From 9bb3d4ef28dc81099ddc330d83807519f7aada60 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Tue, 15 Sep 2020 11:22:35 -0500 Subject: [PATCH 01/14] Add .gitattributes as a hint to the GitHub diff viewer. Signed-off-by: Matt Moyer --- .gitattributes | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..cfe81844 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.go.tmpl linguist-language=Go +generated/** linguist-generated From 557fd0df26069b3c02fd62012a2d8733756fae14 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Tue, 1 Sep 2020 11:55:33 -0500 Subject: [PATCH 02/14] Define the WebhookIdentityProvider CRD. Signed-off-by: Matt Moyer --- apis/idp/doc.go.tmpl | 10 + apis/idp/v1alpha1/conversion.go.tmpl | 6 + apis/idp/v1alpha1/defaults.go.tmpl | 14 + apis/idp/v1alpha1/doc.go.tmpl | 14 + apis/idp/v1alpha1/register.go.tmpl | 45 ++++ apis/idp/v1alpha1/types_meta.go.tmpl | 77 ++++++ apis/idp/v1alpha1/types_tls.go.tmpl | 13 + apis/idp/v1alpha1/types_webhook.go.tmpl | 55 ++++ ...pinniped.dev_credentialissuerconfigs.yaml} | 0 ...pinniped.dev_webhookidentityproviders.yaml | 149 +++++++++++ generated/1.17/README.adoc | 105 ++++++++ generated/1.17/apis/idp/doc.go | 10 + .../1.17/apis/idp/v1alpha1/conversion.go | 6 + generated/1.17/apis/idp/v1alpha1/defaults.go | 14 + generated/1.17/apis/idp/v1alpha1/doc.go | 14 + generated/1.17/apis/idp/v1alpha1/register.go | 45 ++++ .../1.17/apis/idp/v1alpha1/types_meta.go | 77 ++++++ generated/1.17/apis/idp/v1alpha1/types_tls.go | 13 + .../1.17/apis/idp/v1alpha1/types_webhook.go | 55 ++++ .../idp/v1alpha1/zz_generated.conversion.go | 24 ++ .../idp/v1alpha1/zz_generated.deepcopy.go | 152 +++++++++++ .../idp/v1alpha1/zz_generated.defaults.go | 21 ++ .../1.17/apis/idp/zz_generated.deepcopy.go | 10 + .../client/clientset/versioned/clientset.go | 14 + .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../versioned/typed/idp/v1alpha1/doc.go | 9 + .../versioned/typed/idp/v1alpha1/fake/doc.go | 9 + .../idp/v1alpha1/fake/fake_idp_client.go | 29 +++ .../fake/fake_webhookidentityprovider.go | 129 +++++++++ .../typed/idp/v1alpha1/generated_expansion.go | 10 + .../typed/idp/v1alpha1/idp_client.go | 78 ++++++ .../idp/v1alpha1/webhookidentityprovider.go | 180 +++++++++++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/idp/interface.go | 35 +++ .../idp/v1alpha1/interface.go | 34 +++ .../idp/v1alpha1/webhookidentityprovider.go | 78 ++++++ .../idp/v1alpha1/expansion_generated.go | 16 ++ .../idp/v1alpha1/webhookidentityprovider.go | 83 ++++++ .../client/openapi/zz_generated.openapi.go | 244 ++++++++++++++++++ ...pinniped.dev_webhookidentityproviders.yaml | 149 +++++++++++ generated/1.18/README.adoc | 105 ++++++++ generated/1.18/apis/idp/doc.go | 10 + .../1.18/apis/idp/v1alpha1/conversion.go | 6 + generated/1.18/apis/idp/v1alpha1/defaults.go | 14 + generated/1.18/apis/idp/v1alpha1/doc.go | 14 + generated/1.18/apis/idp/v1alpha1/register.go | 45 ++++ .../1.18/apis/idp/v1alpha1/types_meta.go | 77 ++++++ generated/1.18/apis/idp/v1alpha1/types_tls.go | 13 + .../1.18/apis/idp/v1alpha1/types_webhook.go | 55 ++++ .../idp/v1alpha1/zz_generated.conversion.go | 24 ++ .../idp/v1alpha1/zz_generated.deepcopy.go | 152 +++++++++++ .../idp/v1alpha1/zz_generated.defaults.go | 21 ++ .../1.18/apis/idp/zz_generated.deepcopy.go | 10 + .../client/clientset/versioned/clientset.go | 14 + .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../versioned/typed/idp/v1alpha1/doc.go | 9 + .../versioned/typed/idp/v1alpha1/fake/doc.go | 9 + .../idp/v1alpha1/fake/fake_idp_client.go | 29 +++ .../fake/fake_webhookidentityprovider.go | 131 ++++++++++ .../typed/idp/v1alpha1/generated_expansion.go | 10 + .../typed/idp/v1alpha1/idp_client.go | 78 ++++++ .../idp/v1alpha1/webhookidentityprovider.go | 184 +++++++++++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/idp/interface.go | 35 +++ .../idp/v1alpha1/interface.go | 34 +++ .../idp/v1alpha1/webhookidentityprovider.go | 79 ++++++ .../idp/v1alpha1/expansion_generated.go | 16 ++ .../idp/v1alpha1/webhookidentityprovider.go | 83 ++++++ .../client/openapi/zz_generated.openapi.go | 244 ++++++++++++++++++ ...pinniped.dev_webhookidentityproviders.yaml | 149 +++++++++++ generated/1.19/README.adoc | 105 ++++++++ generated/1.19/apis/idp/doc.go | 10 + .../1.19/apis/idp/v1alpha1/conversion.go | 6 + generated/1.19/apis/idp/v1alpha1/defaults.go | 14 + generated/1.19/apis/idp/v1alpha1/doc.go | 14 + generated/1.19/apis/idp/v1alpha1/register.go | 45 ++++ .../1.19/apis/idp/v1alpha1/types_meta.go | 77 ++++++ generated/1.19/apis/idp/v1alpha1/types_tls.go | 13 + .../1.19/apis/idp/v1alpha1/types_webhook.go | 55 ++++ .../idp/v1alpha1/zz_generated.conversion.go | 66 +++++ .../idp/v1alpha1/zz_generated.deepcopy.go | 152 +++++++++++ .../idp/v1alpha1/zz_generated.defaults.go | 21 ++ .../1.19/apis/idp/zz_generated.deepcopy.go | 10 + .../client/clientset/versioned/clientset.go | 14 + .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../versioned/typed/idp/v1alpha1/doc.go | 9 + .../versioned/typed/idp/v1alpha1/fake/doc.go | 9 + .../idp/v1alpha1/fake/fake_idp_client.go | 29 +++ .../fake/fake_webhookidentityprovider.go | 131 ++++++++++ .../typed/idp/v1alpha1/generated_expansion.go | 10 + .../typed/idp/v1alpha1/idp_client.go | 78 ++++++ .../idp/v1alpha1/webhookidentityprovider.go | 184 +++++++++++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/idp/interface.go | 35 +++ .../idp/v1alpha1/interface.go | 34 +++ .../idp/v1alpha1/webhookidentityprovider.go | 79 ++++++ .../idp/v1alpha1/expansion_generated.go | 16 ++ .../idp/v1alpha1/webhookidentityprovider.go | 88 +++++++ .../client/openapi/zz_generated.openapi.go | 244 ++++++++++++++++++ ...pinniped.dev_webhookidentityproviders.yaml | 149 +++++++++++ hack/lib/docs/config.yaml | 1 + hack/lib/update-codegen.sh | 7 +- hack/update.sh | 2 +- 112 files changed, 5445 insertions(+), 4 deletions(-) create mode 100644 apis/idp/doc.go.tmpl create mode 100644 apis/idp/v1alpha1/conversion.go.tmpl create mode 100644 apis/idp/v1alpha1/defaults.go.tmpl create mode 100644 apis/idp/v1alpha1/doc.go.tmpl create mode 100644 apis/idp/v1alpha1/register.go.tmpl create mode 100644 apis/idp/v1alpha1/types_meta.go.tmpl create mode 100644 apis/idp/v1alpha1/types_tls.go.tmpl create mode 100644 apis/idp/v1alpha1/types_webhook.go.tmpl rename deploy/{crd.yaml => crd.pinniped.dev_credentialissuerconfigs.yaml} (100%) create mode 100644 deploy/idp.pinniped.dev_webhookidentityproviders.yaml create mode 100644 generated/1.17/apis/idp/doc.go create mode 100644 generated/1.17/apis/idp/v1alpha1/conversion.go create mode 100644 generated/1.17/apis/idp/v1alpha1/defaults.go create mode 100644 generated/1.17/apis/idp/v1alpha1/doc.go create mode 100644 generated/1.17/apis/idp/v1alpha1/register.go create mode 100644 generated/1.17/apis/idp/v1alpha1/types_meta.go create mode 100644 generated/1.17/apis/idp/v1alpha1/types_tls.go create mode 100644 generated/1.17/apis/idp/v1alpha1/types_webhook.go create mode 100644 generated/1.17/apis/idp/v1alpha1/zz_generated.conversion.go create mode 100644 generated/1.17/apis/idp/v1alpha1/zz_generated.deepcopy.go create mode 100644 generated/1.17/apis/idp/v1alpha1/zz_generated.defaults.go create mode 100644 generated/1.17/apis/idp/zz_generated.deepcopy.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/doc.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go create mode 100644 generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.17/client/informers/externalversions/idp/interface.go create mode 100644 generated/1.17/client/informers/externalversions/idp/v1alpha1/interface.go create mode 100644 generated/1.17/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.17/client/listers/idp/v1alpha1/expansion_generated.go create mode 100644 generated/1.17/client/listers/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.17/crds/idp.pinniped.dev_webhookidentityproviders.yaml create mode 100644 generated/1.18/apis/idp/doc.go create mode 100644 generated/1.18/apis/idp/v1alpha1/conversion.go create mode 100644 generated/1.18/apis/idp/v1alpha1/defaults.go create mode 100644 generated/1.18/apis/idp/v1alpha1/doc.go create mode 100644 generated/1.18/apis/idp/v1alpha1/register.go create mode 100644 generated/1.18/apis/idp/v1alpha1/types_meta.go create mode 100644 generated/1.18/apis/idp/v1alpha1/types_tls.go create mode 100644 generated/1.18/apis/idp/v1alpha1/types_webhook.go create mode 100644 generated/1.18/apis/idp/v1alpha1/zz_generated.conversion.go create mode 100644 generated/1.18/apis/idp/v1alpha1/zz_generated.deepcopy.go create mode 100644 generated/1.18/apis/idp/v1alpha1/zz_generated.defaults.go create mode 100644 generated/1.18/apis/idp/zz_generated.deepcopy.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/doc.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go create mode 100644 generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.18/client/informers/externalversions/idp/interface.go create mode 100644 generated/1.18/client/informers/externalversions/idp/v1alpha1/interface.go create mode 100644 generated/1.18/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.18/client/listers/idp/v1alpha1/expansion_generated.go create mode 100644 generated/1.18/client/listers/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.18/crds/idp.pinniped.dev_webhookidentityproviders.yaml create mode 100644 generated/1.19/apis/idp/doc.go create mode 100644 generated/1.19/apis/idp/v1alpha1/conversion.go create mode 100644 generated/1.19/apis/idp/v1alpha1/defaults.go create mode 100644 generated/1.19/apis/idp/v1alpha1/doc.go create mode 100644 generated/1.19/apis/idp/v1alpha1/register.go create mode 100644 generated/1.19/apis/idp/v1alpha1/types_meta.go create mode 100644 generated/1.19/apis/idp/v1alpha1/types_tls.go create mode 100644 generated/1.19/apis/idp/v1alpha1/types_webhook.go create mode 100644 generated/1.19/apis/idp/v1alpha1/zz_generated.conversion.go create mode 100644 generated/1.19/apis/idp/v1alpha1/zz_generated.deepcopy.go create mode 100644 generated/1.19/apis/idp/v1alpha1/zz_generated.defaults.go create mode 100644 generated/1.19/apis/idp/zz_generated.deepcopy.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/doc.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go create mode 100644 generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.19/client/informers/externalversions/idp/interface.go create mode 100644 generated/1.19/client/informers/externalversions/idp/v1alpha1/interface.go create mode 100644 generated/1.19/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.19/client/listers/idp/v1alpha1/expansion_generated.go create mode 100644 generated/1.19/client/listers/idp/v1alpha1/webhookidentityprovider.go create mode 100644 generated/1.19/crds/idp.pinniped.dev_webhookidentityproviders.yaml diff --git a/apis/idp/doc.go.tmpl b/apis/idp/doc.go.tmpl new file mode 100644 index 00000000..b7689b2b --- /dev/null +++ b/apis/idp/doc.go.tmpl @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:deepcopy-gen=package +// +groupName=idp.pinniped.dev + +// Package idp is the internal version of the Pinniped identity provider API. +package idp diff --git a/apis/idp/v1alpha1/conversion.go.tmpl b/apis/idp/v1alpha1/conversion.go.tmpl new file mode 100644 index 00000000..63bc360f --- /dev/null +++ b/apis/idp/v1alpha1/conversion.go.tmpl @@ -0,0 +1,6 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 diff --git a/apis/idp/v1alpha1/defaults.go.tmpl b/apis/idp/v1alpha1/defaults.go.tmpl new file mode 100644 index 00000000..ba08404d --- /dev/null +++ b/apis/idp/v1alpha1/defaults.go.tmpl @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/apis/idp/v1alpha1/doc.go.tmpl b/apis/idp/v1alpha1/doc.go.tmpl new file mode 100644 index 00000000..2fc5b55c --- /dev/null +++ b/apis/idp/v1alpha1/doc.go.tmpl @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/GENERATED_PKG/apis/idp +// +k8s:defaulter-gen=TypeMeta +// +groupName=idp.pinniped.dev +// +groupGoName=IDP + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. +package v1alpha1 diff --git a/apis/idp/v1alpha1/register.go.tmpl b/apis/idp/v1alpha1/register.go.tmpl new file mode 100644 index 00000000..b7878a21 --- /dev/null +++ b/apis/idp/v1alpha1/register.go.tmpl @@ -0,0 +1,45 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "idp.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WebhookIdentityProvider{}, + &WebhookIdentityProviderList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/apis/idp/v1alpha1/types_meta.go.tmpl b/apis/idp/v1alpha1/types_meta.go.tmpl new file mode 100644 index 00000000..fe4a5c25 --- /dev/null +++ b/apis/idp/v1alpha1/types_meta.go.tmpl @@ -0,0 +1,77 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ConditionStatus is effectively an enum type for Condition.Status. +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. +// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API +// version we can switch to using the upstream type. +// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. +type Condition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // observedGeneration represents the .metadata.generation that the condition was set based upon. + // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the instance. + // +optional + // +kubebuilder:validation:Minimum=0 + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason contains a programmatic identifier indicating the reason for the condition's last transition. + // Producers of specific condition types may define expected values and meanings for this field, + // and whether the values are considered a guaranteed API. + // The value should be a CamelCase string. + // This field may not be empty. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` + Reason string `json:"reason"` + + // message is a human readable message indicating details about the transition. + // This may be an empty string. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=32768 + Message string `json:"message"` +} diff --git a/apis/idp/v1alpha1/types_tls.go.tmpl b/apis/idp/v1alpha1/types_tls.go.tmpl new file mode 100644 index 00000000..64f355e6 --- /dev/null +++ b/apis/idp/v1alpha1/types_tls.go.tmpl @@ -0,0 +1,13 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +// Configuration for configuring TLS on various identity providers. +type TLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` +} diff --git a/apis/idp/v1alpha1/types_webhook.go.tmpl b/apis/idp/v1alpha1/types_webhook.go.tmpl new file mode 100644 index 00000000..046a16cb --- /dev/null +++ b/apis/idp/v1alpha1/types_webhook.go.tmpl @@ -0,0 +1,55 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a webhook identity provider. +type WebhookIdentityProviderStatus struct { + // Represents the observations of an identity provider's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a webhook identity provider. +type WebhookIdentityProviderSpec struct { + // Webhook server endpoint URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // TLS configuration. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +type WebhookIdentityProvider struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the identity provider. + Spec WebhookIdentityProviderSpec `json:"spec"` + + // Status of the identity provider. + Status WebhookIdentityProviderStatus `json:"status,omitempty"` +} + +// List of WebhookIdentityProvider objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WebhookIdentityProviderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []WebhookIdentityProvider `json:"items"` +} diff --git a/deploy/crd.yaml b/deploy/crd.pinniped.dev_credentialissuerconfigs.yaml similarity index 100% rename from deploy/crd.yaml rename to deploy/crd.pinniped.dev_credentialissuerconfigs.yaml diff --git a/deploy/idp.pinniped.dev_webhookidentityproviders.yaml b/deploy/idp.pinniped.dev_webhookidentityproviders.yaml new file mode 100644 index 00000000..213b7ad2 --- /dev/null +++ b/deploy/idp.pinniped.dev_webhookidentityproviders.yaml @@ -0,0 +1,149 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: webhookidentityproviders.idp.pinniped.dev +spec: + group: idp.pinniped.dev + names: + categories: + - all + - idp + - idps + kind: WebhookIdentityProvider + listKind: WebhookIdentityProviderList + plural: webhookidentityproviders + shortNames: + - webhookidp + - webhookidps + singular: webhookidentityprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: WebhookIdentityProvider describes the configuration of a Pinniped + webhook identity provider. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for configuring the identity provider. + properties: + endpoint: + description: Webhook server endpoint URL. + minLength: 1 + pattern: ^https:// + type: string + tls: + description: TLS configuration. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM bundle). + If omitted, a default set of system roots will be trusted. + type: string + type: object + required: + - endpoint + type: object + status: + description: Status of the identity provider. + properties: + conditions: + description: Represents the observations of an identity provider's + current state. + items: + description: Condition status of a resource (mirrored from the metav1.Condition + type added in Kubernetes 1.19). In a future API version we can + switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 44028a1d..9d6cf898 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -6,6 +6,7 @@ .Packages - xref:{anchor_prefix}-crd-pinniped-dev-v1alpha1[$$crd.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-pinniped-dev-v1alpha1[$$pinniped.dev/v1alpha1$$] @@ -95,6 +96,110 @@ Status of a credential issuer. +[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"] +=== idp.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-condition"] +==== Condition + +Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) +| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown. +| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. +| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. +| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. +| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-tlsspec"] +==== TLSSpec + +Configuration for configuring TLS on various identity providers. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityprovider"] +==== WebhookIdentityProvider + +WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider. +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider. +|=== + + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderspec"] +==== WebhookIdentityProviderSpec + +Spec for configuring a webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | Webhook server endpoint URL. +| *`tls`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityproviderstatus"] +==== WebhookIdentityProviderStatus + +Status of a webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`conditions`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state. +|=== + + + [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 diff --git a/generated/1.17/apis/idp/doc.go b/generated/1.17/apis/idp/doc.go new file mode 100644 index 00000000..b7689b2b --- /dev/null +++ b/generated/1.17/apis/idp/doc.go @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:deepcopy-gen=package +// +groupName=idp.pinniped.dev + +// Package idp is the internal version of the Pinniped identity provider API. +package idp diff --git a/generated/1.17/apis/idp/v1alpha1/conversion.go b/generated/1.17/apis/idp/v1alpha1/conversion.go new file mode 100644 index 00000000..63bc360f --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/conversion.go @@ -0,0 +1,6 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 diff --git a/generated/1.17/apis/idp/v1alpha1/defaults.go b/generated/1.17/apis/idp/v1alpha1/defaults.go new file mode 100644 index 00000000..ba08404d --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/defaults.go @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.17/apis/idp/v1alpha1/doc.go b/generated/1.17/apis/idp/v1alpha1/doc.go new file mode 100644 index 00000000..5c4eeaad --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/doc.go @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.17/apis/idp +// +k8s:defaulter-gen=TypeMeta +// +groupName=idp.pinniped.dev +// +groupGoName=IDP + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. +package v1alpha1 diff --git a/generated/1.17/apis/idp/v1alpha1/register.go b/generated/1.17/apis/idp/v1alpha1/register.go new file mode 100644 index 00000000..b7878a21 --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/register.go @@ -0,0 +1,45 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "idp.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WebhookIdentityProvider{}, + &WebhookIdentityProviderList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.17/apis/idp/v1alpha1/types_meta.go b/generated/1.17/apis/idp/v1alpha1/types_meta.go new file mode 100644 index 00000000..fe4a5c25 --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/types_meta.go @@ -0,0 +1,77 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ConditionStatus is effectively an enum type for Condition.Status. +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. +// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API +// version we can switch to using the upstream type. +// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. +type Condition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // observedGeneration represents the .metadata.generation that the condition was set based upon. + // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the instance. + // +optional + // +kubebuilder:validation:Minimum=0 + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason contains a programmatic identifier indicating the reason for the condition's last transition. + // Producers of specific condition types may define expected values and meanings for this field, + // and whether the values are considered a guaranteed API. + // The value should be a CamelCase string. + // This field may not be empty. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` + Reason string `json:"reason"` + + // message is a human readable message indicating details about the transition. + // This may be an empty string. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=32768 + Message string `json:"message"` +} diff --git a/generated/1.17/apis/idp/v1alpha1/types_tls.go b/generated/1.17/apis/idp/v1alpha1/types_tls.go new file mode 100644 index 00000000..64f355e6 --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/types_tls.go @@ -0,0 +1,13 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +// Configuration for configuring TLS on various identity providers. +type TLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` +} diff --git a/generated/1.17/apis/idp/v1alpha1/types_webhook.go b/generated/1.17/apis/idp/v1alpha1/types_webhook.go new file mode 100644 index 00000000..046a16cb --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/types_webhook.go @@ -0,0 +1,55 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a webhook identity provider. +type WebhookIdentityProviderStatus struct { + // Represents the observations of an identity provider's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a webhook identity provider. +type WebhookIdentityProviderSpec struct { + // Webhook server endpoint URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // TLS configuration. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +type WebhookIdentityProvider struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the identity provider. + Spec WebhookIdentityProviderSpec `json:"spec"` + + // Status of the identity provider. + Status WebhookIdentityProviderStatus `json:"status,omitempty"` +} + +// List of WebhookIdentityProvider objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WebhookIdentityProviderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []WebhookIdentityProvider `json:"items"` +} diff --git a/generated/1.17/apis/idp/v1alpha1/zz_generated.conversion.go b/generated/1.17/apis/idp/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..f39942f8 --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,24 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + return nil +} diff --git a/generated/1.17/apis/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/idp/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..29ed1e8e --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,152 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Condition) DeepCopyInto(out *Condition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. +func (in *Condition) DeepCopy() *Condition { + if in == nil { + return nil + } + out := new(Condition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec. +func (in *TLSSpec) DeepCopy() *TLSSpec { + if in == nil { + return nil + } + out := new(TLSSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProvider. +func (in *WebhookIdentityProvider) DeepCopy() *WebhookIdentityProvider { + if in == nil { + return nil + } + out := new(WebhookIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WebhookIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderList. +func (in *WebhookIdentityProviderList) DeepCopy() *WebhookIdentityProviderList { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProviderSpec) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(TLSSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderSpec. +func (in *WebhookIdentityProviderSpec) DeepCopy() *WebhookIdentityProviderSpec { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProviderStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderStatus. +func (in *WebhookIdentityProviderStatus) DeepCopy() *WebhookIdentityProviderStatus { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/apis/idp/v1alpha1/zz_generated.defaults.go b/generated/1.17/apis/idp/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..1612aa4d --- /dev/null +++ b/generated/1.17/apis/idp/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,21 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.17/apis/idp/zz_generated.deepcopy.go b/generated/1.17/apis/idp/zz_generated.deepcopy.go new file mode 100644 index 00000000..0869390d --- /dev/null +++ b/generated/1.17/apis/idp/zz_generated.deepcopy.go @@ -0,0 +1,10 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package idp diff --git a/generated/1.17/client/clientset/versioned/clientset.go b/generated/1.17/client/clientset/versioned/clientset.go index b383ee3b..3c7fd8a5 100644 --- a/generated/1.17/client/clientset/versioned/clientset.go +++ b/generated/1.17/client/clientset/versioned/clientset.go @@ -11,6 +11,7 @@ import ( "fmt" crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/pinniped/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface + IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface } @@ -28,6 +30,7 @@ type Interface interface { type Clientset struct { *discovery.DiscoveryClient crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client + iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client pinnipedV1alpha1 *pinnipedv1alpha1.PinnipedV1alpha1Client } @@ -36,6 +39,11 @@ func (c *Clientset) CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface { return c.crdV1alpha1 } +// IDPV1alpha1 retrieves the IDPV1alpha1Client +func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { + return c.iDPV1alpha1 +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return c.pinnipedV1alpha1 @@ -66,6 +74,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.pinnipedV1alpha1, err = pinnipedv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -83,6 +95,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) + cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -93,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { func New(c rest.Interface) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.New(c) + cs.iDPV1alpha1 = idpv1alpha1.New(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.17/client/clientset/versioned/fake/clientset_generated.go b/generated/1.17/client/clientset/versioned/fake/clientset_generated.go index 037f6b27..50fb438f 100644 --- a/generated/1.17/client/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.17/client/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( clientset "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned" crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/crdpinniped/v1alpha1" fakecrdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/crdpinniped/v1alpha1/fake" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1" + fakeidpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/pinniped/v1alpha1" fakepinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/pinniped/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -72,6 +74,11 @@ func (c *Clientset) CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface { return &fakecrdv1alpha1.FakeCrdV1alpha1{Fake: &c.Fake} } +// IDPV1alpha1 retrieves the IDPV1alpha1Client +func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { + return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return &fakepinnipedv1alpha1.FakePinnipedV1alpha1{Fake: &c.Fake} diff --git a/generated/1.17/client/clientset/versioned/fake/register.go b/generated/1.17/client/clientset/versioned/fake/register.go index 870a40fc..4aaf5bc0 100644 --- a/generated/1.17/client/clientset/versioned/fake/register.go +++ b/generated/1.17/client/clientset/versioned/fake/register.go @@ -9,6 +9,7 @@ package fake import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, + idpv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.17/client/clientset/versioned/scheme/register.go b/generated/1.17/client/clientset/versioned/scheme/register.go index db9ab47f..0c0f370f 100644 --- a/generated/1.17/client/clientset/versioned/scheme/register.go +++ b/generated/1.17/client/clientset/versioned/scheme/register.go @@ -9,6 +9,7 @@ package scheme import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, + idpv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/doc.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/doc.go new file mode 100644 index 00000000..40c99ba8 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/doc.go @@ -0,0 +1,9 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go new file mode 100644 index 00000000..d51c7ce7 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go @@ -0,0 +1,9 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go new file mode 100644 index 00000000..c2218c54 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go @@ -0,0 +1,29 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIDPV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface { + return &FakeWebhookIdentityProviders{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIDPV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go new file mode 100644 index 00000000..d95c4173 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go @@ -0,0 +1,129 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface +type FakeWebhookIdentityProviders struct { + Fake *FakeIDPV1alpha1 + ns string +} + +var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"} + +var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"} + +// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any. +func (c *FakeWebhookIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors. +func (c *FakeWebhookIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(webhookidentityprovidersResource, webhookidentityprovidersKind, c.ns, opts), &v1alpha1.WebhookIdentityProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.WebhookIdentityProviderList{ListMeta: obj.(*v1alpha1.WebhookIdentityProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.WebhookIdentityProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested webhookIdentityProviders. +func (c *FakeWebhookIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(webhookidentityprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *FakeWebhookIdentityProviders) Create(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *FakeWebhookIdentityProviders) Update(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeWebhookIdentityProviders) UpdateStatus(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(webhookidentityprovidersResource, "status", c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs. +func (c *FakeWebhookIdentityProviders) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeWebhookIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(webhookidentityprovidersResource, c.ns, listOptions) + + _, err := c.Fake.Invokes(action, &v1alpha1.WebhookIdentityProviderList{}) + return err +} + +// Patch applies the patch and returns the patched webhookIdentityProvider. +func (c *FakeWebhookIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(webhookidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..bd61370a --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WebhookIdentityProviderExpansion interface{} diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go new file mode 100644 index 00000000..e1f7eb1e --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go @@ -0,0 +1,78 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IDPV1alpha1Interface interface { + RESTClient() rest.Interface + WebhookIdentityProvidersGetter +} + +// IDPV1alpha1Client is used to interact with features provided by the idp.pinniped.dev group. +type IDPV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface { + return newWebhookIdentityProviders(c, namespace) +} + +// NewForConfig creates a new IDPV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IDPV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IDPV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IDPV1alpha1Client { + return &IDPV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IDPV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..ea52e30d --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,180 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "time" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + scheme "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// WebhookIdentityProvidersGetter has a method to return a WebhookIdentityProviderInterface. +// A group's client should implement this interface. +type WebhookIdentityProvidersGetter interface { + WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface +} + +// WebhookIdentityProviderInterface has methods to work with WebhookIdentityProvider resources. +type WebhookIdentityProviderInterface interface { + Create(*v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error) + Update(*v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error) + UpdateStatus(*v1alpha1.WebhookIdentityProvider) (*v1alpha1.WebhookIdentityProvider, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.WebhookIdentityProvider, error) + List(opts v1.ListOptions) (*v1alpha1.WebhookIdentityProviderList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) + WebhookIdentityProviderExpansion +} + +// webhookIdentityProviders implements WebhookIdentityProviderInterface +type webhookIdentityProviders struct { + client rest.Interface + ns string +} + +// newWebhookIdentityProviders returns a WebhookIdentityProviders +func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders { + return &webhookIdentityProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any. +func (c *webhookIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors. +func (c *webhookIdentityProviders) List(opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.WebhookIdentityProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested webhookIdentityProviders. +func (c *webhookIdentityProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *webhookIdentityProviders) Create(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Body(webhookIdentityProvider). + Do(). + Into(result) + return +} + +// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *webhookIdentityProviders) Update(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(webhookIdentityProvider.Name). + Body(webhookIdentityProvider). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *webhookIdentityProviders) UpdateStatus(webhookIdentityProvider *v1alpha1.WebhookIdentityProvider) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(webhookIdentityProvider.Name). + SubResource("status"). + Body(webhookIdentityProvider). + Do(). + Into(result) + return +} + +// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs. +func (c *webhookIdentityProviders) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *webhookIdentityProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched webhookIdentityProvider. +func (c *webhookIdentityProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("webhookidentityproviders"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/informers/externalversions/factory.go b/generated/1.17/client/informers/externalversions/factory.go index d8dcbc66..334b9895 100644 --- a/generated/1.17/client/informers/externalversions/factory.go +++ b/generated/1.17/client/informers/externalversions/factory.go @@ -14,6 +14,7 @@ import ( versioned "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned" crdpinniped "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/crdpinniped" + idp "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/idp" internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" pinniped "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/pinniped" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -163,6 +164,7 @@ type SharedInformerFactory interface { WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool Crd() crdpinniped.Interface + IDP() idp.Interface Pinniped() pinniped.Interface } @@ -170,6 +172,10 @@ func (f *sharedInformerFactory) Crd() crdpinniped.Interface { return crdpinniped.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) IDP() idp.Interface { + return idp.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Pinniped() pinniped.Interface { return pinniped.New(f, f.namespace, f.tweakListOptions) } diff --git a/generated/1.17/client/informers/externalversions/generic.go b/generated/1.17/client/informers/externalversions/generic.go index 2f362503..a1e05321 100644 --- a/generated/1.17/client/informers/externalversions/generic.go +++ b/generated/1.17/client/informers/externalversions/generic.go @@ -11,6 +11,7 @@ import ( "fmt" v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -46,6 +47,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha1().CredentialIssuerConfigs().Informer()}, nil + // Group=idp.pinniped.dev, Version=v1alpha1 + case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil + // Group=pinniped.dev, Version=v1alpha1 case pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pinniped().V1alpha1().CredentialRequests().Informer()}, nil diff --git a/generated/1.17/client/informers/externalversions/idp/interface.go b/generated/1.17/client/informers/externalversions/idp/interface.go new file mode 100644 index 00000000..3fbbb292 --- /dev/null +++ b/generated/1.17/client/informers/externalversions/idp/interface.go @@ -0,0 +1,35 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package idp + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/idp/v1alpha1" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/generated/1.17/client/informers/externalversions/idp/v1alpha1/interface.go b/generated/1.17/client/informers/externalversions/idp/v1alpha1/interface.go new file mode 100644 index 00000000..f30b988e --- /dev/null +++ b/generated/1.17/client/informers/externalversions/idp/v1alpha1/interface.go @@ -0,0 +1,34 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // WebhookIdentityProviders returns a WebhookIdentityProviderInformer. + WebhookIdentityProviders() WebhookIdentityProviderInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// WebhookIdentityProviders returns a WebhookIdentityProviderInformer. +func (v *version) WebhookIdentityProviders() WebhookIdentityProviderInformer { + return &webhookIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/generated/1.17/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go b/generated/1.17/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..c1b6587e --- /dev/null +++ b/generated/1.17/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,78 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + versioned "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/listers/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// WebhookIdentityProviderInformer provides access to a shared informer and lister for +// WebhookIdentityProviders. +type WebhookIdentityProviderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.WebhookIdentityProviderLister +} + +type webhookIdentityProviderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredWebhookIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.IDPV1alpha1().WebhookIdentityProviders(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.IDPV1alpha1().WebhookIdentityProviders(namespace).Watch(options) + }, + }, + &idpv1alpha1.WebhookIdentityProvider{}, + resyncPeriod, + indexers, + ) +} + +func (f *webhookIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredWebhookIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *webhookIdentityProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&idpv1alpha1.WebhookIdentityProvider{}, f.defaultInformer) +} + +func (f *webhookIdentityProviderInformer) Lister() v1alpha1.WebhookIdentityProviderLister { + return v1alpha1.NewWebhookIdentityProviderLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.17/client/listers/idp/v1alpha1/expansion_generated.go b/generated/1.17/client/listers/idp/v1alpha1/expansion_generated.go new file mode 100644 index 00000000..61d85cbe --- /dev/null +++ b/generated/1.17/client/listers/idp/v1alpha1/expansion_generated.go @@ -0,0 +1,16 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// WebhookIdentityProviderListerExpansion allows custom methods to be added to +// WebhookIdentityProviderLister. +type WebhookIdentityProviderListerExpansion interface{} + +// WebhookIdentityProviderNamespaceListerExpansion allows custom methods to be added to +// WebhookIdentityProviderNamespaceLister. +type WebhookIdentityProviderNamespaceListerExpansion interface{} diff --git a/generated/1.17/client/listers/idp/v1alpha1/webhookidentityprovider.go b/generated/1.17/client/listers/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..d7107c00 --- /dev/null +++ b/generated/1.17/client/listers/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,83 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// WebhookIdentityProviderLister helps list WebhookIdentityProviders. +type WebhookIdentityProviderLister interface { + // List lists all WebhookIdentityProviders in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) + // WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders. + WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister + WebhookIdentityProviderListerExpansion +} + +// webhookIdentityProviderLister implements the WebhookIdentityProviderLister interface. +type webhookIdentityProviderLister struct { + indexer cache.Indexer +} + +// NewWebhookIdentityProviderLister returns a new WebhookIdentityProviderLister. +func NewWebhookIdentityProviderLister(indexer cache.Indexer) WebhookIdentityProviderLister { + return &webhookIdentityProviderLister{indexer: indexer} +} + +// List lists all WebhookIdentityProviders in the indexer. +func (s *webhookIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider)) + }) + return ret, err +} + +// WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders. +func (s *webhookIdentityProviderLister) WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister { + return webhookIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// WebhookIdentityProviderNamespaceLister helps list and get WebhookIdentityProviders. +type WebhookIdentityProviderNamespaceLister interface { + // List lists all WebhookIdentityProviders in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) + // Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.WebhookIdentityProvider, error) + WebhookIdentityProviderNamespaceListerExpansion +} + +// webhookIdentityProviderNamespaceLister implements the WebhookIdentityProviderNamespaceLister +// interface. +type webhookIdentityProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all WebhookIdentityProviders in the indexer for a given namespace. +func (s webhookIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider)) + }) + return ret, err +} + +// Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name. +func (s webhookIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.WebhookIdentityProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("webhookidentityprovider"), name) + } + return obj.(*v1alpha1.WebhookIdentityProvider), nil +} diff --git a/generated/1.17/client/openapi/zz_generated.openapi.go b/generated/1.17/client/openapi/zz_generated.openapi.go index 7f3e6439..d74a7c8f 100644 --- a/generated/1.17/client/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/openapi/zz_generated.openapi.go @@ -24,6 +24,12 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigList": schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigList(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus": schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStrategy": schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.Condition": schema_117_apis_idp_v1alpha1_Condition(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.TLSSpec": schema_117_apis_idp_v1alpha1_TLSSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider": schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderList(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1.CredentialRequest": schema_117_apis_pinniped_v1alpha1_CredentialRequest(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1.CredentialRequestCredential": schema_117_apis_pinniped_v1alpha1_CredentialRequestCredential(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1.CredentialRequestList": schema_117_apis_pinniped_v1alpha1_CredentialRequestList(ref), @@ -283,6 +289,244 @@ func schema_117_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com } } +func schema_117_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type of condition in CamelCase or in foo.example.com/CamelCase.", + Type: []string{"string"}, + Format: "", + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status of the condition, one of True, False, Unknown.", + Type: []string{"string"}, + Format: "", + }, + }, + "observedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "lastTransitionTime": { + SchemaProps: spec.SchemaProps{ + Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "reason": { + SchemaProps: spec.SchemaProps{ + Description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "message is a human readable message indicating details about the transition. This may be an empty string.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"type", "status", "lastTransitionTime", "reason", "message"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_117_apis_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration for configuring TLS on various identity providers.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "certificateAuthorityData": { + SchemaProps: spec.SchemaProps{ + Description: "X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "Spec for configuring the identity provider.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status of the identity provider.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus"), + }, + }, + }, + Required: []string{"spec"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec", "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "List of WebhookIdentityProvider objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Spec for configuring a webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "endpoint": { + SchemaProps: spec.SchemaProps{ + Description: "Webhook server endpoint URL.", + Type: []string{"string"}, + Format: "", + }, + }, + "tls": { + SchemaProps: spec.SchemaProps{ + Description: "TLS configuration.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.TLSSpec"), + }, + }, + }, + Required: []string{"endpoint"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.TLSSpec"}, + } +} + +func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Status of a webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Represents the observations of an identity provider's current state.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.Condition"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.Condition"}, + } +} + func schema_117_apis_pinniped_v1alpha1_CredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.17/crds/idp.pinniped.dev_webhookidentityproviders.yaml b/generated/1.17/crds/idp.pinniped.dev_webhookidentityproviders.yaml new file mode 100644 index 00000000..213b7ad2 --- /dev/null +++ b/generated/1.17/crds/idp.pinniped.dev_webhookidentityproviders.yaml @@ -0,0 +1,149 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: webhookidentityproviders.idp.pinniped.dev +spec: + group: idp.pinniped.dev + names: + categories: + - all + - idp + - idps + kind: WebhookIdentityProvider + listKind: WebhookIdentityProviderList + plural: webhookidentityproviders + shortNames: + - webhookidp + - webhookidps + singular: webhookidentityprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: WebhookIdentityProvider describes the configuration of a Pinniped + webhook identity provider. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for configuring the identity provider. + properties: + endpoint: + description: Webhook server endpoint URL. + minLength: 1 + pattern: ^https:// + type: string + tls: + description: TLS configuration. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM bundle). + If omitted, a default set of system roots will be trusted. + type: string + type: object + required: + - endpoint + type: object + status: + description: Status of the identity provider. + properties: + conditions: + description: Represents the observations of an identity provider's + current state. + items: + description: Condition status of a resource (mirrored from the metav1.Condition + type added in Kubernetes 1.19). In a future API version we can + switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 99e78c4a..e78c5cd8 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -6,6 +6,7 @@ .Packages - xref:{anchor_prefix}-crd-pinniped-dev-v1alpha1[$$crd.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-pinniped-dev-v1alpha1[$$pinniped.dev/v1alpha1$$] @@ -95,6 +96,110 @@ Status of a credential issuer. +[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"] +=== idp.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-condition"] +==== Condition + +Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) +| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown. +| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. +| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. +| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. +| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-tlsspec"] +==== TLSSpec + +Configuration for configuring TLS on various identity providers. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider"] +==== WebhookIdentityProvider + +WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider. +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider. +|=== + + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec"] +==== WebhookIdentityProviderSpec + +Spec for configuring a webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | Webhook server endpoint URL. +| *`tls`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus"] +==== WebhookIdentityProviderStatus + +Status of a webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`conditions`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state. +|=== + + + [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 diff --git a/generated/1.18/apis/idp/doc.go b/generated/1.18/apis/idp/doc.go new file mode 100644 index 00000000..b7689b2b --- /dev/null +++ b/generated/1.18/apis/idp/doc.go @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:deepcopy-gen=package +// +groupName=idp.pinniped.dev + +// Package idp is the internal version of the Pinniped identity provider API. +package idp diff --git a/generated/1.18/apis/idp/v1alpha1/conversion.go b/generated/1.18/apis/idp/v1alpha1/conversion.go new file mode 100644 index 00000000..63bc360f --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/conversion.go @@ -0,0 +1,6 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 diff --git a/generated/1.18/apis/idp/v1alpha1/defaults.go b/generated/1.18/apis/idp/v1alpha1/defaults.go new file mode 100644 index 00000000..ba08404d --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/defaults.go @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.18/apis/idp/v1alpha1/doc.go b/generated/1.18/apis/idp/v1alpha1/doc.go new file mode 100644 index 00000000..a6ef1015 --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/doc.go @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.18/apis/idp +// +k8s:defaulter-gen=TypeMeta +// +groupName=idp.pinniped.dev +// +groupGoName=IDP + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. +package v1alpha1 diff --git a/generated/1.18/apis/idp/v1alpha1/register.go b/generated/1.18/apis/idp/v1alpha1/register.go new file mode 100644 index 00000000..b7878a21 --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/register.go @@ -0,0 +1,45 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "idp.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WebhookIdentityProvider{}, + &WebhookIdentityProviderList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.18/apis/idp/v1alpha1/types_meta.go b/generated/1.18/apis/idp/v1alpha1/types_meta.go new file mode 100644 index 00000000..fe4a5c25 --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/types_meta.go @@ -0,0 +1,77 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ConditionStatus is effectively an enum type for Condition.Status. +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. +// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API +// version we can switch to using the upstream type. +// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. +type Condition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // observedGeneration represents the .metadata.generation that the condition was set based upon. + // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the instance. + // +optional + // +kubebuilder:validation:Minimum=0 + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason contains a programmatic identifier indicating the reason for the condition's last transition. + // Producers of specific condition types may define expected values and meanings for this field, + // and whether the values are considered a guaranteed API. + // The value should be a CamelCase string. + // This field may not be empty. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` + Reason string `json:"reason"` + + // message is a human readable message indicating details about the transition. + // This may be an empty string. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=32768 + Message string `json:"message"` +} diff --git a/generated/1.18/apis/idp/v1alpha1/types_tls.go b/generated/1.18/apis/idp/v1alpha1/types_tls.go new file mode 100644 index 00000000..64f355e6 --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/types_tls.go @@ -0,0 +1,13 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +// Configuration for configuring TLS on various identity providers. +type TLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` +} diff --git a/generated/1.18/apis/idp/v1alpha1/types_webhook.go b/generated/1.18/apis/idp/v1alpha1/types_webhook.go new file mode 100644 index 00000000..046a16cb --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/types_webhook.go @@ -0,0 +1,55 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a webhook identity provider. +type WebhookIdentityProviderStatus struct { + // Represents the observations of an identity provider's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a webhook identity provider. +type WebhookIdentityProviderSpec struct { + // Webhook server endpoint URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // TLS configuration. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +type WebhookIdentityProvider struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the identity provider. + Spec WebhookIdentityProviderSpec `json:"spec"` + + // Status of the identity provider. + Status WebhookIdentityProviderStatus `json:"status,omitempty"` +} + +// List of WebhookIdentityProvider objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WebhookIdentityProviderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []WebhookIdentityProvider `json:"items"` +} diff --git a/generated/1.18/apis/idp/v1alpha1/zz_generated.conversion.go b/generated/1.18/apis/idp/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..f39942f8 --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,24 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + return nil +} diff --git a/generated/1.18/apis/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/idp/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..29ed1e8e --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,152 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Condition) DeepCopyInto(out *Condition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. +func (in *Condition) DeepCopy() *Condition { + if in == nil { + return nil + } + out := new(Condition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec. +func (in *TLSSpec) DeepCopy() *TLSSpec { + if in == nil { + return nil + } + out := new(TLSSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProvider. +func (in *WebhookIdentityProvider) DeepCopy() *WebhookIdentityProvider { + if in == nil { + return nil + } + out := new(WebhookIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WebhookIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderList. +func (in *WebhookIdentityProviderList) DeepCopy() *WebhookIdentityProviderList { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProviderSpec) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(TLSSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderSpec. +func (in *WebhookIdentityProviderSpec) DeepCopy() *WebhookIdentityProviderSpec { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProviderStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderStatus. +func (in *WebhookIdentityProviderStatus) DeepCopy() *WebhookIdentityProviderStatus { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/apis/idp/v1alpha1/zz_generated.defaults.go b/generated/1.18/apis/idp/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..1612aa4d --- /dev/null +++ b/generated/1.18/apis/idp/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,21 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.18/apis/idp/zz_generated.deepcopy.go b/generated/1.18/apis/idp/zz_generated.deepcopy.go new file mode 100644 index 00000000..0869390d --- /dev/null +++ b/generated/1.18/apis/idp/zz_generated.deepcopy.go @@ -0,0 +1,10 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package idp diff --git a/generated/1.18/client/clientset/versioned/clientset.go b/generated/1.18/client/clientset/versioned/clientset.go index eea8d727..0ba43fa0 100644 --- a/generated/1.18/client/clientset/versioned/clientset.go +++ b/generated/1.18/client/clientset/versioned/clientset.go @@ -11,6 +11,7 @@ import ( "fmt" crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/pinniped/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface + IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface } @@ -28,6 +30,7 @@ type Interface interface { type Clientset struct { *discovery.DiscoveryClient crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client + iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client pinnipedV1alpha1 *pinnipedv1alpha1.PinnipedV1alpha1Client } @@ -36,6 +39,11 @@ func (c *Clientset) CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface { return c.crdV1alpha1 } +// IDPV1alpha1 retrieves the IDPV1alpha1Client +func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { + return c.iDPV1alpha1 +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return c.pinnipedV1alpha1 @@ -66,6 +74,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.pinnipedV1alpha1, err = pinnipedv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -83,6 +95,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) + cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -93,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { func New(c rest.Interface) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.New(c) + cs.iDPV1alpha1 = idpv1alpha1.New(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.18/client/clientset/versioned/fake/clientset_generated.go b/generated/1.18/client/clientset/versioned/fake/clientset_generated.go index 2d456ffb..d5f54f63 100644 --- a/generated/1.18/client/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.18/client/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( clientset "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned" crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/crdpinniped/v1alpha1" fakecrdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/crdpinniped/v1alpha1/fake" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1" + fakeidpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/pinniped/v1alpha1" fakepinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/pinniped/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -72,6 +74,11 @@ func (c *Clientset) CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface { return &fakecrdv1alpha1.FakeCrdV1alpha1{Fake: &c.Fake} } +// IDPV1alpha1 retrieves the IDPV1alpha1Client +func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { + return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return &fakepinnipedv1alpha1.FakePinnipedV1alpha1{Fake: &c.Fake} diff --git a/generated/1.18/client/clientset/versioned/fake/register.go b/generated/1.18/client/clientset/versioned/fake/register.go index a247e760..d18a2f51 100644 --- a/generated/1.18/client/clientset/versioned/fake/register.go +++ b/generated/1.18/client/clientset/versioned/fake/register.go @@ -9,6 +9,7 @@ package fake import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, + idpv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.18/client/clientset/versioned/scheme/register.go b/generated/1.18/client/clientset/versioned/scheme/register.go index 41b989c8..988170d1 100644 --- a/generated/1.18/client/clientset/versioned/scheme/register.go +++ b/generated/1.18/client/clientset/versioned/scheme/register.go @@ -9,6 +9,7 @@ package scheme import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, + idpv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/doc.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/doc.go new file mode 100644 index 00000000..40c99ba8 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/doc.go @@ -0,0 +1,9 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go new file mode 100644 index 00000000..d51c7ce7 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go @@ -0,0 +1,9 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go new file mode 100644 index 00000000..23485990 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go @@ -0,0 +1,29 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIDPV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface { + return &FakeWebhookIdentityProviders{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIDPV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go new file mode 100644 index 00000000..828d3501 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go @@ -0,0 +1,131 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface +type FakeWebhookIdentityProviders struct { + Fake *FakeIDPV1alpha1 + ns string +} + +var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"} + +var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"} + +// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any. +func (c *FakeWebhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors. +func (c *FakeWebhookIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(webhookidentityprovidersResource, webhookidentityprovidersKind, c.ns, opts), &v1alpha1.WebhookIdentityProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.WebhookIdentityProviderList{ListMeta: obj.(*v1alpha1.WebhookIdentityProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.WebhookIdentityProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested webhookIdentityProviders. +func (c *FakeWebhookIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(webhookidentityprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *FakeWebhookIdentityProviders) Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *FakeWebhookIdentityProviders) Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeWebhookIdentityProviders) UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(webhookidentityprovidersResource, "status", c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs. +func (c *FakeWebhookIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeWebhookIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(webhookidentityprovidersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.WebhookIdentityProviderList{}) + return err +} + +// Patch applies the patch and returns the patched webhookIdentityProvider. +func (c *FakeWebhookIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(webhookidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..bd61370a --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WebhookIdentityProviderExpansion interface{} diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go new file mode 100644 index 00000000..eebbf121 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go @@ -0,0 +1,78 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IDPV1alpha1Interface interface { + RESTClient() rest.Interface + WebhookIdentityProvidersGetter +} + +// IDPV1alpha1Client is used to interact with features provided by the idp.pinniped.dev group. +type IDPV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface { + return newWebhookIdentityProviders(c, namespace) +} + +// NewForConfig creates a new IDPV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IDPV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IDPV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IDPV1alpha1Client { + return &IDPV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IDPV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..8d6c2f50 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,184 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + scheme "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// WebhookIdentityProvidersGetter has a method to return a WebhookIdentityProviderInterface. +// A group's client should implement this interface. +type WebhookIdentityProvidersGetter interface { + WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface +} + +// WebhookIdentityProviderInterface has methods to work with WebhookIdentityProvider resources. +type WebhookIdentityProviderInterface interface { + Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (*v1alpha1.WebhookIdentityProvider, error) + Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) + UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.WebhookIdentityProvider, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.WebhookIdentityProviderList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) + WebhookIdentityProviderExpansion +} + +// webhookIdentityProviders implements WebhookIdentityProviderInterface +type webhookIdentityProviders struct { + client rest.Interface + ns string +} + +// newWebhookIdentityProviders returns a WebhookIdentityProviders +func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders { + return &webhookIdentityProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any. +func (c *webhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors. +func (c *webhookIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.WebhookIdentityProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested webhookIdentityProviders. +func (c *webhookIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *webhookIdentityProviders) Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(webhookIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *webhookIdentityProviders) Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(webhookIdentityProvider.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(webhookIdentityProvider). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *webhookIdentityProviders) UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(webhookIdentityProvider.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(webhookIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs. +func (c *webhookIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *webhookIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched webhookIdentityProvider. +func (c *webhookIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/informers/externalversions/factory.go b/generated/1.18/client/informers/externalversions/factory.go index 4158afea..95d174a7 100644 --- a/generated/1.18/client/informers/externalversions/factory.go +++ b/generated/1.18/client/informers/externalversions/factory.go @@ -14,6 +14,7 @@ import ( versioned "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned" crdpinniped "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/crdpinniped" + idp "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/idp" internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" pinniped "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/pinniped" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -163,6 +164,7 @@ type SharedInformerFactory interface { WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool Crd() crdpinniped.Interface + IDP() idp.Interface Pinniped() pinniped.Interface } @@ -170,6 +172,10 @@ func (f *sharedInformerFactory) Crd() crdpinniped.Interface { return crdpinniped.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) IDP() idp.Interface { + return idp.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Pinniped() pinniped.Interface { return pinniped.New(f, f.namespace, f.tweakListOptions) } diff --git a/generated/1.18/client/informers/externalversions/generic.go b/generated/1.18/client/informers/externalversions/generic.go index e2db3b46..5d8fa30f 100644 --- a/generated/1.18/client/informers/externalversions/generic.go +++ b/generated/1.18/client/informers/externalversions/generic.go @@ -11,6 +11,7 @@ import ( "fmt" v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -46,6 +47,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha1().CredentialIssuerConfigs().Informer()}, nil + // Group=idp.pinniped.dev, Version=v1alpha1 + case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil + // Group=pinniped.dev, Version=v1alpha1 case pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pinniped().V1alpha1().CredentialRequests().Informer()}, nil diff --git a/generated/1.18/client/informers/externalversions/idp/interface.go b/generated/1.18/client/informers/externalversions/idp/interface.go new file mode 100644 index 00000000..ce170198 --- /dev/null +++ b/generated/1.18/client/informers/externalversions/idp/interface.go @@ -0,0 +1,35 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package idp + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/idp/v1alpha1" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/generated/1.18/client/informers/externalversions/idp/v1alpha1/interface.go b/generated/1.18/client/informers/externalversions/idp/v1alpha1/interface.go new file mode 100644 index 00000000..f8bdc576 --- /dev/null +++ b/generated/1.18/client/informers/externalversions/idp/v1alpha1/interface.go @@ -0,0 +1,34 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // WebhookIdentityProviders returns a WebhookIdentityProviderInformer. + WebhookIdentityProviders() WebhookIdentityProviderInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// WebhookIdentityProviders returns a WebhookIdentityProviderInformer. +func (v *version) WebhookIdentityProviders() WebhookIdentityProviderInformer { + return &webhookIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/generated/1.18/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go b/generated/1.18/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..609951db --- /dev/null +++ b/generated/1.18/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,79 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + versioned "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/listers/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// WebhookIdentityProviderInformer provides access to a shared informer and lister for +// WebhookIdentityProviders. +type WebhookIdentityProviderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.WebhookIdentityProviderLister +} + +type webhookIdentityProviderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredWebhookIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.IDPV1alpha1().WebhookIdentityProviders(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.IDPV1alpha1().WebhookIdentityProviders(namespace).Watch(context.TODO(), options) + }, + }, + &idpv1alpha1.WebhookIdentityProvider{}, + resyncPeriod, + indexers, + ) +} + +func (f *webhookIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredWebhookIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *webhookIdentityProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&idpv1alpha1.WebhookIdentityProvider{}, f.defaultInformer) +} + +func (f *webhookIdentityProviderInformer) Lister() v1alpha1.WebhookIdentityProviderLister { + return v1alpha1.NewWebhookIdentityProviderLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.18/client/listers/idp/v1alpha1/expansion_generated.go b/generated/1.18/client/listers/idp/v1alpha1/expansion_generated.go new file mode 100644 index 00000000..61d85cbe --- /dev/null +++ b/generated/1.18/client/listers/idp/v1alpha1/expansion_generated.go @@ -0,0 +1,16 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// WebhookIdentityProviderListerExpansion allows custom methods to be added to +// WebhookIdentityProviderLister. +type WebhookIdentityProviderListerExpansion interface{} + +// WebhookIdentityProviderNamespaceListerExpansion allows custom methods to be added to +// WebhookIdentityProviderNamespaceLister. +type WebhookIdentityProviderNamespaceListerExpansion interface{} diff --git a/generated/1.18/client/listers/idp/v1alpha1/webhookidentityprovider.go b/generated/1.18/client/listers/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..6014a7b3 --- /dev/null +++ b/generated/1.18/client/listers/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,83 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// WebhookIdentityProviderLister helps list WebhookIdentityProviders. +type WebhookIdentityProviderLister interface { + // List lists all WebhookIdentityProviders in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) + // WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders. + WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister + WebhookIdentityProviderListerExpansion +} + +// webhookIdentityProviderLister implements the WebhookIdentityProviderLister interface. +type webhookIdentityProviderLister struct { + indexer cache.Indexer +} + +// NewWebhookIdentityProviderLister returns a new WebhookIdentityProviderLister. +func NewWebhookIdentityProviderLister(indexer cache.Indexer) WebhookIdentityProviderLister { + return &webhookIdentityProviderLister{indexer: indexer} +} + +// List lists all WebhookIdentityProviders in the indexer. +func (s *webhookIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider)) + }) + return ret, err +} + +// WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders. +func (s *webhookIdentityProviderLister) WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister { + return webhookIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// WebhookIdentityProviderNamespaceLister helps list and get WebhookIdentityProviders. +type WebhookIdentityProviderNamespaceLister interface { + // List lists all WebhookIdentityProviders in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) + // Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.WebhookIdentityProvider, error) + WebhookIdentityProviderNamespaceListerExpansion +} + +// webhookIdentityProviderNamespaceLister implements the WebhookIdentityProviderNamespaceLister +// interface. +type webhookIdentityProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all WebhookIdentityProviders in the indexer for a given namespace. +func (s webhookIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider)) + }) + return ret, err +} + +// Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name. +func (s webhookIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.WebhookIdentityProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("webhookidentityprovider"), name) + } + return obj.(*v1alpha1.WebhookIdentityProvider), nil +} diff --git a/generated/1.18/client/openapi/zz_generated.openapi.go b/generated/1.18/client/openapi/zz_generated.openapi.go index 564319af..89ffed82 100644 --- a/generated/1.18/client/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/openapi/zz_generated.openapi.go @@ -24,6 +24,12 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigList": schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigList(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus": schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStrategy": schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.Condition": schema_118_apis_idp_v1alpha1_Condition(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.TLSSpec": schema_118_apis_idp_v1alpha1_TLSSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProvider": schema_118_apis_idp_v1alpha1_WebhookIdentityProvider(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_118_apis_idp_v1alpha1_WebhookIdentityProviderList(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_118_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_118_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1.CredentialRequest": schema_118_apis_pinniped_v1alpha1_CredentialRequest(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1.CredentialRequestCredential": schema_118_apis_pinniped_v1alpha1_CredentialRequestCredential(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1.CredentialRequestList": schema_118_apis_pinniped_v1alpha1_CredentialRequestList(ref), @@ -283,6 +289,244 @@ func schema_118_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com } } +func schema_118_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type of condition in CamelCase or in foo.example.com/CamelCase.", + Type: []string{"string"}, + Format: "", + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status of the condition, one of True, False, Unknown.", + Type: []string{"string"}, + Format: "", + }, + }, + "observedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "lastTransitionTime": { + SchemaProps: spec.SchemaProps{ + Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "reason": { + SchemaProps: spec.SchemaProps{ + Description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "message is a human readable message indicating details about the transition. This may be an empty string.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"type", "status", "lastTransitionTime", "reason", "message"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_118_apis_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration for configuring TLS on various identity providers.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "certificateAuthorityData": { + SchemaProps: spec.SchemaProps{ + Description: "X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_118_apis_idp_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "Spec for configuring the identity provider.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status of the identity provider.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderStatus"), + }, + }, + }, + Required: []string{"spec"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderSpec", "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_118_apis_idp_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "List of WebhookIdentityProvider objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProvider"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_118_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Spec for configuring a webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "endpoint": { + SchemaProps: spec.SchemaProps{ + Description: "Webhook server endpoint URL.", + Type: []string{"string"}, + Format: "", + }, + }, + "tls": { + SchemaProps: spec.SchemaProps{ + Description: "TLS configuration.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.TLSSpec"), + }, + }, + }, + Required: []string{"endpoint"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.TLSSpec"}, + } +} + +func schema_118_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Status of a webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Represents the observations of an identity provider's current state.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.Condition"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.Condition"}, + } +} + func schema_118_apis_pinniped_v1alpha1_CredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.18/crds/idp.pinniped.dev_webhookidentityproviders.yaml b/generated/1.18/crds/idp.pinniped.dev_webhookidentityproviders.yaml new file mode 100644 index 00000000..213b7ad2 --- /dev/null +++ b/generated/1.18/crds/idp.pinniped.dev_webhookidentityproviders.yaml @@ -0,0 +1,149 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: webhookidentityproviders.idp.pinniped.dev +spec: + group: idp.pinniped.dev + names: + categories: + - all + - idp + - idps + kind: WebhookIdentityProvider + listKind: WebhookIdentityProviderList + plural: webhookidentityproviders + shortNames: + - webhookidp + - webhookidps + singular: webhookidentityprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: WebhookIdentityProvider describes the configuration of a Pinniped + webhook identity provider. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for configuring the identity provider. + properties: + endpoint: + description: Webhook server endpoint URL. + minLength: 1 + pattern: ^https:// + type: string + tls: + description: TLS configuration. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM bundle). + If omitted, a default set of system roots will be trusted. + type: string + type: object + required: + - endpoint + type: object + status: + description: Status of the identity provider. + properties: + conditions: + description: Represents the observations of an identity provider's + current state. + items: + description: Condition status of a resource (mirrored from the metav1.Condition + type added in Kubernetes 1.19). In a future API version we can + switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index 57d176cc..b6016dd2 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -6,6 +6,7 @@ .Packages - xref:{anchor_prefix}-crd-pinniped-dev-v1alpha1[$$crd.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-pinniped-dev-v1alpha1[$$pinniped.dev/v1alpha1$$] @@ -95,6 +96,110 @@ Status of a credential issuer. +[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"] +=== idp.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-condition"] +==== Condition + +Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) +| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown. +| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. +| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. +| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. +| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-tlsspec"] +==== TLSSpec + +Configuration for configuring TLS on various identity providers. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityprovider"] +==== WebhookIdentityProvider + +WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider. +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider. +|=== + + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderspec"] +==== WebhookIdentityProviderSpec + +Spec for configuring a webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`endpoint`* __string__ | Webhook server endpoint URL. +| *`tls`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityproviderstatus"] +==== WebhookIdentityProviderStatus + +Status of a webhook identity provider. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`conditions`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state. +|=== + + + [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 diff --git a/generated/1.19/apis/idp/doc.go b/generated/1.19/apis/idp/doc.go new file mode 100644 index 00000000..b7689b2b --- /dev/null +++ b/generated/1.19/apis/idp/doc.go @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:deepcopy-gen=package +// +groupName=idp.pinniped.dev + +// Package idp is the internal version of the Pinniped identity provider API. +package idp diff --git a/generated/1.19/apis/idp/v1alpha1/conversion.go b/generated/1.19/apis/idp/v1alpha1/conversion.go new file mode 100644 index 00000000..63bc360f --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/conversion.go @@ -0,0 +1,6 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 diff --git a/generated/1.19/apis/idp/v1alpha1/defaults.go b/generated/1.19/apis/idp/v1alpha1/defaults.go new file mode 100644 index 00000000..ba08404d --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/defaults.go @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.19/apis/idp/v1alpha1/doc.go b/generated/1.19/apis/idp/v1alpha1/doc.go new file mode 100644 index 00000000..183dd735 --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/doc.go @@ -0,0 +1,14 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.19/apis/idp +// +k8s:defaulter-gen=TypeMeta +// +groupName=idp.pinniped.dev +// +groupGoName=IDP + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API. +package v1alpha1 diff --git a/generated/1.19/apis/idp/v1alpha1/register.go b/generated/1.19/apis/idp/v1alpha1/register.go new file mode 100644 index 00000000..b7878a21 --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/register.go @@ -0,0 +1,45 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "idp.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WebhookIdentityProvider{}, + &WebhookIdentityProviderList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.19/apis/idp/v1alpha1/types_meta.go b/generated/1.19/apis/idp/v1alpha1/types_meta.go new file mode 100644 index 00000000..fe4a5c25 --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/types_meta.go @@ -0,0 +1,77 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ConditionStatus is effectively an enum type for Condition.Status. +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. +// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API +// version we can switch to using the upstream type. +// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. +type Condition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // observedGeneration represents the .metadata.generation that the condition was set based upon. + // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the instance. + // +optional + // +kubebuilder:validation:Minimum=0 + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason contains a programmatic identifier indicating the reason for the condition's last transition. + // Producers of specific condition types may define expected values and meanings for this field, + // and whether the values are considered a guaranteed API. + // The value should be a CamelCase string. + // This field may not be empty. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` + Reason string `json:"reason"` + + // message is a human readable message indicating details about the transition. + // This may be an empty string. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=32768 + Message string `json:"message"` +} diff --git a/generated/1.19/apis/idp/v1alpha1/types_tls.go b/generated/1.19/apis/idp/v1alpha1/types_tls.go new file mode 100644 index 00000000..64f355e6 --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/types_tls.go @@ -0,0 +1,13 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +// Configuration for configuring TLS on various identity providers. +type TLSSpec struct { + // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + // +optional + CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` +} diff --git a/generated/1.19/apis/idp/v1alpha1/types_webhook.go b/generated/1.19/apis/idp/v1alpha1/types_webhook.go new file mode 100644 index 00000000..046a16cb --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/types_webhook.go @@ -0,0 +1,55 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Status of a webhook identity provider. +type WebhookIdentityProviderStatus struct { + // Represents the observations of an identity provider's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// Spec for configuring a webhook identity provider. +type WebhookIdentityProviderSpec struct { + // Webhook server endpoint URL. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^https://` + Endpoint string `json:"endpoint"` + + // TLS configuration. + // +optional + TLS *TLSSpec `json:"tls,omitempty"` +} + +// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +type WebhookIdentityProvider struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec for configuring the identity provider. + Spec WebhookIdentityProviderSpec `json:"spec"` + + // Status of the identity provider. + Status WebhookIdentityProviderStatus `json:"status,omitempty"` +} + +// List of WebhookIdentityProvider objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WebhookIdentityProviderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []WebhookIdentityProvider `json:"items"` +} diff --git a/generated/1.19/apis/idp/v1alpha1/zz_generated.conversion.go b/generated/1.19/apis/idp/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..1131cdff --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,66 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*Condition)(nil), (*v1.Condition)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_Condition_To_v1_Condition(a.(*Condition), b.(*v1.Condition), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.Condition)(nil), (*Condition)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_Condition_To_v1alpha1_Condition(a.(*v1.Condition), b.(*Condition), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_Condition_To_v1_Condition(in *Condition, out *v1.Condition, s conversion.Scope) error { + out.Type = in.Type + out.Status = v1.ConditionStatus(in.Status) + out.ObservedGeneration = in.ObservedGeneration + out.LastTransitionTime = in.LastTransitionTime + out.Reason = in.Reason + out.Message = in.Message + return nil +} + +// Convert_v1alpha1_Condition_To_v1_Condition is an autogenerated conversion function. +func Convert_v1alpha1_Condition_To_v1_Condition(in *Condition, out *v1.Condition, s conversion.Scope) error { + return autoConvert_v1alpha1_Condition_To_v1_Condition(in, out, s) +} + +func autoConvert_v1_Condition_To_v1alpha1_Condition(in *v1.Condition, out *Condition, s conversion.Scope) error { + out.Type = in.Type + out.Status = ConditionStatus(in.Status) + out.ObservedGeneration = in.ObservedGeneration + out.LastTransitionTime = in.LastTransitionTime + out.Reason = in.Reason + out.Message = in.Message + return nil +} + +// Convert_v1_Condition_To_v1alpha1_Condition is an autogenerated conversion function. +func Convert_v1_Condition_To_v1alpha1_Condition(in *v1.Condition, out *Condition, s conversion.Scope) error { + return autoConvert_v1_Condition_To_v1alpha1_Condition(in, out, s) +} diff --git a/generated/1.19/apis/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/idp/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..29ed1e8e --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,152 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Condition) DeepCopyInto(out *Condition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. +func (in *Condition) DeepCopy() *Condition { + if in == nil { + return nil + } + out := new(Condition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec. +func (in *TLSSpec) DeepCopy() *TLSSpec { + if in == nil { + return nil + } + out := new(TLSSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProvider. +func (in *WebhookIdentityProvider) DeepCopy() *WebhookIdentityProvider { + if in == nil { + return nil + } + out := new(WebhookIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WebhookIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderList. +func (in *WebhookIdentityProviderList) DeepCopy() *WebhookIdentityProviderList { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProviderSpec) { + *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(TLSSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderSpec. +func (in *WebhookIdentityProviderSpec) DeepCopy() *WebhookIdentityProviderSpec { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProviderStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderStatus. +func (in *WebhookIdentityProviderStatus) DeepCopy() *WebhookIdentityProviderStatus { + if in == nil { + return nil + } + out := new(WebhookIdentityProviderStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/apis/idp/v1alpha1/zz_generated.defaults.go b/generated/1.19/apis/idp/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..1612aa4d --- /dev/null +++ b/generated/1.19/apis/idp/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,21 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.19/apis/idp/zz_generated.deepcopy.go b/generated/1.19/apis/idp/zz_generated.deepcopy.go new file mode 100644 index 00000000..0869390d --- /dev/null +++ b/generated/1.19/apis/idp/zz_generated.deepcopy.go @@ -0,0 +1,10 @@ +// +build !ignore_autogenerated + +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package idp diff --git a/generated/1.19/client/clientset/versioned/clientset.go b/generated/1.19/client/clientset/versioned/clientset.go index a5a23ff3..98dfba50 100644 --- a/generated/1.19/client/clientset/versioned/clientset.go +++ b/generated/1.19/client/clientset/versioned/clientset.go @@ -11,6 +11,7 @@ import ( "fmt" crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/pinniped/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface + IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface } @@ -28,6 +30,7 @@ type Interface interface { type Clientset struct { *discovery.DiscoveryClient crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client + iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client pinnipedV1alpha1 *pinnipedv1alpha1.PinnipedV1alpha1Client } @@ -36,6 +39,11 @@ func (c *Clientset) CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface { return c.crdV1alpha1 } +// IDPV1alpha1 retrieves the IDPV1alpha1Client +func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { + return c.iDPV1alpha1 +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return c.pinnipedV1alpha1 @@ -66,6 +74,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.pinnipedV1alpha1, err = pinnipedv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -83,6 +95,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) + cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -93,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { func New(c rest.Interface) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.New(c) + cs.iDPV1alpha1 = idpv1alpha1.New(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.19/client/clientset/versioned/fake/clientset_generated.go b/generated/1.19/client/clientset/versioned/fake/clientset_generated.go index 00669ec4..fd85bb1b 100644 --- a/generated/1.19/client/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.19/client/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( clientset "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/crdpinniped/v1alpha1" fakecrdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/crdpinniped/v1alpha1/fake" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1" + fakeidpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/pinniped/v1alpha1" fakepinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/pinniped/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -72,6 +74,11 @@ func (c *Clientset) CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface { return &fakecrdv1alpha1.FakeCrdV1alpha1{Fake: &c.Fake} } +// IDPV1alpha1 retrieves the IDPV1alpha1Client +func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { + return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return &fakepinnipedv1alpha1.FakePinnipedV1alpha1{Fake: &c.Fake} diff --git a/generated/1.19/client/clientset/versioned/fake/register.go b/generated/1.19/client/clientset/versioned/fake/register.go index ce878f5f..b127ef49 100644 --- a/generated/1.19/client/clientset/versioned/fake/register.go +++ b/generated/1.19/client/clientset/versioned/fake/register.go @@ -9,6 +9,7 @@ package fake import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, + idpv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.19/client/clientset/versioned/scheme/register.go b/generated/1.19/client/clientset/versioned/scheme/register.go index 02388b09..16bd8ac6 100644 --- a/generated/1.19/client/clientset/versioned/scheme/register.go +++ b/generated/1.19/client/clientset/versioned/scheme/register.go @@ -9,6 +9,7 @@ package scheme import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, + idpv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/doc.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/doc.go new file mode 100644 index 00000000..40c99ba8 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/doc.go @@ -0,0 +1,9 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go new file mode 100644 index 00000000..d51c7ce7 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/doc.go @@ -0,0 +1,9 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go new file mode 100644 index 00000000..de3b2613 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_idp_client.go @@ -0,0 +1,29 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIDPV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface { + return &FakeWebhookIdentityProviders{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIDPV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go new file mode 100644 index 00000000..9358c9f0 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake/fake_webhookidentityprovider.go @@ -0,0 +1,131 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface +type FakeWebhookIdentityProviders struct { + Fake *FakeIDPV1alpha1 + ns string +} + +var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"} + +var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"} + +// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any. +func (c *FakeWebhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors. +func (c *FakeWebhookIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(webhookidentityprovidersResource, webhookidentityprovidersKind, c.ns, opts), &v1alpha1.WebhookIdentityProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.WebhookIdentityProviderList{ListMeta: obj.(*v1alpha1.WebhookIdentityProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.WebhookIdentityProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested webhookIdentityProviders. +func (c *FakeWebhookIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(webhookidentityprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *FakeWebhookIdentityProviders) Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *FakeWebhookIdentityProviders) Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(webhookidentityprovidersResource, c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeWebhookIdentityProviders) UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(webhookidentityprovidersResource, "status", c.ns, webhookIdentityProvider), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} + +// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs. +func (c *FakeWebhookIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(webhookidentityprovidersResource, c.ns, name), &v1alpha1.WebhookIdentityProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeWebhookIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(webhookidentityprovidersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.WebhookIdentityProviderList{}) + return err +} + +// Patch applies the patch and returns the patched webhookIdentityProvider. +func (c *FakeWebhookIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(webhookidentityprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookIdentityProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WebhookIdentityProvider), err +} diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..bd61370a --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/generated_expansion.go @@ -0,0 +1,10 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WebhookIdentityProviderExpansion interface{} diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go new file mode 100644 index 00000000..6edbb29b --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/idp_client.go @@ -0,0 +1,78 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IDPV1alpha1Interface interface { + RESTClient() rest.Interface + WebhookIdentityProvidersGetter +} + +// IDPV1alpha1Client is used to interact with features provided by the idp.pinniped.dev group. +type IDPV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface { + return newWebhookIdentityProviders(c, namespace) +} + +// NewForConfig creates a new IDPV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IDPV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IDPV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IDPV1alpha1Client { + return &IDPV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IDPV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..4c4e2c7c --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,184 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + scheme "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// WebhookIdentityProvidersGetter has a method to return a WebhookIdentityProviderInterface. +// A group's client should implement this interface. +type WebhookIdentityProvidersGetter interface { + WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface +} + +// WebhookIdentityProviderInterface has methods to work with WebhookIdentityProvider resources. +type WebhookIdentityProviderInterface interface { + Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (*v1alpha1.WebhookIdentityProvider, error) + Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) + UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (*v1alpha1.WebhookIdentityProvider, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.WebhookIdentityProvider, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.WebhookIdentityProviderList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) + WebhookIdentityProviderExpansion +} + +// webhookIdentityProviders implements WebhookIdentityProviderInterface +type webhookIdentityProviders struct { + client rest.Interface + ns string +} + +// newWebhookIdentityProviders returns a WebhookIdentityProviders +func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders { + return &webhookIdentityProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any. +func (c *webhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of WebhookIdentityProviders that match those selectors. +func (c *webhookIdentityProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookIdentityProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.WebhookIdentityProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested webhookIdentityProviders. +func (c *webhookIdentityProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a webhookIdentityProvider and creates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *webhookIdentityProviders) Create(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.CreateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(webhookIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a webhookIdentityProvider and updates it. Returns the server's representation of the webhookIdentityProvider, and an error, if there is any. +func (c *webhookIdentityProviders) Update(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(webhookIdentityProvider.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(webhookIdentityProvider). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *webhookIdentityProviders) UpdateStatus(ctx context.Context, webhookIdentityProvider *v1alpha1.WebhookIdentityProvider, opts v1.UpdateOptions) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(webhookIdentityProvider.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(webhookIdentityProvider). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the webhookIdentityProvider and deletes it. Returns an error if one occurs. +func (c *webhookIdentityProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *webhookIdentityProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("webhookidentityproviders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched webhookIdentityProvider. +func (c *webhookIdentityProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookIdentityProvider, err error) { + result = &v1alpha1.WebhookIdentityProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("webhookidentityproviders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/informers/externalversions/factory.go b/generated/1.19/client/informers/externalversions/factory.go index 40ea7aae..b32ab8cd 100644 --- a/generated/1.19/client/informers/externalversions/factory.go +++ b/generated/1.19/client/informers/externalversions/factory.go @@ -14,6 +14,7 @@ import ( versioned "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" crdpinniped "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/crdpinniped" + idp "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/idp" internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" pinniped "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/pinniped" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -163,6 +164,7 @@ type SharedInformerFactory interface { WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool Crd() crdpinniped.Interface + IDP() idp.Interface Pinniped() pinniped.Interface } @@ -170,6 +172,10 @@ func (f *sharedInformerFactory) Crd() crdpinniped.Interface { return crdpinniped.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) IDP() idp.Interface { + return idp.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Pinniped() pinniped.Interface { return pinniped.New(f, f.namespace, f.tweakListOptions) } diff --git a/generated/1.19/client/informers/externalversions/generic.go b/generated/1.19/client/informers/externalversions/generic.go index 698ab80d..a112ff40 100644 --- a/generated/1.19/client/informers/externalversions/generic.go +++ b/generated/1.19/client/informers/externalversions/generic.go @@ -11,6 +11,7 @@ import ( "fmt" v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1" + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -46,6 +47,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha1().CredentialIssuerConfigs().Informer()}, nil + // Group=idp.pinniped.dev, Version=v1alpha1 + case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil + // Group=pinniped.dev, Version=v1alpha1 case pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pinniped().V1alpha1().CredentialRequests().Informer()}, nil diff --git a/generated/1.19/client/informers/externalversions/idp/interface.go b/generated/1.19/client/informers/externalversions/idp/interface.go new file mode 100644 index 00000000..206b43f5 --- /dev/null +++ b/generated/1.19/client/informers/externalversions/idp/interface.go @@ -0,0 +1,35 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package idp + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/idp/v1alpha1" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/generated/1.19/client/informers/externalversions/idp/v1alpha1/interface.go b/generated/1.19/client/informers/externalversions/idp/v1alpha1/interface.go new file mode 100644 index 00000000..3927d66f --- /dev/null +++ b/generated/1.19/client/informers/externalversions/idp/v1alpha1/interface.go @@ -0,0 +1,34 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // WebhookIdentityProviders returns a WebhookIdentityProviderInformer. + WebhookIdentityProviders() WebhookIdentityProviderInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// WebhookIdentityProviders returns a WebhookIdentityProviderInformer. +func (v *version) WebhookIdentityProviders() WebhookIdentityProviderInformer { + return &webhookIdentityProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/generated/1.19/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go b/generated/1.19/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..65df5620 --- /dev/null +++ b/generated/1.19/client/informers/externalversions/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,79 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + versioned "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/listers/idp/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// WebhookIdentityProviderInformer provides access to a shared informer and lister for +// WebhookIdentityProviders. +type WebhookIdentityProviderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.WebhookIdentityProviderLister +} + +type webhookIdentityProviderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredWebhookIdentityProviderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredWebhookIdentityProviderInformer constructs a new informer for WebhookIdentityProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredWebhookIdentityProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.IDPV1alpha1().WebhookIdentityProviders(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.IDPV1alpha1().WebhookIdentityProviders(namespace).Watch(context.TODO(), options) + }, + }, + &idpv1alpha1.WebhookIdentityProvider{}, + resyncPeriod, + indexers, + ) +} + +func (f *webhookIdentityProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredWebhookIdentityProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *webhookIdentityProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&idpv1alpha1.WebhookIdentityProvider{}, f.defaultInformer) +} + +func (f *webhookIdentityProviderInformer) Lister() v1alpha1.WebhookIdentityProviderLister { + return v1alpha1.NewWebhookIdentityProviderLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.19/client/listers/idp/v1alpha1/expansion_generated.go b/generated/1.19/client/listers/idp/v1alpha1/expansion_generated.go new file mode 100644 index 00000000..61d85cbe --- /dev/null +++ b/generated/1.19/client/listers/idp/v1alpha1/expansion_generated.go @@ -0,0 +1,16 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// WebhookIdentityProviderListerExpansion allows custom methods to be added to +// WebhookIdentityProviderLister. +type WebhookIdentityProviderListerExpansion interface{} + +// WebhookIdentityProviderNamespaceListerExpansion allows custom methods to be added to +// WebhookIdentityProviderNamespaceLister. +type WebhookIdentityProviderNamespaceListerExpansion interface{} diff --git a/generated/1.19/client/listers/idp/v1alpha1/webhookidentityprovider.go b/generated/1.19/client/listers/idp/v1alpha1/webhookidentityprovider.go new file mode 100644 index 00000000..53101588 --- /dev/null +++ b/generated/1.19/client/listers/idp/v1alpha1/webhookidentityprovider.go @@ -0,0 +1,88 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// WebhookIdentityProviderLister helps list WebhookIdentityProviders. +// All objects returned here must be treated as read-only. +type WebhookIdentityProviderLister interface { + // List lists all WebhookIdentityProviders in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) + // WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders. + WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister + WebhookIdentityProviderListerExpansion +} + +// webhookIdentityProviderLister implements the WebhookIdentityProviderLister interface. +type webhookIdentityProviderLister struct { + indexer cache.Indexer +} + +// NewWebhookIdentityProviderLister returns a new WebhookIdentityProviderLister. +func NewWebhookIdentityProviderLister(indexer cache.Indexer) WebhookIdentityProviderLister { + return &webhookIdentityProviderLister{indexer: indexer} +} + +// List lists all WebhookIdentityProviders in the indexer. +func (s *webhookIdentityProviderLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider)) + }) + return ret, err +} + +// WebhookIdentityProviders returns an object that can list and get WebhookIdentityProviders. +func (s *webhookIdentityProviderLister) WebhookIdentityProviders(namespace string) WebhookIdentityProviderNamespaceLister { + return webhookIdentityProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// WebhookIdentityProviderNamespaceLister helps list and get WebhookIdentityProviders. +// All objects returned here must be treated as read-only. +type WebhookIdentityProviderNamespaceLister interface { + // List lists all WebhookIdentityProviders in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) + // Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.WebhookIdentityProvider, error) + WebhookIdentityProviderNamespaceListerExpansion +} + +// webhookIdentityProviderNamespaceLister implements the WebhookIdentityProviderNamespaceLister +// interface. +type webhookIdentityProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all WebhookIdentityProviders in the indexer for a given namespace. +func (s webhookIdentityProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookIdentityProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.WebhookIdentityProvider)) + }) + return ret, err +} + +// Get retrieves the WebhookIdentityProvider from the indexer for a given namespace and name. +func (s webhookIdentityProviderNamespaceLister) Get(name string) (*v1alpha1.WebhookIdentityProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("webhookidentityprovider"), name) + } + return obj.(*v1alpha1.WebhookIdentityProvider), nil +} diff --git a/generated/1.19/client/openapi/zz_generated.openapi.go b/generated/1.19/client/openapi/zz_generated.openapi.go index 2b066cbf..284b45c6 100644 --- a/generated/1.19/client/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/openapi/zz_generated.openapi.go @@ -24,6 +24,12 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigList": schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigList(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStatus": schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStatus(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1.CredentialIssuerConfigStrategy": schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.Condition": schema_119_apis_idp_v1alpha1_Condition(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.TLSSpec": schema_119_apis_idp_v1alpha1_TLSSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProvider": schema_119_apis_idp_v1alpha1_WebhookIdentityProvider(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_119_apis_idp_v1alpha1_WebhookIdentityProviderList(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_119_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_119_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1.CredentialRequest": schema_119_apis_pinniped_v1alpha1_CredentialRequest(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1.CredentialRequestCredential": schema_119_apis_pinniped_v1alpha1_CredentialRequestCredential(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1.CredentialRequestList": schema_119_apis_pinniped_v1alpha1_CredentialRequestList(ref), @@ -284,6 +290,244 @@ func schema_119_apis_crdpinniped_v1alpha1_CredentialIssuerConfigStrategy(ref com } } +func schema_119_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type of condition in CamelCase or in foo.example.com/CamelCase.", + Type: []string{"string"}, + Format: "", + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status of the condition, one of True, False, Unknown.", + Type: []string{"string"}, + Format: "", + }, + }, + "observedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "lastTransitionTime": { + SchemaProps: spec.SchemaProps{ + Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "reason": { + SchemaProps: spec.SchemaProps{ + Description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "message is a human readable message indicating details about the transition. This may be an empty string.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"type", "status", "lastTransitionTime", "reason", "message"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_119_apis_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration for configuring TLS on various identity providers.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "certificateAuthorityData": { + SchemaProps: spec.SchemaProps{ + Description: "X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_119_apis_idp_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "Spec for configuring the identity provider.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status of the identity provider.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderStatus"), + }, + }, + }, + Required: []string{"spec"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderSpec", "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_119_apis_idp_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "List of WebhookIdentityProvider objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProvider"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_119_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Spec for configuring a webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "endpoint": { + SchemaProps: spec.SchemaProps{ + Description: "Webhook server endpoint URL.", + Type: []string{"string"}, + Format: "", + }, + }, + "tls": { + SchemaProps: spec.SchemaProps{ + Description: "TLS configuration.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.TLSSpec"), + }, + }, + }, + Required: []string{"endpoint"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.TLSSpec"}, + } +} + +func schema_119_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Status of a webhook identity provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "Represents the observations of an identity provider's current state.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.Condition"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.Condition"}, + } +} + func schema_119_apis_pinniped_v1alpha1_CredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.19/crds/idp.pinniped.dev_webhookidentityproviders.yaml b/generated/1.19/crds/idp.pinniped.dev_webhookidentityproviders.yaml new file mode 100644 index 00000000..213b7ad2 --- /dev/null +++ b/generated/1.19/crds/idp.pinniped.dev_webhookidentityproviders.yaml @@ -0,0 +1,149 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: webhookidentityproviders.idp.pinniped.dev +spec: + group: idp.pinniped.dev + names: + categories: + - all + - idp + - idps + kind: WebhookIdentityProvider + listKind: WebhookIdentityProviderList + plural: webhookidentityproviders + shortNames: + - webhookidp + - webhookidps + singular: webhookidentityprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: WebhookIdentityProvider describes the configuration of a Pinniped + webhook identity provider. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec for configuring the identity provider. + properties: + endpoint: + description: Webhook server endpoint URL. + minLength: 1 + pattern: ^https:// + type: string + tls: + description: TLS configuration. + properties: + certificateAuthorityData: + description: X.509 Certificate Authority (base64-encoded PEM bundle). + If omitted, a default set of system roots will be trusted. + type: string + type: object + required: + - endpoint + type: object + status: + description: Status of the identity provider. + properties: + conditions: + description: Represents the observations of an identity provider's + current state. + items: + description: Condition status of a resource (mirrored from the metav1.Condition + type added in Kubernetes 1.19). In a future API version we can + switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413. + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/hack/lib/docs/config.yaml b/hack/lib/docs/config.yaml index 9ecc75a2..2a01e07c 100644 --- a/hack/lib/docs/config.yaml +++ b/hack/lib/docs/config.yaml @@ -4,6 +4,7 @@ processor: # Ignore internal API versions ignoreGroupVersions: - "crd.pinniped.dev/crdpinniped" + - "idp.pinniped.dev/idp" - "pinniped.dev/pinniped" ignoreFields: - "TypeMeta$" diff --git a/hack/lib/update-codegen.sh b/hack/lib/update-codegen.sh index baba076b..cb687880 100755 --- a/hack/lib/update-codegen.sh +++ b/hack/lib/update-codegen.sh @@ -121,7 +121,7 @@ echo "generating API-related code for our internal API groups..." "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/client" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "pinniped:v1alpha1 crdpinniped:v1alpha1" \ + "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-int-api > |" ) @@ -136,7 +136,7 @@ echo "generating client code for our public API groups..." client,lister,informer \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/client" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "pinniped:v1alpha1 crdpinniped:v1alpha1" \ + "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-client > |" ) @@ -155,5 +155,6 @@ crd-ref-docs \ # Generate CRD YAML (cd apis && - controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds + controller-gen paths=./crdpinniped/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds && + controller-gen paths=./idp/v1alpha1 crd:trivialVersions=true output:crd:artifacts:config=../crds ) diff --git a/hack/update.sh b/hack/update.sh index 00c15ae7..ebf7280f 100755 --- a/hack/update.sh +++ b/hack/update.sh @@ -8,5 +8,5 @@ set -euo pipefail ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt" -cp "$ROOT/generated/1.19/crds/crd.pinniped.dev_credentialissuerconfigs.yaml" "$ROOT/deploy/crd.yaml" +cp "$ROOT/generated/1.19/crds/"*.yaml "$ROOT/deploy/" "$ROOT/hack/module.sh" tidy From 3344b5b86aeed45897e18cbf82da79b6caebcd57 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 9 Sep 2020 10:36:38 -0500 Subject: [PATCH 03/14] Expect the WebhookIdentityProvider CRD to be installed. Signed-off-by: Matt Moyer --- test/integration/api_discovery_test.go | 156 +++++++++++++++++-------- 1 file changed, 105 insertions(+), 51 deletions(-) diff --git a/test/integration/api_discovery_test.go b/test/integration/api_discovery_test.go index 96fa3951..48d3bb93 100644 --- a/test/integration/api_discovery_test.go +++ b/test/integration/api_discovery_test.go @@ -22,65 +22,119 @@ func TestGetAPIResourceList(t *testing.T) { groups, resources, err := client.Discovery().ServerGroupsAndResources() require.NoError(t, err) - t.Run("has group", func(t *testing.T) { - require.Contains(t, groups, &metav1.APIGroup{ - Name: "pinniped.dev", - Versions: []metav1.GroupVersionForDiscovery{ - { + tests := []struct { + group metav1.APIGroup + resourceByVersion map[string][]metav1.APIResource + }{ + { + group: metav1.APIGroup{ + Name: "pinniped.dev", + Versions: []metav1.GroupVersionForDiscovery{ + { + GroupVersion: "pinniped.dev/v1alpha1", + Version: "v1alpha1", + }, + }, + PreferredVersion: metav1.GroupVersionForDiscovery{ GroupVersion: "pinniped.dev/v1alpha1", Version: "v1alpha1", }, }, - PreferredVersion: metav1.GroupVersionForDiscovery{ - GroupVersion: "pinniped.dev/v1alpha1", - Version: "v1alpha1", + resourceByVersion: map[string][]metav1.APIResource{ + "pinniped.dev/v1alpha1": { + { + Name: "credentialrequests", + Kind: "CredentialRequest", + Verbs: []string{"create"}, + Namespaced: false, + + // This is currently an empty string in the response; maybe it should not be + // empty? Seems like no harm in keeping it like this for now, but feel free + // to update in the future if there is a compelling reason to do so. + SingularName: "", + }, + }, }, - }) - }) - - t.Run("has non-CRD APIs", func(t *testing.T) { - expectResources(t, "pinniped.dev/v1alpha1", resources, []metav1.APIResource{ - { - Name: "credentialrequests", - Kind: "CredentialRequest", - Verbs: []string{"create"}, - Namespaced: false, - - // This is currently an empty string in the response; maybe it should not be - // empty? Seems like no harm in keeping it like this for now, but feel free - // to update in the future if there is a compelling reason to do so. - SingularName: "", + }, + { + group: metav1.APIGroup{ + Name: "crd.pinniped.dev", + Versions: []metav1.GroupVersionForDiscovery{ + { + GroupVersion: "crd.pinniped.dev/v1alpha1", + Version: "v1alpha1", + }, + }, + PreferredVersion: metav1.GroupVersionForDiscovery{ + GroupVersion: "crd.pinniped.dev/v1alpha1", + Version: "v1alpha1", + }, }, - }) - }) - - t.Run("has CRD APIs", func(t *testing.T) { - expectResources(t, "crd.pinniped.dev/v1alpha1", resources, []metav1.APIResource{ - { - Name: "credentialissuerconfigs", - SingularName: "credentialissuerconfig", - Namespaced: true, - Kind: "CredentialIssuerConfig", - Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, - ShortNames: []string{"cic"}, + resourceByVersion: map[string][]metav1.APIResource{ + "crd.pinniped.dev/v1alpha1": { + { + Name: "credentialissuerconfigs", + SingularName: "credentialissuerconfig", + Namespaced: true, + Kind: "CredentialIssuerConfig", + Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, + ShortNames: []string{"cic"}, + }, + }, }, - }) - }) -} - -func expectResources(t *testing.T, groupVersion string, resources []*metav1.APIResourceList, expected []metav1.APIResource) { - var actualResourceList *metav1.APIResourceList - for _, resource := range resources { - if resource.GroupVersion == groupVersion { - actualResourceList = resource.DeepCopy() - } + }, + { + group: metav1.APIGroup{ + Name: "idp.pinniped.dev", + Versions: []metav1.GroupVersionForDiscovery{ + { + GroupVersion: "idp.pinniped.dev/v1alpha1", + Version: "v1alpha1", + }, + }, + PreferredVersion: metav1.GroupVersionForDiscovery{ + GroupVersion: "idp.pinniped.dev/v1alpha1", + Version: "v1alpha1", + }, + }, + resourceByVersion: map[string][]metav1.APIResource{ + "idp.pinniped.dev/v1alpha1": { + { + Name: "webhookidentityproviders", + SingularName: "webhookidentityprovider", + Namespaced: true, + Kind: "WebhookIdentityProvider", + Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, + ShortNames: []string{"webhookidp", "webhookidps"}, + Categories: []string{"all", "idp", "idps"}, + }, + }, + }, + }, } - require.NotNilf(t, actualResourceList, "could not find groupVersion %s", groupVersion) - // Because its hard to predict the storage version hash (e.g. "t/+v41y+3e4="), we just don't - // worry about comparing that field. - for i := range actualResourceList.APIResources { - actualResourceList.APIResources[i].StorageVersionHash = "" + for _, tt := range tests { + tt := tt + t.Run(tt.group.Name, func(t *testing.T) { + require.Contains(t, groups, &tt.group) + + for groupVersion, expectedResources := range tt.resourceByVersion { + // Find the actual resource list and make a copy. + var actualResourceList *metav1.APIResourceList + for _, resource := range resources { + if resource.GroupVersion == groupVersion { + actualResourceList = resource.DeepCopy() + } + } + require.NotNilf(t, actualResourceList, "could not find groupVersion %s", groupVersion) + + // Because its hard to predict the storage version hash (e.g. "t/+v41y+3e4="), we just don't + // worry about comparing that field. + for i := range actualResourceList.APIResources { + actualResourceList.APIResources[i].StorageVersionHash = "" + } + require.EqualValues(t, expectedResources, actualResourceList.APIResources, "unexpected API resources") + } + }) } - require.EqualValues(t, expected, actualResourceList.APIResources, "unexpected API resources") } From fc220d5f79f5b9b0adbc3265b5f863809f15fb5f Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 14 Sep 2020 13:41:21 -0500 Subject: [PATCH 04/14] Remove kubectl dry-run verify for now. The dry-run fails now because we are trying to install a CRD and a custom resource (of that CRD type) in the same step. Signed-off-by: Matt Moyer --- hack/prepare-for-integration-tests.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/hack/prepare-for-integration-tests.sh b/hack/prepare-for-integration-tests.sh index d68fb6eb..b4e06249 100755 --- a/hack/prepare-for-integration-tests.sh +++ b/hack/prepare-for-integration-tests.sh @@ -189,7 +189,6 @@ ytt --file . \ --data-value "webhook_ca_bundle=$webhook_ca_bundle" \ --data-value "discovery_url=$discovery_url" >"$manifest" -kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema. kapp deploy --yes --app "$app_name" --diff-changes --file "$manifest" popd >/dev/null From 5b9f2ec9fccd9ab005058c621f7445ca8d134519 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 9 Sep 2020 13:11:16 -0500 Subject: [PATCH 05/14] Give our controller access to all our CRD types. Signed-off-by: Matt Moyer --- deploy/rbac.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index c0d5dddc..818453d8 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -47,8 +47,8 @@ rules: - apiGroups: [""] resources: [secrets] verbs: [create, get, list, patch, update, watch, delete] - - apiGroups: [crd.pinniped.dev] - resources: [credentialissuerconfigs] + - apiGroups: [crd.pinniped.dev, idp.pinniped.dev] + resources: ["*"] verbs: [create, get, list, update, watch] --- kind: RoleBinding From 2bdbac3e150167d0625c4e8b56635742f65d825b Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 9 Sep 2020 13:15:35 -0500 Subject: [PATCH 06/14] Move the ytt webhook config out into the CRD. Signed-off-by: Matt Moyer --- deploy/deployment.yaml | 3 --- deploy/webhook.yaml | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 deploy/webhook.yaml diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 28acfcde..03d56e0e 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -29,9 +29,6 @@ data: pinniped.yaml: | discovery: url: (@= data.values.discovery_url or "null" @) - webhook: - url: (@= data.values.webhook_url @) - caBundle: (@= data.values.webhook_ca_bundle @) api: servingCertificate: durationSeconds: (@= str(data.values.api_serving_certificate_duration_seconds) @) diff --git a/deploy/webhook.yaml b/deploy/webhook.yaml new file mode 100644 index 00000000..27a57def --- /dev/null +++ b/deploy/webhook.yaml @@ -0,0 +1,16 @@ +#! Copyright 2020 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +apiVersion: idp.pinniped.dev/v1alpha1 +kind: WebhookIdentityProvider +metadata: + name: #@ data.values.app_name + "-webhook" + namespace: #@ data.values.namespace + labels: + app: #@ data.values.app_name +spec: + endpoint: #@ data.values.webhook_url + tls: + certificateAuthorityData: #@ data.values.webhook_ca_bundle From 80a23bd2fdb59a274f72275fb6f004ab69c303d1 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 9 Sep 2020 13:22:26 -0500 Subject: [PATCH 07/14] Rename "Webhook" to "TokenAuthenticator" in our REST handler and callers. Signed-off-by: Matt Moyer --- internal/apiserver/apiserver.go | 4 ++-- internal/registry/credentialrequest/rest.go | 12 ++++++------ internal/server/server.go | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/internal/apiserver/apiserver.go b/internal/apiserver/apiserver.go index 8d96de53..bf411d62 100644 --- a/internal/apiserver/apiserver.go +++ b/internal/apiserver/apiserver.go @@ -57,7 +57,7 @@ type Config struct { } type ExtraConfig struct { - Webhook authenticator.Token + TokenAuthenticator authenticator.Token Issuer credentialrequest.CertIssuer StartControllersPostStartHook func(ctx context.Context) } @@ -111,7 +111,7 @@ func (c completedConfig) New() (*PinnipedServer, error) { NegotiatedSerializer: Codecs, } - credentialRequestStorage := credentialrequest.NewREST(c.ExtraConfig.Webhook, c.ExtraConfig.Issuer) + credentialRequestStorage := credentialrequest.NewREST(c.ExtraConfig.TokenAuthenticator, c.ExtraConfig.Issuer) v1alpha1Storage, ok := apiGroupInfo.VersionedResourcesStorageMap[gvr.Version] if !ok { diff --git a/internal/registry/credentialrequest/rest.go b/internal/registry/credentialrequest/rest.go index 6c12a6bf..626f3948 100644 --- a/internal/registry/credentialrequest/rest.go +++ b/internal/registry/credentialrequest/rest.go @@ -37,16 +37,16 @@ type CertIssuer interface { IssuePEM(subject pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error) } -func NewREST(webhook authenticator.Token, issuer CertIssuer) *REST { +func NewREST(tokenAuthenticator authenticator.Token, issuer CertIssuer) *REST { return &REST{ - webhook: webhook, - issuer: issuer, + tokenAuthenticator: tokenAuthenticator, + issuer: issuer, } } type REST struct { - webhook authenticator.Token - issuer CertIssuer + tokenAuthenticator authenticator.Token + issuer CertIssuer } func (r *REST) New() runtime.Object { @@ -78,7 +78,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation } }() - authResponse, authenticated, err := r.webhook.AuthenticateToken(cancelCtx, credentialRequest.Spec.Token.Value) + authResponse, authenticated, err := r.tokenAuthenticator.AuthenticateToken(cancelCtx, credentialRequest.Spec.Token.Value) if err != nil { traceFailureWithError(t, "webhook authentication", err) return failureResponse(), nil diff --git a/internal/server/server.go b/internal/server/server.go index 1dcdb808..774c9e4e 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -14,9 +14,9 @@ import ( "github.com/spf13/cobra" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apiserver/pkg/authentication/authenticator" genericapiserver "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" - "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" "k8s.io/client-go/kubernetes" restclient "k8s.io/client-go/rest" "k8s.io/klog/v2" @@ -241,7 +241,7 @@ func getClusterCASigner(ctx context.Context, serverInstallationNamespace string) // Create a configuration for the aggregated API server. func getAggregatedAPIServerConfig( dynamicCertProvider provider.DynamicTLSServingCertProvider, - webhookTokenAuthenticator *webhook.WebhookTokenAuthenticator, + tokenAuthenticator authenticator.Token, ca credentialrequest.CertIssuer, startControllersPostStartHook func(context.Context), ) (*apiserver.Config, error) { @@ -270,7 +270,7 @@ func getAggregatedAPIServerConfig( apiServerConfig := &apiserver.Config{ GenericConfig: serverConfig, ExtraConfig: apiserver.ExtraConfig{ - Webhook: webhookTokenAuthenticator, + TokenAuthenticator: tokenAuthenticator, Issuer: ca, StartControllersPostStartHook: startControllersPostStartHook, }, From 66f4e62c6c031931b8b802b409db1e2b9b1e32e1 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Fri, 11 Sep 2020 10:34:59 -0500 Subject: [PATCH 08/14] Add internal/mocks/mocktokenauthenticator generated mocks. Signed-off-by: Matt Moyer --- .../mocks/mocktokenauthenticator/generate.go | 8 +++ .../mocktokenauthenticator.go | 55 +++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 internal/mocks/mocktokenauthenticator/generate.go create mode 100644 internal/mocks/mocktokenauthenticator/mocktokenauthenticator.go diff --git a/internal/mocks/mocktokenauthenticator/generate.go b/internal/mocks/mocktokenauthenticator/generate.go new file mode 100644 index 00000000..ab2bb834 --- /dev/null +++ b/internal/mocks/mocktokenauthenticator/generate.go @@ -0,0 +1,8 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package mocktokenauthenticator + +//go:generate go run -v github.com/golang/mock/mockgen -destination=mocktokenauthenticator.go -package=mocktokenauthenticator -copyright_file=../../../hack/header.txt k8s.io/apiserver/pkg/authentication/authenticator Token diff --git a/internal/mocks/mocktokenauthenticator/mocktokenauthenticator.go b/internal/mocks/mocktokenauthenticator/mocktokenauthenticator.go new file mode 100644 index 00000000..f08d4abf --- /dev/null +++ b/internal/mocks/mocktokenauthenticator/mocktokenauthenticator.go @@ -0,0 +1,55 @@ +// Copyright 2020 VMware, Inc. +// SPDX-License-Identifier: Apache-2.0 +// + +// Code generated by MockGen. DO NOT EDIT. +// Source: k8s.io/apiserver/pkg/authentication/authenticator (interfaces: Token) + +// Package mocktokenauthenticator is a generated GoMock package. +package mocktokenauthenticator + +import ( + context "context" + gomock "github.com/golang/mock/gomock" + authenticator "k8s.io/apiserver/pkg/authentication/authenticator" + reflect "reflect" +) + +// MockToken is a mock of Token interface +type MockToken struct { + ctrl *gomock.Controller + recorder *MockTokenMockRecorder +} + +// MockTokenMockRecorder is the mock recorder for MockToken +type MockTokenMockRecorder struct { + mock *MockToken +} + +// NewMockToken creates a new mock instance +func NewMockToken(ctrl *gomock.Controller) *MockToken { + mock := &MockToken{ctrl: ctrl} + mock.recorder = &MockTokenMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use +func (m *MockToken) EXPECT() *MockTokenMockRecorder { + return m.recorder +} + +// AuthenticateToken mocks base method +func (m *MockToken) AuthenticateToken(arg0 context.Context, arg1 string) (*authenticator.Response, bool, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "AuthenticateToken", arg0, arg1) + ret0, _ := ret[0].(*authenticator.Response) + ret1, _ := ret[1].(bool) + ret2, _ := ret[2].(error) + return ret0, ret1, ret2 +} + +// AuthenticateToken indicates an expected call of AuthenticateToken +func (mr *MockTokenMockRecorder) AuthenticateToken(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthenticateToken", reflect.TypeOf((*MockToken)(nil).AuthenticateToken), arg0, arg1) +} From 6506a82b197d7b7dba88766af4842dd293d1f1c2 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 14 Sep 2020 09:36:06 -0500 Subject: [PATCH 09/14] Add a cache of active IDPs, which implements authenticator.Token. Signed-off-by: Matt Moyer --- .../identityprovider/idpcache/cache.go | 77 +++++++++++++ .../identityprovider/idpcache/cache_test.go | 101 ++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 internal/controller/identityprovider/idpcache/cache.go create mode 100644 internal/controller/identityprovider/idpcache/cache_test.go diff --git a/internal/controller/identityprovider/idpcache/cache.go b/internal/controller/identityprovider/idpcache/cache.go new file mode 100644 index 00000000..0fddc211 --- /dev/null +++ b/internal/controller/identityprovider/idpcache/cache.go @@ -0,0 +1,77 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Package idpcache implements a cache of active identity providers. +package idpcache + +import ( + "context" + "fmt" + "sync" + + "k8s.io/apiserver/pkg/authentication/authenticator" + + "github.com/suzerain-io/pinniped/internal/controllerlib" +) + +var ( + // ErrNoIDPs is returned by Cache.AuthenticateToken() when there are no IDPs configured. + ErrNoIDPs = fmt.Errorf("no identity providers are loaded") + + // ErrIndeterminateIDP is returned by Cache.AuthenticateToken() when the correct IDP cannot be determined. + ErrIndeterminateIDP = fmt.Errorf("could not uniquely match against an identity provider") +) + +// Cache implements the authenticator.Token interface by multiplexing across a dynamic set of identity providers +// loaded from IDP resources. +type Cache struct { + cache sync.Map +} + +// New returns an empty cache. +func New() *Cache { + return &Cache{} +} + +// Store an identity provider into the cache. +func (c *Cache) Store(key controllerlib.Key, value authenticator.Token) { + c.cache.Store(key, value) +} + +// Delete an identity provider from the cache. +func (c *Cache) Delete(key controllerlib.Key) { + c.cache.Delete(key) +} + +// Keys currently stored in the cache. +func (c *Cache) Keys() []controllerlib.Key { + var result []controllerlib.Key + c.cache.Range(func(key, _ interface{}) bool { + result = append(result, key.(controllerlib.Key)) + return true + }) + return result +} + +// AuthenticateToken validates the provided token against the currently loaded identity providers. +func (c *Cache) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) { + var matchingIDPs []authenticator.Token + c.cache.Range(func(key, value interface{}) bool { + matchingIDPs = append(matchingIDPs, value.(authenticator.Token)) + return true + }) + + // Return an error if there are no known IDPs. + if len(matchingIDPs) == 0 { + return nil, false, ErrNoIDPs + } + + // For now, allow there to be only exactly one IDP (until we specify a good mechanism for selecting one). + if len(matchingIDPs) != 1 { + return nil, false, ErrIndeterminateIDP + } + + return matchingIDPs[0].AuthenticateToken(ctx, token) +} diff --git a/internal/controller/identityprovider/idpcache/cache_test.go b/internal/controller/identityprovider/idpcache/cache_test.go new file mode 100644 index 00000000..48b971b3 --- /dev/null +++ b/internal/controller/identityprovider/idpcache/cache_test.go @@ -0,0 +1,101 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package idpcache + +import ( + "context" + "testing" + + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/require" + "k8s.io/apiserver/pkg/authentication/authenticator" + "k8s.io/apiserver/pkg/authentication/user" + + "github.com/suzerain-io/pinniped/internal/controllerlib" + "github.com/suzerain-io/pinniped/internal/mocks/mocktokenauthenticator" +) + +func TestCache(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + tests := []struct { + name string + mockAuthenticators map[controllerlib.Key]func(*mocktokenauthenticator.MockToken) + wantResponse *authenticator.Response + wantAuthenticated bool + wantErr string + }{ + { + name: "no IDPs", + wantErr: "no identity providers are loaded", + }, + { + name: "multiple IDPs", + mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){ + controllerlib.Key{Namespace: "foo", Name: "idp-one"}: nil, + controllerlib.Key{Namespace: "foo", Name: "idp-two"}: nil, + }, + wantErr: "could not uniquely match against an identity provider", + }, + { + name: "success", + mockAuthenticators: map[controllerlib.Key]func(mockToken *mocktokenauthenticator.MockToken){ + controllerlib.Key{ + Namespace: "foo", + Name: "idp-one", + }: func(mockToken *mocktokenauthenticator.MockToken) { + mockToken.EXPECT().AuthenticateToken(ctx, "test-token").Return( + &authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}}, + true, + nil, + ) + }, + }, + wantResponse: &authenticator.Response{User: &user.DefaultInfo{Name: "test-user"}}, + wantAuthenticated: true, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + cache := New() + require.NotNil(t, cache) + require.Implements(t, (*authenticator.Token)(nil), cache) + + for key, mockFunc := range tt.mockAuthenticators { + mockToken := mocktokenauthenticator.NewMockToken(ctrl) + if mockFunc != nil { + mockFunc(mockToken) + } + cache.Store(key, mockToken) + } + + require.Equal(t, len(tt.mockAuthenticators), len(cache.Keys())) + + resp, authenticated, err := cache.AuthenticateToken(ctx, "test-token") + require.Equal(t, tt.wantResponse, resp) + require.Equal(t, tt.wantAuthenticated, authenticated) + if tt.wantErr != "" { + require.EqualError(t, err, tt.wantErr) + return + } + require.NoError(t, err) + + for _, key := range cache.Keys() { + cache.Delete(key) + } + require.Zero(t, len(cache.Keys())) + }) + } +} From acfc5acfb2757be3454fe07d72279be91a520ddb Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 14 Sep 2020 10:41:36 -0500 Subject: [PATCH 10/14] Add a controller to fill the idpcache.Cache from WebhookIdentityProvider objects. Signed-off-by: Matt Moyer --- .../webhookcachefiller/webhookcachefiller.go | 127 +++++++++++++ .../webhookcachefiller_test.go | 174 ++++++++++++++++++ 2 files changed, 301 insertions(+) create mode 100644 internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go create mode 100644 internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go diff --git a/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go new file mode 100644 index 00000000..6b67d940 --- /dev/null +++ b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go @@ -0,0 +1,127 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Package webhookcachefiller implements a controller for filling an idpcache.Cache with each added/updated WebhookIdentityProvider. +package webhookcachefiller + +import ( + "encoding/base64" + "fmt" + "io/ioutil" + "os" + + "github.com/go-logr/logr" + k8sauthv1beta1 "k8s.io/api/authentication/v1beta1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/util/net" + "k8s.io/apiserver/pkg/authentication/authenticator" + "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + "k8s.io/klog/v2" + + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + idpinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/idp/v1alpha1" + pinnipedcontroller "github.com/suzerain-io/pinniped/internal/controller" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/idpcache" + "github.com/suzerain-io/pinniped/internal/controllerlib" +) + +// New instantiates a new controllerlib.Controller which will populate the provided idpcache.Cache. +func New(cache *idpcache.Cache, webhookIDPs idpinformers.WebhookIdentityProviderInformer, log logr.Logger) controllerlib.Controller { + return controllerlib.New( + controllerlib.Config{ + Name: "webhookcachefiller-controller", + Syncer: &controller{ + cache: cache, + webhookIDPs: webhookIDPs, + log: log.WithName("webhookcachefiller-controller"), + }, + }, + controllerlib.WithInformer( + webhookIDPs, + pinnipedcontroller.NoOpFilter(), + controllerlib.InformerOption{}, + ), + ) +} + +type controller struct { + cache *idpcache.Cache + webhookIDPs idpinformers.WebhookIdentityProviderInformer + log logr.Logger +} + +// Sync implements controllerlib.Syncer. +func (c *controller) Sync(ctx controllerlib.Context) error { + obj, err := c.webhookIDPs.Lister().WebhookIdentityProviders(ctx.Key.Namespace).Get(ctx.Key.Name) + if err != nil && errors.IsNotFound(err) { + c.log.Info("Sync() found that the WebhookIdentityProvider does not exist yet or was deleted") + return nil + } + if err != nil { + return fmt.Errorf("failed to get WebhookIdentityProvider %s/%s: %w", ctx.Key.Namespace, ctx.Key.Name, err) + } + + webhookAuthenticator, err := newWebhookAuthenticator(&obj.Spec, ioutil.TempFile, clientcmd.WriteToFile) + if err != nil { + return fmt.Errorf("failed to build webhook config: %w", err) + } + + c.cache.Store(ctx.Key, webhookAuthenticator) + c.log.WithValues("idp", klog.KObj(obj), "endpoint", obj.Spec.Endpoint).Info("added new webhook IDP") + return nil +} + +// newWebhookAuthenticator creates a webhook from the provided API server url and caBundle +// used to validate TLS connections. +func newWebhookAuthenticator( + spec *idpv1alpha1.WebhookIdentityProviderSpec, + tempfileFunc func(string, string) (*os.File, error), + marshalFunc func(clientcmdapi.Config, string) error, +) (*webhook.WebhookTokenAuthenticator, error) { + temp, err := tempfileFunc("", "pinniped-webhook-kubeconfig-*") + if err != nil { + return nil, fmt.Errorf("unable to create temporary file: %w", err) + } + defer func() { _ = os.Remove(temp.Name()) }() + + cluster := &clientcmdapi.Cluster{Server: spec.Endpoint} + cluster.CertificateAuthorityData, err = getCABundle(spec.TLS) + if err != nil { + return nil, fmt.Errorf("invalid TLS configuration: %w", err) + } + + kubeconfig := clientcmdapi.NewConfig() + kubeconfig.Clusters["anonymous-cluster"] = cluster + kubeconfig.Contexts["anonymous"] = &clientcmdapi.Context{Cluster: "anonymous-cluster"} + kubeconfig.CurrentContext = "anonymous" + + if err := marshalFunc(*kubeconfig, temp.Name()); err != nil { + return nil, fmt.Errorf("unable to marshal kubeconfig: %w", err) + } + + // We use v1beta1 instead of v1 since v1beta1 is more prevalent in our desired + // integration points. + version := k8sauthv1beta1.SchemeGroupVersion.Version + + // At the current time, we don't provide any audiences because we simply don't + // have any requirements to do so. This can be changed in the future as + // requirements change. + var implicitAuds authenticator.Audiences + + // We set this to nil because we would only need this to support some of the + // custom proxy stuff used by the API server. + var customDial net.DialFunc + + return webhook.New(temp.Name(), version, implicitAuds, customDial) +} + +func getCABundle(spec *idpv1alpha1.TLSSpec) ([]byte, error) { + if spec == nil { + return nil, nil + } + return base64.RawStdEncoding.DecodeString(spec.CertificateAuthorityData) +} diff --git a/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go new file mode 100644 index 00000000..c2d9fc17 --- /dev/null +++ b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go @@ -0,0 +1,174 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package webhookcachefiller + +import ( + "context" + "encoding/base64" + "fmt" + "io/ioutil" + "net/http" + "os" + "testing" + "time" + + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + pinnipedfake "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/fake" + pinnipedinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/idpcache" + "github.com/suzerain-io/pinniped/internal/controllerlib" + "github.com/suzerain-io/pinniped/internal/testutil" + "github.com/suzerain-io/pinniped/internal/testutil/testlogger" +) + +func TestController(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + syncKey controllerlib.Key + webhookIDPs []runtime.Object + wantErr string + wantLogs []string + wantCacheEntries int + }{ + { + name: "not found", + syncKey: controllerlib.Key{Namespace: "test-namespace", Name: "test-name"}, + wantLogs: []string{ + `webhookcachefiller-controller "level"=0 "msg"="Sync() found that the WebhookIdentityProvider does not exist yet or was deleted"`, + }, + }, + { + name: "invalid webhook", + syncKey: controllerlib.Key{Namespace: "test-namespace", Name: "test-name"}, + webhookIDPs: []runtime.Object{ + &idpv1alpha1.WebhookIdentityProvider{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test-namespace", + Name: "test-name", + }, + Spec: idpv1alpha1.WebhookIdentityProviderSpec{ + Endpoint: "invalid url", + }, + }, + }, + wantErr: `failed to build webhook config: parse "http://invalid url": invalid character " " in host name`, + }, + { + name: "valid webhook", + syncKey: controllerlib.Key{Namespace: "test-namespace", Name: "test-name"}, + webhookIDPs: []runtime.Object{ + &idpv1alpha1.WebhookIdentityProvider{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test-namespace", + Name: "test-name", + }, + Spec: idpv1alpha1.WebhookIdentityProviderSpec{ + Endpoint: "https://example.com", + TLS: &idpv1alpha1.TLSSpec{CertificateAuthorityData: ""}, + }, + }, + }, + wantLogs: []string{ + `webhookcachefiller-controller "level"=0 "msg"="added new webhook IDP" "endpoint"="https://example.com" "idp"={"name":"test-name","namespace":"test-namespace"}`, + }, + wantCacheEntries: 1, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + fakeClient := pinnipedfake.NewSimpleClientset(tt.webhookIDPs...) + informers := pinnipedinformers.NewSharedInformerFactory(fakeClient, 0) + cache := idpcache.New() + testLog := testlogger.New(t) + + controller := New(cache, informers.IDP().V1alpha1().WebhookIdentityProviders(), testLog) + + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) + defer cancel() + + informers.Start(ctx.Done()) + controllerlib.TestRunSynchronously(t, controller) + + syncCtx := controllerlib.Context{Context: ctx, Key: tt.syncKey} + + if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" { + require.EqualError(t, err, tt.wantErr) + } else { + require.NoError(t, err) + } + require.Equal(t, tt.wantLogs, testLog.Lines()) + require.Equal(t, tt.wantCacheEntries, len(cache.Keys())) + }) + } +} + +func TestNewWebhookAuthenticator(t *testing.T) { + t.Run("temp file failure", func(t *testing.T) { + brokenTempFile := func(_ string, _ string) (*os.File, error) { return nil, fmt.Errorf("some temp file error") } + res, err := newWebhookAuthenticator(nil, brokenTempFile, clientcmd.WriteToFile) + require.Nil(t, res) + require.EqualError(t, err, "unable to create temporary file: some temp file error") + }) + + t.Run("marshal failure", func(t *testing.T) { + marshalError := func(_ clientcmdapi.Config, _ string) error { return fmt.Errorf("some marshal error") } + res, err := newWebhookAuthenticator(&idpv1alpha1.WebhookIdentityProviderSpec{}, ioutil.TempFile, marshalError) + require.Nil(t, res) + require.EqualError(t, err, "unable to marshal kubeconfig: some marshal error") + }) + + t.Run("invalid base64", func(t *testing.T) { + res, err := newWebhookAuthenticator(&idpv1alpha1.WebhookIdentityProviderSpec{ + Endpoint: "https://example.com", + TLS: &idpv1alpha1.TLSSpec{CertificateAuthorityData: "invalid-base64"}, + }, ioutil.TempFile, clientcmd.WriteToFile) + require.Nil(t, res) + require.EqualError(t, err, "invalid TLS configuration: illegal base64 data at input byte 7") + }) + + t.Run("valid config with no TLS spec", func(t *testing.T) { + res, err := newWebhookAuthenticator(&idpv1alpha1.WebhookIdentityProviderSpec{ + Endpoint: "https://example.com", + }, ioutil.TempFile, clientcmd.WriteToFile) + require.NotNil(t, res) + require.NoError(t, err) + }) + + t.Run("success", func(t *testing.T) { + caBundle, url := testutil.TLSTestServer(t, func(w http.ResponseWriter, r *http.Request) { + body, err := ioutil.ReadAll(r.Body) + require.NoError(t, err) + require.Contains(t, string(body), "test-token") + _, err = w.Write([]byte(`{}`)) + require.NoError(t, err) + }) + spec := &idpv1alpha1.WebhookIdentityProviderSpec{ + Endpoint: url, + TLS: &idpv1alpha1.TLSSpec{ + CertificateAuthorityData: base64.RawStdEncoding.EncodeToString([]byte(caBundle)), + }, + } + res, err := newWebhookAuthenticator(spec, ioutil.TempFile, clientcmd.WriteToFile) + require.NoError(t, err) + require.NotNil(t, res) + + resp, authenticated, err := res.AuthenticateToken(context.Background(), "test-token") + require.NoError(t, err) + require.Nil(t, resp) + require.False(t, authenticated) + }) +} From 75ea0f48d9148352577b7bdfdb55cd4c946b26eb Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 14 Sep 2020 10:42:42 -0500 Subject: [PATCH 11/14] Add a controller to clean up stale entries in the idpcache.Cache. Signed-off-by: Matt Moyer --- .../webhookcachecleaner.go | 70 ++++++++++ .../webhookcachecleaner_test.go | 128 ++++++++++++++++++ 2 files changed, 198 insertions(+) create mode 100644 internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner.go create mode 100644 internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner_test.go diff --git a/internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner.go b/internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner.go new file mode 100644 index 00000000..dd14de88 --- /dev/null +++ b/internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner.go @@ -0,0 +1,70 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +// Package webhookcachecleaner implements a controller for garbage collectting webhook IDPs from an IDP cache. +package webhookcachecleaner + +import ( + "fmt" + + "github.com/go-logr/logr" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/klog/v2" + + idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + idpinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/idp/v1alpha1" + pinnipedcontroller "github.com/suzerain-io/pinniped/internal/controller" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/idpcache" + "github.com/suzerain-io/pinniped/internal/controllerlib" +) + +// New instantiates a new controllerlib.Controller which will garbage collect webhooks from the provided Cache. +func New(cache *idpcache.Cache, webhookIDPs idpinformers.WebhookIdentityProviderInformer, log logr.Logger) controllerlib.Controller { + return controllerlib.New( + controllerlib.Config{ + Name: "webhookcachecleaner-controller", + Syncer: &controller{ + cache: cache, + webhookIDPs: webhookIDPs, + log: log.WithName("webhookcachecleaner-controller"), + }, + }, + controllerlib.WithInformer( + webhookIDPs, + pinnipedcontroller.NoOpFilter(), + controllerlib.InformerOption{}, + ), + ) +} + +type controller struct { + cache *idpcache.Cache + webhookIDPs idpinformers.WebhookIdentityProviderInformer + log logr.Logger +} + +// Sync implements controllerlib.Syncer. +func (c *controller) Sync(ctx controllerlib.Context) error { + webhooks, err := c.webhookIDPs.Lister().List(labels.Everything()) + if err != nil { + return fmt.Errorf("failed to list WebhookIdentityProviders: %w", err) + } + + // Index the current webhooks by key. + webhooksByKey := map[controllerlib.Key]*idpv1alpha1.WebhookIdentityProvider{} + for _, webhook := range webhooks { + key := controllerlib.Key{Namespace: webhook.Namespace, Name: webhook.Name} + webhooksByKey[key] = webhook + } + + // Delete any entries from the cache which are no longer in the cluster. + for _, key := range c.cache.Keys() { + if _, exists := webhooksByKey[key]; !exists { + c.log.WithValues("idp", klog.KRef(key.Namespace, key.Name)).Info("deleting webhook IDP from cache") + c.cache.Delete(key) + } + } + return nil +} diff --git a/internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner_test.go b/internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner_test.go new file mode 100644 index 00000000..56a29bc6 --- /dev/null +++ b/internal/controller/identityprovider/webhookcachecleaner/webhookcachecleaner_test.go @@ -0,0 +1,128 @@ +/* +Copyright 2020 VMware, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package webhookcachecleaner + +import ( + "context" + "testing" + "time" + + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apiserver/pkg/authentication/authenticator" + + idpv1alpha "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + pinnipedfake "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/fake" + pinnipedinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/idpcache" + "github.com/suzerain-io/pinniped/internal/controllerlib" + "github.com/suzerain-io/pinniped/internal/testutil/testlogger" +) + +func TestController(t *testing.T) { + t.Parallel() + + testKey1 := controllerlib.Key{Namespace: "test-namespace", Name: "test-name-one"} + testKey2 := controllerlib.Key{Namespace: "test-namespace", Name: "test-name-two"} + + tests := []struct { + name string + syncKey controllerlib.Key + webhookIDPs []runtime.Object + initialCache map[controllerlib.Key]authenticator.Token + wantErr string + wantLogs []string + wantCacheKeys []controllerlib.Key + }{ + { + name: "no change", + syncKey: testKey1, + initialCache: map[controllerlib.Key]authenticator.Token{testKey1: nil}, + webhookIDPs: []runtime.Object{ + &idpv1alpha.WebhookIdentityProvider{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testKey1.Namespace, + Name: testKey1.Name, + }, + }, + }, + wantCacheKeys: []controllerlib.Key{testKey1}, + }, + { + name: "IDPs not yet added", + syncKey: testKey1, + initialCache: nil, + webhookIDPs: []runtime.Object{ + &idpv1alpha.WebhookIdentityProvider{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testKey1.Namespace, + Name: testKey1.Name, + }, + }, + &idpv1alpha.WebhookIdentityProvider{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testKey2.Namespace, + Name: testKey2.Name, + }, + }, + }, + wantCacheKeys: []controllerlib.Key{}, + }, + { + name: "successful cleanup", + syncKey: testKey1, + initialCache: map[controllerlib.Key]authenticator.Token{ + testKey1: nil, + testKey2: nil, + }, + webhookIDPs: []runtime.Object{ + &idpv1alpha.WebhookIdentityProvider{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testKey1.Namespace, + Name: testKey1.Name, + }, + }, + }, + wantLogs: []string{ + `webhookcachecleaner-controller "level"=0 "msg"="deleting webhook IDP from cache" "idp"={"name":"test-name-two","namespace":"test-namespace"}`, + }, + wantCacheKeys: []controllerlib.Key{testKey1}, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + fakeClient := pinnipedfake.NewSimpleClientset(tt.webhookIDPs...) + informers := pinnipedinformers.NewSharedInformerFactory(fakeClient, 0) + cache := idpcache.New() + for k, v := range tt.initialCache { + cache.Store(k, v) + } + testLog := testlogger.New(t) + + controller := New(cache, informers.IDP().V1alpha1().WebhookIdentityProviders(), testLog) + + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) + defer cancel() + + informers.Start(ctx.Done()) + controllerlib.TestRunSynchronously(t, controller) + + syncCtx := controllerlib.Context{Context: ctx, Key: tt.syncKey} + + if err := controllerlib.TestSync(t, controller, syncCtx); tt.wantErr != "" { + require.EqualError(t, err, tt.wantErr) + } else { + require.NoError(t, err) + } + require.Equal(t, tt.wantLogs, testLog.Lines()) + require.ElementsMatch(t, tt.wantCacheKeys, cache.Keys()) + }) + } +} From f7c9ae8ba36e9eb22f4b54bbfb5b3f424d663c28 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 14 Sep 2020 10:47:16 -0500 Subject: [PATCH 12/14] Validate tokens using the new dynamic IDP cache instead of the static config. Signed-off-by: Matt Moyer --- .../controllermanager/prepare_controllers.go | 21 +++++++++++++++++++ internal/server/server.go | 11 +++++----- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index dcb565fa..fc821886 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -14,11 +14,15 @@ import ( k8sinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" restclient "k8s.io/client-go/rest" + "k8s.io/klog/v2/klogr" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" pinnipedclientset "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" pinnipedinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions" "github.com/suzerain-io/pinniped/internal/controller/apicerts" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/idpcache" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/webhookcachecleaner" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/webhookcachefiller" "github.com/suzerain-io/pinniped/internal/controller/issuerconfig" "github.com/suzerain-io/pinniped/internal/controllerlib" "github.com/suzerain-io/pinniped/internal/provider" @@ -36,6 +40,7 @@ func PrepareControllers( dynamicCertProvider provider.DynamicTLSServingCertProvider, servingCertDuration time.Duration, servingCertRenewBefore time.Duration, + idpCache *idpcache.Cache, ) (func(ctx context.Context), error) { // Create k8s clients. k8sClient, aggregatorClient, pinnipedClient, err := createClients() @@ -104,6 +109,22 @@ func PrepareControllers( servingCertRenewBefore, ), singletonWorker, + ). + WithController( + webhookcachefiller.New( + idpCache, + installationNamespacePinnipedInformers.IDP().V1alpha1().WebhookIdentityProviders(), + klogr.New(), + ), + singletonWorker, + ). + WithController( + webhookcachecleaner.New( + idpCache, + installationNamespacePinnipedInformers.IDP().V1alpha1().WebhookIdentityProviders(), + klogr.New(), + ), + singletonWorker, ) // Return a function which starts the informers and controllers. diff --git a/internal/server/server.go b/internal/server/server.go index 774c9e4e..64faa1d2 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -26,6 +26,7 @@ import ( pinnipedclientset "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" "github.com/suzerain-io/pinniped/internal/apiserver" "github.com/suzerain-io/pinniped/internal/certauthority/kubecertauthority" + "github.com/suzerain-io/pinniped/internal/controller/identityprovider/idpcache" "github.com/suzerain-io/pinniped/internal/controller/issuerconfig" "github.com/suzerain-io/pinniped/internal/controllermanager" "github.com/suzerain-io/pinniped/internal/downward" @@ -118,11 +119,8 @@ func (a *App) runServer(ctx context.Context) error { } defer shutdownCA() - // Create a WebhookTokenAuthenticator. - webhookTokenAuthenticator, err := config.NewWebhook(cfg.WebhookConfig) - if err != nil { - return fmt.Errorf("could not create webhook client: %w", err) - } + // Initialize the cache of active identity providers. + idpCache := idpcache.New() // This cert provider will provide certs to the API server and will // be mutated by a controller to keep the certs up to date with what @@ -139,6 +137,7 @@ func (a *App) runServer(ctx context.Context) error { dynamicCertProvider, time.Duration(*cfg.APIConfig.ServingCertificateConfig.DurationSeconds)*time.Second, time.Duration(*cfg.APIConfig.ServingCertificateConfig.RenewBeforeSeconds)*time.Second, + idpCache, ) if err != nil { return fmt.Errorf("could not prepare controllers: %w", err) @@ -147,7 +146,7 @@ func (a *App) runServer(ctx context.Context) error { // Get the aggregated API server config. aggregatedAPIServerConfig, err := getAggregatedAPIServerConfig( dynamicCertProvider, - webhookTokenAuthenticator, + idpCache, k8sClusterCA, startControllersFunc, ) From 8de046a561bc6909f54e49beb37ac57ef9c065e9 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Mon, 14 Sep 2020 10:48:11 -0500 Subject: [PATCH 13/14] Remove static webhook config options. Signed-off-by: Matt Moyer --- pkg/config/api/types.go | 13 ---- pkg/config/config_test.go | 8 -- pkg/config/testdata/default.yaml | 3 - pkg/config/testdata/happy.yaml | 3 - .../invalid-duration-renew-before.yaml | 3 - .../testdata/negative-renew-before.yaml | 3 - pkg/config/testdata/zero-renew-before.yaml | 3 - pkg/config/webhook.go | 77 ------------------- pkg/config/webhook_test.go | 31 -------- 9 files changed, 144 deletions(-) delete mode 100644 pkg/config/webhook.go delete mode 100644 pkg/config/webhook_test.go diff --git a/pkg/config/api/types.go b/pkg/config/api/types.go index 81a8b1e1..1f5a80e3 100644 --- a/pkg/config/api/types.go +++ b/pkg/config/api/types.go @@ -7,23 +7,10 @@ package api // Config contains knobs to setup an instance of pinniped. type Config struct { - WebhookConfig WebhookConfigSpec `json:"webhook"` DiscoveryInfo DiscoveryInfoSpec `json:"discovery"` APIConfig APIConfigSpec `json:"api"` } -// WebhookConfig contains configuration knobs specific to pinniped's use -// of a webhook for token validation. -type WebhookConfigSpec struct { - // URL contains the URL of the webhook that pinniped will use - // to validate external credentials. - URL string `json:"url"` - - // CABundle contains PEM-encoded certificate authority certificates used - // to validate TLS connections to the WebhookURL. - CABundle []byte `json:"caBundle"` -} - // DiscoveryInfoSpec contains configuration knobs specific to // pinniped's publishing of discovery information. These values can be // viewed as overrides, i.e., if these are set, then pinniped will diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index e22a1255..e188910d 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -27,10 +27,6 @@ func TestFromPath(t *testing.T) { DiscoveryInfo: api.DiscoveryInfoSpec{ URL: stringPtr("https://some.discovery/url"), }, - WebhookConfig: api.WebhookConfigSpec{ - URL: "https://tuna.com/fish?marlin", - CABundle: []byte("-----BEGIN CERTIFICATE-----..."), - }, APIConfig: api.APIConfigSpec{ ServingCertificateConfig: api.ServingCertificateConfigSpec{ DurationSeconds: int64Ptr(3600), @@ -46,10 +42,6 @@ func TestFromPath(t *testing.T) { DiscoveryInfo: api.DiscoveryInfoSpec{ URL: nil, }, - WebhookConfig: api.WebhookConfigSpec{ - URL: "https://tuna.com/fish?marlin", - CABundle: []byte("-----BEGIN CERTIFICATE-----..."), - }, APIConfig: api.APIConfigSpec{ ServingCertificateConfig: api.ServingCertificateConfigSpec{ DurationSeconds: int64Ptr(60 * 60 * 24 * 365), // about a year diff --git a/pkg/config/testdata/default.yaml b/pkg/config/testdata/default.yaml index 234d9de8..ed97d539 100644 --- a/pkg/config/testdata/default.yaml +++ b/pkg/config/testdata/default.yaml @@ -1,4 +1 @@ --- -webhook: - url: https://tuna.com/fish?marlin - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u diff --git a/pkg/config/testdata/happy.yaml b/pkg/config/testdata/happy.yaml index f769cb83..3ed3c18a 100644 --- a/pkg/config/testdata/happy.yaml +++ b/pkg/config/testdata/happy.yaml @@ -1,9 +1,6 @@ --- discovery: url: https://some.discovery/url -webhook: - url: https://tuna.com/fish?marlin - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u api: servingCertificate: durationSeconds: 3600 diff --git a/pkg/config/testdata/invalid-duration-renew-before.yaml b/pkg/config/testdata/invalid-duration-renew-before.yaml index 83d1eaa6..0c2ac255 100644 --- a/pkg/config/testdata/invalid-duration-renew-before.yaml +++ b/pkg/config/testdata/invalid-duration-renew-before.yaml @@ -1,7 +1,4 @@ --- -webhook: - url: https://tuna.com/fish?marlin - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u api: servingCertificate: durationSeconds: 2400 diff --git a/pkg/config/testdata/negative-renew-before.yaml b/pkg/config/testdata/negative-renew-before.yaml index 97481414..bcc483d6 100644 --- a/pkg/config/testdata/negative-renew-before.yaml +++ b/pkg/config/testdata/negative-renew-before.yaml @@ -1,7 +1,4 @@ --- -webhook: - url: https://tuna.com/fish?marlin - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u api: servingCertificate: durationSeconds: 2400 diff --git a/pkg/config/testdata/zero-renew-before.yaml b/pkg/config/testdata/zero-renew-before.yaml index 97481414..bcc483d6 100644 --- a/pkg/config/testdata/zero-renew-before.yaml +++ b/pkg/config/testdata/zero-renew-before.yaml @@ -1,7 +1,4 @@ --- -webhook: - url: https://tuna.com/fish?marlin - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tLi4u api: servingCertificate: durationSeconds: 2400 diff --git a/pkg/config/webhook.go b/pkg/config/webhook.go deleted file mode 100644 index b359b25a..00000000 --- a/pkg/config/webhook.go +++ /dev/null @@ -1,77 +0,0 @@ -/* -Copyright 2020 VMware, Inc. -SPDX-License-Identifier: Apache-2.0 -*/ - -package config - -import ( - "fmt" - "io" - "io/ioutil" - "os" - - authenticationv1beta1 "k8s.io/api/authentication/v1beta1" - utilnet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apiserver/pkg/authentication/authenticator" - "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" - "k8s.io/client-go/tools/clientcmd" - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - - "github.com/suzerain-io/pinniped/pkg/config/api" -) - -// NewWebhook creates a webhook from the provided API server url and caBundle -// used to validate TLS connections. -func NewWebhook(spec api.WebhookConfigSpec) (*webhook.WebhookTokenAuthenticator, error) { - kubeconfig, err := ioutil.TempFile("", "pinniped-webhook-kubeconfig-*") - if err != nil { - return nil, fmt.Errorf("create temp file: %w", err) - } - defer os.Remove(kubeconfig.Name()) - - if err := anonymousKubeconfig(spec.URL, spec.CABundle, kubeconfig); err != nil { - return nil, fmt.Errorf("anonymous kubeconfig: %w", err) - } - - // We use v1beta1 instead of v1 since v1beta1 is more prevalent in our desired - // integration points. - version := authenticationv1beta1.SchemeGroupVersion.Version - - // At the current time, we don't provide any audiences because we simply don't - // have any requirements to do so. This can be changed in the future as - // requirements change. - var implicitAuds authenticator.Audiences - - // We set this to nil because we would only need this to support some of the - // custom proxy stuff used by the API server. - var customDial utilnet.DialFunc - - return webhook.New(kubeconfig.Name(), version, implicitAuds, customDial) -} - -// anonymousKubeconfig writes a kubeconfig file to the provided io.Writer that -// will "use" anonymous auth to talk to a Kube API server at the provided url -// with the provided caBundle. -func anonymousKubeconfig(url string, caBundle []byte, out io.Writer) error { - config := clientcmdapi.NewConfig() - config.Clusters["anonymous-cluster"] = &clientcmdapi.Cluster{ - Server: url, - CertificateAuthorityData: caBundle, - } - config.Contexts["anonymous"] = &clientcmdapi.Context{ - Cluster: "anonymous-cluster", - } - config.CurrentContext = "anonymous" - - data, err := clientcmd.Write(*config) - if err != nil { - return fmt.Errorf("marshal config: %w", err) - } - - if _, err := out.Write(data); err != nil { - return fmt.Errorf("write config: %w", err) - } - - return nil -} diff --git a/pkg/config/webhook_test.go b/pkg/config/webhook_test.go deleted file mode 100644 index 3ba33cda..00000000 --- a/pkg/config/webhook_test.go +++ /dev/null @@ -1,31 +0,0 @@ -/* -Copyright 2020 VMware, Inc. -SPDX-License-Identifier: Apache-2.0 -*/ - -package config - -import ( - "io/ioutil" - "os" - "testing" - - "github.com/stretchr/testify/require" - "k8s.io/client-go/tools/clientcmd" -) - -func TestAnonymousKubeconfig(t *testing.T) { - expect := require.New(t) - - f, err := ioutil.TempFile("", "pinniped-anonymous-kubeconfig-test-*") - expect.NoError(err) - defer os.Remove(f.Name()) - - err = anonymousKubeconfig("https://tuna.com", []byte("ca bundle"), f) - expect.NoError(err) - - config, err := clientcmd.BuildConfigFromFlags("", f.Name()) - expect.NoError(err) - - expect.Equal("https://tuna.com", config.Host) -} From b39160e4c400a79fa4fb6c20b18b48e711d65b36 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Tue, 15 Sep 2020 12:04:46 -0500 Subject: [PATCH 14/14] Add some log output to TestCredentialIssuerConfig for troubleshooting. Signed-off-by: Matt Moyer --- test/integration/credentialissuerconfig_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/integration/credentialissuerconfig_test.go b/test/integration/credentialissuerconfig_test.go index 22478d91..cacfe1dd 100644 --- a/test/integration/credentialissuerconfig_test.go +++ b/test/integration/credentialissuerconfig_test.go @@ -36,6 +36,10 @@ func TestCredentialIssuerConfig(t *testing.T) { CredentialIssuerConfigs(namespaceName). List(ctx, metav1.ListOptions{}) require.NoError(t, err) + for _, config := range actualConfigList.Items { + t.Logf("found CredentialIssuerConfig: %+v", config) + } + require.Len(t, actualConfigList.Items, 1) actualStatusKubeConfigInfo := actualConfigList.Items[0].Status.KubeConfigInfo