Merge pull request #174 from mattmoyer/rename-webhook-idp

Rename webhook configuration CRD "WebhookAuthenticator" in group "authentication.concierge.pinniped.dev".
This commit is contained in:
Matt Moyer 2020-10-30 15:50:39 -05:00 committed by GitHub
commit ad95bb44b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
175 changed files with 3549 additions and 3566 deletions

View File

@ -0,0 +1,8 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=authentication.concierge.pinniped.dev
// Package authentication is the internal version of the Pinniped concierge authentication API.
package authentication

View File

@ -0,0 +1,11 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/concierge/authentication
// +k8s:defaulter-gen=TypeMeta
// +groupName=authentication.concierge.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
package v1alpha1

View File

@ -9,7 +9,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "idp.pinniped.dev"
const GroupName = "authentication.concierge.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
@ -30,8 +30,8 @@ func init() {
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&WebhookIdentityProvider{},
&WebhookIdentityProviderList{},
&WebhookAuthenticator{},
&WebhookAuthenticatorList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil

View File

@ -3,7 +3,7 @@
package v1alpha1
// Configuration for configuring TLS on various identity providers.
// Configuration for configuring TLS on various authenticators.
type TLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
// +optional

View File

@ -5,9 +5,9 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Status of a webhook identity provider.
type WebhookIdentityProviderStatus struct {
// Represents the observations of an identity provider's current state.
// Status of a webhook authenticator.
type WebhookAuthenticatorStatus struct {
// Represents the observations of the authenticator's current state.
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
@ -15,8 +15,8 @@ type WebhookIdentityProviderStatus struct {
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}
// Spec for configuring a webhook identity provider.
type WebhookIdentityProviderSpec struct {
// Spec for configuring a webhook authenticator.
type WebhookAuthenticatorSpec struct {
// Webhook server endpoint URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://`
@ -27,27 +27,27 @@ type WebhookIdentityProviderSpec struct {
TLS *TLSSpec `json:"tls,omitempty"`
}
// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
// WebhookAuthenticator describes the configuration of a webhook authenticator.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps
// +kubebuilder:resource:categories=all;authenticator;authenticators
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
type WebhookIdentityProvider struct {
type WebhookAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec for configuring the identity provider.
Spec WebhookIdentityProviderSpec `json:"spec"`
// Spec for configuring the authenticator.
Spec WebhookAuthenticatorSpec `json:"spec"`
// Status of the identity provider.
Status WebhookIdentityProviderStatus `json:"status,omitempty"`
// Status of the authenticator.
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
}
// List of WebhookIdentityProvider objects.
// List of WebhookAuthenticator objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type WebhookIdentityProviderList struct {
type WebhookAuthenticatorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WebhookIdentityProvider `json:"items"`
Items []WebhookAuthenticator `json:"items"`
}

View File

@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
// Bearer token supplied with the credential request.
Token string
// Reference to an identity provider which can fulfill this credential request.
IdentityProvider corev1.TypedLocalObjectReference
// Reference to an authenticator which can validate this credential request.
Authenticator corev1.TypedLocalObjectReference
}
type TokenCredentialRequestStatus struct {

View File

@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
// Bearer token supplied with the credential request.
Token string `json:"token,omitempty"`
// Reference to an identity provider which can fulfill this credential request.
IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
// Reference to an authenticator which can validate this credential request.
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
}
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

View File

@ -1,8 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=idp.pinniped.dev
// Package idp is the internal version of the Pinniped identity provider API.
package idp

View File

@ -1,12 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/idp
// +k8s:defaulter-gen=TypeMeta
// +groupName=idp.pinniped.dev
// +groupGoName=IDP
// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
package v1alpha1

View File

@ -16,7 +16,7 @@ import (
corev1 "k8s.io/api/core/v1"
clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1"
auth1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1"
"go.pinniped.dev/internal/client"
"go.pinniped.dev/internal/constable"
"go.pinniped.dev/internal/here"
@ -60,11 +60,11 @@ func newExchangeCredentialCmd(args []string, stdout, stderr io.Writer) *exchange
Requires all of the following environment variables, which are
typically set in the kubeconfig:
- PINNIPED_TOKEN: the token to send to Pinniped for exchange
- PINNIPED_NAMESPACE: the namespace of the identity provider to authenticate
- PINNIPED_NAMESPACE: the namespace of the authenticator to authenticate
against
- PINNIPED_IDP_TYPE: the type of identity provider to authenticate
- PINNIPED_AUTHENTICATOR_TYPE: the type of authenticator to authenticate
against (e.g., "webhook")
- PINNIPED_IDP_NAME: the name of the identity provider to authenticate
- PINNIPED_AUTHENTICATOR_NAME: the name of the authenticator to authenticate
against
- PINNIPED_CA_BUNDLE: the CA bundle to trust when calling
Pinniped's HTTPS endpoint
@ -87,7 +87,7 @@ type envGetter func(string) (string, bool)
type tokenExchanger func(
ctx context.Context,
namespace string,
idp corev1.TypedLocalObjectReference,
authenticator corev1.TypedLocalObjectReference,
token string,
caBundle string,
apiEndpoint string,
@ -95,7 +95,7 @@ type tokenExchanger func(
const (
ErrMissingEnvVar = constable.Error("failed to get credential: environment variable not set")
ErrInvalidIDPType = constable.Error("invalid IDP type")
ErrInvalidAuthenticatorType = constable.Error("invalid authenticator type")
)
func runExchangeCredential(stdout, _ io.Writer) {
@ -115,14 +115,14 @@ func exchangeCredential(envGetter envGetter, tokenExchanger tokenExchanger, outp
return envVarNotSetError("PINNIPED_NAMESPACE")
}
idpType, varExists := envGetter("PINNIPED_IDP_TYPE")
authenticatorType, varExists := envGetter("PINNIPED_AUTHENTICATOR_TYPE")
if !varExists {
return envVarNotSetError("PINNIPED_IDP_TYPE")
return envVarNotSetError("PINNIPED_AUTHENTICATOR_TYPE")
}
idpName, varExists := envGetter("PINNIPED_IDP_NAME")
authenticatorName, varExists := envGetter("PINNIPED_AUTHENTICATOR_NAME")
if !varExists {
return envVarNotSetError("PINNIPED_IDP_NAME")
return envVarNotSetError("PINNIPED_AUTHENTICATOR_NAME")
}
token, varExists := envGetter("PINNIPED_TOKEN")
@ -140,16 +140,16 @@ func exchangeCredential(envGetter envGetter, tokenExchanger tokenExchanger, outp
return envVarNotSetError("PINNIPED_K8S_API_ENDPOINT")
}
idp := corev1.TypedLocalObjectReference{Name: idpName}
switch strings.ToLower(idpType) {
authenticator := corev1.TypedLocalObjectReference{Name: authenticatorName}
switch strings.ToLower(authenticatorType) {
case "webhook":
idp.APIGroup = &idpv1alpha1.SchemeGroupVersion.Group
idp.Kind = "WebhookIdentityProvider"
authenticator.APIGroup = &auth1alpha1.SchemeGroupVersion.Group
authenticator.Kind = "WebhookAuthenticator"
default:
return fmt.Errorf(`%w: %q, supported values are "webhook"`, ErrInvalidIDPType, idpType)
return fmt.Errorf(`%w: %q, supported values are "webhook"`, ErrInvalidAuthenticatorType, authenticatorType)
}
cred, err := tokenExchanger(ctx, namespace, idp, token, caBundle, apiEndpoint)
cred, err := tokenExchanger(ctx, namespace, authenticator, token, caBundle, apiEndpoint)
if err != nil {
return fmt.Errorf("failed to get credential: %w", err)
}

View File

@ -43,11 +43,11 @@ var (
Requires all of the following environment variables, which are
typically set in the kubeconfig:
- PINNIPED_TOKEN: the token to send to Pinniped for exchange
- PINNIPED_NAMESPACE: the namespace of the identity provider to authenticate
- PINNIPED_NAMESPACE: the namespace of the authenticator to authenticate
against
- PINNIPED_IDP_TYPE: the type of identity provider to authenticate
- PINNIPED_AUTHENTICATOR_TYPE: the type of authenticator to authenticate
against (e.g., "webhook")
- PINNIPED_IDP_NAME: the name of the identity provider to authenticate
- PINNIPED_AUTHENTICATOR_NAME: the name of the authenticator to authenticate
against
- PINNIPED_CA_BUNDLE: the CA bundle to trust when calling
Pinniped's HTTPS endpoint
@ -143,8 +143,8 @@ func TestExchangeCredential(t *testing.T) {
buffer = new(bytes.Buffer)
fakeEnv = map[string]string{
"PINNIPED_NAMESPACE": "namespace from env",
"PINNIPED_IDP_TYPE": "Webhook",
"PINNIPED_IDP_NAME": "webhook name from env",
"PINNIPED_AUTHENTICATOR_TYPE": "Webhook",
"PINNIPED_AUTHENTICATOR_NAME": "webhook name from env",
"PINNIPED_TOKEN": "token from env",
"PINNIPED_CA_BUNDLE": "ca bundle from env",
"PINNIPED_K8S_API_ENDPOINT": "k8s api from env",
@ -158,16 +158,16 @@ func TestExchangeCredential(t *testing.T) {
r.EqualError(err, "failed to get credential: environment variable not set: PINNIPED_NAMESPACE")
})
it("returns an error when PINNIPED_IDP_TYPE is missing", func() {
delete(fakeEnv, "PINNIPED_IDP_TYPE")
it("returns an error when PINNIPED_AUTHENTICATOR_TYPE is missing", func() {
delete(fakeEnv, "PINNIPED_AUTHENTICATOR_TYPE")
err := exchangeCredential(envGetter, tokenExchanger, buffer, 30*time.Second)
r.EqualError(err, "failed to get credential: environment variable not set: PINNIPED_IDP_TYPE")
r.EqualError(err, "failed to get credential: environment variable not set: PINNIPED_AUTHENTICATOR_TYPE")
})
it("returns an error when PINNIPED_IDP_NAME is missing", func() {
delete(fakeEnv, "PINNIPED_IDP_NAME")
it("returns an error when PINNIPED_AUTHENTICATOR_NAME is missing", func() {
delete(fakeEnv, "PINNIPED_AUTHENTICATOR_NAME")
err := exchangeCredential(envGetter, tokenExchanger, buffer, 30*time.Second)
r.EqualError(err, "failed to get credential: environment variable not set: PINNIPED_IDP_NAME")
r.EqualError(err, "failed to get credential: environment variable not set: PINNIPED_AUTHENTICATOR_NAME")
})
it("returns an error when PINNIPED_TOKEN is missing", func() {
@ -190,16 +190,16 @@ func TestExchangeCredential(t *testing.T) {
})
when("env vars are invalid", func() {
it("returns an error when PINNIPED_IDP_TYPE is missing", func() {
fakeEnv["PINNIPED_IDP_TYPE"] = "invalid"
it("returns an error when PINNIPED_AUTHENTICATOR_TYPE is missing", func() {
fakeEnv["PINNIPED_AUTHENTICATOR_TYPE"] = "invalid"
err := exchangeCredential(envGetter, tokenExchanger, buffer, 30*time.Second)
r.EqualError(err, `invalid IDP type: "invalid", supported values are "webhook"`)
r.EqualError(err, `invalid authenticator type: "invalid", supported values are "webhook"`)
})
})
when("the token exchange fails", func() {
it.Before(func() {
tokenExchanger = func(ctx context.Context, namespace string, idp corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
tokenExchanger = func(ctx context.Context, namespace string, authenticator corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
return nil, fmt.Errorf("some error")
}
})
@ -212,7 +212,7 @@ func TestExchangeCredential(t *testing.T) {
when("the JSON encoder fails", func() {
it.Before(func() {
tokenExchanger = func(ctx context.Context, namespace string, idp corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
tokenExchanger = func(ctx context.Context, namespace string, authenticator corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
return &clientauthenticationv1beta1.ExecCredential{
Status: &clientauthenticationv1beta1.ExecCredentialStatus{
Token: "some token",
@ -229,7 +229,7 @@ func TestExchangeCredential(t *testing.T) {
when("the token exchange times out", func() {
it.Before(func() {
tokenExchanger = func(ctx context.Context, namespace string, idp corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
tokenExchanger = func(ctx context.Context, namespace string, authenticator corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
select {
case <-time.After(100 * time.Millisecond):
return &clientauthenticationv1beta1.ExecCredential{
@ -253,7 +253,7 @@ func TestExchangeCredential(t *testing.T) {
var actualNamespace, actualToken, actualCaBundle, actualAPIEndpoint string
it.Before(func() {
tokenExchanger = func(ctx context.Context, namespace string, idp corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
tokenExchanger = func(ctx context.Context, namespace string, authenticator corev1.TypedLocalObjectReference, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) {
actualNamespace, actualToken, actualCaBundle, actualAPIEndpoint = namespace, token, caBundle, apiEndpoint
now := metav1.NewTime(time.Date(2020, 7, 29, 1, 2, 3, 0, time.UTC))
return &clientauthenticationv1beta1.ExecCredential{

View File

@ -37,8 +37,8 @@ type getKubeConfigFlags struct {
kubeconfig string
contextOverride string
namespace string
idpName string
idpType string
authenticatorName string
authenticatorType string
}
type getKubeConfigCommand struct {
@ -88,8 +88,8 @@ func (c *getKubeConfigCommand) Command() *cobra.Command {
cmd.Flags().StringVar(&c.flags.kubeconfig, "kubeconfig", c.flags.kubeconfig, "Path to the kubeconfig file")
cmd.Flags().StringVar(&c.flags.contextOverride, "kubeconfig-context", c.flags.contextOverride, "Kubeconfig context override")
cmd.Flags().StringVar(&c.flags.namespace, "pinniped-namespace", c.flags.namespace, "Namespace in which Pinniped was installed")
cmd.Flags().StringVar(&c.flags.idpType, "idp-type", c.flags.idpType, "Identity provider type (e.g., 'webhook')")
cmd.Flags().StringVar(&c.flags.idpName, "idp-name", c.flags.idpType, "Identity provider name")
cmd.Flags().StringVar(&c.flags.authenticatorType, "authenticator-type", c.flags.authenticatorType, "Authenticator type (e.g., 'webhook')")
cmd.Flags().StringVar(&c.flags.authenticatorName, "authenticator-name", c.flags.authenticatorType, "Authenticator name")
mustMarkRequired(cmd, "token")
return cmd
}
@ -116,9 +116,9 @@ func (c *getKubeConfigCommand) run(cmd *cobra.Command, args []string) error {
return err
}
idpType, idpName := c.flags.idpType, c.flags.idpName
if idpType == "" || idpName == "" {
idpType, idpName, err = getDefaultIDP(clientset, c.flags.namespace)
authenticatorType, authenticatorName := c.flags.authenticatorType, c.flags.authenticatorName
if authenticatorType == "" || authenticatorName == "" {
authenticatorType, authenticatorName, err = getDefaultAuthenticator(clientset, c.flags.namespace)
if err != nil {
return err
}
@ -143,7 +143,7 @@ func (c *getKubeConfigCommand) run(cmd *cobra.Command, args []string) error {
return err
}
config := newPinnipedKubeconfig(v1Cluster, fullPathToSelf, c.flags.token, c.flags.namespace, idpType, idpName)
config := newPinnipedKubeconfig(v1Cluster, fullPathToSelf, c.flags.token, c.flags.namespace, authenticatorType, authenticatorName)
err = writeConfigAsYAML(cmd.OutOrStdout(), config)
if err != nil {
@ -168,43 +168,43 @@ func issueWarningForNonMatchingServerOrCA(v1Cluster v1.Cluster, credentialIssuer
return nil
}
type noIDPError struct{ Namespace string }
type noAuthenticatorError struct{ Namespace string }
func (e noIDPError) Error() string {
return fmt.Sprintf(`no identity providers were found in namespace %q`, e.Namespace)
func (e noAuthenticatorError) Error() string {
return fmt.Sprintf(`no authenticators were found in namespace %q`, e.Namespace)
}
type indeterminateIDPError struct{ Namespace string }
type indeterminateAuthenticatorError struct{ Namespace string }
func (e indeterminateIDPError) Error() string {
func (e indeterminateAuthenticatorError) Error() string {
return fmt.Sprintf(
`multiple identity providers were found in namespace %q, so --pinniped-idp-name/--pinniped-idp-type must be specified`,
`multiple authenticators were found in namespace %q, so --authenticator-name/--authenticator-type must be specified`,
e.Namespace,
)
}
func getDefaultIDP(clientset pinnipedclientset.Interface, namespace string) (string, string, error) {
func getDefaultAuthenticator(clientset pinnipedclientset.Interface, namespace string) (string, string, error) {
ctx, cancelFunc := context.WithTimeout(context.Background(), time.Second*20)
defer cancelFunc()
webhooks, err := clientset.IDPV1alpha1().WebhookIdentityProviders(namespace).List(ctx, metav1.ListOptions{})
webhooks, err := clientset.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(ctx, metav1.ListOptions{})
if err != nil {
return "", "", err
}
type ref struct{ idpType, idpName string }
idps := make([]ref, 0, len(webhooks.Items))
type ref struct{ authenticatorType, authenticatorName string }
authenticators := make([]ref, 0, len(webhooks.Items))
for _, webhook := range webhooks.Items {
idps = append(idps, ref{idpType: "webhook", idpName: webhook.Name})
authenticators = append(authenticators, ref{authenticatorType: "webhook", authenticatorName: webhook.Name})
}
if len(idps) == 0 {
return "", "", noIDPError{namespace}
if len(authenticators) == 0 {
return "", "", noAuthenticatorError{namespace}
}
if len(idps) > 1 {
return "", "", indeterminateIDPError{namespace}
if len(authenticators) > 1 {
return "", "", indeterminateAuthenticatorError{namespace}
}
return idps[0].idpType, idps[0].idpName, nil
return authenticators[0].authenticatorType, authenticators[0].authenticatorName, nil
}
func fetchPinnipedCredentialIssuerConfig(clientset pinnipedclientset.Interface, pinnipedInstallationNamespace string) (*configv1alpha1.CredentialIssuerConfig, error) {
@ -277,7 +277,7 @@ func copyCurrentClusterFromExistingKubeConfig(currentKubeConfig clientcmdapi.Con
return v1Cluster, nil
}
func newPinnipedKubeconfig(v1Cluster v1.Cluster, fullPathToSelf string, token string, namespace string, idpType string, idpName string) v1.Config {
func newPinnipedKubeconfig(v1Cluster v1.Cluster, fullPathToSelf string, token string, namespace string, authenticatorType string, authenticatorName string) v1.Config {
clusterName := "pinniped-cluster"
userName := "pinniped-user"
@ -324,12 +324,12 @@ func newPinnipedKubeconfig(v1Cluster v1.Cluster, fullPathToSelf string, token st
Value: token,
},
{
Name: "PINNIPED_IDP_TYPE",
Value: idpType,
Name: "PINNIPED_AUTHENTICATOR_TYPE",
Value: authenticatorType,
},
{
Name: "PINNIPED_IDP_NAME",
Value: idpName,
Name: "PINNIPED_AUTHENTICATOR_NAME",
Value: authenticatorName,
},
},
APIVersion: clientauthenticationv1beta1.SchemeGroupVersion.String(),

View File

@ -17,8 +17,8 @@ import (
"k8s.io/client-go/rest"
coretesting "k8s.io/client-go/testing"
authv1alpha "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/config/v1alpha1"
idpv1alpha "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1"
pinnipedclientset "go.pinniped.dev/generated/1.19/client/clientset/versioned"
pinnipedfake "go.pinniped.dev/generated/1.19/client/clientset/versioned/fake"
"go.pinniped.dev/internal/here"
@ -30,9 +30,9 @@ var (
get-kubeconfig [flags]
Flags:
--authenticator-name string Authenticator name
--authenticator-type string Authenticator type (e.g., 'webhook')
-h, --help help for get-kubeconfig
--idp-name string Identity provider name
--idp-type string Identity provider type (e.g., 'webhook')
--kubeconfig string Path to the kubeconfig file
--kubeconfig-context string Kubeconfig context override
--pinniped-namespace string Namespace in which Pinniped was installed (default "pinniped")
@ -61,9 +61,9 @@ var (
get-kubeconfig [flags]
Flags:
--authenticator-name string Authenticator name
--authenticator-type string Authenticator type (e.g., 'webhook')
-h, --help help for get-kubeconfig
--idp-name string Identity provider name
--idp-type string Identity provider type (e.g., 'webhook')
--kubeconfig string Path to the kubeconfig file
--kubeconfig-context string Kubeconfig context override
--pinniped-namespace string Namespace in which Pinniped was installed (default "pinniped")
@ -123,8 +123,8 @@ type expectedKubeconfigYAML struct {
pinnipedEndpoint string
pinnipedCABundle string
namespace string
idpType string
idpName string
authenticatorType string
authenticatorName string
}
func (e expectedKubeconfigYAML) String() string {
@ -160,14 +160,14 @@ func (e expectedKubeconfigYAML) String() string {
value: %s
- name: PINNIPED_TOKEN
value: %s
- name: PINNIPED_IDP_TYPE
- name: PINNIPED_AUTHENTICATOR_TYPE
value: %s
- name: PINNIPED_IDP_NAME
- name: PINNIPED_AUTHENTICATOR_NAME
value: %s
installHint: |-
The Pinniped CLI is required to authenticate to the current cluster.
For more information, please visit https://pinniped.dev
`, e.clusterCAData, e.clusterServer, e.command, e.pinnipedEndpoint, e.pinnipedCABundle, e.namespace, e.token, e.idpType, e.idpName)
`, e.clusterCAData, e.clusterServer, e.command, e.pinnipedEndpoint, e.pinnipedCABundle, e.namespace, e.token, e.authenticatorType, e.authenticatorName)
}
func newCredentialIssuerConfig(name, namespace, server, certificateAuthorityData string) *configv1alpha1.CredentialIssuerConfig {
@ -224,44 +224,44 @@ func TestRun(t *testing.T) {
wantError: "some error configuring clientset",
},
{
name: "fail to get IDPs",
name: "fail to get authenticators",
mocks: func(cmd *getKubeConfigCommand) {
cmd.flags.idpName = ""
cmd.flags.idpType = ""
cmd.flags.authenticatorName = ""
cmd.flags.authenticatorType = ""
clientset := pinnipedfake.NewSimpleClientset()
clientset.PrependReactor("*", "*", func(_ coretesting.Action) (bool, runtime.Object, error) {
return true, nil, fmt.Errorf("some error getting IDPs")
return true, nil, fmt.Errorf("some error getting authenticators")
})
cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) {
return clientset, nil
}
},
wantError: "some error getting IDPs",
wantError: "some error getting authenticators",
},
{
name: "zero IDPs",
name: "zero authenticators",
mocks: func(cmd *getKubeConfigCommand) {
cmd.flags.idpName = ""
cmd.flags.idpType = ""
cmd.flags.authenticatorName = ""
cmd.flags.authenticatorType = ""
cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) {
return pinnipedfake.NewSimpleClientset(), nil
}
},
wantError: `no identity providers were found in namespace "test-namespace"`,
wantError: `no authenticators were found in namespace "test-namespace"`,
},
{
name: "multiple IDPs",
name: "multiple authenticators",
mocks: func(cmd *getKubeConfigCommand) {
cmd.flags.idpName = ""
cmd.flags.idpType = ""
cmd.flags.authenticatorName = ""
cmd.flags.authenticatorType = ""
cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) {
return pinnipedfake.NewSimpleClientset(
&idpv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-one"}},
&idpv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-two"}},
&authv1alpha.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-one"}},
&authv1alpha.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-two"}},
), nil
}
},
wantError: `multiple identity providers were found in namespace "test-namespace", so --pinniped-idp-name/--pinniped-idp-type must be specified`,
wantError: `multiple authenticators were found in namespace "test-namespace", so --authenticator-name/--authenticator-type must be specified`,
},
{
name: "fail to get CredentialIssuerConfigs",
@ -337,19 +337,19 @@ func TestRun(t *testing.T) {
pinnipedEndpoint: "https://fake-server-url-value",
pinnipedCABundle: "fake-certificate-authority-data-value",
namespace: "test-namespace",
idpType: "test-idp-type",
idpName: "test-idp-name",
authenticatorType: "test-authenticator-type",
authenticatorName: "test-authenticator-name",
}.String(),
},
{
name: "success using local CA data and discovered IDP",
name: "success using local CA data and discovered authenticator",
mocks: func(cmd *getKubeConfigCommand) {
cmd.flags.idpName = ""
cmd.flags.idpType = ""
cmd.flags.authenticatorName = ""
cmd.flags.authenticatorType = ""
cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) {
return pinnipedfake.NewSimpleClientset(
&idpv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "discovered-idp"}},
&authv1alpha.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "discovered-authenticator"}},
newCredentialIssuerConfig("pinniped-config", "test-namespace", "https://example.com", "test-ca"),
), nil
}
@ -363,8 +363,8 @@ func TestRun(t *testing.T) {
pinnipedEndpoint: "https://fake-server-url-value",
pinnipedCABundle: "fake-certificate-authority-data-value",
namespace: "test-namespace",
idpType: "webhook",
idpName: "discovered-idp",
authenticatorType: "webhook",
authenticatorName: "discovered-authenticator",
}.String(),
},
}
@ -377,8 +377,8 @@ func TestRun(t *testing.T) {
c := newGetKubeConfigCommand()
c.flags.token = "test-token"
c.flags.namespace = "test-namespace"
c.flags.idpName = "test-idp-name"
c.flags.idpType = "test-idp-type"
c.flags.authenticatorName = "test-authenticator-name"
c.flags.authenticatorType = "test-authenticator-type"
c.getPathToSelf = func() (string, error) { return "/path/to/pinniped", nil }
c.flags.kubeconfig = "./testdata/kubeconfig.yaml"
tt.mocks(c)

View File

@ -6,21 +6,18 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: webhookidentityproviders.idp.pinniped.dev
name: webhookauthenticators.authentication.concierge.pinniped.dev
spec:
group: idp.pinniped.dev
group: authentication.concierge.pinniped.dev
names:
categories:
- all
- idp
- idps
kind: WebhookIdentityProvider
listKind: WebhookIdentityProviderList
plural: webhookidentityproviders
shortNames:
- webhookidp
- webhookidps
singular: webhookidentityprovider
- authenticator
- authenticators
kind: WebhookAuthenticator
listKind: WebhookAuthenticatorList
plural: webhookauthenticators
singular: webhookauthenticator
scope: Namespaced
versions:
- additionalPrinterColumns:
@ -30,8 +27,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: WebhookIdentityProvider describes the configuration of a Pinniped
webhook identity provider.
description: WebhookAuthenticator describes the configuration of a webhook
authenticator.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -46,7 +43,7 @@ spec:
metadata:
type: object
spec:
description: Spec for configuring the identity provider.
description: Spec for configuring the authenticator.
properties:
endpoint:
description: Webhook server endpoint URL.
@ -65,11 +62,11 @@ spec:
- endpoint
type: object
status:
description: Status of the identity provider.
description: Status of the authenticator.
properties:
conditions:
description: Represents the observations of an identity provider's
current state.
description: Represents the observations of the authenticator's current
state.
items:
description: Condition status of a resource (mirrored from the metav1.Condition
type added in Kubernetes 1.19). In a future API version we can

View File

@ -59,7 +59,7 @@ rules:
- apiGroups: [ "" ]
resources: [ pods/exec ]
verbs: [ create ]
- apiGroups: [ config.pinniped.dev, idp.pinniped.dev ]
- apiGroups: [ config.pinniped.dev, authentication.concierge.pinniped.dev ]
resources: [ "*" ]
verbs: [ create, get, list, update, watch ]
---

View File

@ -10,7 +10,7 @@ metadata:
#@overlay/match missing_ok=True
labels: #@ labels()
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"webhookidentityproviders.idp.pinniped.dev"}}), expects=1
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"webhookauthenticators.authentication.concierge.pinniped.dev"}}), expects=1
---
metadata:
#@overlay/match missing_ok=True

View File

@ -118,12 +118,12 @@ as the identity provider.
If you would prefer to customize the available options, please see [deploy/concierge/README.md](../deploy/concierge/README.md)
for instructions on how to deploy using `ytt`.
1. Create a `WebhookIdentityProvider` object to configure Pinniped to authenticate using local-user-authenticator.
1. Create a `WebhookAuthenticator` object to configure Pinniped to authenticate using local-user-authenticator.
```bash
cat <<EOF | kubectl create --namespace pinniped -f -
apiVersion: idp.pinniped.dev/v1alpha1
kind: WebhookIdentityProvider
apiVersion: authentication.concierge.pinniped.dev/v1alpha1
kind: WebhookAuthenticator
metadata:
name: local-user-authenticator
spec:
@ -143,7 +143,7 @@ as the identity provider.
allow you to authenticate as the user that you created above.
```bash
pinniped get-kubeconfig --token "pinny-the-seal:password123" --idp-type webhook --idp-name local-user-authenticator > /tmp/pinniped-kubeconfig
pinniped get-kubeconfig --token "pinny-the-seal:password123" --authenticator-type webhook --authenticator-name local-user-authenticator > /tmp/pinniped-kubeconfig
```
If you are using MacOS, you may get an error dialog that says

View File

@ -5,11 +5,115 @@
== API Reference
.Packages
- xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-config-pinniped-dev-v1alpha1[$$config.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
=== authentication.concierge.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-condition"]
==== Condition
Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus[$$WebhookAuthenticatorStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-tlsspec"]
==== TLSSpec
Configuration for configuring TLS on various authenticators.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec[$$WebhookAuthenticatorSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticator"]
==== WebhookAuthenticator
WebhookAuthenticator describes the configuration of a webhook authenticator.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorlist[$$WebhookAuthenticatorList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec[$$WebhookAuthenticatorSpec$$]__ | Spec for configuring the authenticator.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus[$$WebhookAuthenticatorStatus$$]__ | Status of the authenticator.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec"]
==== WebhookAuthenticatorSpec
Spec for configuring a webhook authenticator.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticator[$$WebhookAuthenticator$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`endpoint`* __string__ | Webhook server endpoint URL.
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus"]
==== WebhookAuthenticatorStatus
Status of a webhook authenticator.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookauthenticator[$$WebhookAuthenticator$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-condition[$$Condition$$]__ | Represents the observations of the authenticator's current state.
|===
[id="{anchor_prefix}-config-pinniped-dev-v1alpha1"]
=== config.pinniped.dev/v1alpha1
@ -161,110 +265,6 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
=== idp.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-condition"]
==== Condition
Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-tlsspec"]
==== TLSSpec
Configuration for configuring TLS on various identity providers.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityprovider"]
==== WebhookIdentityProvider
WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderspec"]
==== WebhookIdentityProviderSpec
Spec for configuring a webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`endpoint`* __string__ | Webhook server endpoint URL.
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderstatus"]
==== WebhookIdentityProviderStatus
Status of a webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
|===
[id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"]
=== login.concierge.pinniped.dev/v1alpha1
@ -328,7 +328,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|===
| Field | Description
| *`token`* __string__ | Bearer token supplied with the credential request.
| *`identityProvider`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an identity provider which can fulfill this credential request.
| *`authenticator`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an authenticator which can validate this credential request.
|===

View File

@ -0,0 +1,8 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=authentication.concierge.pinniped.dev
// Package authentication is the internal version of the Pinniped concierge authentication API.
package authentication

View File

@ -0,0 +1,11 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/authentication
// +k8s:defaulter-gen=TypeMeta
// +groupName=authentication.concierge.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
package v1alpha1

View File

@ -9,7 +9,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "idp.pinniped.dev"
const GroupName = "authentication.concierge.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
@ -30,8 +30,8 @@ func init() {
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&WebhookIdentityProvider{},
&WebhookIdentityProviderList{},
&WebhookAuthenticator{},
&WebhookAuthenticatorList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil

View File

@ -3,7 +3,7 @@
package v1alpha1
// Configuration for configuring TLS on various identity providers.
// Configuration for configuring TLS on various authenticators.
type TLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
// +optional

View File

@ -5,9 +5,9 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Status of a webhook identity provider.
type WebhookIdentityProviderStatus struct {
// Represents the observations of an identity provider's current state.
// Status of a webhook authenticator.
type WebhookAuthenticatorStatus struct {
// Represents the observations of the authenticator's current state.
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
@ -15,8 +15,8 @@ type WebhookIdentityProviderStatus struct {
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}
// Spec for configuring a webhook identity provider.
type WebhookIdentityProviderSpec struct {
// Spec for configuring a webhook authenticator.
type WebhookAuthenticatorSpec struct {
// Webhook server endpoint URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://`
@ -27,27 +27,27 @@ type WebhookIdentityProviderSpec struct {
TLS *TLSSpec `json:"tls,omitempty"`
}
// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
// WebhookAuthenticator describes the configuration of a webhook authenticator.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps
// +kubebuilder:resource:categories=all;authenticator;authenticators
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
type WebhookIdentityProvider struct {
type WebhookAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec for configuring the identity provider.
Spec WebhookIdentityProviderSpec `json:"spec"`
// Spec for configuring the authenticator.
Spec WebhookAuthenticatorSpec `json:"spec"`
// Status of the identity provider.
Status WebhookIdentityProviderStatus `json:"status,omitempty"`
// Status of the authenticator.
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
}
// List of WebhookIdentityProvider objects.
// List of WebhookAuthenticator objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type WebhookIdentityProviderList struct {
type WebhookAuthenticatorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WebhookIdentityProvider `json:"items"`
Items []WebhookAuthenticator `json:"items"`
}

View File

@ -45,7 +45,7 @@ func (in *TLSSpec) DeepCopy() *TLSSpec {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) {
func (in *WebhookAuthenticator) DeepCopyInto(out *WebhookAuthenticator) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
@ -54,18 +54,18 @@ func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) {
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProvider.
func (in *WebhookIdentityProvider) DeepCopy() *WebhookIdentityProvider {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticator.
func (in *WebhookAuthenticator) DeepCopy() *WebhookAuthenticator {
if in == nil {
return nil
}
out := new(WebhookIdentityProvider)
out := new(WebhookAuthenticator)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object {
func (in *WebhookAuthenticator) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
@ -73,13 +73,13 @@ func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProviderList) {
func (in *WebhookAuthenticatorList) DeepCopyInto(out *WebhookAuthenticatorList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]WebhookIdentityProvider, len(*in))
*out = make([]WebhookAuthenticator, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
@ -87,18 +87,18 @@ func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProvider
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderList.
func (in *WebhookIdentityProviderList) DeepCopy() *WebhookIdentityProviderList {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorList.
func (in *WebhookAuthenticatorList) DeepCopy() *WebhookAuthenticatorList {
if in == nil {
return nil
}
out := new(WebhookIdentityProviderList)
out := new(WebhookAuthenticatorList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object {
func (in *WebhookAuthenticatorList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
@ -106,7 +106,7 @@ func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProviderSpec) {
func (in *WebhookAuthenticatorSpec) DeepCopyInto(out *WebhookAuthenticatorSpec) {
*out = *in
if in.TLS != nil {
in, out := &in.TLS, &out.TLS
@ -116,18 +116,18 @@ func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProvider
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderSpec.
func (in *WebhookIdentityProviderSpec) DeepCopy() *WebhookIdentityProviderSpec {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorSpec.
func (in *WebhookAuthenticatorSpec) DeepCopy() *WebhookAuthenticatorSpec {
if in == nil {
return nil
}
out := new(WebhookIdentityProviderSpec)
out := new(WebhookAuthenticatorSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProviderStatus) {
func (in *WebhookAuthenticatorStatus) DeepCopyInto(out *WebhookAuthenticatorStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
@ -139,12 +139,12 @@ func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProvid
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderStatus.
func (in *WebhookIdentityProviderStatus) DeepCopy() *WebhookIdentityProviderStatus {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorStatus.
func (in *WebhookAuthenticatorStatus) DeepCopy() *WebhookAuthenticatorStatus {
if in == nil {
return nil
}
out := new(WebhookIdentityProviderStatus)
out := new(WebhookAuthenticatorStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -5,4 +5,4 @@
// Code generated by deepcopy-gen. DO NOT EDIT.
package idp
package authentication

View File

@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
// Bearer token supplied with the credential request.
Token string
// Reference to an identity provider which can fulfill this credential request.
IdentityProvider corev1.TypedLocalObjectReference
// Reference to an authenticator which can validate this credential request.
Authenticator corev1.TypedLocalObjectReference
}
type TokenCredentialRequestStatus struct {

View File

@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
// Bearer token supplied with the credential request.
Token string `json:"token,omitempty"`
// Reference to an identity provider which can fulfill this credential request.
IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
// Reference to an authenticator which can validate this credential request.
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
}
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

View File

@ -157,7 +157,7 @@ func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequest
func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
out.Token = in.Token
out.IdentityProvider = in.IdentityProvider
out.Authenticator = in.Authenticator
return nil
}
@ -168,7 +168,7 @@ func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequest
func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
out.Token = in.Token
out.IdentityProvider = in.IdentityProvider
out.Authenticator = in.Authenticator
return nil
}

View File

@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
*out = *in
in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
in.Authenticator.DeepCopyInto(&out.Authenticator)
return
}

View File

@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
*out = *in
in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
in.Authenticator.DeepCopyInto(&out.Authenticator)
return
}

View File

@ -1,8 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=idp.pinniped.dev
// Package idp is the internal version of the Pinniped identity provider API.
package idp

View File

@ -1,12 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/idp
// +k8s:defaulter-gen=TypeMeta
// +groupName=idp.pinniped.dev
// +groupGoName=IDP
// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
package v1alpha1

View File

@ -8,8 +8,8 @@ package versioned
import (
"fmt"
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/login/v1alpha1"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
@ -18,8 +18,8 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
}
@ -27,21 +27,21 @@ type Interface interface {
// version included in a Clientset.
type Clientset struct {
*discovery.DiscoveryClient
authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client
}
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return c.authenticationV1alpha1
}
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
return c.configV1alpha1
}
// IDPV1alpha1 retrieves the IDPV1alpha1Client
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return c.iDPV1alpha1
}
// LoginV1alpha1 retrieves the LoginV1alpha1Client
func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
return c.loginV1alpha1
@ -68,11 +68,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
}
var cs Clientset
var err error
cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy)
cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
@ -92,8 +92,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
@ -103,8 +103,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
// New creates a new Clientset for the given RESTClient.
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
cs.configV1alpha1 = configv1alpha1.New(c)
cs.iDPV1alpha1 = idpv1alpha1.New(c)
cs.loginV1alpha1 = loginv1alpha1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)

View File

@ -7,10 +7,10 @@ package fake
import (
clientset "go.pinniped.dev/generated/1.17/client/clientset/versioned"
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1"
fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1/fake"
configv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/config/v1alpha1"
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/fake"
idpv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1"
fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake"
loginv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/login/v1alpha1"
fakeloginv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime"
@ -67,16 +67,16 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
var _ clientset.Interface = &Clientset{}
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
}
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
}
// IDPV1alpha1 retrieves the IDPV1alpha1Client
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
}
// LoginV1alpha1 retrieves the LoginV1alpha1Client
func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake}

View File

@ -6,9 +6,9 @@
package fake
import (
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -20,8 +20,8 @@ var scheme = runtime.NewScheme()
var codecs = serializer.NewCodecFactory(scheme)
var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
authenticationv1alpha1.AddToScheme,
configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme,
loginv1alpha1.AddToScheme,
}

View File

@ -6,9 +6,9 @@
package scheme
import (
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -20,8 +20,8 @@ var Scheme = runtime.NewScheme()
var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
authenticationv1alpha1.AddToScheme,
configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme,
loginv1alpha1.AddToScheme,
}

View File

@ -6,27 +6,27 @@
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
"go.pinniped.dev/generated/1.17/client/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
type IDPV1alpha1Interface interface {
type AuthenticationV1alpha1Interface interface {
RESTClient() rest.Interface
WebhookIdentityProvidersGetter
WebhookAuthenticatorsGetter
}
// IDPV1alpha1Client is used to interact with features provided by the idp.pinniped.dev group.
type IDPV1alpha1Client struct {
// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.concierge.pinniped.dev group.
type AuthenticationV1alpha1Client struct {
restClient rest.Interface
}
func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface {
return newWebhookIdentityProviders(c, namespace)
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
return newWebhookAuthenticators(c, namespace)
}
// NewForConfig creates a new IDPV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
@ -35,12 +35,12 @@ func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
if err != nil {
return nil, err
}
return &IDPV1alpha1Client{client}, nil
return &AuthenticationV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and
// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
@ -48,9 +48,9 @@ func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
return client
}
// New creates a new IDPV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *IDPV1alpha1Client {
return &IDPV1alpha1Client{c}
// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *AuthenticationV1alpha1Client {
return &AuthenticationV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
@ -68,7 +68,7 @@ func setConfigDefaults(config *rest.Config) error {
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *IDPV1alpha1Client) RESTClient() rest.Interface {
func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}

View File

@ -6,22 +6,22 @@
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeIDPV1alpha1 struct {
type FakeAuthenticationV1alpha1 struct {
*testing.Fake
}
func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface {
return &FakeWebhookIdentityProviders{c, namespace}
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
return &FakeWebhookAuthenticators{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeIDPV1alpha1) RESTClient() rest.Interface {
func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

View File

@ -0,0 +1,127 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
type FakeWebhookAuthenticators struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookAuthenticator"}
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.WebhookAuthenticatorList{ListMeta: obj.(*v1alpha1.WebhookAuthenticatorList).ListMeta}
for _, item := range obj.(*v1alpha1.WebhookAuthenticatorList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
func (c *FakeWebhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
}
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *FakeWebhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
return err
}
// Patch applies the patch and returns the patched webhookAuthenticator.
func (c *FakeWebhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}

View File

@ -5,4 +5,4 @@
package v1alpha1
type WebhookIdentityProviderExpansion interface{}
type WebhookAuthenticatorExpansion interface{}

View File

@ -0,0 +1,178 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
scheme "go.pinniped.dev/generated/1.17/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
// A group's client should implement this interface.
type WebhookAuthenticatorsGetter interface {
WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
}
// WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
type WebhookAuthenticatorInterface interface {
Create(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
Update(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
UpdateStatus(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.WebhookAuthenticator, error)
List(opts v1.ListOptions) (*v1alpha1.WebhookAuthenticatorList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error)
WebhookAuthenticatorExpansion
}
// webhookAuthenticators implements WebhookAuthenticatorInterface
type webhookAuthenticators struct {
client rest.Interface
ns string
}
// newWebhookAuthenticators returns a WebhookAuthenticators
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
return &webhookAuthenticators{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
func (c *webhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
func (c *webhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.WebhookAuthenticatorList{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Post().
Namespace(c.ns).
Resource("webhookauthenticators").
Body(webhookAuthenticator).
Do().
Into(result)
return
}
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
Body(webhookAuthenticator).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
SubResource("status").
Body(webhookAuthenticator).
Do().
Into(result)
return
}
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *webhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched webhookAuthenticator.
func (c *webhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("webhookauthenticators").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

View File

@ -1,127 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface
type FakeWebhookIdentityProviders struct {
Fake *FakeIDPV1alpha1
ns string
}
var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"}
var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"}
// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any.
func (c *FakeWebhookIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors.
func (c *FakeWebhookIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(webhookidentityprovidersResource, webhookidentityprovidersKind, c.ns, opts), &v1alpha1.WebhookIdentityProviderList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.WebhookIdentityProviderList{ListMeta: obj.(*v1alpha1.WebhookIdentityProviderList).ListMeta}
for _, item := range obj.(*v1alpha1.WebhookIdentityProviderList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested webhookIdentityProviders.
func (c *FakeWebhookIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(webhookidentityprovidersResource, c.ns, opts))
}
// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *FakeWebhookIdentityProviders) Create(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *FakeWebhookIdentityProviders) Update(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeWebhookIdentityProviders) UpdateStatus(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(webhookidentityprovidersResource, "status", c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs.
func (c *FakeWebhookIdentityProviders) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeWebhookIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(webhookidentityprovidersResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookIdentityProviderList{})
return err
}
// Patch applies the patch and returns the patched webhookIdentityProvider.
func (c *FakeWebhookIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(webhookidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}

View File

@ -1,178 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"time"
v1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
scheme "go.pinniped.dev/generated/1.17/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// WebhookIdentityProvidersGetter has a method to return a WebhookIdentityProviderInterface.
// A group's client should implement this interface.
type WebhookIdentityProvidersGetter interface {
WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface
}
// WebhookIdentityProviderInterface has methods to work with WebhookIdentityProvider resources.
type WebhookIdentityProviderInterface interface {
Create(*v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error)
Update(*v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error)
UpdateStatus(*v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*v1alpha1.WebhookIdentityProvider, error)
List(opts v1.ListOptions) (*v1alpha1.WebhookIdentityProviderList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error)
WebhookIdentityProviderExpansion
}
// webhookIdentityProviders implements WebhookIdentityProviderInterface
type webhookIdentityProviders struct {
client rest.Interface
ns string
}
// newWebhookIdentityProviders returns a WebhookIdentityProviders
func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders {
return &webhookIdentityProviders{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any.
func (c *webhookIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors.
func (c *webhookIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.WebhookIdentityProviderList{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested webhookIdentityProviders.
func (c *webhookIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch()
}
// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *webhookIdentityProviders) Create(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Post().
Namespace(c.ns).
Resource("webhookidentityproviders").
Body(webhookIdentityProvider).
Do().
Into(result)
return
}
// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *webhookIdentityProviders) Update(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(webhookIdentityProvider.Name).
Body(webhookIdentityProvider).
Do().
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *webhookIdentityProviders) UpdateStatus(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(webhookIdentityProvider.Name).
SubResource("status").
Body(webhookIdentityProvider).
Do().
Into(result)
return
}
// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs.
func (c *webhookIdentityProviders) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *webhookIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
var timeout time.Duration
if listOptions.TimeoutSeconds != nil {
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched webhookIdentityProvider.
func (c *webhookIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("webhookidentityproviders").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

View File

@ -3,10 +3,10 @@
// Code generated by informer-gen. DO NOT EDIT.
package idp
package authentication
import (
v1alpha1 "go.pinniped.dev/generated/1.17/client/informers/externalversions/idp/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.17/client/informers/externalversions/authentication/v1alpha1"
internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
)

View File

@ -11,8 +11,8 @@ import (
// Interface provides access to all the informers in this group version.
type Interface interface {
// WebhookIdentityProviders returns a WebhookIdentityProviderInformer.
WebhookIdentityProviders() WebhookIdentityProviderInformer
// WebhookAuthenticators returns a WebhookAuthenticatorInformer.
WebhookAuthenticators() WebhookAuthenticatorInformer
}
type version struct {
@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// WebhookIdentityProviders returns a WebhookIdentityProviderInformer.
func (v *version) WebhookIdentityProviders() WebhookIdentityProviderInformer {
return &webhookIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
// WebhookAuthenticators returns a WebhookAuthenticatorInformer.
func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

View File

@ -0,0 +1,76 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
time "time"
authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
versioned "go.pinniped.dev/generated/1.17/client/clientset/versioned"
internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.17/client/listers/authentication/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// WebhookAuthenticatorInformer provides access to a shared informer and lister for
// WebhookAuthenticators.
type WebhookAuthenticatorInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.WebhookAuthenticatorLister
}
type webhookAuthenticatorInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(options)
},
},
&authenticationv1alpha1.WebhookAuthenticator{},
resyncPeriod,
indexers,
)
}
func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&authenticationv1alpha1.WebhookAuthenticator{}, f.defaultInformer)
}
func (f *webhookAuthenticatorInformer) Lister() v1alpha1.WebhookAuthenticatorLister {
return v1alpha1.NewWebhookAuthenticatorLister(f.Informer().GetIndexer())
}

View File

@ -11,8 +11,8 @@ import (
time "time"
versioned "go.pinniped.dev/generated/1.17/client/clientset/versioned"
authentication "go.pinniped.dev/generated/1.17/client/informers/externalversions/authentication"
config "go.pinniped.dev/generated/1.17/client/informers/externalversions/config"
idp "go.pinniped.dev/generated/1.17/client/informers/externalversions/idp"
internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
login "go.pinniped.dev/generated/1.17/client/informers/externalversions/login"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -161,19 +161,19 @@ type SharedInformerFactory interface {
ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
Authentication() authentication.Interface
Config() config.Interface
IDP() idp.Interface
Login() login.Interface
}
func (f *sharedInformerFactory) Authentication() authentication.Interface {
return authentication.New(f, f.namespace, f.tweakListOptions)
}
func (f *sharedInformerFactory) Config() config.Interface {
return config.New(f, f.namespace, f.tweakListOptions)
}
func (f *sharedInformerFactory) IDP() idp.Interface {
return idp.New(f, f.namespace, f.tweakListOptions)
}
func (f *sharedInformerFactory) Login() login.Interface {
return login.New(f, f.namespace, f.tweakListOptions)
}

View File

@ -8,9 +8,9 @@ package externalversions
import (
"fmt"
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
)
@ -41,15 +41,15 @@ func (f *genericInformer) Lister() cache.GenericLister {
// TODO extend this to unknown resources with a client pool
func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
switch resource {
// Group=config.pinniped.dev, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil
// Group=authentication.concierge.pinniped.dev, Version=v1alpha1
case v1alpha1.SchemeGroupVersion.WithResource("webhookauthenticators"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().WebhookAuthenticators().Informer()}, nil
// Group=idp.pinniped.dev, Version=v1alpha1
case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"):
return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil
// Group=config.pinniped.dev, Version=v1alpha1
case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil
case configv1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil
// Group=login.concierge.pinniped.dev, Version=v1alpha1
case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"):

View File

@ -1,76 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.
package v1alpha1
import (
time "time"
idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
versioned "go.pinniped.dev/generated/1.17/client/clientset/versioned"
internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
v1alpha1 "go.pinniped.dev/generated/1.17/client/listers/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
)
// WebhookIdentityProviderInformer provides access to a shared informer and lister for
// WebhookIdentityProviders.
type WebhookIdentityProviderInformer interface {
Informer() cache.SharedIndexInformer
Lister() v1alpha1.WebhookIdentityProviderLister
}
type webhookIdentityProviderInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredWebhookIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.IDPV1alpha1().WebhookIdentityProviders(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.IDPV1alpha1().WebhookIdentityProviders(namespace).Watch(options)
},
},
&idpv1alpha1.WebhookIdentityProvider{},
resyncPeriod,
indexers,
)
}
func (f *webhookIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredWebhookIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *webhookIdentityProviderInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&idpv1alpha1.WebhookIdentityProvider{}, f.defaultInformer)
}
func (f *webhookIdentityProviderInformer) Lister() v1alpha1.WebhookIdentityProviderLister {
return v1alpha1.NewWebhookIdentityProviderLister(f.Informer().GetIndexer())
}

View File

@ -0,0 +1,14 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// WebhookAuthenticatorListerExpansion allows custom methods to be added to
// WebhookAuthenticatorLister.
type WebhookAuthenticatorListerExpansion interface{}
// WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
// WebhookAuthenticatorNamespaceLister.
type WebhookAuthenticatorNamespaceListerExpansion interface{}

View File

@ -0,0 +1,81 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// WebhookAuthenticatorLister helps list WebhookAuthenticators.
type WebhookAuthenticatorLister interface {
// List lists all WebhookAuthenticators in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
WebhookAuthenticatorListerExpansion
}
// webhookAuthenticatorLister implements the WebhookAuthenticatorLister interface.
type webhookAuthenticatorLister struct {
indexer cache.Indexer
}
// NewWebhookAuthenticatorLister returns a new WebhookAuthenticatorLister.
func NewWebhookAuthenticatorLister(indexer cache.Indexer) WebhookAuthenticatorLister {
return &webhookAuthenticatorLister{indexer: indexer}
}
// List lists all WebhookAuthenticators in the indexer.
func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
})
return ret, err
}
// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
type WebhookAuthenticatorNamespaceLister interface {
// List lists all WebhookAuthenticators in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.WebhookAuthenticator, error)
WebhookAuthenticatorNamespaceListerExpansion
}
// webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
// interface.
type webhookAuthenticatorNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all WebhookAuthenticators in the indexer for a given namespace.
func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
})
return ret, err
}
// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("webhookauthenticator"), name)
}
return obj.(*v1alpha1.WebhookAuthenticator), nil
}

View File

@ -1,14 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
// WebhookIdentityProviderListerExpansion allows custom methods to be added to
// WebhookIdentityProviderLister.
type WebhookIdentityProviderListerExpansion interface{}
// WebhookIdentityProviderNamespaceListerExpansion allows custom methods to be added to
// WebhookIdentityProviderNamespaceLister.
type WebhookIdentityProviderNamespaceListerExpansion interface{}

View File

@ -1,81 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
)
// WebhookIdentityProviderLister helps list WebhookIdentityProviders.
type WebhookIdentityProviderLister interface {
// List lists all WebhookIdentityProviders in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error)
// WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders.
WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister
WebhookIdentityProviderListerExpansion
}
// webhookIdentityProviderLister implements the WebhookIdentityProviderLister interface.
type webhookIdentityProviderLister struct {
indexer cache.Indexer
}
// NewWebhookIdentityProviderLister returns a new WebhookIdentityProviderLister.
func NewWebhookIdentityProviderLister(indexer cache.Indexer) WebhookIdentityProviderLister {
return &webhookIdentityProviderLister{indexer: indexer}
}
// List lists all WebhookIdentityProviders in the indexer.
func (s *webhookIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider))
})
return ret, err
}
// WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders.
func (s *webhookIdentityProviderLister) WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister {
return webhookIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// WebhookIdentityProviderNamespaceLister helps list and get WebhookIdentityProviders.
type WebhookIdentityProviderNamespaceLister interface {
// List lists all WebhookIdentityProviders in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error)
// Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.WebhookIdentityProvider, error)
WebhookIdentityProviderNamespaceListerExpansion
}
// webhookIdentityProviderNamespaceLister implements the WebhookIdentityProviderNamespaceLister
// interface.
type webhookIdentityProviderNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all WebhookIdentityProviders in the indexer for a given namespace.
func (s webhookIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider))
})
return ret, err
}
// Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name.
func (s webhookIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.WebhookIdentityProvider, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(v1alpha1.Resource("webhookidentityprovider"), name)
}
return obj.(*v1alpha1.WebhookIdentityProvider), nil
}

View File

@ -17,6 +17,12 @@ import (
func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
return map[string]common.OpenAPIDefinition{
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref),
"go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref),
@ -31,12 +37,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigList": schema_117_apis_config_v1alpha1_OIDCProviderConfigList(ref),
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_117_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref),
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.Condition": schema_117_apis_idp_v1alpha1_Condition(ref),
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.TLSSpec": schema_117_apis_idp_v1alpha1_TLSSpec(ref),
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider": schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderList(ref),
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref),
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref),
@ -91,6 +91,244 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
}
}
func schema_apis_concierge_authentication_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"type": {
SchemaProps: spec.SchemaProps{
Description: "type of condition in CamelCase or in foo.example.com/CamelCase.",
Type: []string{"string"},
Format: "",
},
},
"status": {
SchemaProps: spec.SchemaProps{
Description: "status of the condition, one of True, False, Unknown.",
Type: []string{"string"},
Format: "",
},
},
"observedGeneration": {
SchemaProps: spec.SchemaProps{
Description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.",
Type: []string{"integer"},
Format: "int64",
},
},
"lastTransitionTime": {
SchemaProps: spec.SchemaProps{
Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
"reason": {
SchemaProps: spec.SchemaProps{
Description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.",
Type: []string{"string"},
Format: "",
},
},
"message": {
SchemaProps: spec.SchemaProps{
Description: "message is a human readable message indicating details about the transition. This may be an empty string.",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"type", "status", "lastTransitionTime", "reason", "message"},
},
},
Dependencies: []string{
"k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
}
}
func schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Configuration for configuring TLS on various authenticators.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"certificateAuthorityData": {
SchemaProps: spec.SchemaProps{
Description: "X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.",
Type: []string{"string"},
Format: "",
},
},
},
},
},
}
}
func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "WebhookAuthenticator describes the configuration of a webhook authenticator.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"kind": {
SchemaProps: spec.SchemaProps{
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
Type: []string{"string"},
Format: "",
},
},
"apiVersion": {
SchemaProps: spec.SchemaProps{
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
Type: []string{"string"},
Format: "",
},
},
"metadata": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
},
},
"spec": {
SchemaProps: spec.SchemaProps{
Description: "Spec for configuring the authenticator.",
Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Description: "Status of the authenticator.",
Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus"),
},
},
},
Required: []string{"spec"},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec", "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}
func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "List of WebhookAuthenticator objects.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"kind": {
SchemaProps: spec.SchemaProps{
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
Type: []string{"string"},
Format: "",
},
},
"apiVersion": {
SchemaProps: spec.SchemaProps{
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
Type: []string{"string"},
Format: "",
},
},
"metadata": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"),
},
},
"items": {
SchemaProps: spec.SchemaProps{
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticator"),
},
},
},
},
},
},
Required: []string{"items"},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
}
}
func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Spec for configuring a webhook authenticator.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"endpoint": {
SchemaProps: spec.SchemaProps{
Description: "Webhook server endpoint URL.",
Type: []string{"string"},
Format: "",
},
},
"tls": {
SchemaProps: spec.SchemaProps{
Description: "TLS configuration.",
Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec"),
},
},
},
Required: []string{"endpoint"},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec"},
}
}
func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Status of a webhook authenticator.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"conditions": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
"x-kubernetes-list-map-keys": []interface{}{
"type",
},
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "type",
"x-kubernetes-patch-strategy": "merge",
},
},
SchemaProps: spec.SchemaProps{
Description: "Represents the observations of the authenticator's current state.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition"),
},
},
},
},
},
},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition"},
}
}
func schema_apis_concierge_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@ -238,14 +476,14 @@ func schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref common.
Format: "",
},
},
"identityProvider": {
"authenticator": {
SchemaProps: spec.SchemaProps{
Description: "Reference to an identity provider which can fulfill this credential request.",
Description: "Reference to an authenticator which can validate this credential request.",
Ref: ref("k8s.io/api/core/v1.TypedLocalObjectReference"),
},
},
},
Required: []string{"identityProvider"},
Required: []string{"authenticator"},
},
},
Dependencies: []string{
@ -642,244 +880,6 @@ func schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.Referen
}
}
func schema_117_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"type": {
SchemaProps: spec.SchemaProps{
Description: "type of condition in CamelCase or in foo.example.com/CamelCase.",
Type: []string{"string"},
Format: "",
},
},
"status": {
SchemaProps: spec.SchemaProps{
Description: "status of the condition, one of True, False, Unknown.",
Type: []string{"string"},
Format: "",
},
},
"observedGeneration": {
SchemaProps: spec.SchemaProps{
Description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.",
Type: []string{"integer"},
Format: "int64",
},
},
"lastTransitionTime": {
SchemaProps: spec.SchemaProps{
Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.",
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
},
},
"reason": {
SchemaProps: spec.SchemaProps{
Description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.",
Type: []string{"string"},
Format: "",
},
},
"message": {
SchemaProps: spec.SchemaProps{
Description: "message is a human readable message indicating details about the transition. This may be an empty string.",
Type: []string{"string"},
Format: "",
},
},
},
Required: []string{"type", "status", "lastTransitionTime", "reason", "message"},
},
},
Dependencies: []string{
"k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
}
}
func schema_117_apis_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Configuration for configuring TLS on various identity providers.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"certificateAuthorityData": {
SchemaProps: spec.SchemaProps{
Description: "X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.",
Type: []string{"string"},
Format: "",
},
},
},
},
},
}
}
func schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"kind": {
SchemaProps: spec.SchemaProps{
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
Type: []string{"string"},
Format: "",
},
},
"apiVersion": {
SchemaProps: spec.SchemaProps{
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
Type: []string{"string"},
Format: "",
},
},
"metadata": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
},
},
"spec": {
SchemaProps: spec.SchemaProps{
Description: "Spec for configuring the identity provider.",
Ref: ref("go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec"),
},
},
"status": {
SchemaProps: spec.SchemaProps{
Description: "Status of the identity provider.",
Ref: ref("go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus"),
},
},
},
Required: []string{"spec"},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec", "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
}
}
func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "List of WebhookIdentityProvider objects.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"kind": {
SchemaProps: spec.SchemaProps{
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
Type: []string{"string"},
Format: "",
},
},
"apiVersion": {
SchemaProps: spec.SchemaProps{
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
Type: []string{"string"},
Format: "",
},
},
"metadata": {
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"),
},
},
"items": {
SchemaProps: spec.SchemaProps{
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Ref: ref("go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider"),
},
},
},
},
},
},
Required: []string{"items"},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
}
}
func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Spec for configuring a webhook identity provider.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"endpoint": {
SchemaProps: spec.SchemaProps{
Description: "Webhook server endpoint URL.",
Type: []string{"string"},
Format: "",
},
},
"tls": {
SchemaProps: spec.SchemaProps{
Description: "TLS configuration.",
Ref: ref("go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.TLSSpec"),
},
},
},
Required: []string{"endpoint"},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.TLSSpec"},
}
}
func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "Status of a webhook identity provider.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"conditions": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
"x-kubernetes-list-map-keys": []interface{}{
"type",
},
"x-kubernetes-list-type": "map",
"x-kubernetes-patch-merge-key": "type",
"x-kubernetes-patch-strategy": "merge",
},
},
SchemaProps: spec.SchemaProps{
Description: "Represents the observations of an identity provider's current state.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Ref: ref("go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.Condition"),
},
},
},
},
},
},
},
},
Dependencies: []string{
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.Condition"},
}
}
func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{

View File

@ -6,21 +6,18 @@ metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: webhookidentityproviders.idp.pinniped.dev
name: webhookauthenticators.authentication.concierge.pinniped.dev
spec:
group: idp.pinniped.dev
group: authentication.concierge.pinniped.dev
names:
categories:
- all
- idp
- idps
kind: WebhookIdentityProvider
listKind: WebhookIdentityProviderList
plural: webhookidentityproviders
shortNames:
- webhookidp
- webhookidps
singular: webhookidentityprovider
- authenticator
- authenticators
kind: WebhookAuthenticator
listKind: WebhookAuthenticatorList
plural: webhookauthenticators
singular: webhookauthenticator
scope: Namespaced
versions:
- additionalPrinterColumns:
@ -30,8 +27,8 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: WebhookIdentityProvider describes the configuration of a Pinniped
webhook identity provider.
description: WebhookAuthenticator describes the configuration of a webhook
authenticator.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -46,7 +43,7 @@ spec:
metadata:
type: object
spec:
description: Spec for configuring the identity provider.
description: Spec for configuring the authenticator.
properties:
endpoint:
description: Webhook server endpoint URL.
@ -65,11 +62,11 @@ spec:
- endpoint
type: object
status:
description: Status of the identity provider.
description: Status of the authenticator.
properties:
conditions:
description: Represents the observations of an identity provider's
current state.
description: Represents the observations of the authenticator's current
state.
items:
description: Condition status of a resource (mirrored from the metav1.Condition
type added in Kubernetes 1.19). In a future API version we can

View File

@ -5,11 +5,115 @@
== API Reference
.Packages
- xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-config-pinniped-dev-v1alpha1[$$config.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
=== authentication.concierge.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-condition"]
==== Condition
Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus[$$WebhookAuthenticatorStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-tlsspec"]
==== TLSSpec
Configuration for configuring TLS on various authenticators.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec[$$WebhookAuthenticatorSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticator"]
==== WebhookAuthenticator
WebhookAuthenticator describes the configuration of a webhook authenticator.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorlist[$$WebhookAuthenticatorList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec[$$WebhookAuthenticatorSpec$$]__ | Spec for configuring the authenticator.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus[$$WebhookAuthenticatorStatus$$]__ | Status of the authenticator.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorspec"]
==== WebhookAuthenticatorSpec
Spec for configuring a webhook authenticator.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticator[$$WebhookAuthenticator$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`endpoint`* __string__ | Webhook server endpoint URL.
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticatorstatus"]
==== WebhookAuthenticatorStatus
Status of a webhook authenticator.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookauthenticator[$$WebhookAuthenticator$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-condition[$$Condition$$]__ | Represents the observations of the authenticator's current state.
|===
[id="{anchor_prefix}-config-pinniped-dev-v1alpha1"]
=== config.pinniped.dev/v1alpha1
@ -161,110 +265,6 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
=== idp.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-condition"]
==== Condition
Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-tlsspec"]
==== TLSSpec
Configuration for configuring TLS on various identity providers.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider"]
==== WebhookIdentityProvider
WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec"]
==== WebhookIdentityProviderSpec
Spec for configuring a webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`endpoint`* __string__ | Webhook server endpoint URL.
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus"]
==== WebhookIdentityProviderStatus
Status of a webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
|===
[id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"]
=== login.concierge.pinniped.dev/v1alpha1
@ -328,7 +328,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|===
| Field | Description
| *`token`* __string__ | Bearer token supplied with the credential request.
| *`identityProvider`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an identity provider which can fulfill this credential request.
| *`authenticator`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an authenticator which can validate this credential request.
|===

View File

@ -0,0 +1,8 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=authentication.concierge.pinniped.dev
// Package authentication is the internal version of the Pinniped concierge authentication API.
package authentication

View File

@ -0,0 +1,11 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/concierge/authentication
// +k8s:defaulter-gen=TypeMeta
// +groupName=authentication.concierge.pinniped.dev
// Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.
package v1alpha1

View File

@ -9,7 +9,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
)
const GroupName = "idp.pinniped.dev"
const GroupName = "authentication.concierge.pinniped.dev"
// SchemeGroupVersion is group version used to register these objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
@ -30,8 +30,8 @@ func init() {
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&WebhookIdentityProvider{},
&WebhookIdentityProviderList{},
&WebhookAuthenticator{},
&WebhookAuthenticatorList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil

View File

@ -3,7 +3,7 @@
package v1alpha1
// Configuration for configuring TLS on various identity providers.
// Configuration for configuring TLS on various authenticators.
type TLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
// +optional

View File

@ -5,9 +5,9 @@ package v1alpha1
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
// Status of a webhook identity provider.
type WebhookIdentityProviderStatus struct {
// Represents the observations of an identity provider's current state.
// Status of a webhook authenticator.
type WebhookAuthenticatorStatus struct {
// Represents the observations of the authenticator's current state.
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
@ -15,8 +15,8 @@ type WebhookIdentityProviderStatus struct {
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}
// Spec for configuring a webhook identity provider.
type WebhookIdentityProviderSpec struct {
// Spec for configuring a webhook authenticator.
type WebhookAuthenticatorSpec struct {
// Webhook server endpoint URL.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^https://`
@ -27,27 +27,27 @@ type WebhookIdentityProviderSpec struct {
TLS *TLSSpec `json:"tls,omitempty"`
}
// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
// WebhookAuthenticator describes the configuration of a webhook authenticator.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps
// +kubebuilder:resource:categories=all;authenticator;authenticators
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
type WebhookIdentityProvider struct {
type WebhookAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec for configuring the identity provider.
Spec WebhookIdentityProviderSpec `json:"spec"`
// Spec for configuring the authenticator.
Spec WebhookAuthenticatorSpec `json:"spec"`
// Status of the identity provider.
Status WebhookIdentityProviderStatus `json:"status,omitempty"`
// Status of the authenticator.
Status WebhookAuthenticatorStatus `json:"status,omitempty"`
}
// List of WebhookIdentityProvider objects.
// List of WebhookAuthenticator objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type WebhookIdentityProviderList struct {
type WebhookAuthenticatorList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WebhookIdentityProvider `json:"items"`
Items []WebhookAuthenticator `json:"items"`
}

View File

@ -45,7 +45,7 @@ func (in *TLSSpec) DeepCopy() *TLSSpec {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) {
func (in *WebhookAuthenticator) DeepCopyInto(out *WebhookAuthenticator) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
@ -54,18 +54,18 @@ func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) {
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProvider.
func (in *WebhookIdentityProvider) DeepCopy() *WebhookIdentityProvider {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticator.
func (in *WebhookAuthenticator) DeepCopy() *WebhookAuthenticator {
if in == nil {
return nil
}
out := new(WebhookIdentityProvider)
out := new(WebhookAuthenticator)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object {
func (in *WebhookAuthenticator) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
@ -73,13 +73,13 @@ func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProviderList) {
func (in *WebhookAuthenticatorList) DeepCopyInto(out *WebhookAuthenticatorList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]WebhookIdentityProvider, len(*in))
*out = make([]WebhookAuthenticator, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
@ -87,18 +87,18 @@ func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProvider
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderList.
func (in *WebhookIdentityProviderList) DeepCopy() *WebhookIdentityProviderList {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorList.
func (in *WebhookAuthenticatorList) DeepCopy() *WebhookAuthenticatorList {
if in == nil {
return nil
}
out := new(WebhookIdentityProviderList)
out := new(WebhookAuthenticatorList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object {
func (in *WebhookAuthenticatorList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
@ -106,7 +106,7 @@ func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProviderSpec) {
func (in *WebhookAuthenticatorSpec) DeepCopyInto(out *WebhookAuthenticatorSpec) {
*out = *in
if in.TLS != nil {
in, out := &in.TLS, &out.TLS
@ -116,18 +116,18 @@ func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProvider
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderSpec.
func (in *WebhookIdentityProviderSpec) DeepCopy() *WebhookIdentityProviderSpec {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorSpec.
func (in *WebhookAuthenticatorSpec) DeepCopy() *WebhookAuthenticatorSpec {
if in == nil {
return nil
}
out := new(WebhookIdentityProviderSpec)
out := new(WebhookAuthenticatorSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProviderStatus) {
func (in *WebhookAuthenticatorStatus) DeepCopyInto(out *WebhookAuthenticatorStatus) {
*out = *in
if in.Conditions != nil {
in, out := &in.Conditions, &out.Conditions
@ -139,12 +139,12 @@ func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProvid
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderStatus.
func (in *WebhookIdentityProviderStatus) DeepCopy() *WebhookIdentityProviderStatus {
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorStatus.
func (in *WebhookAuthenticatorStatus) DeepCopy() *WebhookAuthenticatorStatus {
if in == nil {
return nil
}
out := new(WebhookIdentityProviderStatus)
out := new(WebhookAuthenticatorStatus)
in.DeepCopyInto(out)
return out
}

View File

@ -5,4 +5,4 @@
// Code generated by deepcopy-gen. DO NOT EDIT.
package idp
package authentication

View File

@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
// Bearer token supplied with the credential request.
Token string
// Reference to an identity provider which can fulfill this credential request.
IdentityProvider corev1.TypedLocalObjectReference
// Reference to an authenticator which can validate this credential request.
Authenticator corev1.TypedLocalObjectReference
}
type TokenCredentialRequestStatus struct {

View File

@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
// Bearer token supplied with the credential request.
Token string `json:"token,omitempty"`
// Reference to an identity provider which can fulfill this credential request.
IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
// Reference to an authenticator which can validate this credential request.
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
}
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

View File

@ -157,7 +157,7 @@ func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequest
func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
out.Token = in.Token
out.IdentityProvider = in.IdentityProvider
out.Authenticator = in.Authenticator
return nil
}
@ -168,7 +168,7 @@ func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequest
func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
out.Token = in.Token
out.IdentityProvider = in.IdentityProvider
out.Authenticator = in.Authenticator
return nil
}

View File

@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
*out = *in
in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
in.Authenticator.DeepCopyInto(&out.Authenticator)
return
}

View File

@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
*out = *in
in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
in.Authenticator.DeepCopyInto(&out.Authenticator)
return
}

View File

@ -1,8 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:deepcopy-gen=package
// +groupName=idp.pinniped.dev
// Package idp is the internal version of the Pinniped identity provider API.
package idp

View File

@ -1,12 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// +k8s:openapi-gen=true
// +k8s:deepcopy-gen=package
// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/idp
// +k8s:defaulter-gen=TypeMeta
// +groupName=idp.pinniped.dev
// +groupGoName=IDP
// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
package v1alpha1

View File

@ -8,8 +8,8 @@ package versioned
import (
"fmt"
authenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/login/v1alpha1"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
@ -18,8 +18,8 @@ import (
type Interface interface {
Discovery() discovery.DiscoveryInterface
AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
}
@ -27,21 +27,21 @@ type Interface interface {
// version included in a Clientset.
type Clientset struct {
*discovery.DiscoveryClient
authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
configV1alpha1 *configv1alpha1.ConfigV1alpha1Client
iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client
loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client
}
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return c.authenticationV1alpha1
}
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
return c.configV1alpha1
}
// IDPV1alpha1 retrieves the IDPV1alpha1Client
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return c.iDPV1alpha1
}
// LoginV1alpha1 retrieves the LoginV1alpha1Client
func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
return c.loginV1alpha1
@ -68,11 +68,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
}
var cs Clientset
var err error
cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy)
cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
@ -92,8 +92,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *Clientset {
var cs Clientset
cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
@ -103,8 +103,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
// New creates a new Clientset for the given RESTClient.
func New(c rest.Interface) *Clientset {
var cs Clientset
cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
cs.configV1alpha1 = configv1alpha1.New(c)
cs.iDPV1alpha1 = idpv1alpha1.New(c)
cs.loginV1alpha1 = loginv1alpha1.New(c)
cs.DiscoveryClient = discovery.NewDiscoveryClient(c)

View File

@ -7,10 +7,10 @@ package fake
import (
clientset "go.pinniped.dev/generated/1.18/client/clientset/versioned"
authenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1"
fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1/fake"
configv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/config/v1alpha1"
fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/fake"
idpv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1"
fakeidpv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake"
loginv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/login/v1alpha1"
fakeloginv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake"
"k8s.io/apimachinery/pkg/runtime"
@ -67,16 +67,16 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
var _ clientset.Interface = &Clientset{}
// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
}
// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
}
// IDPV1alpha1 retrieves the IDPV1alpha1Client
func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
}
// LoginV1alpha1 retrieves the LoginV1alpha1Client
func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake}

View File

@ -6,9 +6,9 @@
package fake
import (
authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -20,8 +20,8 @@ var scheme = runtime.NewScheme()
var codecs = serializer.NewCodecFactory(scheme)
var parameterCodec = runtime.NewParameterCodec(scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
authenticationv1alpha1.AddToScheme,
configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme,
loginv1alpha1.AddToScheme,
}

View File

@ -6,9 +6,9 @@
package scheme
import (
authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/1.18/apis/config/v1alpha1"
idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@ -20,8 +20,8 @@ var Scheme = runtime.NewScheme()
var Codecs = serializer.NewCodecFactory(Scheme)
var ParameterCodec = runtime.NewParameterCodec(Scheme)
var localSchemeBuilder = runtime.SchemeBuilder{
authenticationv1alpha1.AddToScheme,
configv1alpha1.AddToScheme,
idpv1alpha1.AddToScheme,
loginv1alpha1.AddToScheme,
}

View File

@ -6,27 +6,27 @@
package v1alpha1
import (
v1alpha1 "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
"go.pinniped.dev/generated/1.18/client/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)
type IDPV1alpha1Interface interface {
type AuthenticationV1alpha1Interface interface {
RESTClient() rest.Interface
WebhookIdentityProvidersGetter
WebhookAuthenticatorsGetter
}
// IDPV1alpha1Client is used to interact with features provided by the idp.pinniped.dev group.
type IDPV1alpha1Client struct {
// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.concierge.pinniped.dev group.
type AuthenticationV1alpha1Client struct {
restClient rest.Interface
}
func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface {
return newWebhookIdentityProviders(c, namespace)
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
return newWebhookAuthenticators(c, namespace)
}
// NewForConfig creates a new IDPV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
@ -35,12 +35,12 @@ func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
if err != nil {
return nil, err
}
return &IDPV1alpha1Client{client}, nil
return &AuthenticationV1alpha1Client{client}, nil
}
// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and
// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
client, err := NewForConfig(c)
if err != nil {
panic(err)
@ -48,9 +48,9 @@ func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
return client
}
// New creates a new IDPV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *IDPV1alpha1Client {
return &IDPV1alpha1Client{c}
// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
func New(c rest.Interface) *AuthenticationV1alpha1Client {
return &AuthenticationV1alpha1Client{c}
}
func setConfigDefaults(config *rest.Config) error {
@ -68,7 +68,7 @@ func setConfigDefaults(config *rest.Config) error {
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *IDPV1alpha1Client) RESTClient() rest.Interface {
func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
if c == nil {
return nil
}

View File

@ -6,22 +6,22 @@
package fake
import (
v1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)
type FakeIDPV1alpha1 struct {
type FakeAuthenticationV1alpha1 struct {
*testing.Fake
}
func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface {
return &FakeWebhookIdentityProviders{c, namespace}
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
return &FakeWebhookAuthenticators{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeIDPV1alpha1) RESTClient() rest.Interface {
func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

View File

@ -0,0 +1,129 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
type FakeWebhookAuthenticators struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookAuthenticator"}
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.WebhookAuthenticatorList{ListMeta: obj.(*v1alpha1.WebhookAuthenticatorList).ListMeta}
for _, item := range obj.(*v1alpha1.WebhookAuthenticatorList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
func (c *FakeWebhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
}
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *FakeWebhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
return err
}
// Patch applies the patch and returns the patched webhookAuthenticator.
func (c *FakeWebhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookAuthenticator), err
}

View File

@ -5,4 +5,4 @@
package v1alpha1
type WebhookIdentityProviderExpansion interface{}
type WebhookAuthenticatorExpansion interface{}

View File

@ -0,0 +1,182 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"context"
"time"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
scheme "go.pinniped.dev/generated/1.18/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
// A group's client should implement this interface.
type WebhookAuthenticatorsGetter interface {
WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
}
// WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
type WebhookAuthenticatorInterface interface {
Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (*v1alpha1.WebhookAuthenticator, error)
Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error)
UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.WebhookAuthenticator, error)
List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.WebhookAuthenticatorList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error)
WebhookAuthenticatorExpansion
}
// webhookAuthenticators implements WebhookAuthenticatorInterface
type webhookAuthenticators struct {
client rest.Interface
ns string
}
// newWebhookAuthenticators returns a WebhookAuthenticators
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
return &webhookAuthenticators{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
func (c *webhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
func (c *webhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.WebhookAuthenticatorList{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Post().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookAuthenticator).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookAuthenticator).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookAuthenticator).
Do(ctx).
Into(result)
return
}
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *webhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched webhookAuthenticator.
func (c *webhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

View File

@ -1,129 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
"context"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
)
// FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface
type FakeWebhookIdentityProviders struct {
Fake *FakeIDPV1alpha1
ns string
}
var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"}
var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"}
// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any.
func (c *FakeWebhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewGetAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors.
func (c *FakeWebhookIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) {
obj, err := c.Fake.
Invokes(testing.NewListAction(webhookidentityprovidersResource, webhookidentityprovidersKind, c.ns, opts), &v1alpha1.WebhookIdentityProviderList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &v1alpha1.WebhookIdentityProviderList{ListMeta: obj.(*v1alpha1.WebhookIdentityProviderList).ListMeta}
for _, item := range obj.(*v1alpha1.WebhookIdentityProviderList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested webhookIdentityProviders.
func (c *FakeWebhookIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewWatchAction(webhookidentityprovidersResource, c.ns, opts))
}
// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *FakeWebhookIdentityProviders) Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewCreateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *FakeWebhookIdentityProviders) Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeWebhookIdentityProviders) UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) {
obj, err := c.Fake.
Invokes(testing.NewUpdateSubresourceAction(webhookidentityprovidersResource, "status", c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}
// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs.
func (c *FakeWebhookIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewDeleteAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeWebhookIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewDeleteCollectionAction(webhookidentityprovidersResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookIdentityProviderList{})
return err
}
// Patch applies the patch and returns the patched webhookIdentityProvider.
func (c *FakeWebhookIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) {
obj, err := c.Fake.
Invokes(testing.NewPatchSubresourceAction(webhookidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookIdentityProvider{})
if obj == nil {
return nil, err
}
return obj.(*v1alpha1.WebhookIdentityProvider), err
}

View File

@ -1,182 +0,0 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.
package v1alpha1
import (
"context"
"time"
v1alpha1 "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1"
scheme "go.pinniped.dev/generated/1.18/client/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
)
// WebhookIdentityProvidersGetter has a method to return a WebhookIdentityProviderInterface.
// A group's client should implement this interface.
type WebhookIdentityProvidersGetter interface {
WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface
}
// WebhookIdentityProviderInterface has methods to work with WebhookIdentityProvider resources.
type WebhookIdentityProviderInterface interface {
Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (*v1alpha1.WebhookIdentityProvider, error)
Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error)
UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error)
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.WebhookIdentityProvider, error)
List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.WebhookIdentityProviderList, error)
Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error)
WebhookIdentityProviderExpansion
}
// webhookIdentityProviders implements WebhookIdentityProviderInterface
type webhookIdentityProviders struct {
client rest.Interface
ns string
}
// newWebhookIdentityProviders returns a WebhookIdentityProviders
func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders {
return &webhookIdentityProviders{
client: c.RESTClient(),
ns: namespace,
}
}
// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any.
func (c *webhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do(ctx).
Into(result)
return
}
// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors.
func (c *webhookIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
result = &v1alpha1.WebhookIdentityProviderList{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Do(ctx).
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested webhookIdentityProviders.
func (c *webhookIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
var timeout time.Duration
if opts.TimeoutSeconds != nil {
timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
Watch(ctx)
}
// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *webhookIdentityProviders) Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Post().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookIdentityProvider).
Do(ctx).
Into(result)
return
}
// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any.
func (c *webhookIdentityProviders) Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(webhookIdentityProvider.Name).
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookIdentityProvider).
Do(ctx).
Into(result)
return
}
// UpdateStatus was generated because the type contains a Status member.
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *webhookIdentityProviders) UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(webhookIdentityProvider.Name).
SubResource("status").
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookIdentityProvider).
Do(ctx).
Into(result)
return
}
// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs.
func (c *webhookIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(name).
Body(&opts).
Do(ctx).
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *webhookIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
var timeout time.Duration
if listOpts.TimeoutSeconds != nil {
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("webhookidentityproviders").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
Body(&opts).
Do(ctx).
Error()
}
// Patch applies the patch and returns the patched webhookIdentityProvider.
func (c *webhookIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) {
result = &v1alpha1.WebhookIdentityProvider{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("webhookidentityproviders").
Name(name).
SubResource(subresources...).
VersionedParams(&opts, scheme.ParameterCodec).
Body(data).
Do(ctx).
Into(result)
return
}

View File

@ -3,10 +3,10 @@
// Code generated by informer-gen. DO NOT EDIT.
package idp
package authentication
import (
v1alpha1 "go.pinniped.dev/generated/1.18/client/informers/externalversions/idp/v1alpha1"
v1alpha1 "go.pinniped.dev/generated/1.18/client/informers/externalversions/authentication/v1alpha1"
internalinterfaces "go.pinniped.dev/generated/1.18/client/informers/externalversions/internalinterfaces"
)

View File

@ -11,8 +11,8 @@ import (
// Interface provides access to all the informers in this group version.
type Interface interface {
// WebhookIdentityProviders returns a WebhookIdentityProviderInformer.
WebhookIdentityProviders() WebhookIdentityProviderInformer
// WebhookAuthenticators returns a WebhookAuthenticatorInformer.
WebhookAuthenticators() WebhookAuthenticatorInformer
}
type version struct {
@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// WebhookIdentityProviders returns a WebhookIdentityProviderInformer.
func (v *version) WebhookIdentityProviders() WebhookIdentityProviderInformer {
return &webhookIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
// WebhookAuthenticators returns a WebhookAuthenticatorInformer.
func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

Some files were not shown because too many files have changed in this diff Show More