdentityProviderStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Conditions != nil {
|
|
||||||
in, out := &in.Conditions, &out.Conditions
|
|
||||||
*out = make([]Condition, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderStatus.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderStatus) DeepCopy() *ActiveDirectoryIdentityProviderStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderUserSearch) DeepCopyInto(out *ActiveDirectoryIdentityProviderUserSearch) {
|
|
||||||
*out = *in
|
|
||||||
out.Attributes = in.Attributes
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderUserSearch.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderUserSearch) DeepCopy() *ActiveDirectoryIdentityProviderUserSearch {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderUserSearch)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopyInto(out *ActiveDirectoryIdentityProviderUserSearchAttributes) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ActiveDirectoryIdentityProviderUserSearchAttributes.
|
|
||||||
func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *ActiveDirectoryIdentityProviderUserSearchAttributes {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(ActiveDirectoryIdentityProviderUserSearchAttributes)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *Condition) DeepCopyInto(out *Condition) {
|
|
||||||
*out = *in
|
|
||||||
in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
|
|
||||||
func (in *Condition) DeepCopy() *Condition {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(Condition)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider.
|
|
||||||
func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProvider)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *LDAPIdentityProvider) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderBind) DeepCopyInto(out *LDAPIdentityProviderBind) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderBind.
|
|
||||||
func (in *LDAPIdentityProviderBind) DeepCopy() *LDAPIdentityProviderBind {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderBind)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderGroupSearch) DeepCopyInto(out *LDAPIdentityProviderGroupSearch) {
|
|
||||||
*out = *in
|
|
||||||
out.Attributes = in.Attributes
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderGroupSearch.
|
|
||||||
func (in *LDAPIdentityProviderGroupSearch) DeepCopy() *LDAPIdentityProviderGroupSearch {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderGroupSearch)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderGroupSearchAttributes) DeepCopyInto(out *LDAPIdentityProviderGroupSearchAttributes) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderGroupSearchAttributes.
|
|
||||||
func (in *LDAPIdentityProviderGroupSearchAttributes) DeepCopy() *LDAPIdentityProviderGroupSearchAttributes {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderGroupSearchAttributes)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderList) DeepCopyInto(out *LDAPIdentityProviderList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]LDAPIdentityProvider, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderList.
|
|
||||||
func (in *LDAPIdentityProviderList) DeepCopy() *LDAPIdentityProviderList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *LDAPIdentityProviderList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderSpec) DeepCopyInto(out *LDAPIdentityProviderSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(TLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
out.Bind = in.Bind
|
|
||||||
out.UserSearch = in.UserSearch
|
|
||||||
out.GroupSearch = in.GroupSearch
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderSpec.
|
|
||||||
func (in *LDAPIdentityProviderSpec) DeepCopy() *LDAPIdentityProviderSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderStatus) DeepCopyInto(out *LDAPIdentityProviderStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Conditions != nil {
|
|
||||||
in, out := &in.Conditions, &out.Conditions
|
|
||||||
*out = make([]Condition, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderStatus.
|
|
||||||
func (in *LDAPIdentityProviderStatus) DeepCopy() *LDAPIdentityProviderStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderUserSearch) DeepCopyInto(out *LDAPIdentityProviderUserSearch) {
|
|
||||||
*out = *in
|
|
||||||
out.Attributes = in.Attributes
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderUserSearch.
|
|
||||||
func (in *LDAPIdentityProviderUserSearch) DeepCopy() *LDAPIdentityProviderUserSearch {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderUserSearch)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *LDAPIdentityProviderUserSearchAttributes) DeepCopyInto(out *LDAPIdentityProviderUserSearchAttributes) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProviderUserSearchAttributes.
|
|
||||||
func (in *LDAPIdentityProviderUserSearchAttributes) DeepCopy() *LDAPIdentityProviderUserSearchAttributes {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(LDAPIdentityProviderUserSearchAttributes)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig) {
|
|
||||||
*out = *in
|
|
||||||
if in.AdditionalScopes != nil {
|
|
||||||
in, out := &in.AdditionalScopes, &out.AdditionalScopes
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.AdditionalAuthorizeParameters != nil {
|
|
||||||
in, out := &in.AdditionalAuthorizeParameters, &out.AdditionalAuthorizeParameters
|
|
||||||
*out = make([]Parameter, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCAuthorizationConfig.
|
|
||||||
func (in *OIDCAuthorizationConfig) DeepCopy() *OIDCAuthorizationConfig {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCAuthorizationConfig)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClaims) DeepCopyInto(out *OIDCClaims) {
|
|
||||||
*out = *in
|
|
||||||
if in.AdditionalClaimMappings != nil {
|
|
||||||
in, out := &in.AdditionalClaimMappings, &out.AdditionalClaimMappings
|
|
||||||
*out = make(map[string]string, len(*in))
|
|
||||||
for key, val := range *in {
|
|
||||||
(*out)[key] = val
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClaims.
|
|
||||||
func (in *OIDCClaims) DeepCopy() *OIDCClaims {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClaims)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
|
|
||||||
func (in *OIDCClient) DeepCopy() *OIDCClient {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCClient)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCIdentityProvider) DeepCopyInto(out *OIDCIdentityProvider) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
|
||||||
in.Spec.DeepCopyInto(&out.Spec)
|
|
||||||
in.Status.DeepCopyInto(&out.Status)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProvider.
|
|
||||||
func (in *OIDCIdentityProvider) DeepCopy() *OIDCIdentityProvider {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCIdentityProvider)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCIdentityProvider) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCIdentityProviderList) DeepCopyInto(out *OIDCIdentityProviderList) {
|
|
||||||
*out = *in
|
|
||||||
out.TypeMeta = in.TypeMeta
|
|
||||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
|
||||||
if in.Items != nil {
|
|
||||||
in, out := &in.Items, &out.Items
|
|
||||||
*out = make([]OIDCIdentityProvider, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderList.
|
|
||||||
func (in *OIDCIdentityProviderList) DeepCopy() *OIDCIdentityProviderList {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCIdentityProviderList)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
|
||||||
func (in *OIDCIdentityProviderList) DeepCopyObject() runtime.Object {
|
|
||||||
if c := in.DeepCopy(); c != nil {
|
|
||||||
return c
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCIdentityProviderSpec) DeepCopyInto(out *OIDCIdentityProviderSpec) {
|
|
||||||
*out = *in
|
|
||||||
if in.TLS != nil {
|
|
||||||
in, out := &in.TLS, &out.TLS
|
|
||||||
*out = new(TLSSpec)
|
|
||||||
**out = **in
|
|
||||||
}
|
|
||||||
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
|
||||||
in.Claims.DeepCopyInto(&out.Claims)
|
|
||||||
out.Client = in.Client
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderSpec.
|
|
||||||
func (in *OIDCIdentityProviderSpec) DeepCopy() *OIDCIdentityProviderSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCIdentityProviderSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *OIDCIdentityProviderStatus) DeepCopyInto(out *OIDCIdentityProviderStatus) {
|
|
||||||
*out = *in
|
|
||||||
if in.Conditions != nil {
|
|
||||||
in, out := &in.Conditions, &out.Conditions
|
|
||||||
*out = make([]Condition, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderStatus.
|
|
||||||
func (in *OIDCIdentityProviderStatus) DeepCopy() *OIDCIdentityProviderStatus {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(OIDCIdentityProviderStatus)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *Parameter) DeepCopyInto(out *Parameter) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Parameter.
|
|
||||||
func (in *Parameter) DeepCopy() *Parameter {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(Parameter)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *TLSSpec) DeepCopyInto(out *TLSSpec) {
|
|
||||||
*out = *in
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
|
|
||||||
func (in *TLSSpec) DeepCopy() *TLSSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(TLSSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
@ -1,66 +0,0 @@
|
|||||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
// IDPType are the strings that can be returned by the Supervisor identity provider discovery endpoint
|
|
||||||
// as the "type" of each returned identity provider.
|
|
||||||
type IDPType string
|
|
||||||
|
|
||||||
// IDPFlow are the strings that can be returned by the Supervisor identity provider discovery endpoint
|
|
||||||
// in the array of allowed client "flows" for each returned identity provider.
|
|
||||||
type IDPFlow string
|
|
||||||
|
|
||||||
const (
|
|
||||||
IDPTypeOIDC IDPType = "oidc"
|
|
||||||
IDPTypeLDAP IDPType = "ldap"
|
|
||||||
IDPTypeActiveDirectory IDPType = "activedirectory"
|
|
||||||
|
|
||||||
IDPFlowCLIPassword IDPFlow = "cli_password"
|
|
||||||
IDPFlowBrowserAuthcode IDPFlow = "browser_authcode"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Equals is a convenience function for comparing an IDPType to a string.
|
|
||||||
func (r IDPType) Equals(s string) bool {
|
|
||||||
return string(r) == s
|
|
||||||
}
|
|
||||||
|
|
||||||
// String is a convenience function to convert an IDPType to a string.
|
|
||||||
func (r IDPType) String() string {
|
|
||||||
return string(r)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Equals is a convenience function for comparing an IDPFlow to a string.
|
|
||||||
func (r IDPFlow) Equals(s string) bool {
|
|
||||||
return string(r) == s
|
|
||||||
}
|
|
||||||
|
|
||||||
// String is a convenience function to convert an IDPFlow to a string.
|
|
||||||
func (r IDPFlow) String() string {
|
|
||||||
return string(r)
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCDiscoveryResponse is part of the response from a FederationDomain's OpenID Provider Configuration
|
|
||||||
// Document returned by the .well-known/openid-configuration endpoint. It ignores all the standard OpenID Provider
|
|
||||||
// configuration metadata and only picks out the portion related to Supervisor identity provider discovery.
|
|
||||||
type OIDCDiscoveryResponse struct {
|
|
||||||
SupervisorDiscovery OIDCDiscoveryResponseIDPEndpoint `json:"discovery.supervisor.pinniped.dev/v1alpha1"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// OIDCDiscoveryResponseIDPEndpoint contains the URL for the identity provider discovery endpoint.
|
|
||||||
type OIDCDiscoveryResponseIDPEndpoint struct {
|
|
||||||
PinnipedIDPsEndpoint string `json:"pinniped_identity_providers_endpoint"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// IDPDiscoveryResponse is the response of a FederationDomain's identity provider discovery endpoint.
|
|
||||||
type IDPDiscoveryResponse struct {
|
|
||||||
PinnipedIDPs []PinnipedIDP `json:"pinniped_identity_providers"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// PinnipedIDP describes a single identity provider as included in the response of a FederationDomain's
|
|
||||||
// identity provider discovery endpoint.
|
|
||||||
type PinnipedIDP struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
Type IDPType `json:"type"`
|
|
||||||
Flows []IDPFlow `json:"flows,omitempty"`
|
|
||||||
}
|
|
@ -1,86 +0,0 @@
|
|||||||
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package oidc
|
|
||||||
|
|
||||||
// Constants related to the Supervisor FederationDomain's authorization and token endpoints.
|
|
||||||
const (
|
|
||||||
// AuthorizeUsernameHeaderName is the name of the HTTP header which can be used to transmit a username
|
|
||||||
// to the authorize endpoint when using a password flow, for example an OIDCIdentityProvider with a password grant
|
|
||||||
// or an LDAPIdentityProvider.
|
|
||||||
AuthorizeUsernameHeaderName = "Pinniped-Username"
|
|
||||||
|
|
||||||
// AuthorizePasswordHeaderName is the name of the HTTP header which can be used to transmit a password
|
|
||||||
// to the authorize endpoint when using a password flow, for example an OIDCIdentityProvider with a password grant
|
|
||||||
// or an LDAPIdentityProvider.
|
|
||||||
AuthorizePasswordHeaderName = "Pinniped-Password" //nolint:gosec // this is not a credential
|
|
||||||
|
|
||||||
// AuthorizeUpstreamIDPNameParamName is the name of the HTTP request parameter which can be used to help select
|
|
||||||
// which identity provider should be used for authentication by sending the name of the desired identity provider.
|
|
||||||
AuthorizeUpstreamIDPNameParamName = "pinniped_idp_name"
|
|
||||||
|
|
||||||
// AuthorizeUpstreamIDPTypeParamName is the name of the HTTP request parameter which can be used to help select
|
|
||||||
// which identity provider should be used for authentication by sending the type of the desired identity provider.
|
|
||||||
AuthorizeUpstreamIDPTypeParamName = "pinniped_idp_type"
|
|
||||||
|
|
||||||
// IDTokenClaimIssuer is name of the issuer claim defined by the OIDC spec.
|
|
||||||
IDTokenClaimIssuer = "iss"
|
|
||||||
|
|
||||||
// IDTokenClaimSubject is name of the subject claim defined by the OIDC spec.
|
|
||||||
IDTokenClaimSubject = "sub"
|
|
||||||
|
|
||||||
// IDTokenClaimAuthorizedParty is name of the authorized party claim defined by the OIDC spec.
|
|
||||||
IDTokenClaimAuthorizedParty = "azp"
|
|
||||||
|
|
||||||
// IDTokenClaimUsername is the name of a custom claim in the downstream ID token whose value will contain the user's
|
|
||||||
// username which was mapped from the upstream identity provider.
|
|
||||||
IDTokenClaimUsername = "username"
|
|
||||||
|
|
||||||
// IDTokenClaimGroups is the name of a custom claim in the downstream ID token whose value will contain the user's
|
|
||||||
// group names which were mapped from the upstream identity provider.
|
|
||||||
IDTokenClaimGroups = "groups"
|
|
||||||
|
|
||||||
// IDTokenClaimAdditionalClaims is the top level claim used to hold additional claims in the downstream ID
|
|
||||||
// token, if any claims are present.
|
|
||||||
IDTokenClaimAdditionalClaims = "additionalClaims"
|
|
||||||
|
|
||||||
// GrantTypeAuthorizationCode is the name of the grant type for authorization code flows defined by the OIDC spec.
|
|
||||||
GrantTypeAuthorizationCode = "authorization_code"
|
|
||||||
|
|
||||||
// GrantTypeRefreshToken is the name of the grant type for refresh flow defined by the OIDC spec.
|
|
||||||
GrantTypeRefreshToken = "refresh_token"
|
|
||||||
|
|
||||||
// GrantTypeTokenExchange is the name of a custom grant type for RFC8693 token exchanges.
|
|
||||||
GrantTypeTokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange" //nolint:gosec // this is not a credential
|
|
||||||
|
|
||||||
// ScopeOpenID is name of the openid scope defined by the OIDC spec.
|
|
||||||
ScopeOpenID = "openid"
|
|
||||||
|
|
||||||
// ScopeOfflineAccess is name of the offline access scope defined by the OIDC spec, used for requesting refresh
|
|
||||||
// tokens.
|
|
||||||
ScopeOfflineAccess = "offline_access"
|
|
||||||
|
|
||||||
// ScopeEmail is name of the email scope defined by the OIDC spec.
|
|
||||||
ScopeEmail = "email"
|
|
||||||
|
|
||||||
// ScopeProfile is name of the profile scope defined by the OIDC spec.
|
|
||||||
ScopeProfile = "profile"
|
|
||||||
|
|
||||||
// ScopeUsername is the name of a custom scope that determines whether the username claim will be returned inside
|
|
||||||
// ID tokens.
|
|
||||||
ScopeUsername = "username"
|
|
||||||
|
|
||||||
// ScopeGroups is the name of a custom scope that determines whether the groups claim will be returned inside
|
|
||||||
// ID tokens.
|
|
||||||
ScopeGroups = "groups"
|
|
||||||
|
|
||||||
// ScopeRequestAudience is the name of a custom scope that determines whether a RFC8693 token exchange is allowed to
|
|
||||||
// be used to request a different audience.
|
|
||||||
ScopeRequestAudience = "pinniped:request-audience"
|
|
||||||
|
|
||||||
// ClientIDPinnipedCLI is the client ID of the statically defined public OIDC client which is used by the CLI.
|
|
||||||
ClientIDPinnipedCLI = "pinniped-cli"
|
|
||||||
|
|
||||||
// ClientIDRequiredOIDCClientPrefix is the required prefix for the metadata.name of OIDCClient CRs.
|
|
||||||
ClientIDRequiredOIDCClientPrefix = "client.oauth.pinniped.dev-"
|
|
||||||
)
|
|
@ -1,126 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package versioned
|
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
|
|
||||||
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1"
|
|
||||||
configv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1"
|
|
||||||
identityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1"
|
|
||||||
loginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1"
|
|
||||||
discovery "k8s.io/client-go/discovery"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
flowcontrol "k8s.io/client-go/util/flowcontrol"
|
|
||||||
)
|
|
||||||
|
|
||||||
type Interface interface {
|
|
||||||
Discovery() discovery.DiscoveryInterface
|
|
||||||
AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
|
|
||||||
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
|
|
||||||
IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface
|
|
||||||
LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
// Clientset contains the clients for groups. Each group has exactly one
|
|
||||||
// version included in a Clientset.
|
|
||||||
type Clientset struct {
|
|
||||||
*discovery.DiscoveryClient
|
|
||||||
authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
|
|
||||||
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
|
|
||||||
identityV1alpha1 *identityv1alpha1.IdentityV1alpha1Client
|
|
||||||
loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client
|
|
||||||
}
|
|
||||||
|
|
||||||
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
|
|
||||||
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
|
|
||||||
return c.authenticationV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
|
|
||||||
func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
|
|
||||||
return c.configV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
// IdentityV1alpha1 retrieves the IdentityV1alpha1Client
|
|
||||||
func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface {
|
|
||||||
return c.identityV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
// LoginV1alpha1 retrieves the LoginV1alpha1Client
|
|
||||||
func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
|
|
||||||
return c.loginV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
// Discovery retrieves the DiscoveryClient
|
|
||||||
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
|
|
||||||
if c == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return c.DiscoveryClient
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfig creates a new Clientset for the given config.
|
|
||||||
// If config's RateLimiter is not set and QPS and Burst are acceptable,
|
|
||||||
// NewForConfig will generate a rate-limiter in configShallowCopy.
|
|
||||||
func NewForConfig(c *rest.Config) (*Clientset, error) {
|
|
||||||
configShallowCopy := *c
|
|
||||||
if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
|
|
||||||
if configShallowCopy.Burst <= 0 {
|
|
||||||
return nil, fmt.Errorf("Burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
|
|
||||||
}
|
|
||||||
configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
|
|
||||||
}
|
|
||||||
var cs Clientset
|
|
||||||
var err error
|
|
||||||
cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &cs, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfigOrDie creates a new Clientset for the given config and
|
|
||||||
// panics if there is an error in the config.
|
|
||||||
func NewForConfigOrDie(c *rest.Config) *Clientset {
|
|
||||||
var cs Clientset
|
|
||||||
cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
|
|
||||||
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
|
|
||||||
cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c)
|
|
||||||
cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
|
|
||||||
|
|
||||||
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
|
|
||||||
return &cs
|
|
||||||
}
|
|
||||||
|
|
||||||
// New creates a new Clientset for the given RESTClient.
|
|
||||||
func New(c rest.Interface) *Clientset {
|
|
||||||
var cs Clientset
|
|
||||||
cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
|
|
||||||
cs.configV1alpha1 = configv1alpha1.New(c)
|
|
||||||
cs.identityV1alpha1 = identityv1alpha1.New(c)
|
|
||||||
cs.loginV1alpha1 = loginv1alpha1.New(c)
|
|
||||||
|
|
||||||
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
|
|
||||||
return &cs
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// This package has the automatically generated clientset.
|
|
||||||
package versioned
|
|
@ -1,90 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
clientset "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
|
|
||||||
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1"
|
|
||||||
fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake"
|
|
||||||
configv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1"
|
|
||||||
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake"
|
|
||||||
identityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1"
|
|
||||||
fakeidentityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake"
|
|
||||||
loginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1"
|
|
||||||
fakeloginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake"
|
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
|
||||||
"k8s.io/apimachinery/pkg/watch"
|
|
||||||
"k8s.io/client-go/discovery"
|
|
||||||
fakediscovery "k8s.io/client-go/discovery/fake"
|
|
||||||
"k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
// NewSimpleClientset returns a clientset that will respond with the provided objects.
|
|
||||||
// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
|
|
||||||
// without applying any validations and/or defaults. It shouldn't be considered a replacement
|
|
||||||
// for a real clientset and is mostly useful in simple unit tests.
|
|
||||||
func NewSimpleClientset(objects ...runtime.Object) *Clientset {
|
|
||||||
o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
|
|
||||||
for _, obj := range objects {
|
|
||||||
if err := o.Add(obj); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
cs := &Clientset{tracker: o}
|
|
||||||
cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
|
|
||||||
cs.AddReactor("*", "*", testing.ObjectReaction(o))
|
|
||||||
cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
|
|
||||||
gvr := action.GetResource()
|
|
||||||
ns := action.GetNamespace()
|
|
||||||
watch, err := o.Watch(gvr, ns)
|
|
||||||
if err != nil {
|
|
||||||
return false, nil, err
|
|
||||||
}
|
|
||||||
return true, watch, nil
|
|
||||||
})
|
|
||||||
|
|
||||||
return cs
|
|
||||||
}
|
|
||||||
|
|
||||||
// Clientset implements clientset.Interface. Meant to be embedded into a
|
|
||||||
// struct to get a default implementation. This makes faking out just the method
|
|
||||||
// you want to test easier.
|
|
||||||
type Clientset struct {
|
|
||||||
testing.Fake
|
|
||||||
discovery *fakediscovery.FakeDiscovery
|
|
||||||
tracker testing.ObjectTracker
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Clientset) Discovery() discovery.DiscoveryInterface {
|
|
||||||
return c.discovery
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *Clientset) Tracker() testing.ObjectTracker {
|
|
||||||
return c.tracker
|
|
||||||
}
|
|
||||||
|
|
||||||
var _ clientset.Interface = &Clientset{}
|
|
||||||
|
|
||||||
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
|
|
||||||
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
|
|
||||||
return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
|
|
||||||
}
|
|
||||||
|
|
||||||
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
|
|
||||||
func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
|
|
||||||
return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
|
|
||||||
}
|
|
||||||
|
|
||||||
// IdentityV1alpha1 retrieves the IdentityV1alpha1Client
|
|
||||||
func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface {
|
|
||||||
return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake}
|
|
||||||
}
|
|
||||||
|
|
||||||
// LoginV1alpha1 retrieves the LoginV1alpha1Client
|
|
||||||
func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
|
|
||||||
return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake}
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// This package has the automatically generated fake clientset.
|
|
||||||
package fake
|
|
@ -1,49 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
|
|
||||||
identityv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
|
|
||||||
loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
|
||||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
var scheme = runtime.NewScheme()
|
|
||||||
var codecs = serializer.NewCodecFactory(scheme)
|
|
||||||
var parameterCodec = runtime.NewParameterCodec(scheme)
|
|
||||||
var localSchemeBuilder = runtime.SchemeBuilder{
|
|
||||||
authenticationv1alpha1.AddToScheme,
|
|
||||||
configv1alpha1.AddToScheme,
|
|
||||||
identityv1alpha1.AddToScheme,
|
|
||||||
loginv1alpha1.AddToScheme,
|
|
||||||
}
|
|
||||||
|
|
||||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
|
||||||
// of clientsets, like in:
|
|
||||||
//
|
|
||||||
// import (
|
|
||||||
// "k8s.io/client-go/kubernetes"
|
|
||||||
// clientsetscheme "k8s.io/client-go/kubernetes/scheme"
|
|
||||||
// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
|
|
||||||
// )
|
|
||||||
//
|
|
||||||
// kclientset, _ := kubernetes.NewForConfig(c)
|
|
||||||
// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
|
|
||||||
//
|
|
||||||
// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
|
|
||||||
// correctly.
|
|
||||||
var AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
|
|
||||||
utilruntime.Must(AddToScheme(scheme))
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// This package contains the scheme of the automatically generated clientset.
|
|
||||||
package scheme
|
|
@ -1,49 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package scheme
|
|
||||||
|
|
||||||
import (
|
|
||||||
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
|
|
||||||
identityv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
|
|
||||||
loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
|
||||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
|
||||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
|
||||||
)
|
|
||||||
|
|
||||||
var Scheme = runtime.NewScheme()
|
|
||||||
var Codecs = serializer.NewCodecFactory(Scheme)
|
|
||||||
var ParameterCodec = runtime.NewParameterCodec(Scheme)
|
|
||||||
var localSchemeBuilder = runtime.SchemeBuilder{
|
|
||||||
authenticationv1alpha1.AddToScheme,
|
|
||||||
configv1alpha1.AddToScheme,
|
|
||||||
identityv1alpha1.AddToScheme,
|
|
||||||
loginv1alpha1.AddToScheme,
|
|
||||||
}
|
|
||||||
|
|
||||||
// AddToScheme adds all types of this clientset into the given scheme. This allows composition
|
|
||||||
// of clientsets, like in:
|
|
||||||
//
|
|
||||||
// import (
|
|
||||||
// "k8s.io/client-go/kubernetes"
|
|
||||||
// clientsetscheme "k8s.io/client-go/kubernetes/scheme"
|
|
||||||
// aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
|
|
||||||
// )
|
|
||||||
//
|
|
||||||
// kclientset, _ := kubernetes.NewForConfig(c)
|
|
||||||
// _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
|
|
||||||
//
|
|
||||||
// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
|
|
||||||
// correctly.
|
|
||||||
var AddToScheme = localSchemeBuilder.AddToScheme
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
|
|
||||||
utilruntime.Must(AddToScheme(Scheme))
|
|
||||||
}
|
|
@ -1,81 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
"go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
)
|
|
||||||
|
|
||||||
type AuthenticationV1alpha1Interface interface {
|
|
||||||
RESTClient() rest.Interface
|
|
||||||
JWTAuthenticatorsGetter
|
|
||||||
WebhookAuthenticatorsGetter
|
|
||||||
}
|
|
||||||
|
|
||||||
// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.concierge.pinniped.dev group.
|
|
||||||
type AuthenticationV1alpha1Client struct {
|
|
||||||
restClient rest.Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
|
|
||||||
return newJWTAuthenticators(c)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
|
|
||||||
return newWebhookAuthenticators(c)
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
|
|
||||||
func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
|
|
||||||
config := *c
|
|
||||||
if err := setConfigDefaults(&config); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
client, err := rest.RESTClientFor(&config)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &AuthenticationV1alpha1Client{client}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
|
|
||||||
// panics if there is an error in the config.
|
|
||||||
func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
|
|
||||||
client, err := NewForConfig(c)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
return client
|
|
||||||
}
|
|
||||||
|
|
||||||
// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
|
|
||||||
func New(c rest.Interface) *AuthenticationV1alpha1Client {
|
|
||||||
return &AuthenticationV1alpha1Client{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
func setConfigDefaults(config *rest.Config) error {
|
|
||||||
gv := v1alpha1.SchemeGroupVersion
|
|
||||||
config.GroupVersion = &gv
|
|
||||||
config.APIPath = "/apis"
|
|
||||||
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
|
|
||||||
|
|
||||||
if config.UserAgent == "" {
|
|
||||||
config.UserAgent = rest.DefaultKubernetesUserAgent()
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// RESTClient returns a RESTClient that is used to communicate
|
|
||||||
// with API server by this client implementation.
|
|
||||||
func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
|
|
||||||
if c == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return c.restClient
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// This package has the automatically generated typed clients.
|
|
||||||
package v1alpha1
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// Package fake has the automatically generated clients.
|
|
||||||
package fake
|
|
@ -1,31 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
type FakeAuthenticationV1alpha1 struct {
|
|
||||||
*testing.Fake
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
|
|
||||||
return &FakeJWTAuthenticators{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
|
|
||||||
return &FakeWebhookAuthenticators{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
// RESTClient returns a RESTClient that is used to communicate
|
|
||||||
// with API server by this client implementation.
|
|
||||||
func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
|
|
||||||
var ret *rest.RESTClient
|
|
||||||
return ret
|
|
||||||
}
|
|
@ -1,118 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
labels "k8s.io/apimachinery/pkg/labels"
|
|
||||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
|
||||||
watch "k8s.io/apimachinery/pkg/watch"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
// FakeJWTAuthenticators implements JWTAuthenticatorInterface
|
|
||||||
type FakeJWTAuthenticators struct {
|
|
||||||
Fake *FakeAuthenticationV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
|
|
||||||
|
|
||||||
var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "JWTAuthenticator"}
|
|
||||||
|
|
||||||
// Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
|
|
||||||
func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.JWTAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
|
|
||||||
func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
label, _, _ := testing.ExtractFromListOptions(opts)
|
|
||||||
if label == nil {
|
|
||||||
label = labels.Everything()
|
|
||||||
}
|
|
||||||
list := &v1alpha1.JWTAuthenticatorList{ListMeta: obj.(*v1alpha1.JWTAuthenticatorList).ListMeta}
|
|
||||||
for _, item := range obj.(*v1alpha1.JWTAuthenticatorList).Items {
|
|
||||||
if label.Matches(labels.Set(item.Labels)) {
|
|
||||||
list.Items = append(list.Items, item)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return list, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Watch returns a watch.Interface that watches the requested jWTAuthenticators.
|
|
||||||
func (c *FakeJWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
|
||||||
return c.Fake.
|
|
||||||
InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create takes the representation of a jWTAuthenticator and creates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
|
|
||||||
func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.JWTAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
|
|
||||||
func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.JWTAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateStatus was generated because the type contains a Status member.
|
|
||||||
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
|
||||||
func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.JWTAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
|
|
||||||
func (c *FakeJWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
|
|
||||||
_, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteCollection deletes a collection of objects.
|
|
||||||
func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
|
||||||
action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOptions)
|
|
||||||
|
|
||||||
_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Patch applies the patch and returns the patched jWTAuthenticator.
|
|
||||||
func (c *FakeJWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.JWTAuthenticator), err
|
|
||||||
}
|
|
@ -1,118 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
labels "k8s.io/apimachinery/pkg/labels"
|
|
||||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
|
||||||
watch "k8s.io/apimachinery/pkg/watch"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
// FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
|
|
||||||
type FakeWebhookAuthenticators struct {
|
|
||||||
Fake *FakeAuthenticationV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
|
|
||||||
|
|
||||||
var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookAuthenticator"}
|
|
||||||
|
|
||||||
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
|
|
||||||
func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.WebhookAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
|
|
||||||
func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
label, _, _ := testing.ExtractFromListOptions(opts)
|
|
||||||
if label == nil {
|
|
||||||
label = labels.Everything()
|
|
||||||
}
|
|
||||||
list := &v1alpha1.WebhookAuthenticatorList{ListMeta: obj.(*v1alpha1.WebhookAuthenticatorList).ListMeta}
|
|
||||||
for _, item := range obj.(*v1alpha1.WebhookAuthenticatorList).Items {
|
|
||||||
if label.Matches(labels.Set(item.Labels)) {
|
|
||||||
list.Items = append(list.Items, item)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return list, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
|
|
||||||
func (c *FakeWebhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
|
||||||
return c.Fake.
|
|
||||||
InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
|
|
||||||
func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.WebhookAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
|
|
||||||
func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.WebhookAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateStatus was generated because the type contains a Status member.
|
|
||||||
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
|
||||||
func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.WebhookAuthenticator), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
|
|
||||||
func (c *FakeWebhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
|
|
||||||
_, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteCollection deletes a collection of objects.
|
|
||||||
func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
|
||||||
action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOptions)
|
|
||||||
|
|
||||||
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Patch applies the patch and returns the patched webhookAuthenticator.
|
|
||||||
func (c *FakeWebhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.WebhookAuthenticator), err
|
|
||||||
}
|
|
@ -1,10 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
type JWTAuthenticatorExpansion interface{}
|
|
||||||
|
|
||||||
type WebhookAuthenticatorExpansion interface{}
|
|
@ -1,167 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
"time"
|
|
||||||
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
|
||||||
watch "k8s.io/apimachinery/pkg/watch"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
)
|
|
||||||
|
|
||||||
// JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
|
|
||||||
// A group's client should implement this interface.
|
|
||||||
type JWTAuthenticatorsGetter interface {
|
|
||||||
JWTAuthenticators() JWTAuthenticatorInterface
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
|
|
||||||
type JWTAuthenticatorInterface interface {
|
|
||||||
Create(*v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error)
|
|
||||||
Update(*v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error)
|
|
||||||
UpdateStatus(*v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error)
|
|
||||||
Delete(name string, options *v1.DeleteOptions) error
|
|
||||||
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
|
|
||||||
Get(name string, options v1.GetOptions) (*v1alpha1.JWTAuthenticator, error)
|
|
||||||
List(opts v1.ListOptions) (*v1alpha1.JWTAuthenticatorList, error)
|
|
||||||
Watch(opts v1.ListOptions) (watch.Interface, error)
|
|
||||||
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error)
|
|
||||||
JWTAuthenticatorExpansion
|
|
||||||
}
|
|
||||||
|
|
||||||
// jWTAuthenticators implements JWTAuthenticatorInterface
|
|
||||||
type jWTAuthenticators struct {
|
|
||||||
client rest.Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
// newJWTAuthenticators returns a JWTAuthenticators
|
|
||||||
func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
|
|
||||||
return &jWTAuthenticators{
|
|
||||||
client: c.RESTClient(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
|
|
||||||
func (c *jWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.JWTAuthenticator{}
|
|
||||||
err = c.client.Get().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
Name(name).
|
|
||||||
VersionedParams(&options, scheme.ParameterCodec).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
|
|
||||||
func (c *jWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
|
|
||||||
var timeout time.Duration
|
|
||||||
if opts.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
result = &v1alpha1.JWTAuthenticatorList{}
|
|
||||||
err = c.client.Get().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
VersionedParams(&opts, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Watch returns a watch.Interface that watches the requested jWTAuthenticators.
|
|
||||||
func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
|
||||||
var timeout time.Duration
|
|
||||||
if opts.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
opts.Watch = true
|
|
||||||
return c.client.Get().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
VersionedParams(&opts, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Watch()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create takes the representation of a jWTAuthenticator and creates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
|
|
||||||
func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.JWTAuthenticator{}
|
|
||||||
err = c.client.Post().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
Body(jWTAuthenticator).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
|
|
||||||
func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.JWTAuthenticator{}
|
|
||||||
err = c.client.Put().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
Name(jWTAuthenticator.Name).
|
|
||||||
Body(jWTAuthenticator).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateStatus was generated because the type contains a Status member.
|
|
||||||
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
|
||||||
|
|
||||||
func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.JWTAuthenticator{}
|
|
||||||
err = c.client.Put().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
Name(jWTAuthenticator.Name).
|
|
||||||
SubResource("status").
|
|
||||||
Body(jWTAuthenticator).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
|
|
||||||
func (c *jWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
|
|
||||||
return c.client.Delete().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
Name(name).
|
|
||||||
Body(options).
|
|
||||||
Do().
|
|
||||||
Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteCollection deletes a collection of objects.
|
|
||||||
func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
|
||||||
var timeout time.Duration
|
|
||||||
if listOptions.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
return c.client.Delete().
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
VersionedParams(&listOptions, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Body(options).
|
|
||||||
Do().
|
|
||||||
Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Patch applies the patch and returns the patched jWTAuthenticator.
|
|
||||||
func (c *jWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.JWTAuthenticator{}
|
|
||||||
err = c.client.Patch(pt).
|
|
||||||
Resource("jwtauthenticators").
|
|
||||||
SubResource(subresources...).
|
|
||||||
Name(name).
|
|
||||||
Body(data).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
@ -1,167 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
"time"
|
|
||||||
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
|
|
||||||
scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
|
||||||
watch "k8s.io/apimachinery/pkg/watch"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
)
|
|
||||||
|
|
||||||
// WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
|
|
||||||
// A group's client should implement this interface.
|
|
||||||
type WebhookAuthenticatorsGetter interface {
|
|
||||||
WebhookAuthenticators() WebhookAuthenticatorInterface
|
|
||||||
}
|
|
||||||
|
|
||||||
// WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
|
|
||||||
type WebhookAuthenticatorInterface interface {
|
|
||||||
Create(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
|
|
||||||
Update(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
|
|
||||||
UpdateStatus(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
|
|
||||||
Delete(name string, options *v1.DeleteOptions) error
|
|
||||||
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
|
|
||||||
Get(name string, options v1.GetOptions) (*v1alpha1.WebhookAuthenticator, error)
|
|
||||||
List(opts v1.ListOptions) (*v1alpha1.WebhookAuthenticatorList, error)
|
|
||||||
Watch(opts v1.ListOptions) (watch.Interface, error)
|
|
||||||
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error)
|
|
||||||
WebhookAuthenticatorExpansion
|
|
||||||
}
|
|
||||||
|
|
||||||
// webhookAuthenticators implements WebhookAuthenticatorInterface
|
|
||||||
type webhookAuthenticators struct {
|
|
||||||
client rest.Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
// newWebhookAuthenticators returns a WebhookAuthenticators
|
|
||||||
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
|
|
||||||
return &webhookAuthenticators{
|
|
||||||
client: c.RESTClient(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
|
|
||||||
func (c *webhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.WebhookAuthenticator{}
|
|
||||||
err = c.client.Get().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
Name(name).
|
|
||||||
VersionedParams(&options, scheme.ParameterCodec).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
|
|
||||||
func (c *webhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
|
|
||||||
var timeout time.Duration
|
|
||||||
if opts.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
result = &v1alpha1.WebhookAuthenticatorList{}
|
|
||||||
err = c.client.Get().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
VersionedParams(&opts, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
|
|
||||||
func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
|
||||||
var timeout time.Duration
|
|
||||||
if opts.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
opts.Watch = true
|
|
||||||
return c.client.Get().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
VersionedParams(&opts, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Watch()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
|
|
||||||
func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.WebhookAuthenticator{}
|
|
||||||
err = c.client.Post().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
Body(webhookAuthenticator).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
|
|
||||||
func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.WebhookAuthenticator{}
|
|
||||||
err = c.client.Put().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
Name(webhookAuthenticator.Name).
|
|
||||||
Body(webhookAuthenticator).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateStatus was generated because the type contains a Status member.
|
|
||||||
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
|
||||||
|
|
||||||
func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.WebhookAuthenticator{}
|
|
||||||
err = c.client.Put().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
Name(webhookAuthenticator.Name).
|
|
||||||
SubResource("status").
|
|
||||||
Body(webhookAuthenticator).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
|
|
||||||
func (c *webhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
|
|
||||||
return c.client.Delete().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
Name(name).
|
|
||||||
Body(options).
|
|
||||||
Do().
|
|
||||||
Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteCollection deletes a collection of objects.
|
|
||||||
func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
|
||||||
var timeout time.Duration
|
|
||||||
if listOptions.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
return c.client.Delete().
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
VersionedParams(&listOptions, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Body(options).
|
|
||||||
Do().
|
|
||||||
Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Patch applies the patch and returns the patched webhookAuthenticator.
|
|
||||||
func (c *webhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
|
|
||||||
result = &v1alpha1.WebhookAuthenticator{}
|
|
||||||
err = c.client.Patch(pt).
|
|
||||||
Resource("webhookauthenticators").
|
|
||||||
SubResource(subresources...).
|
|
||||||
Name(name).
|
|
||||||
Body(data).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
@ -1,76 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
|
|
||||||
"go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
)
|
|
||||||
|
|
||||||
type ConfigV1alpha1Interface interface {
|
|
||||||
RESTClient() rest.Interface
|
|
||||||
CredentialIssuersGetter
|
|
||||||
}
|
|
||||||
|
|
||||||
// ConfigV1alpha1Client is used to interact with features provided by the config.concierge.pinniped.dev group.
|
|
||||||
type ConfigV1alpha1Client struct {
|
|
||||||
restClient rest.Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
|
|
||||||
return newCredentialIssuers(c)
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfig creates a new ConfigV1alpha1Client for the given config.
|
|
||||||
func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
|
|
||||||
config := *c
|
|
||||||
if err := setConfigDefaults(&config); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
client, err := rest.RESTClientFor(&config)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &ConfigV1alpha1Client{client}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfigOrDie creates a new ConfigV1alpha1Client for the given config and
|
|
||||||
// panics if there is an error in the config.
|
|
||||||
func NewForConfigOrDie(c *rest.Config) *ConfigV1alpha1Client {
|
|
||||||
client, err := NewForConfig(c)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
return client
|
|
||||||
}
|
|
||||||
|
|
||||||
// New creates a new ConfigV1alpha1Client for the given RESTClient.
|
|
||||||
func New(c rest.Interface) *ConfigV1alpha1Client {
|
|
||||||
return &ConfigV1alpha1Client{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
func setConfigDefaults(config *rest.Config) error {
|
|
||||||
gv := v1alpha1.SchemeGroupVersion
|
|
||||||
config.GroupVersion = &gv
|
|
||||||
config.APIPath = "/apis"
|
|
||||||
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
|
|
||||||
|
|
||||||
if config.UserAgent == "" {
|
|
||||||
config.UserAgent = rest.DefaultKubernetesUserAgent()
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// RESTClient returns a RESTClient that is used to communicate
|
|
||||||
// with API server by this client implementation.
|
|
||||||
func (c *ConfigV1alpha1Client) RESTClient() rest.Interface {
|
|
||||||
if c == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return c.restClient
|
|
||||||
}
|
|
@ -1,167 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
"time"
|
|
||||||
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
|
|
||||||
scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
|
||||||
watch "k8s.io/apimachinery/pkg/watch"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
)
|
|
||||||
|
|
||||||
// CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
|
|
||||||
// A group's client should implement this interface.
|
|
||||||
type CredentialIssuersGetter interface {
|
|
||||||
CredentialIssuers() CredentialIssuerInterface
|
|
||||||
}
|
|
||||||
|
|
||||||
// CredentialIssuerInterface has methods to work with CredentialIssuer resources.
|
|
||||||
type CredentialIssuerInterface interface {
|
|
||||||
Create(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error)
|
|
||||||
Update(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error)
|
|
||||||
UpdateStatus(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error)
|
|
||||||
Delete(name string, options *v1.DeleteOptions) error
|
|
||||||
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
|
|
||||||
Get(name string, options v1.GetOptions) (*v1alpha1.CredentialIssuer, error)
|
|
||||||
List(opts v1.ListOptions) (*v1alpha1.CredentialIssuerList, error)
|
|
||||||
Watch(opts v1.ListOptions) (watch.Interface, error)
|
|
||||||
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error)
|
|
||||||
CredentialIssuerExpansion
|
|
||||||
}
|
|
||||||
|
|
||||||
// credentialIssuers implements CredentialIssuerInterface
|
|
||||||
type credentialIssuers struct {
|
|
||||||
client rest.Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
// newCredentialIssuers returns a CredentialIssuers
|
|
||||||
func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
|
|
||||||
return &credentialIssuers{
|
|
||||||
client: c.RESTClient(),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
|
|
||||||
func (c *credentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
result = &v1alpha1.CredentialIssuer{}
|
|
||||||
err = c.client.Get().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
Name(name).
|
|
||||||
VersionedParams(&options, scheme.ParameterCodec).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
|
|
||||||
func (c *credentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
|
|
||||||
var timeout time.Duration
|
|
||||||
if opts.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
result = &v1alpha1.CredentialIssuerList{}
|
|
||||||
err = c.client.Get().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
VersionedParams(&opts, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Watch returns a watch.Interface that watches the requested credentialIssuers.
|
|
||||||
func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
|
||||||
var timeout time.Duration
|
|
||||||
if opts.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
opts.Watch = true
|
|
||||||
return c.client.Get().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
VersionedParams(&opts, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Watch()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
|
|
||||||
func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
result = &v1alpha1.CredentialIssuer{}
|
|
||||||
err = c.client.Post().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
Body(credentialIssuer).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
|
|
||||||
func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
result = &v1alpha1.CredentialIssuer{}
|
|
||||||
err = c.client.Put().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
Name(credentialIssuer.Name).
|
|
||||||
Body(credentialIssuer).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateStatus was generated because the type contains a Status member.
|
|
||||||
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
|
||||||
|
|
||||||
func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
result = &v1alpha1.CredentialIssuer{}
|
|
||||||
err = c.client.Put().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
Name(credentialIssuer.Name).
|
|
||||||
SubResource("status").
|
|
||||||
Body(credentialIssuer).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
|
|
||||||
func (c *credentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
|
|
||||||
return c.client.Delete().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
Name(name).
|
|
||||||
Body(options).
|
|
||||||
Do().
|
|
||||||
Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteCollection deletes a collection of objects.
|
|
||||||
func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
|
||||||
var timeout time.Duration
|
|
||||||
if listOptions.TimeoutSeconds != nil {
|
|
||||||
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
|
|
||||||
}
|
|
||||||
return c.client.Delete().
|
|
||||||
Resource("credentialissuers").
|
|
||||||
VersionedParams(&listOptions, scheme.ParameterCodec).
|
|
||||||
Timeout(timeout).
|
|
||||||
Body(options).
|
|
||||||
Do().
|
|
||||||
Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
// Patch applies the patch and returns the patched credentialIssuer.
|
|
||||||
func (c *credentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
result = &v1alpha1.CredentialIssuer{}
|
|
||||||
err = c.client.Patch(pt).
|
|
||||||
Resource("credentialissuers").
|
|
||||||
SubResource(subresources...).
|
|
||||||
Name(name).
|
|
||||||
Body(data).
|
|
||||||
Do().
|
|
||||||
Into(result)
|
|
||||||
return
|
|
||||||
}
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// This package has the automatically generated typed clients.
|
|
||||||
package v1alpha1
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// Package fake has the automatically generated clients.
|
|
||||||
package fake
|
|
@ -1,27 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
type FakeConfigV1alpha1 struct {
|
|
||||||
*testing.Fake
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
|
|
||||||
return &FakeCredentialIssuers{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
// RESTClient returns a RESTClient that is used to communicate
|
|
||||||
// with API server by this client implementation.
|
|
||||||
func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {
|
|
||||||
var ret *rest.RESTClient
|
|
||||||
return ret
|
|
||||||
}
|
|
@ -1,118 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
|
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
||||||
labels "k8s.io/apimachinery/pkg/labels"
|
|
||||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
types "k8s.io/apimachinery/pkg/types"
|
|
||||||
watch "k8s.io/apimachinery/pkg/watch"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
// FakeCredentialIssuers implements CredentialIssuerInterface
|
|
||||||
type FakeCredentialIssuers struct {
|
|
||||||
Fake *FakeConfigV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
|
|
||||||
|
|
||||||
var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuer"}
|
|
||||||
|
|
||||||
// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
|
|
||||||
func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.CredentialIssuer), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
|
|
||||||
func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
label, _, _ := testing.ExtractFromListOptions(opts)
|
|
||||||
if label == nil {
|
|
||||||
label = labels.Everything()
|
|
||||||
}
|
|
||||||
list := &v1alpha1.CredentialIssuerList{ListMeta: obj.(*v1alpha1.CredentialIssuerList).ListMeta}
|
|
||||||
for _, item := range obj.(*v1alpha1.CredentialIssuerList).Items {
|
|
||||||
if label.Matches(labels.Set(item.Labels)) {
|
|
||||||
list.Items = append(list.Items, item)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return list, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Watch returns a watch.Interface that watches the requested credentialIssuers.
|
|
||||||
func (c *FakeCredentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
|
|
||||||
return c.Fake.
|
|
||||||
InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
|
|
||||||
func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.CredentialIssuer), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
|
|
||||||
func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.CredentialIssuer), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// UpdateStatus was generated because the type contains a Status member.
|
|
||||||
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
|
||||||
func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.CredentialIssuer), err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
|
|
||||||
func (c *FakeCredentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
|
|
||||||
_, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeleteCollection deletes a collection of objects.
|
|
||||||
func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
|
|
||||||
action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOptions)
|
|
||||||
|
|
||||||
_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Patch applies the patch and returns the patched credentialIssuer.
|
|
||||||
func (c *FakeCredentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.CredentialIssuer), err
|
|
||||||
}
|
|
@ -1,8 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
type CredentialIssuerExpansion interface{}
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// This package has the automatically generated typed clients.
|
|
||||||
package v1alpha1
|
|
@ -1,7 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
// Package fake has the automatically generated clients.
|
|
||||||
package fake
|
|
@ -1,27 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
type FakeIdentityV1alpha1 struct {
|
|
||||||
*testing.Fake
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface {
|
|
||||||
return &FakeWhoAmIRequests{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
// RESTClient returns a RESTClient that is used to communicate
|
|
||||||
// with API server by this client implementation.
|
|
||||||
func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface {
|
|
||||||
var ret *rest.RESTClient
|
|
||||||
return ret
|
|
||||||
}
|
|
@ -1,31 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package fake
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
|
|
||||||
schema "k8s.io/apimachinery/pkg/runtime/schema"
|
|
||||||
testing "k8s.io/client-go/testing"
|
|
||||||
)
|
|
||||||
|
|
||||||
// FakeWhoAmIRequests implements WhoAmIRequestInterface
|
|
||||||
type FakeWhoAmIRequests struct {
|
|
||||||
Fake *FakeIdentityV1alpha1
|
|
||||||
}
|
|
||||||
|
|
||||||
var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"}
|
|
||||||
|
|
||||||
var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"}
|
|
||||||
|
|
||||||
// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any.
|
|
||||||
func (c *FakeWhoAmIRequests) Create(whoAmIRequest *v1alpha1.WhoAmIRequest) (result *v1alpha1.WhoAmIRequest, err error) {
|
|
||||||
obj, err := c.Fake.
|
|
||||||
Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{})
|
|
||||||
if obj == nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return obj.(*v1alpha1.WhoAmIRequest), err
|
|
||||||
}
|
|
@ -1,8 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
type WhoAmIRequestExpansion interface{}
|
|
@ -1,76 +0,0 @@
|
|||||||
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
// Code generated by client-gen. DO NOT EDIT.
|
|
||||||
|
|
||||||
package v1alpha1
|
|
||||||
|
|
||||||
import (
|
|
||||||
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
|
|
||||||
"go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
|
|
||||||
rest "k8s.io/client-go/rest"
|
|
||||||
)
|
|
||||||
|
|
||||||
type IdentityV1alpha1Interface interface {
|
|
||||||
RESTClient() rest.Interface
|
|
||||||
WhoAmIRequestsGetter
|
|
||||||
}
|
|
||||||
|
|
||||||
// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group.
|
|
||||||
type IdentityV1alpha1Client struct {
|
|
||||||
restClient rest.Interface
|
|
||||||
}
|
|
||||||
|
|
||||||
func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface {
|
|
||||||
return newWhoAmIRequests(c)
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfig creates a new IdentityV1alpha1Client for the given config.
|
|
||||||
func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) {
|
|
||||||
config := *c
|
|
||||||
if err := setConfigDefaults(&config); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
client, err := rest.RESTClientFor(&config)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return &IdentityV1alpha1Client{client}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and
|
|
||||||
// panics if there is an error in the config.
|
|
||||||
func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client {
|
|
||||||
client, err := NewForConfig(c)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
return client
|
|
||||||
}
|
|
||||||
|
|
||||||
// New creates a new IdentityV1alpha1Client for the given RESTClient.
|
|
||||||
func New(c rest.Interface) *IdentityV1alpha1Client {
|
|
||||||
return &IdentityV1alpha1Client{c}
|
|
||||||
}
|
|
||||||
|
|
||||||
func setConfigDefaults(config *rest.Config) error {
|
|
||||||
gv := v1alpha1.SchemeGroupVersion
|
|
||||||
config.GroupVersion = &gv
|
|
||||||
config.APIPath = "/apis"
|
|
||||||
config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
|
|
||||||
|
|
||||||
if config.UserAgent == "" {
|
|
||||||
config.UserAgent = rest.DefaultKubernetesUserAgent()
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// RESTClient returns a RESTClient that is used to communicate
|
|
||||||
// with API server by this client implementation.
|
|
||||||
func (c *IdentityV1alpha1Client) RESTClient() rest.Interface {
|
|
||||||
if c == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return c.restClient
|
|
||||||
}
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user