Updates based on code review

Signed-off-by: Margo Crawford <margaretc@vmware.com>
This commit is contained in:
Margo Crawford 2022-06-15 09:38:21 -07:00
parent c95efad180
commit c117329553
84 changed files with 1729 additions and 124 deletions

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.18/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.19/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.19/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.20/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.20/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.21/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.21/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.22/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.22/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-23-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.23/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.23/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -219,6 +219,26 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
@ -234,8 +254,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generateNewSecret`* __boolean__ | | *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
| *`revokeOldSecrets`* __boolean__ | | *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -252,8 +272,8 @@ Package clientsecret is the internal version of the Pinniped client secret API.
[cols="25a,75a", options="header"] [cols="25a,75a", options="header"]
|=== |===
| Field | Description | Field | Description
| *`generatedSecret`* __string__ | | *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
| *`totalClientSecrets`* __integer__ | | *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|=== |===
@ -265,6 +285,26 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
==== OIDCClientSecretRequest
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestlist[$$OIDCClientSecretRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"] [id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/1.24/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/1.24/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -32,6 +32,7 @@ var (
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
return nil return nil
} }

View File

@ -6,15 +6,26 @@ package clientsecret
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
type OIDCClientSecretRequestSpec struct { type OIDCClientSecretRequestSpec struct {
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
GenerateNewSecret bool `json:"generateNewSecret"` GenerateNewSecret bool `json:"generateNewSecret"`
RevokeOldSecrets bool `json:"revokeOldSecrets"`
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
// field.
RevokeOldSecrets bool `json:"revokeOldSecrets"`
} }
type OIDCClientSecretRequestStatus struct { type OIDCClientSecretRequestStatus struct {
GeneratedSecret string `json:"generatedSecret,omitempty"` // The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
TotalClientSecrets int `json:"totalClientSecrets"` // be recovered if you lose it.
GeneratedSecret string `json:"generatedSecret,omitempty"`
// The total number of client secrets associated with the OIDCClient referenced by the
// metadata.name field.
TotalClientSecrets int `json:"totalClientSecrets"`
} }
// OIDCClientSecretRequest can be used to update the client secrets associated with an
// OIDCClient.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequest struct { type OIDCClientSecretRequest struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -23,3 +34,13 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta
metav1.ListMeta
// Items is a list of OIDCClientSecretRequest
Items []OIDCClientSecretRequest
}

View File

@ -31,6 +31,7 @@ func init() {
func addKnownTypes(scheme *runtime.Scheme) error { func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion, scheme.AddKnownTypes(SchemeGroupVersion,
&OIDCClientSecretRequest{}, &OIDCClientSecretRequest{},
&OIDCClientSecretRequestList{},
) )
metav1.AddToGroupVersion(scheme, SchemeGroupVersion) metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil return nil

View File

@ -26,3 +26,11 @@ type OIDCClientSecretRequest struct {
Spec OIDCClientSecretRequestSpec `json:"spec"` Spec OIDCClientSecretRequestSpec `json:"spec"`
Status OIDCClientSecretRequestStatus `json:"status"` Status OIDCClientSecretRequestStatus `json:"status"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type OIDCClientSecretRequestList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OIDCClientSecretRequest `json:"items"`
}

View File

@ -9,6 +9,8 @@
package v1alpha1 package v1alpha1
import ( import (
unsafe "unsafe"
clientsecret "go.pinniped.dev/generated/latest/apis/supervisor/clientsecret" clientsecret "go.pinniped.dev/generated/latest/apis/supervisor/clientsecret"
conversion "k8s.io/apimachinery/pkg/conversion" conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime" runtime "k8s.io/apimachinery/pkg/runtime"
@ -31,6 +33,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil { }); err != nil {
return err return err
} }
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope) return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
}); err != nil { }); err != nil {
@ -86,6 +98,28 @@ func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRe
return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s) return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
} }
func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
}
func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error { func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
out.GenerateNewSecret = in.GenerateNewSecret out.GenerateNewSecret = in.GenerateNewSecret
out.RevokeOldSecrets = in.RevokeOldSecrets out.RevokeOldSecrets = in.RevokeOldSecrets

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -40,6 +40,39 @@ func (in *OIDCClientSecretRequest) DeepCopyObject() runtime.Object {
return nil return nil
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestList) DeepCopyInto(out *OIDCClientSecretRequestList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]OIDCClientSecretRequest, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSecretRequestList.
func (in *OIDCClientSecretRequestList) DeepCopy() *OIDCClientSecretRequestList {
if in == nil {
return nil
}
out := new(OIDCClientSecretRequestList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *OIDCClientSecretRequestList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) { func (in *OIDCClientSecretRequestSpec) DeepCopyInto(out *OIDCClientSecretRequestSpec) {
*out = *in *out = *in

View File

@ -24,6 +24,12 @@ const (
NetworkDisabled = "disabled" NetworkDisabled = "disabled"
NetworkUnix = "unix" NetworkUnix = "unix"
NetworkTCP = "tcp" NetworkTCP = "tcp"
// Use 10250 because it happens to be the same port on which the Kubelet listens, so some cluster types
// are more permissive with servers that run on this port. For example, GKE private clusters do not
// allow traffic from the control plane to most ports, but do allow traffic to port 10250. This allows
// the Concierge to work without additional configuration on these types of clusters.
aggregatedAPIServerPortDefault = 10250
) )
// FromPath loads an Config from a provided local file path, inserts any // FromPath loads an Config from a provided local file path, inserts any
@ -50,6 +56,12 @@ func FromPath(ctx context.Context, path string) (*Config, error) {
return nil, fmt.Errorf("validate apiGroupSuffix: %w", err) return nil, fmt.Errorf("validate apiGroupSuffix: %w", err)
} }
maybeSetAggregatedAPIServerPortDefaults(&config.AggregatedAPIServerPort)
if err := validateServerPort(config.AggregatedAPIServerPort); err != nil {
return nil, fmt.Errorf("validate aggregatedAPIServerPort: %w", err)
}
if err := validateNames(&config.NamesConfig); err != nil { if err := validateNames(&config.NamesConfig); err != nil {
return nil, fmt.Errorf("validate names: %w", err) return nil, fmt.Errorf("validate names: %w", err)
} }
@ -105,6 +117,12 @@ func validateAPIGroupSuffix(apiGroupSuffix string) error {
return groupsuffix.Validate(apiGroupSuffix) return groupsuffix.Validate(apiGroupSuffix)
} }
func maybeSetAggregatedAPIServerPortDefaults(port **int64) {
if *port == nil {
*port = pointer.Int64Ptr(aggregatedAPIServerPortDefault)
}
}
func validateNames(names *NamesConfigSpec) error { func validateNames(names *NamesConfigSpec) error {
missingNames := []string{} missingNames := []string{}
if names.DefaultTLSCertificateSecret == "" { if names.DefaultTLSCertificateSecret == "" {
@ -193,3 +211,11 @@ func addrIsOnlyOnLoopback(addr string) bool {
} }
return ip.IsLoopback() return ip.IsLoopback()
} }
func validateServerPort(port *int64) error {
// It cannot be below 1024 because the container is not running as root.
if *port < 1024 || *port > 65535 {
return constable.Error("must be within range 1024 to 65535")
}
return nil
}

View File

@ -43,6 +43,7 @@ func TestFromPath(t *testing.T) {
address: 127.0.0.1:1234 address: 127.0.0.1:1234
insecureAcceptExternalUnencryptedHttpRequests: false insecureAcceptExternalUnencryptedHttpRequests: false
logLevel: trace logLevel: trace
aggregatedAPIServerPort: 12345
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.StringPtr("some.suffix.com"),
@ -68,6 +69,7 @@ func TestFromPath(t *testing.T) {
Log: plog.LogSpec{ Log: plog.LogSpec{
Level: plog.LevelTrace, Level: plog.LevelTrace,
}, },
AggregatedAPIServerPort: pointer.Int64Ptr(12345),
}, },
}, },
{ {
@ -91,6 +93,7 @@ func TestFromPath(t *testing.T) {
log: log:
level: info level: info
format: text format: text
aggregatedAPIServerPort: 12345
`), `),
wantConfig: &Config{ wantConfig: &Config{
APIGroupSuffix: pointer.StringPtr("some.suffix.com"), APIGroupSuffix: pointer.StringPtr("some.suffix.com"),
@ -116,6 +119,7 @@ func TestFromPath(t *testing.T) {
Level: plog.LevelInfo, Level: plog.LevelInfo,
Format: plog.FormatText, Format: plog.FormatText,
}, },
AggregatedAPIServerPort: pointer.Int64Ptr(12345),
}, },
}, },
{ {
@ -166,6 +170,7 @@ func TestFromPath(t *testing.T) {
Level: plog.LevelTrace, Level: plog.LevelTrace,
Format: plog.FormatText, Format: plog.FormatText,
}, },
AggregatedAPIServerPort: pointer.Int64Ptr(10250),
}, },
}, },
{ {
@ -202,7 +207,8 @@ func TestFromPath(t *testing.T) {
Network: "disabled", Network: "disabled",
}, },
}, },
AllowExternalHTTP: false, AllowExternalHTTP: false,
AggregatedAPIServerPort: pointer.Int64Ptr(10250),
}, },
}, },
{ {
@ -332,7 +338,8 @@ func TestFromPath(t *testing.T) {
Address: ":1234", Address: ":1234",
}, },
}, },
AllowExternalHTTP: true, AllowExternalHTTP: true,
AggregatedAPIServerPort: pointer.Int64Ptr(10250),
}, },
}, },
{ {
@ -363,7 +370,8 @@ func TestFromPath(t *testing.T) {
Address: ":1234", Address: ":1234",
}, },
}, },
AllowExternalHTTP: true, AllowExternalHTTP: true,
AggregatedAPIServerPort: pointer.Int64Ptr(10250),
}, },
}, },
{ {
@ -420,6 +428,22 @@ func TestFromPath(t *testing.T) {
`), `),
wantError: "validate apiGroupSuffix: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')", wantError: "validate apiGroupSuffix: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')",
}, },
{
name: "AggregatedAPIServerPortDefault too small",
yaml: here.Doc(`
---
aggregatedAPIServerPort: 1023
`),
wantError: "validate aggregatedAPIServerPort: must be within range 1024 to 65535",
},
{
name: "AggregatedAPIServerPortDefault too large",
yaml: here.Doc(`
---
aggregatedAPIServerPort: 65536
`),
wantError: "validate aggregatedAPIServerPort: must be within range 1024 to 65535",
},
} }
for _, test := range tests { for _, test := range tests {
test := test test := test

View File

@ -15,10 +15,11 @@ type Config struct {
Labels map[string]string `json:"labels"` Labels map[string]string `json:"labels"`
NamesConfig NamesConfigSpec `json:"names"` NamesConfig NamesConfigSpec `json:"names"`
// Deprecated: use log.level instead // Deprecated: use log.level instead
LogLevel *plog.LogLevel `json:"logLevel"` LogLevel *plog.LogLevel `json:"logLevel"`
Log plog.LogSpec `json:"log"` Log plog.LogSpec `json:"log"`
Endpoints *Endpoints `json:"endpoints"` Endpoints *Endpoints `json:"endpoints"`
AllowExternalHTTP stringOrBoolAsBool `json:"insecureAcceptExternalUnencryptedHttpRequests"` AllowExternalHTTP stringOrBoolAsBool `json:"insecureAcceptExternalUnencryptedHttpRequests"`
AggregatedAPIServerPort *int64 `json:"aggregatedAPIServerPort"`
} }
// NamesConfigSpec configures the names of some Kubernetes resources for the Supervisor. // NamesConfigSpec configures the names of some Kubernetes resources for the Supervisor.

View File

@ -9,19 +9,24 @@ import (
"fmt" "fmt"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/registry/rest" "k8s.io/apiserver/pkg/registry/rest"
"k8s.io/utils/trace" "k8s.io/utils/trace"
clientsecretapi "go.pinniped.dev/generated/latest/apis/supervisor/clientsecret" clientsecretapi "go.pinniped.dev/generated/latest/apis/supervisor/clientsecret"
) )
func NewREST() *REST { func NewREST(resource schema.GroupResource) *REST {
return &REST{} return &REST{
tableConvertor: rest.NewDefaultTableConvertor(resource),
}
} }
type REST struct { type REST struct {
tableConvertor rest.TableConvertor
} }
// Assert that our *REST implements all the optional interfaces that we expect it to implement. // Assert that our *REST implements all the optional interfaces that we expect it to implement.
@ -30,19 +35,38 @@ var _ interface {
rest.NamespaceScopedStrategy rest.NamespaceScopedStrategy
rest.Scoper rest.Scoper
rest.Storage rest.Storage
rest.CategoriesProvider
rest.Lister
rest.TableConvertor
} = (*REST)(nil) } = (*REST)(nil)
func (*REST) New() runtime.Object { func (*REST) New() runtime.Object {
return &clientsecretapi.OIDCClientSecretRequest{} return &clientsecretapi.OIDCClientSecretRequest{}
} }
func (*REST) NewList() runtime.Object {
return &clientsecretapi.OIDCClientSecretRequestList{}
}
func (*REST) List(_ context.Context, _ *metainternalversion.ListOptions) (runtime.Object, error) {
return &clientsecretapi.OIDCClientSecretRequestList{
ListMeta: metav1.ListMeta{
ResourceVersion: "0", // this resource version means "from the API server cache"
},
Items: []clientsecretapi.OIDCClientSecretRequest{}, // avoid sending nil items list
}, nil
}
func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) {
return r.tableConvertor.ConvertToTable(ctx, obj, tableOptions)
}
func (*REST) NamespaceScoped() bool { func (*REST) NamespaceScoped() bool {
return true return true
} }
func (*REST) Categories() []string { func (*REST) Categories() []string {
// because we haven't implemented lister, adding it to categories breaks things. return []string{"pinniped"}
return []string{}
} }
func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {

View File

@ -30,7 +30,7 @@ type ExtraConfig struct {
BuildControllersPostStartHook controllerinit.RunnerBuilder BuildControllersPostStartHook controllerinit.RunnerBuilder
Scheme *runtime.Scheme Scheme *runtime.Scheme
NegotiatedSerializer runtime.NegotiatedSerializer NegotiatedSerializer runtime.NegotiatedSerializer
OauthVirtualSupervisorGroupVersion schema.GroupVersion ClientSecretSupervisorGroupVersion schema.GroupVersion
} }
type PinnipedServer struct { type PinnipedServer struct {
@ -74,8 +74,8 @@ func (c completedConfig) New() (*PinnipedServer, error) {
var errs []error //nolint: prealloc var errs []error //nolint: prealloc
for _, f := range []func() (schema.GroupVersionResource, rest.Storage){ for _, f := range []func() (schema.GroupVersionResource, rest.Storage){
func() (schema.GroupVersionResource, rest.Storage) { func() (schema.GroupVersionResource, rest.Storage) {
clientSecretReqGVR := c.ExtraConfig.OauthVirtualSupervisorGroupVersion.WithResource("oidcclientsecretrequests") clientSecretReqGVR := c.ExtraConfig.ClientSecretSupervisorGroupVersion.WithResource("oidcclientsecretrequests")
clientSecretReqStorage := clientsecretrequest.NewREST() clientSecretReqStorage := clientsecretrequest.NewREST(clientSecretReqGVR.GroupResource())
return clientSecretReqGVR, clientSecretReqStorage return clientSecretReqGVR, clientSecretReqStorage
}, },
} { } {

View File

@ -38,9 +38,9 @@ func New(apiGroupSuffix string) (_ *runtime.Scheme, oauth schema.GroupVersion) {
return scheme, clientsecretv1alpha1.SchemeGroupVersion return scheme, clientsecretv1alpha1.SchemeGroupVersion
} }
oauthVirtualSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(apiGroupSuffix) clientSecretSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(apiGroupSuffix)
addToSchemeAtNewGroup(scheme, clientsecretv1alpha1.GroupName, oauthVirtualSupervisorGroupData.Group, clientsecretv1alpha1.AddToScheme, clientsecretapi.AddToScheme) addToSchemeAtNewGroup(scheme, clientsecretv1alpha1.GroupName, clientSecretSupervisorGroupData.Group, clientsecretv1alpha1.AddToScheme, clientsecretapi.AddToScheme)
// manually register conversions and defaulting into the correct scheme since we cannot directly call AddToScheme // manually register conversions and defaulting into the correct scheme since we cannot directly call AddToScheme
schemeBuilder := runtime.NewSchemeBuilder( schemeBuilder := runtime.NewSchemeBuilder(
@ -57,7 +57,7 @@ func New(apiGroupSuffix string) (_ *runtime.Scheme, oauth schema.GroupVersion) {
// defaulting func registered, but it will almost certainly panic if one is added. // defaulting func registered, but it will almost certainly panic if one is added.
scheme.Default((*clientsecretv1alpha1.OIDCClientSecretRequest)(nil)) scheme.Default((*clientsecretv1alpha1.OIDCClientSecretRequest)(nil))
return scheme, schema.GroupVersion(oauthVirtualSupervisorGroupData) return scheme, schema.GroupVersion(clientSecretSupervisorGroupData)
} }
func addToSchemeAtNewGroup(scheme *runtime.Scheme, oldGroup, newGroup string, funcs ...func(*runtime.Scheme) error) { func addToSchemeAtNewGroup(scheme *runtime.Scheme, oldGroup, newGroup string, funcs ...func(*runtime.Scheme) error) {

View File

@ -44,10 +44,10 @@ func TestNew(t *testing.T) {
} }
tests := []struct { tests := []struct {
name string name string
apiGroupSuffix string apiGroupSuffix string
want map[schema.GroupVersionKind]reflect.Type want map[schema.GroupVersionKind]reflect.Type
wantOAuthGroupVersion schema.GroupVersion wantClientSecretGroupVersion schema.GroupVersion
}{ }{
{ {
name: "regular api group", name: "regular api group",
@ -55,9 +55,11 @@ func TestNew(t *testing.T) {
want: map[schema.GroupVersionKind]reflect.Type{ want: map[schema.GroupVersionKind]reflect.Type{
// all the types that are in the aggregated API group // all the types that are in the aggregated API group
regularClientSecretGV.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretv1alpha1.OIDCClientSecretRequest{}).Elem(), regularClientSecretGV.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretv1alpha1.OIDCClientSecretRequest{}).Elem(),
regularClientSecretGV.WithKind("OIDCClientSecretRequestList"): reflect.TypeOf(&clientsecretv1alpha1.OIDCClientSecretRequestList{}).Elem(),
regularClientSecretGVInternal.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretapi.OIDCClientSecretRequest{}).Elem(), regularClientSecretGVInternal.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretapi.OIDCClientSecretRequest{}).Elem(),
regularClientSecretGVInternal.WithKind("OIDCClientSecretRequestList"): reflect.TypeOf(&clientsecretapi.OIDCClientSecretRequestList{}).Elem(),
regularClientSecretGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), regularClientSecretGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
regularClientSecretGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), regularClientSecretGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
@ -86,7 +88,7 @@ func TestNew(t *testing.T) {
metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
}, },
wantOAuthGroupVersion: regularClientSecretGV, wantClientSecretGroupVersion: regularClientSecretGV,
}, },
{ {
name: "other api group", name: "other api group",
@ -94,9 +96,11 @@ func TestNew(t *testing.T) {
want: map[schema.GroupVersionKind]reflect.Type{ want: map[schema.GroupVersionKind]reflect.Type{
// all the types that are in the aggregated API group // all the types that are in the aggregated API group
otherClientSecretGV.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretv1alpha1.OIDCClientSecretRequest{}).Elem(), otherClientSecretGV.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretv1alpha1.OIDCClientSecretRequest{}).Elem(),
otherClientSecretGV.WithKind("OIDCClientSecretRequestList"): reflect.TypeOf(&clientsecretv1alpha1.OIDCClientSecretRequestList{}).Elem(),
otherClientSecretGVInternal.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretapi.OIDCClientSecretRequest{}).Elem(), otherClientSecretGVInternal.WithKind("OIDCClientSecretRequest"): reflect.TypeOf(&clientsecretapi.OIDCClientSecretRequest{}).Elem(),
otherClientSecretGVInternal.WithKind("OIDCClientSecretRequestList"): reflect.TypeOf(&clientsecretapi.OIDCClientSecretRequestList{}).Elem(),
otherClientSecretGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), otherClientSecretGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(),
otherClientSecretGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), otherClientSecretGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(),
@ -125,15 +129,15 @@ func TestNew(t *testing.T) {
metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(),
metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(),
}, },
wantOAuthGroupVersion: otherClientSecretGV, wantClientSecretGroupVersion: otherClientSecretGV,
}, },
} }
for _, tt := range tests { for _, tt := range tests {
tt := tt tt := tt
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
scheme, oauthGV := New(tt.apiGroupSuffix) scheme, clientSecretGV := New(tt.apiGroupSuffix)
require.Equal(t, tt.want, scheme.AllKnownTypes()) require.Equal(t, tt.want, scheme.AllKnownTypes())
require.Equal(t, tt.wantOAuthGroupVersion, oauthGV) require.Equal(t, tt.wantClientSecretGroupVersion, clientSecretGV)
}) })
} }
} }

View File

@ -138,7 +138,8 @@ func prepareControllers(
leaderElector controllerinit.RunnerWrapper, leaderElector controllerinit.RunnerWrapper,
podInfo *downward.PodInfo, podInfo *downward.PodInfo,
) controllerinit.RunnerBuilder { ) controllerinit.RunnerBuilder {
oauthSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(*cfg.APIGroupSuffix) const certificateName string = "pinniped-supervisor-api-tls-serving-certificate"
clientSecretSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(*cfg.APIGroupSuffix)
federationDomainInformer := pinnipedInformers.Config().V1alpha1().FederationDomains() federationDomainInformer := pinnipedInformers.Config().V1alpha1().FederationDomains()
secretInformer := kubeInformers.Core().V1().Secrets() secretInformer := kubeInformers.Core().V1().Secrets()
@ -310,14 +311,14 @@ func prepareControllers(
WithController( WithController(
apicerts.NewCertsManagerController( apicerts.NewCertsManagerController(
podInfo.Namespace, podInfo.Namespace,
"pinniped-supervisor-api-tls-serving-certificate", certificateName,
cfg.Labels, cfg.Labels,
kubeClient, kubeClient,
secretInformer, secretInformer,
controllerlib.WithInformer, controllerlib.WithInformer,
controllerlib.WithInitialEvent, controllerlib.WithInitialEvent,
31536000*time.Second, 365*24*time.Hour, // about one year
"Pinniped Aggregation CA", "Pinniped Supervisor Aggregation CA",
cfg.NamesConfig.APIService, cfg.NamesConfig.APIService,
), ),
singletonWorker, singletonWorker,
@ -325,8 +326,8 @@ func prepareControllers(
WithController( WithController(
apicerts.NewAPIServiceUpdaterController( apicerts.NewAPIServiceUpdaterController(
podInfo.Namespace, podInfo.Namespace,
"pinniped-supervisor-api-tls-serving-certificate", certificateName,
oauthSupervisorGroupData.APIServiceName(), clientSecretSupervisorGroupData.APIServiceName(),
aggregatorClient, aggregatorClient,
secretInformer, secretInformer,
controllerlib.WithInformer, controllerlib.WithInformer,
@ -336,7 +337,7 @@ func prepareControllers(
WithController( WithController(
apicerts.NewCertsObserverController( apicerts.NewCertsObserverController(
podInfo.Namespace, podInfo.Namespace,
"pinniped-supervisor-api-tls-serving-certificate", certificateName,
dynamicServingCertProvider, dynamicServingCertProvider,
secretInformer, secretInformer,
controllerlib.WithInformer, controllerlib.WithInformer,
@ -346,11 +347,11 @@ func prepareControllers(
WithController( WithController(
apicerts.NewCertsExpirerController( apicerts.NewCertsExpirerController(
podInfo.Namespace, podInfo.Namespace,
"pinniped-supervisor-api-tls-serving-certificate", certificateName,
kubeClient, kubeClient,
secretInformer, secretInformer,
controllerlib.WithInformer, controllerlib.WithInformer,
23328000*time.Second, 9*30*24*time.Hour, // about 9 months
apicerts.TLSCertificateChainSecretKey, apicerts.TLSCertificateChainSecretKey,
plog.New(), plog.New(),
), ),
@ -363,9 +364,9 @@ func prepareControllers(
//nolint:funlen //nolint:funlen
func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervisor.Config) error { func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervisor.Config) error {
serverInstallationNamespace := podInfo.Namespace serverInstallationNamespace := podInfo.Namespace
oauthSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(*cfg.APIGroupSuffix) clientSecretSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(*cfg.APIGroupSuffix)
apiServiceRef, err := apiserviceref.New(oauthSupervisorGroupData.APIServiceName()) apiServiceRef, err := apiserviceref.New(clientSecretSupervisorGroupData.APIServiceName())
if err != nil { if err != nil {
return fmt.Errorf("cannot create API service ref: %w", err) return fmt.Errorf("cannot create API service ref: %w", err)
} }
@ -429,9 +430,9 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
clientWithoutLeaderElection.Kubernetes.CoreV1().Secrets(serverInstallationNamespace), // writes to kube storage are allowed for non-leaders clientWithoutLeaderElection.Kubernetes.CoreV1().Secrets(serverInstallationNamespace), // writes to kube storage are allowed for non-leaders
) )
// Get the "real" name of the oauth virtual supervisor API group (i.e., the API group name with the // Get the "real" name of the client secret supervisor API group (i.e., the API group name with the
// injected suffix). // injected suffix).
scheme, oauthGV := supervisorscheme.New(*cfg.APIGroupSuffix) scheme, clientSecretGV := supervisorscheme.New(*cfg.APIGroupSuffix)
buildControllersFunc := prepareControllers( buildControllersFunc := prepareControllers(
cfg, cfg,
@ -458,9 +459,9 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
dynamicServingCertProvider, dynamicServingCertProvider,
buildControllersFunc, buildControllersFunc,
*cfg.APIGroupSuffix, *cfg.APIGroupSuffix,
10250, *cfg.AggregatedAPIServerPort,
scheme, scheme,
oauthGV, clientSecretGV,
) )
if err != nil { if err != nil {
return fmt.Errorf("could not configure aggregated API server: %w", err) return fmt.Errorf("could not configure aggregated API server: %w", err)
@ -561,16 +562,16 @@ func getAggregatedAPIServerConfig(
apiGroupSuffix string, apiGroupSuffix string,
aggregatedAPIServerPort int64, aggregatedAPIServerPort int64,
scheme *runtime.Scheme, scheme *runtime.Scheme,
oauthVirtualSupervisorGroupVersion schema.GroupVersion, clientSecretSupervisorGroupVersion schema.GroupVersion,
) (*apiserver.Config, error) { ) (*apiserver.Config, error) {
codecs := serializer.NewCodecFactory(scheme) codecs := serializer.NewCodecFactory(scheme)
// this is unused for now but it is a safe value that we could use in the future // this is unused for now but it is a safe value that we could use in the future
defaultEtcdPathPrefix := fmt.Sprintf("/pinniped-concierge-registry/%s", apiGroupSuffix) defaultEtcdPathPrefix := fmt.Sprintf("/pinniped-supervisor-registry/%s", apiGroupSuffix)
recommendedOptions := genericoptions.NewRecommendedOptions( recommendedOptions := genericoptions.NewRecommendedOptions(
defaultEtcdPathPrefix, defaultEtcdPathPrefix,
codecs.LegacyCodec(oauthVirtualSupervisorGroupVersion), codecs.LegacyCodec(clientSecretSupervisorGroupVersion),
) )
recommendedOptions.Etcd = nil // turn off etcd storage because we don't need it yet recommendedOptions.Etcd = nil // turn off etcd storage because we don't need it yet
recommendedOptions.SecureServing.ServerCert.GeneratedCert = dynamicCertProvider recommendedOptions.SecureServing.ServerCert.GeneratedCert = dynamicCertProvider
@ -605,7 +606,7 @@ func getAggregatedAPIServerConfig(
BuildControllersPostStartHook: buildControllers, BuildControllersPostStartHook: buildControllers,
Scheme: scheme, Scheme: scheme,
NegotiatedSerializer: codecs, NegotiatedSerializer: codecs,
OauthVirtualSupervisorGroupVersion: oauthVirtualSupervisorGroupVersion, ClientSecretSupervisorGroupVersion: clientSecretSupervisorGroupVersion,
}, },
} }
return apiServerConfig, nil return apiServerConfig, nil

View File

@ -53,7 +53,7 @@ func TestGetAPIResourceList(t *testing.T) {
configConciergeGV := makeGV("config", "concierge") configConciergeGV := makeGV("config", "concierge")
idpSupervisorGV := makeGV("idp", "supervisor") idpSupervisorGV := makeGV("idp", "supervisor")
configSupervisorGV := makeGV("config", "supervisor") configSupervisorGV := makeGV("config", "supervisor")
oauthVirtualSupervisorGV := makeGV("clientsecret", "supervisor") clientSecretSupervisorGV := makeGV("clientsecret", "supervisor")
tests := []struct { tests := []struct {
group metav1.APIGroup group metav1.APIGroup
@ -113,26 +113,26 @@ func TestGetAPIResourceList(t *testing.T) {
}, },
{ {
group: metav1.APIGroup{ group: metav1.APIGroup{
Name: oauthVirtualSupervisorGV.Group, Name: clientSecretSupervisorGV.Group,
Versions: []metav1.GroupVersionForDiscovery{ Versions: []metav1.GroupVersionForDiscovery{
{ {
GroupVersion: oauthVirtualSupervisorGV.String(), GroupVersion: clientSecretSupervisorGV.String(),
Version: oauthVirtualSupervisorGV.Version, Version: clientSecretSupervisorGV.Version,
}, },
}, },
PreferredVersion: metav1.GroupVersionForDiscovery{ PreferredVersion: metav1.GroupVersionForDiscovery{
GroupVersion: oauthVirtualSupervisorGV.String(), GroupVersion: clientSecretSupervisorGV.String(),
Version: oauthVirtualSupervisorGV.Version, Version: clientSecretSupervisorGV.Version,
}, },
}, },
resourceByVersion: map[string][]metav1.APIResource{ resourceByVersion: map[string][]metav1.APIResource{
oauthVirtualSupervisorGV.String(): { clientSecretSupervisorGV.String(): {
{ {
Name: "oidcclientsecretrequests", Name: "oidcclientsecretrequests",
Kind: "OIDCClientSecretRequest", Kind: "OIDCClientSecretRequest",
Verbs: []string{"create"}, Verbs: []string{"create", "list"},
Namespaced: true, Namespaced: true,
Categories: nil, Categories: []string{"pinniped"},
}, },
}, },
}, },
@ -354,11 +354,6 @@ func TestGetAPIResourceList(t *testing.T) {
if strings.HasSuffix(a.Name, "/status") { if strings.HasSuffix(a.Name, "/status") {
continue continue
} }
if a.Name == "oidcclientsecretrequests" {
// OIDCClientSecretRequest does not implement list,
// so it doesn't make sense for it to belong to a category.
continue
}
assert.Containsf(t, a.Categories, "pinniped", "expected resource %q to be in the 'pinniped' category", a.Name) assert.Containsf(t, a.Categories, "pinniped", "expected resource %q to be in the 'pinniped' category", a.Name)
assert.NotContainsf(t, a.Categories, "all", "expected resource %q not to be in the 'all' category", a.Name) assert.NotContainsf(t, a.Categories, "all", "expected resource %q not to be in the 'all' category", a.Name)
} }