diff --git a/apis/concierge/config/v1alpha1/register.go.tmpl b/apis/concierge/config/v1alpha1/register.go.tmpl index 2082688a..dae9108d 100644 --- a/apis/concierge/config/v1alpha1/register.go.tmpl +++ b/apis/concierge/config/v1alpha1/register.go.tmpl @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &CredentialIssuerConfig{}, - &CredentialIssuerConfigList{}, + &CredentialIssuer{}, + &CredentialIssuerList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go.tmpl b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl similarity index 80% rename from apis/concierge/config/v1alpha1/types_credentialissuerconfig.go.tmpl rename to apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl index e751be02..20e3bf08 100644 --- a/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go.tmpl +++ b/apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl @@ -25,17 +25,17 @@ const ( ) // Status of a credential issuer. -type CredentialIssuerConfigStatus struct { +type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. - Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional - KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. -type CredentialIssuerConfigKubeConfigInfo struct { +type CredentialIssuerKubeConfigInfo struct { // The K8s API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` @@ -47,7 +47,7 @@ type CredentialIssuerConfigKubeConfigInfo struct { } // Status of an integration strategy that was attempted by Pinniped. -type CredentialIssuerConfigStrategy struct { +type CredentialIssuerStrategy struct { // Type of integration attempted. Type StrategyType `json:"type"` @@ -68,22 +68,21 @@ type CredentialIssuerConfigStrategy struct { // Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=cic -type CredentialIssuerConfig struct { +type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Status of the credential issuer. - Status CredentialIssuerConfigStatus `json:"status"` + Status CredentialIssuerStatus `json:"status"` } -// List of CredentialIssuerConfig objects. +// List of CredentialIssuer objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type CredentialIssuerConfigList struct { +type CredentialIssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []CredentialIssuerConfig `json:"items"` + Items []CredentialIssuer `json:"items"` } diff --git a/apis/supervisor/config/v1alpha1/register.go.tmpl b/apis/supervisor/config/v1alpha1/register.go.tmpl index 9195c5aa..458ffe35 100644 --- a/apis/supervisor/config/v1alpha1/register.go.tmpl +++ b/apis/supervisor/config/v1alpha1/register.go.tmpl @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProviderConfig{}, - &OIDCProviderConfigList{}, + &OIDCProvider{}, + &OIDCProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go b/apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl similarity index 51% rename from generated/1.18/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go rename to apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl index a2dc9cbc..fd05127e 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go +++ b/apis/supervisor/config/v1alpha1/types_oidcprovider.go.tmpl @@ -9,17 +9,40 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid -type OIDCProviderStatus string +type OIDCProviderStatusCondition string const ( - SuccessOIDCProviderStatus = OIDCProviderStatus("Success") - DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatus = OIDCProviderStatus("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") + SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") + DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") ) -// OIDCProviderConfigSpec is a struct that describes an OIDC Provider. -type OIDCProviderConfigSpec struct { +// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type OIDCProviderTLSSpec struct { + // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use + // for TLS. + // + // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + // + // SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. + // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same + // SecretName value even if they have different port numbers. + // + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an + // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // use the default TLS certificate, which is configured elsewhere. + // + // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. + // + // +optional + SecretName string `json:"secretName,omitempty"` +} + +// OIDCProviderSpec is a struct that describes an OIDC Provider. +type OIDCProviderSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -31,35 +54,17 @@ type OIDCProviderConfigSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, - // which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. - // When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that - // contain the certificate and private key to use for TLS. - // - // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - // - // SNICertificateSecretName is required if you would like to use different TLS certificates for - // issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same - // DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - // - // SNICertificateSecretName is not required when you would like to use only the - // HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you - // would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, - // which is configured elsewhere. - // - // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work - // for IP addresses. - // + // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). // +optional - SNICertificateSecretName string `json:"sniCertificateSecretName,omitempty"` + TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` } -// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderConfigStatus struct { +// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatus `json:"status,omitempty"` + Status OIDCProviderStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -78,27 +83,25 @@ type OIDCProviderConfigStatus struct { JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"` } -// OIDCProviderConfig describes the configuration of an OIDC provider. +// OIDCProvider describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=opc -type OIDCProviderConfig struct { +type OIDCProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"spec"` + Spec OIDCProviderSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderConfigStatus `json:"status,omitempty"` + Status OIDCProviderStatus `json:"status,omitempty"` } -// List of OIDCProviderConfig objects. +// List of OIDCProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type OIDCProviderConfigList struct { +type OIDCProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProviderConfig `json:"items"` + Items []OIDCProvider `json:"items"` } diff --git a/cmd/pinniped-supervisor/main.go b/cmd/pinniped-supervisor/main.go index 5f7932df..dd89c1e0 100644 --- a/cmd/pinniped-supervisor/main.go +++ b/cmd/pinniped-supervisor/main.go @@ -81,11 +81,11 @@ func startControllers( controllerManager := controllerlib. NewManager(). WithController( - supervisorconfig.NewOIDCProviderConfigWatcherController( + supervisorconfig.NewOIDCProviderWatcherController( issuerManager, clock.RealClock{}, pinnipedClient, - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ), singletonWorker, @@ -96,7 +96,7 @@ func startControllers( kubeClient, pinnipedClient, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ), singletonWorker, @@ -105,7 +105,7 @@ func startControllers( supervisorconfig.NewJWKSObserverController( dynamicJWKSProvider, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ), singletonWorker, @@ -115,7 +115,7 @@ func startControllers( dynamicTLSCertProvider, cfg.NamesConfig.DefaultTLSCertificateSecret, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ), singletonWorker, diff --git a/cmd/pinniped/cmd/get_kubeconfig.go b/cmd/pinniped/cmd/get_kubeconfig.go index 139287b0..f3a37dac 100644 --- a/cmd/pinniped/cmd/get_kubeconfig.go +++ b/cmd/pinniped/cmd/get_kubeconfig.go @@ -124,13 +124,13 @@ func (c *getKubeConfigCommand) run(cmd *cobra.Command, args []string) error { } } - credentialIssuerConfig, err := fetchPinnipedCredentialIssuerConfig(clientset, c.flags.namespace) + credentialIssuer, err := fetchPinnipedCredentialIssuer(clientset, c.flags.namespace) if err != nil { return err } - if credentialIssuerConfig.Status.KubeConfigInfo == nil { - return constable.Error(`CredentialIssuerConfig "pinniped-config" was missing KubeConfigInfo`) + if credentialIssuer.Status.KubeConfigInfo == nil { + return constable.Error(`CredentialIssuer "pinniped-config" was missing KubeConfigInfo`) } v1Cluster, err := copyCurrentClusterFromExistingKubeConfig(currentKubeConfig, c.flags.contextOverride) @@ -138,7 +138,7 @@ func (c *getKubeConfigCommand) run(cmd *cobra.Command, args []string) error { return err } - err = issueWarningForNonMatchingServerOrCA(v1Cluster, credentialIssuerConfig, cmd.ErrOrStderr()) + err = issueWarningForNonMatchingServerOrCA(v1Cluster, credentialIssuer, cmd.ErrOrStderr()) if err != nil { return err } @@ -153,14 +153,14 @@ func (c *getKubeConfigCommand) run(cmd *cobra.Command, args []string) error { return nil } -func issueWarningForNonMatchingServerOrCA(v1Cluster v1.Cluster, credentialIssuerConfig *configv1alpha1.CredentialIssuerConfig, warningsWriter io.Writer) error { - credentialIssuerConfigCA, err := base64.StdEncoding.DecodeString(credentialIssuerConfig.Status.KubeConfigInfo.CertificateAuthorityData) +func issueWarningForNonMatchingServerOrCA(v1Cluster v1.Cluster, credentialIssuer *configv1alpha1.CredentialIssuer, warningsWriter io.Writer) error { + credentialIssuerCA, err := base64.StdEncoding.DecodeString(credentialIssuer.Status.KubeConfigInfo.CertificateAuthorityData) if err != nil { return err } - if v1Cluster.Server != credentialIssuerConfig.Status.KubeConfigInfo.Server || - !bytes.Equal(v1Cluster.CertificateAuthorityData, credentialIssuerConfigCA) { - _, err := warningsWriter.Write([]byte("WARNING: Server and certificate authority did not match between local kubeconfig and Pinniped's CredentialIssuerConfig on the cluster. Using local kubeconfig values.\n")) + if v1Cluster.Server != credentialIssuer.Status.KubeConfigInfo.Server || + !bytes.Equal(v1Cluster.CertificateAuthorityData, credentialIssuerCA) { + _, err := warningsWriter.Write([]byte("WARNING: Server and certificate authority did not match between local kubeconfig and Pinniped's CredentialIssuer on the cluster. Using local kubeconfig values.\n")) if err != nil { return fmt.Errorf("output write error: %w", err) } @@ -207,31 +207,31 @@ func getDefaultAuthenticator(clientset pinnipedclientset.Interface, namespace st return authenticators[0].authenticatorType, authenticators[0].authenticatorName, nil } -func fetchPinnipedCredentialIssuerConfig(clientset pinnipedclientset.Interface, pinnipedInstallationNamespace string) (*configv1alpha1.CredentialIssuerConfig, error) { +func fetchPinnipedCredentialIssuer(clientset pinnipedclientset.Interface, pinnipedInstallationNamespace string) (*configv1alpha1.CredentialIssuer, error) { ctx, cancelFunc := context.WithTimeout(context.Background(), time.Second*20) defer cancelFunc() - credentialIssuerConfigs, err := clientset.ConfigV1alpha1().CredentialIssuerConfigs(pinnipedInstallationNamespace).List(ctx, metav1.ListOptions{}) + credentialIssuers, err := clientset.ConfigV1alpha1().CredentialIssuers(pinnipedInstallationNamespace).List(ctx, metav1.ListOptions{}) if err != nil { return nil, err } - if len(credentialIssuerConfigs.Items) == 0 { + if len(credentialIssuers.Items) == 0 { return nil, constable.Error(fmt.Sprintf( - `No CredentialIssuerConfig was found in namespace "%s". Is Pinniped installed on this cluster in namespace "%s"?`, + `No CredentialIssuer was found in namespace "%s". Is Pinniped installed on this cluster in namespace "%s"?`, pinnipedInstallationNamespace, pinnipedInstallationNamespace, )) } - if len(credentialIssuerConfigs.Items) > 1 { + if len(credentialIssuers.Items) > 1 { return nil, constable.Error(fmt.Sprintf( - `More than one CredentialIssuerConfig was found in namespace "%s"`, + `More than one CredentialIssuer was found in namespace "%s"`, pinnipedInstallationNamespace, )) } - return &credentialIssuerConfigs.Items[0], nil + return &credentialIssuers.Items[0], nil } func newClientConfig(kubeconfigPathOverride string, currentContextName string) clientcmd.ClientConfig { diff --git a/cmd/pinniped/cmd/get_kubeconfig_test.go b/cmd/pinniped/cmd/get_kubeconfig_test.go index c348a1a8..4784f1dd 100644 --- a/cmd/pinniped/cmd/get_kubeconfig_test.go +++ b/cmd/pinniped/cmd/get_kubeconfig_test.go @@ -170,18 +170,18 @@ func (e expectedKubeconfigYAML) String() string { `, e.clusterCAData, e.clusterServer, e.command, e.pinnipedEndpoint, e.pinnipedCABundle, e.namespace, e.token, e.authenticatorType, e.authenticatorName) } -func newCredentialIssuerConfig(name, namespace, server, certificateAuthorityData string) *configv1alpha1.CredentialIssuerConfig { - return &configv1alpha1.CredentialIssuerConfig{ +func newCredentialIssuer(name, namespace, server, certificateAuthorityData string) *configv1alpha1.CredentialIssuer { + return &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{ - Kind: "CredentialIssuerConfig", + Kind: "CredentialIssuer", APIVersion: configv1alpha1.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: server, CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(certificateAuthorityData)), }, @@ -264,59 +264,59 @@ func TestRun(t *testing.T) { wantError: `multiple authenticators were found in namespace "test-namespace", so --authenticator-name/--authenticator-type must be specified`, }, { - name: "fail to get CredentialIssuerConfigs", + name: "fail to get CredentialIssuers", mocks: func(cmd *getKubeConfigCommand) { clientset := pinnipedfake.NewSimpleClientset() clientset.PrependReactor("*", "*", func(_ coretesting.Action) (bool, runtime.Object, error) { - return true, nil, fmt.Errorf("some error getting CredentialIssuerConfigs") + return true, nil, fmt.Errorf("some error getting CredentialIssuers") }) cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { return clientset, nil } }, - wantError: "some error getting CredentialIssuerConfigs", + wantError: "some error getting CredentialIssuers", }, { - name: "zero CredentialIssuerConfigs found", + name: "zero CredentialIssuers found", mocks: func(cmd *getKubeConfigCommand) { cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { return pinnipedfake.NewSimpleClientset( - newCredentialIssuerConfig("pinniped-config-1", "not-the-test-namespace", "", ""), + newCredentialIssuer("pinniped-config-1", "not-the-test-namespace", "", ""), ), nil } }, - wantError: `No CredentialIssuerConfig was found in namespace "test-namespace". Is Pinniped installed on this cluster in namespace "test-namespace"?`, + wantError: `No CredentialIssuer was found in namespace "test-namespace". Is Pinniped installed on this cluster in namespace "test-namespace"?`, }, { - name: "multiple CredentialIssuerConfigs found", + name: "multiple CredentialIssuers found", mocks: func(cmd *getKubeConfigCommand) { cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { return pinnipedfake.NewSimpleClientset( - newCredentialIssuerConfig("pinniped-config-1", "test-namespace", "", ""), - newCredentialIssuerConfig("pinniped-config-2", "test-namespace", "", ""), + newCredentialIssuer("pinniped-config-1", "test-namespace", "", ""), + newCredentialIssuer("pinniped-config-2", "test-namespace", "", ""), ), nil } }, - wantError: `More than one CredentialIssuerConfig was found in namespace "test-namespace"`, + wantError: `More than one CredentialIssuer was found in namespace "test-namespace"`, }, { - name: "CredentialIssuerConfig missing KubeConfigInfo", + name: "CredentialIssuer missing KubeConfigInfo", mocks: func(cmd *getKubeConfigCommand) { - cic := newCredentialIssuerConfig("pinniped-config", "test-namespace", "", "") - cic.Status.KubeConfigInfo = nil + ci := newCredentialIssuer("pinniped-config", "test-namespace", "", "") + ci.Status.KubeConfigInfo = nil cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { - return pinnipedfake.NewSimpleClientset(cic), nil + return pinnipedfake.NewSimpleClientset(ci), nil } }, - wantError: `CredentialIssuerConfig "pinniped-config" was missing KubeConfigInfo`, + wantError: `CredentialIssuer "pinniped-config" was missing KubeConfigInfo`, }, { name: "KubeConfigInfo has invalid base64", mocks: func(cmd *getKubeConfigCommand) { - cic := newCredentialIssuerConfig("pinniped-config", "test-namespace", "https://example.com", "") - cic.Status.KubeConfigInfo.CertificateAuthorityData = "invalid-base64-test-ca" + ci := newCredentialIssuer("pinniped-config", "test-namespace", "https://example.com", "") + ci.Status.KubeConfigInfo.CertificateAuthorityData = "invalid-base64-test-ca" cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { - return pinnipedfake.NewSimpleClientset(cic), nil + return pinnipedfake.NewSimpleClientset(ci), nil } }, wantError: `illegal base64 data at input byte 7`, @@ -324,9 +324,9 @@ func TestRun(t *testing.T) { { name: "success using remote CA data", mocks: func(cmd *getKubeConfigCommand) { - cic := newCredentialIssuerConfig("pinniped-config", "test-namespace", "https://fake-server-url-value", "fake-certificate-authority-data-value") + ci := newCredentialIssuer("pinniped-config", "test-namespace", "https://fake-server-url-value", "fake-certificate-authority-data-value") cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { - return pinnipedfake.NewSimpleClientset(cic), nil + return pinnipedfake.NewSimpleClientset(ci), nil } }, wantStdout: expectedKubeconfigYAML{ @@ -350,11 +350,11 @@ func TestRun(t *testing.T) { cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) { return pinnipedfake.NewSimpleClientset( &authv1alpha.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "discovered-authenticator"}}, - newCredentialIssuerConfig("pinniped-config", "test-namespace", "https://example.com", "test-ca"), + newCredentialIssuer("pinniped-config", "test-namespace", "https://example.com", "test-ca"), ), nil } }, - wantStderr: `WARNING: Server and certificate authority did not match between local kubeconfig and Pinniped's CredentialIssuerConfig on the cluster. Using local kubeconfig values.`, + wantStderr: `WARNING: Server and certificate authority did not match between local kubeconfig and Pinniped's CredentialIssuer on the cluster. Using local kubeconfig values.`, wantStdout: expectedKubeconfigYAML{ clusterCAData: "ZmFrZS1jZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YS12YWx1ZQ==", clusterServer: "https://fake-server-url-value", diff --git a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml similarity index 94% rename from generated/1.18/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml rename to deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml index 97af12c0..430bf649 100644 --- a/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml +++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml @@ -6,16 +6,14 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: credentialissuerconfigs.config.concierge.pinniped.dev + name: credentialissuers.config.concierge.pinniped.dev spec: group: config.concierge.pinniped.dev names: - kind: CredentialIssuerConfig - listKind: CredentialIssuerConfigList - plural: credentialissuerconfigs - shortNames: - - cic - singular: credentialissuerconfig + kind: CredentialIssuer + listKind: CredentialIssuerList + plural: credentialissuers + singular: credentialissuer scope: Namespaced versions: - name: v1alpha1 diff --git a/deploy/concierge/deployment.yaml b/deploy/concierge/deployment.yaml index 71362dbc..52f9cf29 100644 --- a/deploy/concierge/deployment.yaml +++ b/deploy/concierge/deployment.yaml @@ -39,7 +39,7 @@ data: renewBeforeSeconds: (@= str(data.values.api_serving_certificate_renew_before_seconds) @) names: servingCertificateSecret: (@= defaultResourceNameWithSuffix("api-tls-serving-certificate") @) - credentialIssuerConfig: (@= defaultResourceNameWithSuffix("config") @) + credentialIssuer: (@= defaultResourceNameWithSuffix("config") @) apiService: (@= defaultResourceNameWithSuffix("api") @) labels: (@= json.encode(labels()).rstrip() @) kubeCertAgent: diff --git a/deploy/concierge/z0_crd_overlay.yaml b/deploy/concierge/z0_crd_overlay.yaml index d5867c9d..a0e06838 100644 --- a/deploy/concierge/z0_crd_overlay.yaml +++ b/deploy/concierge/z0_crd_overlay.yaml @@ -4,7 +4,7 @@ #@ load("@ytt:overlay", "overlay") #@ load("helpers.lib.yaml", "labels") -#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"credentialissuerconfigs.config.concierge.pinniped.dev"}}), expects=1 +#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"credentialissuers.config.concierge.pinniped.dev"}}), expects=1 --- metadata: #@overlay/match missing_ok=True diff --git a/deploy/supervisor/README.md b/deploy/supervisor/README.md index 20b86d29..a3f214bb 100644 --- a/deploy/supervisor/README.md +++ b/deploy/supervisor/README.md @@ -59,9 +59,8 @@ The most common ways are: 1. Or, define a [TCP LoadBalancer Service](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) which is a layer 4 load balancer and does not terminate TLS. In this case, the Supervisor app will need to be - configured with TLS certificates and will terminate the TLS connection itself (see the section about - OIDCProviderConfig below). The LoadBalancer Service should be configured to use the HTTPS port 8443 of - the Supervisor pods as its `targetPort`. + configured with TLS certificates and will terminate the TLS connection itself (see the section about OIDCProvider + below). The LoadBalancer Service should be configured to use the HTTPS port 443 of the Supervisor pods as its `targetPort`. *Warning:* Do not expose the Supervisor's port 8080 to the public. It would not be secure for the OIDC protocol to use HTTP, because the user's secret OIDC tokens would be transmitted across the network without encryption. @@ -133,12 +132,12 @@ spec: ### Configuring the Supervisor to Act as an OIDC Provider -The Supervisor can be configured as an OIDC provider by creating `OIDCProviderConfig` resources +The Supervisor can be configured as an OIDC provider by creating `OIDCProvider` resources in the same namespace where the Supervisor app was installed. For example: ```yaml apiVersion: config.supervisor.pinniped.dev/v1alpha1 -kind: OIDCProviderConfig +kind: OIDCProvider metadata: name: my-provider # Assuming that this is the namespace where the supervisor was installed. This is the default in install-supervisor.yaml. @@ -147,30 +146,32 @@ spec: # The hostname would typically match the DNS name of the public ingress or load balancer for the cluster. # Any path can be specified, which allows a single hostname to have multiple different issuers. The path is optional. issuer: https://my-issuer.example.com/any/path + # Optionally configure the name of a Secret in the same namespace, of type `kubernetes.io/tls`, # which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. - sniCertificateSecretName: my-tls-cert-secret + tls: + secretName: my-tls-cert-secret ``` #### Configuring TLS for the Supervisor OIDC Endpoints If you have terminated TLS outside the app, for example using an Ingress with TLS certificates, then you do not need to -configure TLS certificates on the OIDCProviderConfig. +configure TLS certificates on the OIDCProvider. If you are using a LoadBalancer Service to expose the Supervisor app outside your cluster, then you will also need to configure the Supervisor app to terminate TLS. There are two places to configure TLS certificates: -1. Each `OIDCProviderConfig` can be configured with TLS certificates, using the `sniCertificateSecretName` field. +1. Each `OIDCProvider` can be configured with TLS certificates, using the `spec.tls.secretName` field. 1. The default TLS certificate for all OIDC providers can be configured by creating a Secret called `pinniped-supervisor-default-tls-certificate` in the same namespace in which the Supervisor was installed. -The default TLS certificate will be used for all OIDC providers which did not declare an `sniCertificateSecretName`. -Also, the `sniCertificateSecretName` will be ignored for incoming requests to the OIDC endpoints +The default TLS certificate will be used for all OIDC providers which did not declare a `spec.tls.secretName`. +Also, the `spec.tls.secretName` will be ignored for incoming requests to the OIDC endpoints that use an IP address as the host, so those requests will always present the default TLS certificates to the client. When the request includes the hostname, and that hostname matches the hostname of an `Issuer`, -then the TLS certificate defined by the `sniCertificateSecretName` will be used. If that issuer did not -define `sniCertificateSecretName` then the default TLS certificate will be used. If neither exists, +then the TLS certificate defined by the `spec.tls.secretName` will be used. If that issuer did not +define `spec.tls.secretName` then the default TLS certificate will be used. If neither exists, then the client will get a TLS error because the server will not present any TLS certificate. It is recommended that you have a DNS entry for your load balancer or Ingress, and that you configure the diff --git a/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml b/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml similarity index 64% rename from generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml rename to deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml index a04e97ce..9ffea8c7 100644 --- a/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml +++ b/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviders.yaml @@ -6,22 +6,20 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviderconfigs.config.supervisor.pinniped.dev + name: oidcproviders.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: - kind: OIDCProviderConfig - listKind: OIDCProviderConfigList - plural: oidcproviderconfigs - shortNames: - - opc - singular: oidcproviderconfig + kind: OIDCProvider + listKind: OIDCProviderList + plural: oidcproviders + singular: oidcprovider scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProviderConfig describes the configuration of an OIDC provider. + description: OIDCProvider describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -49,26 +47,32 @@ spec: for more information." minLength: 1 type: string - sniCertificateSecretName: - description: "SNICertificateSecretName is an optional name of a Secret - in the same namespace, of type `kubernetes.io/tls`, which contains - the TLS serving certificate for the HTTPS endpoints served by this - OIDC Provider. When provided, the TLS Secret named here must contain - keys named `tls.crt` and `tls.key` that contain the certificate - and private key to use for TLS. \n Server Name Indication (SNI) - is an extension to the Transport Layer Security (TLS) supported - by all major browsers. \n SNICertificateSecretName is required if - you would like to use different TLS certificates for issuers of - different hostnames. SNI requests do not include port numbers, so - all issuers with the same DNS hostname must use the same SNICertificateSecretName - value even if they have different port numbers. \n SNICertificateSecretName - is not required when you would like to use only the HTTP endpoints - (e.g. when terminating TLS at an Ingress). It is also not required - when you would like all requests to this OIDC Provider's HTTPS endpoints - to use the default TLS certificate, which is configured elsewhere. - \n When your Issuer URL's host is an IP address, then this field - is ignored. SNI does not work for IP addresses." - type: string + tls: + description: TLS configures how this OIDCProvider is served over Transport + Layer Security (TLS). + properties: + secretName: + description: "SecretName is an optional name of a Secret in the + same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the HTTPS endpoints served by + this OIDCProvider. When provided, the TLS Secret named here + must contain keys named `tls.crt` and `tls.key` that contain + the certificate and private key to use for TLS. \n Server Name + Indication (SNI) is an extension to the Transport Layer Security + (TLS) supported by all major browsers. \n SecretName is required + if you would like to use different TLS certificates for issuers + of different hostnames. SNI requests do not include port numbers, + so all issuers with the same DNS hostname must use the same + SecretName value even if they have different port numbers. \n + SecretName is not required when you would like to use only the + HTTP endpoints (e.g. when terminating TLS at an Ingress). It + is also not required when you would like all requests to this + OIDC Provider's HTTPS endpoints to use the default TLS certificate, + which is configured elsewhere. \n When your Issuer URL's host + is an IP address, then this field is ignored. SNI does not work + for IP addresses." + type: string + type: object required: - issuer type: object diff --git a/deploy/supervisor/rbac.yaml b/deploy/supervisor/rbac.yaml index f4ce1db0..f260547d 100644 --- a/deploy/supervisor/rbac.yaml +++ b/deploy/supervisor/rbac.yaml @@ -17,7 +17,7 @@ rules: resources: [secrets] verbs: [create, get, list, patch, update, watch, delete] - apiGroups: [config.supervisor.pinniped.dev] - resources: [oidcproviderconfigs] + resources: [oidcproviders] verbs: [update, get, list, watch] --- kind: RoleBinding diff --git a/deploy/supervisor/z0_crd_overlay.yaml b/deploy/supervisor/z0_crd_overlay.yaml index 71b30427..6269da1f 100644 --- a/deploy/supervisor/z0_crd_overlay.yaml +++ b/deploy/supervisor/z0_crd_overlay.yaml @@ -4,7 +4,7 @@ #@ load("@ytt:overlay", "overlay") #@ load("helpers.lib.yaml", "labels") -#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcproviderconfigs.config.supervisor.pinniped.dev"}}), expects=1 +#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcproviders.config.supervisor.pinniped.dev"}}), expects=1 --- metadata: #@overlay/match missing_ok=True diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 06034871..c4ee09b2 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -131,14 +131,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfig"] -==== CredentialIssuerConfig +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuer"] +==== CredentialIssuer .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfiglist[$$CredentialIssuerConfigList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerlist[$$CredentialIssuerList$$] **** [cols="25a,75a", options="header"] @@ -146,18 +146,18 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$]__ | Status of the credential issuer. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigkubeconfiginfo"] -==== CredentialIssuerConfigKubeConfigInfo +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] +==== CredentialIssuerKubeConfigInfo .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] **** [cols="25a,75a", options="header"] @@ -170,32 +170,32 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigstatus"] -==== CredentialIssuerConfigStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstatus"] +==== CredentialIssuerStatus Status of a credential issuer. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfig[$$CredentialIssuerConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuer[$$CredentialIssuer$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigstrategy"] -==== CredentialIssuerConfigStrategy +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstrategy"] +==== CredentialIssuerStrategy .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] **** [cols="25a,75a", options="header"] @@ -217,14 +217,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuratio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfig"] -==== OIDCProviderConfig +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovider"] +==== OIDCProvider -OIDCProviderConfig describes the configuration of an OIDC provider. +OIDCProvider describes the configuration of an OIDC provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfiglist[$$OIDCProviderConfigList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderlist[$$OIDCProviderList$$] **** [cols="25a,75a", options="header"] @@ -232,21 +232,21 @@ OIDCProviderConfig describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$]__ | Status of the OIDC provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfigspec"] -==== OIDCProviderConfigSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderspec"] +==== OIDCProviderSpec -OIDCProviderConfigSpec is a struct that describes an OIDC Provider. +OIDCProviderSpec is a struct that describes an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] **** [cols="25a,75a", options="header"] @@ -254,34 +254,51 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider. | Field | Description | *`issuer`* __string__ | Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the identifier that it will use for the iss claim in issued JWTs. This field will also be used as the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is https://example.com/foo, then your authorization endpoint will look like https://example.com/foo/some/path/to/auth/endpoint). See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information. -| *`sniCertificateSecretName`* __string__ | SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. - Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - SNICertificateSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - SNICertificateSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. - When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovidertlsspec[$$OIDCProviderTLSSpec$$]__ | TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfigstatus"] -==== OIDCProviderConfigStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderstatus"] +==== OIDCProviderStatus -OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. +| *`status`* __OIDCProviderStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. | *`message`* __string__ | Message provides human-readable details about the Status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811). | *`jwksSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#localobjectreference-v1-core[$$LocalObjectReference$$]__ | JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcprovidertlsspec"] +==== OIDCProviderTLSSpec + +OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. + Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. +|=== + + [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"] === login.concierge.pinniped.dev/v1alpha1 diff --git a/generated/1.17/apis/concierge/config/v1alpha1/register.go b/generated/1.17/apis/concierge/config/v1alpha1/register.go index 2082688a..dae9108d 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/register.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &CredentialIssuerConfig{}, - &CredentialIssuerConfigList{}, + &CredentialIssuer{}, + &CredentialIssuerList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go similarity index 80% rename from generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go rename to generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go index e751be02..20e3bf08 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -25,17 +25,17 @@ const ( ) // Status of a credential issuer. -type CredentialIssuerConfigStatus struct { +type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. - Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional - KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. -type CredentialIssuerConfigKubeConfigInfo struct { +type CredentialIssuerKubeConfigInfo struct { // The K8s API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` @@ -47,7 +47,7 @@ type CredentialIssuerConfigKubeConfigInfo struct { } // Status of an integration strategy that was attempted by Pinniped. -type CredentialIssuerConfigStrategy struct { +type CredentialIssuerStrategy struct { // Type of integration attempted. Type StrategyType `json:"type"` @@ -68,22 +68,21 @@ type CredentialIssuerConfigStrategy struct { // Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=cic -type CredentialIssuerConfig struct { +type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Status of the credential issuer. - Status CredentialIssuerConfigStatus `json:"status"` + Status CredentialIssuerStatus `json:"status"` } -// List of CredentialIssuerConfig objects. +// List of CredentialIssuer objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type CredentialIssuerConfigList struct { +type CredentialIssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []CredentialIssuerConfig `json:"items"` + Items []CredentialIssuer `json:"items"` } diff --git a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 4e72d35d..ef9877e8 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -12,7 +12,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfig) DeepCopyInto(out *CredentialIssuerConfig) { +func (in *CredentialIssuer) DeepCopyInto(out *CredentialIssuer) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -20,18 +20,18 @@ func (in *CredentialIssuerConfig) DeepCopyInto(out *CredentialIssuerConfig) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfig. -func (in *CredentialIssuerConfig) DeepCopy() *CredentialIssuerConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuer. +func (in *CredentialIssuer) DeepCopy() *CredentialIssuer { if in == nil { return nil } - out := new(CredentialIssuerConfig) + out := new(CredentialIssuer) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialIssuerConfig) DeepCopyObject() runtime.Object { +func (in *CredentialIssuer) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -39,29 +39,29 @@ func (in *CredentialIssuerConfig) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigKubeConfigInfo) DeepCopyInto(out *CredentialIssuerConfigKubeConfigInfo) { +func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigKubeConfigInfo. -func (in *CredentialIssuerConfigKubeConfigInfo) DeepCopy() *CredentialIssuerConfigKubeConfigInfo { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerKubeConfigInfo. +func (in *CredentialIssuerKubeConfigInfo) DeepCopy() *CredentialIssuerKubeConfigInfo { if in == nil { return nil } - out := new(CredentialIssuerConfigKubeConfigInfo) + out := new(CredentialIssuerKubeConfigInfo) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigList) DeepCopyInto(out *CredentialIssuerConfigList) { +func (in *CredentialIssuerList) DeepCopyInto(out *CredentialIssuerList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]CredentialIssuerConfig, len(*in)) + *out = make([]CredentialIssuer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -69,18 +69,18 @@ func (in *CredentialIssuerConfigList) DeepCopyInto(out *CredentialIssuerConfigLi return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigList. -func (in *CredentialIssuerConfigList) DeepCopy() *CredentialIssuerConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerList. +func (in *CredentialIssuerList) DeepCopy() *CredentialIssuerList { if in == nil { return nil } - out := new(CredentialIssuerConfigList) + out := new(CredentialIssuerList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialIssuerConfigList) DeepCopyObject() runtime.Object { +func (in *CredentialIssuerList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -88,46 +88,46 @@ func (in *CredentialIssuerConfigList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigStatus) DeepCopyInto(out *CredentialIssuerConfigStatus) { +func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = *in if in.Strategies != nil { in, out := &in.Strategies, &out.Strategies - *out = make([]CredentialIssuerConfigStrategy, len(*in)) + *out = make([]CredentialIssuerStrategy, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.KubeConfigInfo != nil { in, out := &in.KubeConfigInfo, &out.KubeConfigInfo - *out = new(CredentialIssuerConfigKubeConfigInfo) + *out = new(CredentialIssuerKubeConfigInfo) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigStatus. -func (in *CredentialIssuerConfigStatus) DeepCopy() *CredentialIssuerConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStatus. +func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { if in == nil { return nil } - out := new(CredentialIssuerConfigStatus) + out := new(CredentialIssuerStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigStrategy) DeepCopyInto(out *CredentialIssuerConfigStrategy) { +func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigStrategy. -func (in *CredentialIssuerConfigStrategy) DeepCopy() *CredentialIssuerConfigStrategy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStrategy. +func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { if in == nil { return nil } - out := new(CredentialIssuerConfigStrategy) + out := new(CredentialIssuerStrategy) in.DeepCopyInto(out) return out } diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/register.go b/generated/1.17/apis/supervisor/config/v1alpha1/register.go index 9195c5aa..458ffe35 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/register.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProviderConfig{}, - &OIDCProviderConfigList{}, + &OIDCProvider{}, + &OIDCProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go.tmpl b/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go similarity index 51% rename from apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go.tmpl rename to generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go index a2dc9cbc..fd05127e 100644 --- a/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go.tmpl +++ b/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcprovider.go @@ -9,17 +9,40 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid -type OIDCProviderStatus string +type OIDCProviderStatusCondition string const ( - SuccessOIDCProviderStatus = OIDCProviderStatus("Success") - DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatus = OIDCProviderStatus("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") + SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") + DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") ) -// OIDCProviderConfigSpec is a struct that describes an OIDC Provider. -type OIDCProviderConfigSpec struct { +// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type OIDCProviderTLSSpec struct { + // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use + // for TLS. + // + // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + // + // SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. + // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same + // SecretName value even if they have different port numbers. + // + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an + // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // use the default TLS certificate, which is configured elsewhere. + // + // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. + // + // +optional + SecretName string `json:"secretName,omitempty"` +} + +// OIDCProviderSpec is a struct that describes an OIDC Provider. +type OIDCProviderSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -31,35 +54,17 @@ type OIDCProviderConfigSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, - // which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. - // When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that - // contain the certificate and private key to use for TLS. - // - // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - // - // SNICertificateSecretName is required if you would like to use different TLS certificates for - // issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same - // DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - // - // SNICertificateSecretName is not required when you would like to use only the - // HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you - // would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, - // which is configured elsewhere. - // - // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work - // for IP addresses. - // + // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). // +optional - SNICertificateSecretName string `json:"sniCertificateSecretName,omitempty"` + TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` } -// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderConfigStatus struct { +// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatus `json:"status,omitempty"` + Status OIDCProviderStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -78,27 +83,25 @@ type OIDCProviderConfigStatus struct { JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"` } -// OIDCProviderConfig describes the configuration of an OIDC provider. +// OIDCProvider describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=opc -type OIDCProviderConfig struct { +type OIDCProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"spec"` + Spec OIDCProviderSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderConfigStatus `json:"status,omitempty"` + Status OIDCProviderStatus `json:"status,omitempty"` } -// List of OIDCProviderConfig objects. +// List of OIDCProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type OIDCProviderConfigList struct { +type OIDCProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProviderConfig `json:"items"` + Items []OIDCProvider `json:"items"` } diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go index f0a785d3..f208d4d0 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go @@ -12,27 +12,27 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) { +func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfig. -func (in *OIDCProviderConfig) DeepCopy() *OIDCProviderConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. +func (in *OIDCProvider) DeepCopy() *OIDCProvider { if in == nil { return nil } - out := new(OIDCProviderConfig) + out := new(OIDCProvider) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderConfig) DeepCopyObject() runtime.Object { +func (in *OIDCProvider) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -40,13 +40,13 @@ func (in *OIDCProviderConfig) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigList) DeepCopyInto(out *OIDCProviderConfigList) { +func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]OIDCProviderConfig, len(*in)) + *out = make([]OIDCProvider, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -54,18 +54,18 @@ func (in *OIDCProviderConfigList) DeepCopyInto(out *OIDCProviderConfigList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigList. -func (in *OIDCProviderConfigList) DeepCopy() *OIDCProviderConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderList. +func (in *OIDCProviderList) DeepCopy() *OIDCProviderList { if in == nil { return nil } - out := new(OIDCProviderConfigList) + out := new(OIDCProviderList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderConfigList) DeepCopyObject() runtime.Object { +func (in *OIDCProviderList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -73,23 +73,28 @@ func (in *OIDCProviderConfigList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigSpec) DeepCopyInto(out *OIDCProviderConfigSpec) { +func (in *OIDCProviderSpec) DeepCopyInto(out *OIDCProviderSpec) { *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(OIDCProviderTLSSpec) + **out = **in + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigSpec. -func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSpec. +func (in *OIDCProviderSpec) DeepCopy() *OIDCProviderSpec { if in == nil { return nil } - out := new(OIDCProviderConfigSpec) + out := new(OIDCProviderSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) { +func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { *out = *in if in.LastUpdateTime != nil { in, out := &in.LastUpdateTime, &out.LastUpdateTime @@ -99,12 +104,28 @@ func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus. -func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. +func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { if in == nil { return nil } - out := new(OIDCProviderConfigStatus) + out := new(OIDCProviderStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderTLSSpec) DeepCopyInto(out *OIDCProviderTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderTLSSpec. +func (in *OIDCProviderTLSSpec) DeepCopy() *OIDCProviderTLSSpec { + if in == nil { + return nil + } + out := new(OIDCProviderTLSSpec) in.DeepCopyInto(out) return out } diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go index 43eb5307..3980e6ed 100644 --- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - CredentialIssuerConfigsGetter + CredentialIssuersGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.concierge.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) CredentialIssuerConfigs(namespace string) CredentialIssuerConfigInterface { - return newCredentialIssuerConfigs(c, namespace) +func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface { + return newCredentialIssuers(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..444f1264 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go @@ -0,0 +1,178 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "time" + + v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// CredentialIssuersGetter has a method to return a CredentialIssuerInterface. +// A group's client should implement this interface. +type CredentialIssuersGetter interface { + CredentialIssuers(namespace string) CredentialIssuerInterface +} + +// CredentialIssuerInterface has methods to work with CredentialIssuer resources. +type CredentialIssuerInterface interface { + Create(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) + Update(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) + UpdateStatus(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.CredentialIssuer, error) + List(opts v1.ListOptions) (*v1alpha1.CredentialIssuerList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) + CredentialIssuerExpansion +} + +// credentialIssuers implements CredentialIssuerInterface +type credentialIssuers struct { + client rest.Interface + ns string +} + +// newCredentialIssuers returns a CredentialIssuers +func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers { + return &credentialIssuers{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any. +func (c *credentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors. +func (c *credentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.CredentialIssuerList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested credentialIssuers. +func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Post(). + Namespace(c.ns). + Resource("credentialissuers"). + Body(credentialIssuer). + Do(). + Into(result) + return +} + +// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(credentialIssuer.Name). + Body(credentialIssuer). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(credentialIssuer.Name). + SubResource("status"). + Body(credentialIssuer). + Do(). + Into(result) + return +} + +// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs. +func (c *credentialIssuers) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched credentialIssuer. +func (c *credentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("credentialissuers"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 5a45b65f..00000000 --- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,178 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "time" - - v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// CredentialIssuerConfigsGetter has a method to return a CredentialIssuerConfigInterface. -// A group's client should implement this interface. -type CredentialIssuerConfigsGetter interface { - CredentialIssuerConfigs(namespace string) CredentialIssuerConfigInterface -} - -// CredentialIssuerConfigInterface has methods to work with CredentialIssuerConfig resources. -type CredentialIssuerConfigInterface interface { - Create(*v1alpha1.CredentialIssuerConfig) (*v1alpha1.CredentialIssuerConfig, error) - Update(*v1alpha1.CredentialIssuerConfig) (*v1alpha1.CredentialIssuerConfig, error) - UpdateStatus(*v1alpha1.CredentialIssuerConfig) (*v1alpha1.CredentialIssuerConfig, error) - Delete(name string, options *v1.DeleteOptions) error - DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error - Get(name string, options v1.GetOptions) (*v1alpha1.CredentialIssuerConfig, error) - List(opts v1.ListOptions) (*v1alpha1.CredentialIssuerConfigList, error) - Watch(opts v1.ListOptions) (watch.Interface, error) - Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) - CredentialIssuerConfigExpansion -} - -// credentialIssuerConfigs implements CredentialIssuerConfigInterface -type credentialIssuerConfigs struct { - client rest.Interface - ns string -} - -// newCredentialIssuerConfigs returns a CredentialIssuerConfigs -func newCredentialIssuerConfigs(c *ConfigV1alpha1Client, namespace string) *credentialIssuerConfigs { - return &credentialIssuerConfigs{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the credentialIssuerConfig, and returns the corresponding credentialIssuerConfig object, and an error if there is any. -func (c *credentialIssuerConfigs) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of CredentialIssuerConfigs that match those selectors. -func (c *credentialIssuerConfigs) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.CredentialIssuerConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested credentialIssuerConfigs. -func (c *credentialIssuerConfigs) Watch(opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch() -} - -// Create takes the representation of a credentialIssuerConfig and creates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *credentialIssuerConfigs) Create(credentialIssuerConfig *v1alpha1.CredentialIssuerConfig) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Body(credentialIssuerConfig). - Do(). - Into(result) - return -} - -// Update takes the representation of a credentialIssuerConfig and updates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *credentialIssuerConfigs) Update(credentialIssuerConfig *v1alpha1.CredentialIssuerConfig) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(credentialIssuerConfig.Name). - Body(credentialIssuerConfig). - Do(). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - -func (c *credentialIssuerConfigs) UpdateStatus(credentialIssuerConfig *v1alpha1.CredentialIssuerConfig) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(credentialIssuerConfig.Name). - SubResource("status"). - Body(credentialIssuerConfig). - Do(). - Into(result) - return -} - -// Delete takes name of the credentialIssuerConfig and deletes it. Returns an error if one occurs. -func (c *credentialIssuerConfigs) Delete(name string, options *v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - Body(options). - Do(). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *credentialIssuerConfigs) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - var timeout time.Duration - if listOptions.TimeoutSeconds != nil { - timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&listOptions, scheme.ParameterCodec). - Timeout(timeout). - Body(options). - Do(). - Error() -} - -// Patch applies the patch and returns the patched credentialIssuerConfig. -func (c *credentialIssuerConfigs) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - SubResource(subresources...). - Name(name). - Body(data). - Do(). - Into(result) - return -} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index 25a73dc7..2129c5e7 100644 --- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) CredentialIssuerConfigs(namespace string) v1alpha1.CredentialIssuerConfigInterface { - return &FakeCredentialIssuerConfigs{c, namespace} +func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface { + return &FakeCredentialIssuers{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go new file mode 100644 index 00000000..99427907 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go @@ -0,0 +1,127 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCredentialIssuers implements CredentialIssuerInterface +type FakeCredentialIssuers struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"} + +var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuer"} + +// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any. +func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors. +func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.CredentialIssuerList{ListMeta: obj.(*v1alpha1.CredentialIssuerList).ListMeta} + for _, item := range obj.(*v1alpha1.CredentialIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested credentialIssuers. +func (c *FakeCredentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts)) + +} + +// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs. +func (c *FakeCredentialIssuers) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOptions) + + _, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched credentialIssuer. +func (c *FakeCredentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go deleted file mode 100644 index 196ec3f9..00000000 --- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeCredentialIssuerConfigs implements CredentialIssuerConfigInterface -type FakeCredentialIssuerConfigs struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var credentialissuerconfigsResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuerconfigs"} - -var credentialissuerconfigsKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuerConfig"} - -// Get takes name of the credentialIssuerConfig, and returns the corresponding credentialIssuerConfig object, and an error if there is any. -func (c *FakeCredentialIssuerConfigs) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(credentialissuerconfigsResource, c.ns, name), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// List takes label and field selectors, and returns the list of CredentialIssuerConfigs that match those selectors. -func (c *FakeCredentialIssuerConfigs) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerConfigList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(credentialissuerconfigsResource, credentialissuerconfigsKind, c.ns, opts), &v1alpha1.CredentialIssuerConfigList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.CredentialIssuerConfigList{ListMeta: obj.(*v1alpha1.CredentialIssuerConfigList).ListMeta} - for _, item := range obj.(*v1alpha1.CredentialIssuerConfigList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested credentialIssuerConfigs. -func (c *FakeCredentialIssuerConfigs) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(credentialissuerconfigsResource, c.ns, opts)) - -} - -// Create takes the representation of a credentialIssuerConfig and creates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *FakeCredentialIssuerConfigs) Create(credentialIssuerConfig *v1alpha1.CredentialIssuerConfig) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(credentialissuerconfigsResource, c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// Update takes the representation of a credentialIssuerConfig and updates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *FakeCredentialIssuerConfigs) Update(credentialIssuerConfig *v1alpha1.CredentialIssuerConfig) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(credentialissuerconfigsResource, c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeCredentialIssuerConfigs) UpdateStatus(credentialIssuerConfig *v1alpha1.CredentialIssuerConfig) (*v1alpha1.CredentialIssuerConfig, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(credentialissuerconfigsResource, "status", c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// Delete takes name of the credentialIssuerConfig and deletes it. Returns an error if one occurs. -func (c *FakeCredentialIssuerConfigs) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(credentialissuerconfigsResource, c.ns, name), &v1alpha1.CredentialIssuerConfig{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeCredentialIssuerConfigs) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(credentialissuerconfigsResource, c.ns, listOptions) - - _, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerConfigList{}) - return err -} - -// Patch applies the patch and returns the patched credentialIssuerConfig. -func (c *FakeCredentialIssuerConfigs) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(credentialissuerconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 61507202..f2906a0c 100644 --- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type CredentialIssuerConfigExpansion interface{} +type CredentialIssuerExpansion interface{} diff --git a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..9d61dcae --- /dev/null +++ b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// CredentialIssuerInformer provides access to a shared informer and lister for +// CredentialIssuers. +type CredentialIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.CredentialIssuerLister +} + +type credentialIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CredentialIssuers(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(options) + }, + }, + &configv1alpha1.CredentialIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.CredentialIssuer{}, f.defaultInformer) +} + +func (f *credentialIssuerInformer) Lister() v1alpha1.CredentialIssuerLister { + return v1alpha1.NewCredentialIssuerLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index c09870e7..00000000 --- a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// CredentialIssuerConfigInformer provides access to a shared informer and lister for -// CredentialIssuerConfigs. -type CredentialIssuerConfigInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.CredentialIssuerConfigLister -} - -type credentialIssuerConfigInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCredentialIssuerConfigInformer constructs a new informer for CredentialIssuerConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCredentialIssuerConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCredentialIssuerConfigInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCredentialIssuerConfigInformer constructs a new informer for CredentialIssuerConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCredentialIssuerConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().CredentialIssuerConfigs(namespace).List(options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().CredentialIssuerConfigs(namespace).Watch(options) - }, - }, - &configv1alpha1.CredentialIssuerConfig{}, - resyncPeriod, - indexers, - ) -} - -func (f *credentialIssuerConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCredentialIssuerConfigInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *credentialIssuerConfigInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.CredentialIssuerConfig{}, f.defaultInformer) -} - -func (f *credentialIssuerConfigInformer) Lister() v1alpha1.CredentialIssuerConfigLister { - return v1alpha1.NewCredentialIssuerConfigLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go index 23220832..20ded48b 100644 --- a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // CredentialIssuerConfigs returns a CredentialIssuerConfigInformer. - CredentialIssuerConfigs() CredentialIssuerConfigInformer + // CredentialIssuers returns a CredentialIssuerInformer. + CredentialIssuers() CredentialIssuerInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// CredentialIssuerConfigs returns a CredentialIssuerConfigInformer. -func (v *version) CredentialIssuerConfigs() CredentialIssuerConfigInformer { - return &credentialIssuerConfigInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// CredentialIssuers returns a CredentialIssuerInformer. +func (v *version) CredentialIssuers() CredentialIssuerInformer { + return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.17/client/concierge/informers/externalversions/generic.go b/generated/1.17/client/concierge/informers/externalversions/generic.go index 7d3cf838..ed7cade5 100644 --- a/generated/1.17/client/concierge/informers/externalversions/generic.go +++ b/generated/1.17/client/concierge/informers/externalversions/generic.go @@ -46,8 +46,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().WebhookAuthenticators().Informer()}, nil // Group=config.concierge.pinniped.dev, Version=v1alpha1 - case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil + case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil // Group=login.concierge.pinniped.dev, Version=v1alpha1 case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): diff --git a/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go b/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..abd3de1d --- /dev/null +++ b/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CredentialIssuerLister helps list CredentialIssuers. +type CredentialIssuerLister interface { + // List lists all CredentialIssuers in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) + // CredentialIssuers returns an object that can list and get CredentialIssuers. + CredentialIssuers(namespace string) CredentialIssuerNamespaceLister + CredentialIssuerListerExpansion +} + +// credentialIssuerLister implements the CredentialIssuerLister interface. +type credentialIssuerLister struct { + indexer cache.Indexer +} + +// NewCredentialIssuerLister returns a new CredentialIssuerLister. +func NewCredentialIssuerLister(indexer cache.Indexer) CredentialIssuerLister { + return &credentialIssuerLister{indexer: indexer} +} + +// List lists all CredentialIssuers in the indexer. +func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.CredentialIssuer)) + }) + return ret, err +} + +// CredentialIssuers returns an object that can list and get CredentialIssuers. +func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister { + return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CredentialIssuerNamespaceLister helps list and get CredentialIssuers. +type CredentialIssuerNamespaceLister interface { + // List lists all CredentialIssuers in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) + // Get retrieves the CredentialIssuer from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.CredentialIssuer, error) + CredentialIssuerNamespaceListerExpansion +} + +// credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister +// interface. +type credentialIssuerNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all CredentialIssuers in the indexer for a given namespace. +func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.CredentialIssuer)) + }) + return ret, err +} + +// Get retrieves the CredentialIssuer from the indexer for a given namespace and name. +func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuer"), name) + } + return obj.(*v1alpha1.CredentialIssuer), nil +} diff --git a/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go b/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 71890d73..00000000 --- a/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CredentialIssuerConfigLister helps list CredentialIssuerConfigs. -type CredentialIssuerConfigLister interface { - // List lists all CredentialIssuerConfigs in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) - // CredentialIssuerConfigs returns an object that can list and get CredentialIssuerConfigs. - CredentialIssuerConfigs(namespace string) CredentialIssuerConfigNamespaceLister - CredentialIssuerConfigListerExpansion -} - -// credentialIssuerConfigLister implements the CredentialIssuerConfigLister interface. -type credentialIssuerConfigLister struct { - indexer cache.Indexer -} - -// NewCredentialIssuerConfigLister returns a new CredentialIssuerConfigLister. -func NewCredentialIssuerConfigLister(indexer cache.Indexer) CredentialIssuerConfigLister { - return &credentialIssuerConfigLister{indexer: indexer} -} - -// List lists all CredentialIssuerConfigs in the indexer. -func (s *credentialIssuerConfigLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CredentialIssuerConfig)) - }) - return ret, err -} - -// CredentialIssuerConfigs returns an object that can list and get CredentialIssuerConfigs. -func (s *credentialIssuerConfigLister) CredentialIssuerConfigs(namespace string) CredentialIssuerConfigNamespaceLister { - return credentialIssuerConfigNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CredentialIssuerConfigNamespaceLister helps list and get CredentialIssuerConfigs. -type CredentialIssuerConfigNamespaceLister interface { - // List lists all CredentialIssuerConfigs in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) - // Get retrieves the CredentialIssuerConfig from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.CredentialIssuerConfig, error) - CredentialIssuerConfigNamespaceListerExpansion -} - -// credentialIssuerConfigNamespaceLister implements the CredentialIssuerConfigNamespaceLister -// interface. -type credentialIssuerConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CredentialIssuerConfigs in the indexer for a given namespace. -func (s credentialIssuerConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CredentialIssuerConfig)) - }) - return ret, err -} - -// Get retrieves the CredentialIssuerConfig from the indexer for a given namespace and name. -func (s credentialIssuerConfigNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuerConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuerconfig"), name) - } - return obj.(*v1alpha1.CredentialIssuerConfig), nil -} diff --git a/generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go b/generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go index 68c725a9..e5a0b56a 100644 --- a/generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// CredentialIssuerConfigListerExpansion allows custom methods to be added to -// CredentialIssuerConfigLister. -type CredentialIssuerConfigListerExpansion interface{} +// CredentialIssuerListerExpansion allows custom methods to be added to +// CredentialIssuerLister. +type CredentialIssuerListerExpansion interface{} -// CredentialIssuerConfigNamespaceListerExpansion allows custom methods to be added to -// CredentialIssuerConfigNamespaceLister. -type CredentialIssuerConfigNamespaceListerExpansion interface{} +// CredentialIssuerNamespaceListerExpansion allows custom methods to be added to +// CredentialIssuerNamespaceLister. +type CredentialIssuerNamespaceListerExpansion interface{} diff --git a/generated/1.17/client/concierge/openapi/zz_generated.openapi.go b/generated/1.17/client/concierge/openapi/zz_generated.openapi.go index 73dc4133..8dc7cab3 100644 --- a/generated/1.17/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/concierge/openapi/zz_generated.openapi.go @@ -17,73 +17,73 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfig": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigList": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStrategy(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestSpec": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref), - "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestStatus": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestStatus(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuer": schema_apis_concierge_config_v1alpha1_CredentialIssuer(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo": schema_apis_concierge_config_v1alpha1_CredentialIssuerKubeConfigInfo(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerList": schema_apis_concierge_config_v1alpha1_CredentialIssuerList(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerStatus": schema_apis_concierge_config_v1alpha1_CredentialIssuerStatus(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerStrategy": schema_apis_concierge_config_v1alpha1_CredentialIssuerStrategy(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestSpec": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestStatus": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestStatus(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), } } @@ -325,7 +325,7 @@ func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(re } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuer(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -353,7 +353,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.Ref "status": { SchemaProps: spec.SchemaProps{ Description: "Status of the credential issuer.", - Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerStatus"), }, }, }, @@ -361,11 +361,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.Ref }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerKubeConfigInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -393,7 +393,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo( } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -424,7 +424,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfig"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuer"), }, }, }, @@ -435,11 +435,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -453,7 +453,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerStrategy"), }, }, }, @@ -462,7 +462,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", - Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo"), }, }, }, @@ -470,11 +470,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo", "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy"}, + "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo", "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1.CredentialIssuerStrategy"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go index dd8e2918..71ffaa40 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - OIDCProviderConfigsGetter + OIDCProvidersGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) OIDCProviderConfigs(namespace string) OIDCProviderConfigInterface { - return newOIDCProviderConfigs(c, namespace) +func (c *ConfigV1alpha1Client) OIDCProviders(namespace string) OIDCProviderInterface { + return newOIDCProviders(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index 92eac09a..4b1ea9b4 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) OIDCProviderConfigs(namespace string) v1alpha1.OIDCProviderConfigInterface { - return &FakeOIDCProviderConfigs{c, namespace} +func (c *FakeConfigV1alpha1) OIDCProviders(namespace string) v1alpha1.OIDCProviderInterface { + return &FakeOIDCProviders{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go new file mode 100644 index 00000000..3c9cc7eb --- /dev/null +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go @@ -0,0 +1,127 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOIDCProviders implements OIDCProviderInterface +type FakeOIDCProviders struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var oidcprovidersResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviders"} + +var oidcprovidersKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProvider"} + +// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. +func (c *FakeOIDCProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. +func (c *FakeOIDCProviders) List(opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(oidcprovidersResource, oidcprovidersKind, c.ns, opts), &v1alpha1.OIDCProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.OIDCProviderList{ListMeta: obj.(*v1alpha1.OIDCProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.OIDCProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested oIDCProviders. +func (c *FakeOIDCProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(oidcprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *FakeOIDCProviders) Create(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *FakeOIDCProviders) Update(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCProviders) UpdateStatus(oIDCProvider *v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcprovidersResource, "status", c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. +func (c *FakeOIDCProviders) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOIDCProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(oidcprovidersResource, c.ns, listOptions) + + _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderList{}) + return err +} + +// Patch applies the patch and returns the patched oIDCProvider. +func (c *FakeOIDCProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(oidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go deleted file mode 100644 index ff0a34e3..00000000 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go +++ /dev/null @@ -1,127 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeOIDCProviderConfigs implements OIDCProviderConfigInterface -type FakeOIDCProviderConfigs struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var oidcproviderconfigsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviderconfigs"} - -var oidcproviderconfigsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProviderConfig"} - -// Get takes name of the oIDCProviderConfig, and returns the corresponding oIDCProviderConfig object, and an error if there is any. -func (c *FakeOIDCProviderConfigs) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(oidcproviderconfigsResource, c.ns, name), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// List takes label and field selectors, and returns the list of OIDCProviderConfigs that match those selectors. -func (c *FakeOIDCProviderConfigs) List(opts v1.ListOptions) (result *v1alpha1.OIDCProviderConfigList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(oidcproviderconfigsResource, oidcproviderconfigsKind, c.ns, opts), &v1alpha1.OIDCProviderConfigList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.OIDCProviderConfigList{ListMeta: obj.(*v1alpha1.OIDCProviderConfigList).ListMeta} - for _, item := range obj.(*v1alpha1.OIDCProviderConfigList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested oIDCProviderConfigs. -func (c *FakeOIDCProviderConfigs) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(oidcproviderconfigsResource, c.ns, opts)) - -} - -// Create takes the representation of a oIDCProviderConfig and creates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *FakeOIDCProviderConfigs) Create(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(oidcproviderconfigsResource, c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// Update takes the representation of a oIDCProviderConfig and updates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *FakeOIDCProviderConfigs) Update(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(oidcproviderconfigsResource, c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOIDCProviderConfigs) UpdateStatus(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. -func (c *FakeOIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(oidcproviderconfigsResource, c.ns, name), &v1alpha1.OIDCProviderConfig{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeOIDCProviderConfigs) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(oidcproviderconfigsResource, c.ns, listOptions) - - _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderConfigList{}) - return err -} - -// Patch applies the patch and returns the patched oIDCProviderConfig. -func (c *FakeOIDCProviderConfigs) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(oidcproviderconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index ec834b7c..09541c9a 100644 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type OIDCProviderConfigExpansion interface{} +type OIDCProviderExpansion interface{} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..9e7ee623 --- /dev/null +++ b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go @@ -0,0 +1,178 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "time" + + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// OIDCProvidersGetter has a method to return a OIDCProviderInterface. +// A group's client should implement this interface. +type OIDCProvidersGetter interface { + OIDCProviders(namespace string) OIDCProviderInterface +} + +// OIDCProviderInterface has methods to work with OIDCProvider resources. +type OIDCProviderInterface interface { + Create(*v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) + Update(*v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) + UpdateStatus(*v1alpha1.OIDCProvider) (*v1alpha1.OIDCProvider, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.OIDCProvider, error) + List(opts v1.ListOptions) (*v1alpha1.OIDCProviderList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProvider, err error) + OIDCProviderExpansion +} + +// oIDCProviders implements OIDCProviderInterface +type oIDCProviders struct { + client rest.Interface + ns string +} + +// newOIDCProviders returns a OIDCProviders +func newOIDCProviders(c *ConfigV1alpha1Client, namespace string) *oIDCProviders { + return &oIDCProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. +func (c *oIDCProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. +func (c *oIDCProviders) List(opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.OIDCProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested oIDCProviders. +func (c *oIDCProviders) Watch(opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *oIDCProviders) Create(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("oidcproviders"). + Body(oIDCProvider). + Do(). + Into(result) + return +} + +// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *oIDCProviders) Update(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(oIDCProvider.Name). + Body(oIDCProvider). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *oIDCProviders) UpdateStatus(oIDCProvider *v1alpha1.OIDCProvider) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(oIDCProvider.Name). + SubResource("status"). + Body(oIDCProvider). + Do(). + Into(result) + return +} + +// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. +func (c *oIDCProviders) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *oIDCProviders) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched oIDCProvider. +func (c *oIDCProviders) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("oidcproviders"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go b/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index 19bbba78..00000000 --- a/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,178 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "time" - - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// OIDCProviderConfigsGetter has a method to return a OIDCProviderConfigInterface. -// A group's client should implement this interface. -type OIDCProviderConfigsGetter interface { - OIDCProviderConfigs(namespace string) OIDCProviderConfigInterface -} - -// OIDCProviderConfigInterface has methods to work with OIDCProviderConfig resources. -type OIDCProviderConfigInterface interface { - Create(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) - Update(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) - UpdateStatus(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) - Delete(name string, options *v1.DeleteOptions) error - DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error - Get(name string, options v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error) - List(opts v1.ListOptions) (*v1alpha1.OIDCProviderConfigList, error) - Watch(opts v1.ListOptions) (watch.Interface, error) - Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) - OIDCProviderConfigExpansion -} - -// oIDCProviderConfigs implements OIDCProviderConfigInterface -type oIDCProviderConfigs struct { - client rest.Interface - ns string -} - -// newOIDCProviderConfigs returns a OIDCProviderConfigs -func newOIDCProviderConfigs(c *ConfigV1alpha1Client, namespace string) *oIDCProviderConfigs { - return &oIDCProviderConfigs{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the oIDCProviderConfig, and returns the corresponding oIDCProviderConfig object, and an error if there is any. -func (c *oIDCProviderConfigs) Get(name string, options v1.GetOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of OIDCProviderConfigs that match those selectors. -func (c *oIDCProviderConfigs) List(opts v1.ListOptions) (result *v1alpha1.OIDCProviderConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.OIDCProviderConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested oIDCProviderConfigs. -func (c *oIDCProviderConfigs) Watch(opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch() -} - -// Create takes the representation of a oIDCProviderConfig and creates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *oIDCProviderConfigs) Create(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Body(oIDCProviderConfig). - Do(). - Into(result) - return -} - -// Update takes the representation of a oIDCProviderConfig and updates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *oIDCProviderConfigs) Update(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(oIDCProviderConfig.Name). - Body(oIDCProviderConfig). - Do(). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - -func (c *oIDCProviderConfigs) UpdateStatus(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(oIDCProviderConfig.Name). - SubResource("status"). - Body(oIDCProviderConfig). - Do(). - Into(result) - return -} - -// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. -func (c *oIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - Body(options). - Do(). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *oIDCProviderConfigs) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - var timeout time.Duration - if listOptions.TimeoutSeconds != nil { - timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&listOptions, scheme.ParameterCodec). - Timeout(timeout). - Body(options). - Do(). - Error() -} - -// Patch applies the patch and returns the patched oIDCProviderConfig. -func (c *oIDCProviderConfigs) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - SubResource(subresources...). - Name(name). - Body(data). - Do(). - Into(result) - return -} diff --git a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go index dff8748c..1e580d50 100644 --- a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // OIDCProviderConfigs returns a OIDCProviderConfigInformer. - OIDCProviderConfigs() OIDCProviderConfigInformer + // OIDCProviders returns a OIDCProviderInformer. + OIDCProviders() OIDCProviderInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// OIDCProviderConfigs returns a OIDCProviderConfigInformer. -func (v *version) OIDCProviderConfigs() OIDCProviderConfigInformer { - return &oIDCProviderConfigInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// OIDCProviders returns a OIDCProviderInformer. +func (v *version) OIDCProviders() OIDCProviderInformer { + return &oIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..3d2a6460 --- /dev/null +++ b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// OIDCProviderInformer provides access to a shared informer and lister for +// OIDCProviders. +type OIDCProviderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.OIDCProviderLister +} + +type oIDCProviderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewOIDCProviderInformer constructs a new informer for OIDCProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredOIDCProviderInformer constructs a new informer for OIDCProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().OIDCProviders(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().OIDCProviders(namespace).Watch(options) + }, + }, + &configv1alpha1.OIDCProvider{}, + resyncPeriod, + indexers, + ) +} + +func (f *oIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *oIDCProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.OIDCProvider{}, f.defaultInformer) +} + +func (f *oIDCProviderInformer) Lister() v1alpha1.OIDCProviderLister { + return v1alpha1.NewOIDCProviderLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go b/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index ae13647e..00000000 --- a/generated/1.17/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.17/client/supervisor/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// OIDCProviderConfigInformer provides access to a shared informer and lister for -// OIDCProviderConfigs. -type OIDCProviderConfigInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.OIDCProviderConfigLister -} - -type oIDCProviderConfigInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewOIDCProviderConfigInformer constructs a new informer for OIDCProviderConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewOIDCProviderConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredOIDCProviderConfigInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredOIDCProviderConfigInformer constructs a new informer for OIDCProviderConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredOIDCProviderConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviderConfigs(namespace).List(options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Watch(options) - }, - }, - &configv1alpha1.OIDCProviderConfig{}, - resyncPeriod, - indexers, - ) -} - -func (f *oIDCProviderConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredOIDCProviderConfigInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *oIDCProviderConfigInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.OIDCProviderConfig{}, f.defaultInformer) -} - -func (f *oIDCProviderConfigInformer) Lister() v1alpha1.OIDCProviderConfigLister { - return v1alpha1.NewOIDCProviderConfigLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.17/client/supervisor/informers/externalversions/generic.go b/generated/1.17/client/supervisor/informers/externalversions/generic.go index 7c0a9f61..b26323a3 100644 --- a/generated/1.17/client/supervisor/informers/externalversions/generic.go +++ b/generated/1.17/client/supervisor/informers/externalversions/generic.go @@ -40,8 +40,8 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=config.supervisor.pinniped.dev, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("oidcproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviders().Informer()}, nil } diff --git a/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go b/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go index 8b7b04e0..3d2b7e22 100644 --- a/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.17/client/supervisor/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// OIDCProviderConfigListerExpansion allows custom methods to be added to -// OIDCProviderConfigLister. -type OIDCProviderConfigListerExpansion interface{} +// OIDCProviderListerExpansion allows custom methods to be added to +// OIDCProviderLister. +type OIDCProviderListerExpansion interface{} -// OIDCProviderConfigNamespaceListerExpansion allows custom methods to be added to -// OIDCProviderConfigNamespaceLister. -type OIDCProviderConfigNamespaceListerExpansion interface{} +// OIDCProviderNamespaceListerExpansion allows custom methods to be added to +// OIDCProviderNamespaceLister. +type OIDCProviderNamespaceListerExpansion interface{} diff --git a/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go b/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..e26d7175 --- /dev/null +++ b/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcprovider.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OIDCProviderLister helps list OIDCProviders. +type OIDCProviderLister interface { + // List lists all OIDCProviders in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) + // OIDCProviders returns an object that can list and get OIDCProviders. + OIDCProviders(namespace string) OIDCProviderNamespaceLister + OIDCProviderListerExpansion +} + +// oIDCProviderLister implements the OIDCProviderLister interface. +type oIDCProviderLister struct { + indexer cache.Indexer +} + +// NewOIDCProviderLister returns a new OIDCProviderLister. +func NewOIDCProviderLister(indexer cache.Indexer) OIDCProviderLister { + return &oIDCProviderLister{indexer: indexer} +} + +// List lists all OIDCProviders in the indexer. +func (s *oIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCProvider)) + }) + return ret, err +} + +// OIDCProviders returns an object that can list and get OIDCProviders. +func (s *oIDCProviderLister) OIDCProviders(namespace string) OIDCProviderNamespaceLister { + return oIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OIDCProviderNamespaceLister helps list and get OIDCProviders. +type OIDCProviderNamespaceLister interface { + // List lists all OIDCProviders in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) + // Get retrieves the OIDCProvider from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.OIDCProvider, error) + OIDCProviderNamespaceListerExpansion +} + +// oIDCProviderNamespaceLister implements the OIDCProviderNamespaceLister +// interface. +type oIDCProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all OIDCProviders in the indexer for a given namespace. +func (s oIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCProvider)) + }) + return ret, err +} + +// Get retrieves the OIDCProvider from the indexer for a given namespace and name. +func (s oIDCProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("oidcprovider"), name) + } + return obj.(*v1alpha1.OIDCProvider), nil +} diff --git a/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go b/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index 9bf596ba..00000000 --- a/generated/1.17/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// OIDCProviderConfigLister helps list OIDCProviderConfigs. -type OIDCProviderConfigLister interface { - // List lists all OIDCProviderConfigs in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) - // OIDCProviderConfigs returns an object that can list and get OIDCProviderConfigs. - OIDCProviderConfigs(namespace string) OIDCProviderConfigNamespaceLister - OIDCProviderConfigListerExpansion -} - -// oIDCProviderConfigLister implements the OIDCProviderConfigLister interface. -type oIDCProviderConfigLister struct { - indexer cache.Indexer -} - -// NewOIDCProviderConfigLister returns a new OIDCProviderConfigLister. -func NewOIDCProviderConfigLister(indexer cache.Indexer) OIDCProviderConfigLister { - return &oIDCProviderConfigLister{indexer: indexer} -} - -// List lists all OIDCProviderConfigs in the indexer. -func (s *oIDCProviderConfigLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProviderConfig)) - }) - return ret, err -} - -// OIDCProviderConfigs returns an object that can list and get OIDCProviderConfigs. -func (s *oIDCProviderConfigLister) OIDCProviderConfigs(namespace string) OIDCProviderConfigNamespaceLister { - return oIDCProviderConfigNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// OIDCProviderConfigNamespaceLister helps list and get OIDCProviderConfigs. -type OIDCProviderConfigNamespaceLister interface { - // List lists all OIDCProviderConfigs in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) - // Get retrieves the OIDCProviderConfig from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.OIDCProviderConfig, error) - OIDCProviderConfigNamespaceListerExpansion -} - -// oIDCProviderConfigNamespaceLister implements the OIDCProviderConfigNamespaceLister -// interface. -type oIDCProviderConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all OIDCProviderConfigs in the indexer for a given namespace. -func (s oIDCProviderConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProviderConfig)) - }) - return ret, err -} - -// Get retrieves the OIDCProviderConfig from the indexer for a given namespace and name. -func (s oIDCProviderConfigNamespaceLister) Get(name string) (*v1alpha1.OIDCProviderConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("oidcproviderconfig"), name) - } - return obj.(*v1alpha1.OIDCProviderConfig), nil -} diff --git a/generated/1.17/client/supervisor/openapi/zz_generated.openapi.go b/generated/1.17/client/supervisor/openapi/zz_generated.openapi.go index 1019d974..f67a95e8 100644 --- a/generated/1.17/client/supervisor/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/supervisor/openapi/zz_generated.openapi.go @@ -17,69 +17,70 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfig": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref), - "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigList": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref), - "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref), - "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProvider": schema_apis_supervisor_config_v1alpha1_OIDCProvider(ref), + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderList": schema_apis_supervisor_config_v1alpha1_OIDCProviderList(ref), + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderSpec(ref), + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderStatus": schema_apis_supervisor_config_v1alpha1_OIDCProviderStatus(ref), + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderTLSSpec(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfig describes the configuration of an OIDC provider.", + Description: "OIDCProvider describes the configuration of an OIDC provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -104,13 +105,13 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.Refere "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec of the OIDC provider.", - Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status of the OIDC provider.", - Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderStatus"), }, }, }, @@ -118,15 +119,16 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.Refere }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderSpec", "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "List of OIDCProvider objects.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { SchemaProps: spec.SchemaProps{ @@ -153,7 +155,7 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.Re Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfig"), + Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProvider"), }, }, }, @@ -164,15 +166,15 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.Re }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfigSpec is a struct that describes an OIDC Provider.", + Description: "OIDCProviderSpec is a struct that describes an OIDC Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "issuer": { @@ -182,25 +184,26 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref common.Re Format: "", }, }, - "sniCertificateSecretName": { + "tls": { SchemaProps: spec.SchemaProps{ - Description: "SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.\n\nServer Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.\n\nSNICertificateSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers.\n\nSNICertificateSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.\n\nWhen your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.", - Type: []string{"string"}, - Format: "", + Description: "TLS configures how this OIDCProvider is served over Transport Layer Security (TLS).", + Ref: ref("go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec"), }, }, }, Required: []string{"issuer"}, }, }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.", + Description: "OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "status": { @@ -237,6 +240,26 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref common. } } +func schema_apis_supervisor_config_v1alpha1_OIDCProviderTLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "secretName": { + SchemaProps: spec.SchemaProps{ + Description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.\n\nServer Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.\n\nSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.\n\nSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.\n\nWhen your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml similarity index 94% rename from generated/1.17/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml rename to generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 97af12c0..430bf649 100644 --- a/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml +++ b/generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -6,16 +6,14 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: credentialissuerconfigs.config.concierge.pinniped.dev + name: credentialissuers.config.concierge.pinniped.dev spec: group: config.concierge.pinniped.dev names: - kind: CredentialIssuerConfig - listKind: CredentialIssuerConfigList - plural: credentialissuerconfigs - shortNames: - - cic - singular: credentialissuerconfig + kind: CredentialIssuer + listKind: CredentialIssuerList + plural: credentialissuers + singular: credentialissuer scope: Namespaced versions: - name: v1alpha1 diff --git a/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml b/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml similarity index 64% rename from generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml rename to generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml index a04e97ce..9ffea8c7 100644 --- a/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml +++ b/generated/1.17/crds/config.supervisor.pinniped.dev_oidcproviders.yaml @@ -6,22 +6,20 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviderconfigs.config.supervisor.pinniped.dev + name: oidcproviders.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: - kind: OIDCProviderConfig - listKind: OIDCProviderConfigList - plural: oidcproviderconfigs - shortNames: - - opc - singular: oidcproviderconfig + kind: OIDCProvider + listKind: OIDCProviderList + plural: oidcproviders + singular: oidcprovider scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProviderConfig describes the configuration of an OIDC provider. + description: OIDCProvider describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -49,26 +47,32 @@ spec: for more information." minLength: 1 type: string - sniCertificateSecretName: - description: "SNICertificateSecretName is an optional name of a Secret - in the same namespace, of type `kubernetes.io/tls`, which contains - the TLS serving certificate for the HTTPS endpoints served by this - OIDC Provider. When provided, the TLS Secret named here must contain - keys named `tls.crt` and `tls.key` that contain the certificate - and private key to use for TLS. \n Server Name Indication (SNI) - is an extension to the Transport Layer Security (TLS) supported - by all major browsers. \n SNICertificateSecretName is required if - you would like to use different TLS certificates for issuers of - different hostnames. SNI requests do not include port numbers, so - all issuers with the same DNS hostname must use the same SNICertificateSecretName - value even if they have different port numbers. \n SNICertificateSecretName - is not required when you would like to use only the HTTP endpoints - (e.g. when terminating TLS at an Ingress). It is also not required - when you would like all requests to this OIDC Provider's HTTPS endpoints - to use the default TLS certificate, which is configured elsewhere. - \n When your Issuer URL's host is an IP address, then this field - is ignored. SNI does not work for IP addresses." - type: string + tls: + description: TLS configures how this OIDCProvider is served over Transport + Layer Security (TLS). + properties: + secretName: + description: "SecretName is an optional name of a Secret in the + same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the HTTPS endpoints served by + this OIDCProvider. When provided, the TLS Secret named here + must contain keys named `tls.crt` and `tls.key` that contain + the certificate and private key to use for TLS. \n Server Name + Indication (SNI) is an extension to the Transport Layer Security + (TLS) supported by all major browsers. \n SecretName is required + if you would like to use different TLS certificates for issuers + of different hostnames. SNI requests do not include port numbers, + so all issuers with the same DNS hostname must use the same + SecretName value even if they have different port numbers. \n + SecretName is not required when you would like to use only the + HTTP endpoints (e.g. when terminating TLS at an Ingress). It + is also not required when you would like all requests to this + OIDC Provider's HTTPS endpoints to use the default TLS certificate, + which is configured elsewhere. \n When your Issuer URL's host + is an IP address, then this field is ignored. SNI does not work + for IP addresses." + type: string + type: object required: - issuer type: object diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index f57b8cb7..d9fd0d50 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -131,14 +131,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfig"] -==== CredentialIssuerConfig +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuer"] +==== CredentialIssuer .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfiglist[$$CredentialIssuerConfigList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerlist[$$CredentialIssuerList$$] **** [cols="25a,75a", options="header"] @@ -146,18 +146,18 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$]__ | Status of the credential issuer. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigkubeconfiginfo"] -==== CredentialIssuerConfigKubeConfigInfo +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] +==== CredentialIssuerKubeConfigInfo .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] **** [cols="25a,75a", options="header"] @@ -170,32 +170,32 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigstatus"] -==== CredentialIssuerConfigStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstatus"] +==== CredentialIssuerStatus Status of a credential issuer. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfig[$$CredentialIssuerConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuer[$$CredentialIssuer$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigstrategy"] -==== CredentialIssuerConfigStrategy +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstrategy"] +==== CredentialIssuerStrategy .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] **** [cols="25a,75a", options="header"] @@ -217,14 +217,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuratio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfig"] -==== OIDCProviderConfig +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovider"] +==== OIDCProvider -OIDCProviderConfig describes the configuration of an OIDC provider. +OIDCProvider describes the configuration of an OIDC provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfiglist[$$OIDCProviderConfigList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderlist[$$OIDCProviderList$$] **** [cols="25a,75a", options="header"] @@ -232,21 +232,21 @@ OIDCProviderConfig describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$]__ | Status of the OIDC provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfigspec"] -==== OIDCProviderConfigSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderspec"] +==== OIDCProviderSpec -OIDCProviderConfigSpec is a struct that describes an OIDC Provider. +OIDCProviderSpec is a struct that describes an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] **** [cols="25a,75a", options="header"] @@ -254,34 +254,51 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider. | Field | Description | *`issuer`* __string__ | Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the identifier that it will use for the iss claim in issued JWTs. This field will also be used as the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is https://example.com/foo, then your authorization endpoint will look like https://example.com/foo/some/path/to/auth/endpoint). See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information. -| *`sniCertificateSecretName`* __string__ | SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. - Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - SNICertificateSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - SNICertificateSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. - When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovidertlsspec[$$OIDCProviderTLSSpec$$]__ | TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfigstatus"] -==== OIDCProviderConfigStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderstatus"] +==== OIDCProviderStatus -OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. +| *`status`* __OIDCProviderStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. | *`message`* __string__ | Message provides human-readable details about the Status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811). | *`jwksSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core[$$LocalObjectReference$$]__ | JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcprovidertlsspec"] +==== OIDCProviderTLSSpec + +OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. + Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. +|=== + + [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"] === login.concierge.pinniped.dev/v1alpha1 diff --git a/generated/1.18/apis/concierge/config/v1alpha1/register.go b/generated/1.18/apis/concierge/config/v1alpha1/register.go index 2082688a..dae9108d 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/register.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &CredentialIssuerConfig{}, - &CredentialIssuerConfigList{}, + &CredentialIssuer{}, + &CredentialIssuerList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go similarity index 80% rename from generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go rename to generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go index e751be02..20e3bf08 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -25,17 +25,17 @@ const ( ) // Status of a credential issuer. -type CredentialIssuerConfigStatus struct { +type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. - Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional - KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. -type CredentialIssuerConfigKubeConfigInfo struct { +type CredentialIssuerKubeConfigInfo struct { // The K8s API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` @@ -47,7 +47,7 @@ type CredentialIssuerConfigKubeConfigInfo struct { } // Status of an integration strategy that was attempted by Pinniped. -type CredentialIssuerConfigStrategy struct { +type CredentialIssuerStrategy struct { // Type of integration attempted. Type StrategyType `json:"type"` @@ -68,22 +68,21 @@ type CredentialIssuerConfigStrategy struct { // Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=cic -type CredentialIssuerConfig struct { +type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Status of the credential issuer. - Status CredentialIssuerConfigStatus `json:"status"` + Status CredentialIssuerStatus `json:"status"` } -// List of CredentialIssuerConfig objects. +// List of CredentialIssuer objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type CredentialIssuerConfigList struct { +type CredentialIssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []CredentialIssuerConfig `json:"items"` + Items []CredentialIssuer `json:"items"` } diff --git a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 4e72d35d..ef9877e8 100644 --- a/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -12,7 +12,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfig) DeepCopyInto(out *CredentialIssuerConfig) { +func (in *CredentialIssuer) DeepCopyInto(out *CredentialIssuer) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -20,18 +20,18 @@ func (in *CredentialIssuerConfig) DeepCopyInto(out *CredentialIssuerConfig) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfig. -func (in *CredentialIssuerConfig) DeepCopy() *CredentialIssuerConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuer. +func (in *CredentialIssuer) DeepCopy() *CredentialIssuer { if in == nil { return nil } - out := new(CredentialIssuerConfig) + out := new(CredentialIssuer) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialIssuerConfig) DeepCopyObject() runtime.Object { +func (in *CredentialIssuer) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -39,29 +39,29 @@ func (in *CredentialIssuerConfig) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigKubeConfigInfo) DeepCopyInto(out *CredentialIssuerConfigKubeConfigInfo) { +func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigKubeConfigInfo. -func (in *CredentialIssuerConfigKubeConfigInfo) DeepCopy() *CredentialIssuerConfigKubeConfigInfo { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerKubeConfigInfo. +func (in *CredentialIssuerKubeConfigInfo) DeepCopy() *CredentialIssuerKubeConfigInfo { if in == nil { return nil } - out := new(CredentialIssuerConfigKubeConfigInfo) + out := new(CredentialIssuerKubeConfigInfo) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigList) DeepCopyInto(out *CredentialIssuerConfigList) { +func (in *CredentialIssuerList) DeepCopyInto(out *CredentialIssuerList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]CredentialIssuerConfig, len(*in)) + *out = make([]CredentialIssuer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -69,18 +69,18 @@ func (in *CredentialIssuerConfigList) DeepCopyInto(out *CredentialIssuerConfigLi return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigList. -func (in *CredentialIssuerConfigList) DeepCopy() *CredentialIssuerConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerList. +func (in *CredentialIssuerList) DeepCopy() *CredentialIssuerList { if in == nil { return nil } - out := new(CredentialIssuerConfigList) + out := new(CredentialIssuerList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialIssuerConfigList) DeepCopyObject() runtime.Object { +func (in *CredentialIssuerList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -88,46 +88,46 @@ func (in *CredentialIssuerConfigList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigStatus) DeepCopyInto(out *CredentialIssuerConfigStatus) { +func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = *in if in.Strategies != nil { in, out := &in.Strategies, &out.Strategies - *out = make([]CredentialIssuerConfigStrategy, len(*in)) + *out = make([]CredentialIssuerStrategy, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.KubeConfigInfo != nil { in, out := &in.KubeConfigInfo, &out.KubeConfigInfo - *out = new(CredentialIssuerConfigKubeConfigInfo) + *out = new(CredentialIssuerKubeConfigInfo) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigStatus. -func (in *CredentialIssuerConfigStatus) DeepCopy() *CredentialIssuerConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStatus. +func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { if in == nil { return nil } - out := new(CredentialIssuerConfigStatus) + out := new(CredentialIssuerStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigStrategy) DeepCopyInto(out *CredentialIssuerConfigStrategy) { +func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigStrategy. -func (in *CredentialIssuerConfigStrategy) DeepCopy() *CredentialIssuerConfigStrategy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStrategy. +func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { if in == nil { return nil } - out := new(CredentialIssuerConfigStrategy) + out := new(CredentialIssuerStrategy) in.DeepCopyInto(out) return out } diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/register.go b/generated/1.18/apis/supervisor/config/v1alpha1/register.go index 9195c5aa..458ffe35 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/register.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProviderConfig{}, - &OIDCProviderConfigList{}, + &OIDCProvider{}, + &OIDCProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go b/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go similarity index 51% rename from generated/1.17/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go rename to generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go index a2dc9cbc..fd05127e 100644 --- a/generated/1.17/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/types_oidcprovider.go @@ -9,17 +9,40 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid -type OIDCProviderStatus string +type OIDCProviderStatusCondition string const ( - SuccessOIDCProviderStatus = OIDCProviderStatus("Success") - DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatus = OIDCProviderStatus("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") + SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") + DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") ) -// OIDCProviderConfigSpec is a struct that describes an OIDC Provider. -type OIDCProviderConfigSpec struct { +// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type OIDCProviderTLSSpec struct { + // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use + // for TLS. + // + // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + // + // SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. + // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same + // SecretName value even if they have different port numbers. + // + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an + // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // use the default TLS certificate, which is configured elsewhere. + // + // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. + // + // +optional + SecretName string `json:"secretName,omitempty"` +} + +// OIDCProviderSpec is a struct that describes an OIDC Provider. +type OIDCProviderSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -31,35 +54,17 @@ type OIDCProviderConfigSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, - // which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. - // When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that - // contain the certificate and private key to use for TLS. - // - // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - // - // SNICertificateSecretName is required if you would like to use different TLS certificates for - // issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same - // DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - // - // SNICertificateSecretName is not required when you would like to use only the - // HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you - // would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, - // which is configured elsewhere. - // - // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work - // for IP addresses. - // + // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). // +optional - SNICertificateSecretName string `json:"sniCertificateSecretName,omitempty"` + TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` } -// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderConfigStatus struct { +// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatus `json:"status,omitempty"` + Status OIDCProviderStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -78,27 +83,25 @@ type OIDCProviderConfigStatus struct { JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"` } -// OIDCProviderConfig describes the configuration of an OIDC provider. +// OIDCProvider describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=opc -type OIDCProviderConfig struct { +type OIDCProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"spec"` + Spec OIDCProviderSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderConfigStatus `json:"status,omitempty"` + Status OIDCProviderStatus `json:"status,omitempty"` } -// List of OIDCProviderConfig objects. +// List of OIDCProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type OIDCProviderConfigList struct { +type OIDCProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProviderConfig `json:"items"` + Items []OIDCProvider `json:"items"` } diff --git a/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go index f0a785d3..f208d4d0 100644 --- a/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go @@ -12,27 +12,27 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) { +func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfig. -func (in *OIDCProviderConfig) DeepCopy() *OIDCProviderConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. +func (in *OIDCProvider) DeepCopy() *OIDCProvider { if in == nil { return nil } - out := new(OIDCProviderConfig) + out := new(OIDCProvider) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderConfig) DeepCopyObject() runtime.Object { +func (in *OIDCProvider) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -40,13 +40,13 @@ func (in *OIDCProviderConfig) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigList) DeepCopyInto(out *OIDCProviderConfigList) { +func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]OIDCProviderConfig, len(*in)) + *out = make([]OIDCProvider, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -54,18 +54,18 @@ func (in *OIDCProviderConfigList) DeepCopyInto(out *OIDCProviderConfigList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigList. -func (in *OIDCProviderConfigList) DeepCopy() *OIDCProviderConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderList. +func (in *OIDCProviderList) DeepCopy() *OIDCProviderList { if in == nil { return nil } - out := new(OIDCProviderConfigList) + out := new(OIDCProviderList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderConfigList) DeepCopyObject() runtime.Object { +func (in *OIDCProviderList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -73,23 +73,28 @@ func (in *OIDCProviderConfigList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigSpec) DeepCopyInto(out *OIDCProviderConfigSpec) { +func (in *OIDCProviderSpec) DeepCopyInto(out *OIDCProviderSpec) { *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(OIDCProviderTLSSpec) + **out = **in + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigSpec. -func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSpec. +func (in *OIDCProviderSpec) DeepCopy() *OIDCProviderSpec { if in == nil { return nil } - out := new(OIDCProviderConfigSpec) + out := new(OIDCProviderSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) { +func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { *out = *in if in.LastUpdateTime != nil { in, out := &in.LastUpdateTime, &out.LastUpdateTime @@ -99,12 +104,28 @@ func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus. -func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. +func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { if in == nil { return nil } - out := new(OIDCProviderConfigStatus) + out := new(OIDCProviderStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderTLSSpec) DeepCopyInto(out *OIDCProviderTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderTLSSpec. +func (in *OIDCProviderTLSSpec) DeepCopy() *OIDCProviderTLSSpec { + if in == nil { + return nil + } + out := new(OIDCProviderTLSSpec) in.DeepCopyInto(out) return out } diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go index b7e5402a..1641d31f 100644 --- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - CredentialIssuerConfigsGetter + CredentialIssuersGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.concierge.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) CredentialIssuerConfigs(namespace string) CredentialIssuerConfigInterface { - return newCredentialIssuerConfigs(c, namespace) +func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface { + return newCredentialIssuers(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..71d6849b --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// CredentialIssuersGetter has a method to return a CredentialIssuerInterface. +// A group's client should implement this interface. +type CredentialIssuersGetter interface { + CredentialIssuers(namespace string) CredentialIssuerInterface +} + +// CredentialIssuerInterface has methods to work with CredentialIssuer resources. +type CredentialIssuerInterface interface { + Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (*v1alpha1.CredentialIssuer, error) + Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) + UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.CredentialIssuer, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.CredentialIssuerList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) + CredentialIssuerExpansion +} + +// credentialIssuers implements CredentialIssuerInterface +type credentialIssuers struct { + client rest.Interface + ns string +} + +// newCredentialIssuers returns a CredentialIssuers +func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers { + return &credentialIssuers{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any. +func (c *credentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors. +func (c *credentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.CredentialIssuerList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested credentialIssuers. +func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Post(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(credentialIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(credentialIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(credentialIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(credentialIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(credentialIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs. +func (c *credentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched credentialIssuer. +func (c *credentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 31f283a9..00000000 --- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// CredentialIssuerConfigsGetter has a method to return a CredentialIssuerConfigInterface. -// A group's client should implement this interface. -type CredentialIssuerConfigsGetter interface { - CredentialIssuerConfigs(namespace string) CredentialIssuerConfigInterface -} - -// CredentialIssuerConfigInterface has methods to work with CredentialIssuerConfig resources. -type CredentialIssuerConfigInterface interface { - Create(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.CreateOptions) (*v1alpha1.CredentialIssuerConfig, error) - Update(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuerConfig, error) - UpdateStatus(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuerConfig, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.CredentialIssuerConfig, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.CredentialIssuerConfigList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) - CredentialIssuerConfigExpansion -} - -// credentialIssuerConfigs implements CredentialIssuerConfigInterface -type credentialIssuerConfigs struct { - client rest.Interface - ns string -} - -// newCredentialIssuerConfigs returns a CredentialIssuerConfigs -func newCredentialIssuerConfigs(c *ConfigV1alpha1Client, namespace string) *credentialIssuerConfigs { - return &credentialIssuerConfigs{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the credentialIssuerConfig, and returns the corresponding credentialIssuerConfig object, and an error if there is any. -func (c *credentialIssuerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of CredentialIssuerConfigs that match those selectors. -func (c *credentialIssuerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.CredentialIssuerConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested credentialIssuerConfigs. -func (c *credentialIssuerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a credentialIssuerConfig and creates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *credentialIssuerConfigs) Create(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(credentialIssuerConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a credentialIssuerConfig and updates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *credentialIssuerConfigs) Update(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(credentialIssuerConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(credentialIssuerConfig). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *credentialIssuerConfigs) UpdateStatus(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(credentialIssuerConfig.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(credentialIssuerConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the credentialIssuerConfig and deletes it. Returns an error if one occurs. -func (c *credentialIssuerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *credentialIssuerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched credentialIssuerConfig. -func (c *credentialIssuerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index cdc908e3..9651c6fb 100644 --- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) CredentialIssuerConfigs(namespace string) v1alpha1.CredentialIssuerConfigInterface { - return &FakeCredentialIssuerConfigs{c, namespace} +func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface { + return &FakeCredentialIssuers{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go new file mode 100644 index 00000000..9ad65afd --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCredentialIssuers implements CredentialIssuerInterface +type FakeCredentialIssuers struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"} + +var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuer"} + +// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any. +func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors. +func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.CredentialIssuerList{ListMeta: obj.(*v1alpha1.CredentialIssuerList).ListMeta} + for _, item := range obj.(*v1alpha1.CredentialIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested credentialIssuers. +func (c *FakeCredentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts)) + +} + +// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs. +func (c *FakeCredentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched credentialIssuer. +func (c *FakeCredentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go deleted file mode 100644 index 9439978d..00000000 --- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeCredentialIssuerConfigs implements CredentialIssuerConfigInterface -type FakeCredentialIssuerConfigs struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var credentialissuerconfigsResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuerconfigs"} - -var credentialissuerconfigsKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuerConfig"} - -// Get takes name of the credentialIssuerConfig, and returns the corresponding credentialIssuerConfig object, and an error if there is any. -func (c *FakeCredentialIssuerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(credentialissuerconfigsResource, c.ns, name), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// List takes label and field selectors, and returns the list of CredentialIssuerConfigs that match those selectors. -func (c *FakeCredentialIssuerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerConfigList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(credentialissuerconfigsResource, credentialissuerconfigsKind, c.ns, opts), &v1alpha1.CredentialIssuerConfigList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.CredentialIssuerConfigList{ListMeta: obj.(*v1alpha1.CredentialIssuerConfigList).ListMeta} - for _, item := range obj.(*v1alpha1.CredentialIssuerConfigList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested credentialIssuerConfigs. -func (c *FakeCredentialIssuerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(credentialissuerconfigsResource, c.ns, opts)) - -} - -// Create takes the representation of a credentialIssuerConfig and creates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *FakeCredentialIssuerConfigs) Create(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(credentialissuerconfigsResource, c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// Update takes the representation of a credentialIssuerConfig and updates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *FakeCredentialIssuerConfigs) Update(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(credentialissuerconfigsResource, c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeCredentialIssuerConfigs) UpdateStatus(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuerConfig, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(credentialissuerconfigsResource, "status", c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// Delete takes name of the credentialIssuerConfig and deletes it. Returns an error if one occurs. -func (c *FakeCredentialIssuerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(credentialissuerconfigsResource, c.ns, name), &v1alpha1.CredentialIssuerConfig{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeCredentialIssuerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(credentialissuerconfigsResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerConfigList{}) - return err -} - -// Patch applies the patch and returns the patched credentialIssuerConfig. -func (c *FakeCredentialIssuerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(credentialissuerconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 61507202..f2906a0c 100644 --- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type CredentialIssuerConfigExpansion interface{} +type CredentialIssuerExpansion interface{} diff --git a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..8ff1edd6 --- /dev/null +++ b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// CredentialIssuerInformer provides access to a shared informer and lister for +// CredentialIssuers. +type CredentialIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.CredentialIssuerLister +} + +type credentialIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CredentialIssuers(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(context.TODO(), options) + }, + }, + &configv1alpha1.CredentialIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.CredentialIssuer{}, f.defaultInformer) +} + +func (f *credentialIssuerInformer) Lister() v1alpha1.CredentialIssuerLister { + return v1alpha1.NewCredentialIssuerLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 319cf1a0..00000000 --- a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// CredentialIssuerConfigInformer provides access to a shared informer and lister for -// CredentialIssuerConfigs. -type CredentialIssuerConfigInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.CredentialIssuerConfigLister -} - -type credentialIssuerConfigInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCredentialIssuerConfigInformer constructs a new informer for CredentialIssuerConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCredentialIssuerConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCredentialIssuerConfigInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCredentialIssuerConfigInformer constructs a new informer for CredentialIssuerConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCredentialIssuerConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().CredentialIssuerConfigs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().CredentialIssuerConfigs(namespace).Watch(context.TODO(), options) - }, - }, - &configv1alpha1.CredentialIssuerConfig{}, - resyncPeriod, - indexers, - ) -} - -func (f *credentialIssuerConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCredentialIssuerConfigInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *credentialIssuerConfigInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.CredentialIssuerConfig{}, f.defaultInformer) -} - -func (f *credentialIssuerConfigInformer) Lister() v1alpha1.CredentialIssuerConfigLister { - return v1alpha1.NewCredentialIssuerConfigLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go index d98212b6..1b72f8eb 100644 --- a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // CredentialIssuerConfigs returns a CredentialIssuerConfigInformer. - CredentialIssuerConfigs() CredentialIssuerConfigInformer + // CredentialIssuers returns a CredentialIssuerInformer. + CredentialIssuers() CredentialIssuerInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// CredentialIssuerConfigs returns a CredentialIssuerConfigInformer. -func (v *version) CredentialIssuerConfigs() CredentialIssuerConfigInformer { - return &credentialIssuerConfigInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// CredentialIssuers returns a CredentialIssuerInformer. +func (v *version) CredentialIssuers() CredentialIssuerInformer { + return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.18/client/concierge/informers/externalversions/generic.go b/generated/1.18/client/concierge/informers/externalversions/generic.go index 07331682..89a09692 100644 --- a/generated/1.18/client/concierge/informers/externalversions/generic.go +++ b/generated/1.18/client/concierge/informers/externalversions/generic.go @@ -46,8 +46,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().WebhookAuthenticators().Informer()}, nil // Group=config.concierge.pinniped.dev, Version=v1alpha1 - case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil + case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil // Group=login.concierge.pinniped.dev, Version=v1alpha1 case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): diff --git a/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuer.go b/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..ac4745f7 --- /dev/null +++ b/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuer.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CredentialIssuerLister helps list CredentialIssuers. +type CredentialIssuerLister interface { + // List lists all CredentialIssuers in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) + // CredentialIssuers returns an object that can list and get CredentialIssuers. + CredentialIssuers(namespace string) CredentialIssuerNamespaceLister + CredentialIssuerListerExpansion +} + +// credentialIssuerLister implements the CredentialIssuerLister interface. +type credentialIssuerLister struct { + indexer cache.Indexer +} + +// NewCredentialIssuerLister returns a new CredentialIssuerLister. +func NewCredentialIssuerLister(indexer cache.Indexer) CredentialIssuerLister { + return &credentialIssuerLister{indexer: indexer} +} + +// List lists all CredentialIssuers in the indexer. +func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.CredentialIssuer)) + }) + return ret, err +} + +// CredentialIssuers returns an object that can list and get CredentialIssuers. +func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister { + return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CredentialIssuerNamespaceLister helps list and get CredentialIssuers. +type CredentialIssuerNamespaceLister interface { + // List lists all CredentialIssuers in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) + // Get retrieves the CredentialIssuer from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.CredentialIssuer, error) + CredentialIssuerNamespaceListerExpansion +} + +// credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister +// interface. +type credentialIssuerNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all CredentialIssuers in the indexer for a given namespace. +func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.CredentialIssuer)) + }) + return ret, err +} + +// Get retrieves the CredentialIssuer from the indexer for a given namespace and name. +func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuer"), name) + } + return obj.(*v1alpha1.CredentialIssuer), nil +} diff --git a/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go b/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 94bc25cd..00000000 --- a/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CredentialIssuerConfigLister helps list CredentialIssuerConfigs. -type CredentialIssuerConfigLister interface { - // List lists all CredentialIssuerConfigs in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) - // CredentialIssuerConfigs returns an object that can list and get CredentialIssuerConfigs. - CredentialIssuerConfigs(namespace string) CredentialIssuerConfigNamespaceLister - CredentialIssuerConfigListerExpansion -} - -// credentialIssuerConfigLister implements the CredentialIssuerConfigLister interface. -type credentialIssuerConfigLister struct { - indexer cache.Indexer -} - -// NewCredentialIssuerConfigLister returns a new CredentialIssuerConfigLister. -func NewCredentialIssuerConfigLister(indexer cache.Indexer) CredentialIssuerConfigLister { - return &credentialIssuerConfigLister{indexer: indexer} -} - -// List lists all CredentialIssuerConfigs in the indexer. -func (s *credentialIssuerConfigLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CredentialIssuerConfig)) - }) - return ret, err -} - -// CredentialIssuerConfigs returns an object that can list and get CredentialIssuerConfigs. -func (s *credentialIssuerConfigLister) CredentialIssuerConfigs(namespace string) CredentialIssuerConfigNamespaceLister { - return credentialIssuerConfigNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CredentialIssuerConfigNamespaceLister helps list and get CredentialIssuerConfigs. -type CredentialIssuerConfigNamespaceLister interface { - // List lists all CredentialIssuerConfigs in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) - // Get retrieves the CredentialIssuerConfig from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.CredentialIssuerConfig, error) - CredentialIssuerConfigNamespaceListerExpansion -} - -// credentialIssuerConfigNamespaceLister implements the CredentialIssuerConfigNamespaceLister -// interface. -type credentialIssuerConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CredentialIssuerConfigs in the indexer for a given namespace. -func (s credentialIssuerConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CredentialIssuerConfig)) - }) - return ret, err -} - -// Get retrieves the CredentialIssuerConfig from the indexer for a given namespace and name. -func (s credentialIssuerConfigNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuerConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuerconfig"), name) - } - return obj.(*v1alpha1.CredentialIssuerConfig), nil -} diff --git a/generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go b/generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go index 68c725a9..e5a0b56a 100644 --- a/generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// CredentialIssuerConfigListerExpansion allows custom methods to be added to -// CredentialIssuerConfigLister. -type CredentialIssuerConfigListerExpansion interface{} +// CredentialIssuerListerExpansion allows custom methods to be added to +// CredentialIssuerLister. +type CredentialIssuerListerExpansion interface{} -// CredentialIssuerConfigNamespaceListerExpansion allows custom methods to be added to -// CredentialIssuerConfigNamespaceLister. -type CredentialIssuerConfigNamespaceListerExpansion interface{} +// CredentialIssuerNamespaceListerExpansion allows custom methods to be added to +// CredentialIssuerNamespaceLister. +type CredentialIssuerNamespaceListerExpansion interface{} diff --git a/generated/1.18/client/concierge/openapi/zz_generated.openapi.go b/generated/1.18/client/concierge/openapi/zz_generated.openapi.go index 24e969c7..780e2a1f 100644 --- a/generated/1.18/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/concierge/openapi/zz_generated.openapi.go @@ -17,73 +17,73 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfig": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigList": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStrategy(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestSpec": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref), - "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestStatus": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestStatus(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuer": schema_apis_concierge_config_v1alpha1_CredentialIssuer(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo": schema_apis_concierge_config_v1alpha1_CredentialIssuerKubeConfigInfo(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerList": schema_apis_concierge_config_v1alpha1_CredentialIssuerList(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerStatus": schema_apis_concierge_config_v1alpha1_CredentialIssuerStatus(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerStrategy": schema_apis_concierge_config_v1alpha1_CredentialIssuerStrategy(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestSpec": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestStatus": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestStatus(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), } } @@ -325,7 +325,7 @@ func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(re } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuer(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -353,7 +353,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.Ref "status": { SchemaProps: spec.SchemaProps{ Description: "Status of the credential issuer.", - Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerStatus"), }, }, }, @@ -361,11 +361,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.Ref }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerKubeConfigInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -393,7 +393,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo( } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -424,7 +424,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfig"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuer"), }, }, }, @@ -435,11 +435,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -453,7 +453,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerStrategy"), }, }, }, @@ -462,7 +462,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", - Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo"), }, }, }, @@ -470,11 +470,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo", "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy"}, + "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo", "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1.CredentialIssuerStrategy"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go index cdc45a61..0540919f 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - OIDCProviderConfigsGetter + OIDCProvidersGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) OIDCProviderConfigs(namespace string) OIDCProviderConfigInterface { - return newOIDCProviderConfigs(c, namespace) +func (c *ConfigV1alpha1Client) OIDCProviders(namespace string) OIDCProviderInterface { + return newOIDCProviders(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index bc14851c..8fbe3864 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) OIDCProviderConfigs(namespace string) v1alpha1.OIDCProviderConfigInterface { - return &FakeOIDCProviderConfigs{c, namespace} +func (c *FakeConfigV1alpha1) OIDCProviders(namespace string) v1alpha1.OIDCProviderInterface { + return &FakeOIDCProviders{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go new file mode 100644 index 00000000..e156e6a1 --- /dev/null +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOIDCProviders implements OIDCProviderInterface +type FakeOIDCProviders struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var oidcprovidersResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviders"} + +var oidcprovidersKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProvider"} + +// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. +func (c *FakeOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. +func (c *FakeOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(oidcprovidersResource, oidcprovidersKind, c.ns, opts), &v1alpha1.OIDCProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.OIDCProviderList{ListMeta: obj.(*v1alpha1.OIDCProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.OIDCProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested oIDCProviders. +func (c *FakeOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(oidcprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *FakeOIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *FakeOIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcprovidersResource, "status", c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. +func (c *FakeOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(oidcprovidersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderList{}) + return err +} + +// Patch applies the patch and returns the patched oIDCProvider. +func (c *FakeOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(oidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go deleted file mode 100644 index 4336db6f..00000000 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeOIDCProviderConfigs implements OIDCProviderConfigInterface -type FakeOIDCProviderConfigs struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var oidcproviderconfigsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviderconfigs"} - -var oidcproviderconfigsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProviderConfig"} - -// Get takes name of the oIDCProviderConfig, and returns the corresponding oIDCProviderConfig object, and an error if there is any. -func (c *FakeOIDCProviderConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(oidcproviderconfigsResource, c.ns, name), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// List takes label and field selectors, and returns the list of OIDCProviderConfigs that match those selectors. -func (c *FakeOIDCProviderConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderConfigList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(oidcproviderconfigsResource, oidcproviderconfigsKind, c.ns, opts), &v1alpha1.OIDCProviderConfigList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.OIDCProviderConfigList{ListMeta: obj.(*v1alpha1.OIDCProviderConfigList).ListMeta} - for _, item := range obj.(*v1alpha1.OIDCProviderConfigList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested oIDCProviderConfigs. -func (c *FakeOIDCProviderConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(oidcproviderconfigsResource, c.ns, opts)) - -} - -// Create takes the representation of a oIDCProviderConfig and creates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *FakeOIDCProviderConfigs) Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(oidcproviderconfigsResource, c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// Update takes the representation of a oIDCProviderConfig and updates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *FakeOIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(oidcproviderconfigsResource, c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. -func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(oidcproviderconfigsResource, c.ns, name), &v1alpha1.OIDCProviderConfig{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeOIDCProviderConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(oidcproviderconfigsResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderConfigList{}) - return err -} - -// Patch applies the patch and returns the patched oIDCProviderConfig. -func (c *FakeOIDCProviderConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(oidcproviderconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index ec834b7c..09541c9a 100644 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type OIDCProviderConfigExpansion interface{} +type OIDCProviderExpansion interface{} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..a70472b5 --- /dev/null +++ b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// OIDCProvidersGetter has a method to return a OIDCProviderInterface. +// A group's client should implement this interface. +type OIDCProvidersGetter interface { + OIDCProviders(namespace string) OIDCProviderInterface +} + +// OIDCProviderInterface has methods to work with OIDCProvider resources. +type OIDCProviderInterface interface { + Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (*v1alpha1.OIDCProvider, error) + Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) + UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProvider, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCProviderList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) + OIDCProviderExpansion +} + +// oIDCProviders implements OIDCProviderInterface +type oIDCProviders struct { + client rest.Interface + ns string +} + +// newOIDCProviders returns a OIDCProviders +func newOIDCProviders(c *ConfigV1alpha1Client, namespace string) *oIDCProviders { + return &oIDCProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. +func (c *oIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. +func (c *oIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.OIDCProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested oIDCProviders. +func (c *oIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *oIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProvider). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *oIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(oIDCProvider.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProvider). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *oIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(oIDCProvider.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProvider). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. +func (c *oIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *oIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched oIDCProvider. +func (c *oIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go b/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index 8a9ede8d..00000000 --- a/generated/1.18/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// OIDCProviderConfigsGetter has a method to return a OIDCProviderConfigInterface. -// A group's client should implement this interface. -type OIDCProviderConfigsGetter interface { - OIDCProviderConfigs(namespace string) OIDCProviderConfigInterface -} - -// OIDCProviderConfigInterface has methods to work with OIDCProviderConfig resources. -type OIDCProviderConfigInterface interface { - Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error) - Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) - UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCProviderConfigList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) - OIDCProviderConfigExpansion -} - -// oIDCProviderConfigs implements OIDCProviderConfigInterface -type oIDCProviderConfigs struct { - client rest.Interface - ns string -} - -// newOIDCProviderConfigs returns a OIDCProviderConfigs -func newOIDCProviderConfigs(c *ConfigV1alpha1Client, namespace string) *oIDCProviderConfigs { - return &oIDCProviderConfigs{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the oIDCProviderConfig, and returns the corresponding oIDCProviderConfig object, and an error if there is any. -func (c *oIDCProviderConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of OIDCProviderConfigs that match those selectors. -func (c *oIDCProviderConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.OIDCProviderConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested oIDCProviderConfigs. -func (c *oIDCProviderConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a oIDCProviderConfig and creates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *oIDCProviderConfigs) Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProviderConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a oIDCProviderConfig and updates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *oIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(oIDCProviderConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProviderConfig). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *oIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(oIDCProviderConfig.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProviderConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. -func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *oIDCProviderConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched oIDCProviderConfig. -func (c *oIDCProviderConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go index 9a24ac01..b3397b2a 100644 --- a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // OIDCProviderConfigs returns a OIDCProviderConfigInformer. - OIDCProviderConfigs() OIDCProviderConfigInformer + // OIDCProviders returns a OIDCProviderInformer. + OIDCProviders() OIDCProviderInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// OIDCProviderConfigs returns a OIDCProviderConfigInformer. -func (v *version) OIDCProviderConfigs() OIDCProviderConfigInformer { - return &oIDCProviderConfigInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// OIDCProviders returns a OIDCProviderInformer. +func (v *version) OIDCProviders() OIDCProviderInformer { + return &oIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..a19446c4 --- /dev/null +++ b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// OIDCProviderInformer provides access to a shared informer and lister for +// OIDCProviders. +type OIDCProviderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.OIDCProviderLister +} + +type oIDCProviderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewOIDCProviderInformer constructs a new informer for OIDCProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredOIDCProviderInformer constructs a new informer for OIDCProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().OIDCProviders(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().OIDCProviders(namespace).Watch(context.TODO(), options) + }, + }, + &configv1alpha1.OIDCProvider{}, + resyncPeriod, + indexers, + ) +} + +func (f *oIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *oIDCProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.OIDCProvider{}, f.defaultInformer) +} + +func (f *oIDCProviderInformer) Lister() v1alpha1.OIDCProviderLister { + return v1alpha1.NewOIDCProviderLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go b/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index ed147534..00000000 --- a/generated/1.18/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.18/client/supervisor/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.18/client/supervisor/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.18/client/supervisor/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// OIDCProviderConfigInformer provides access to a shared informer and lister for -// OIDCProviderConfigs. -type OIDCProviderConfigInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.OIDCProviderConfigLister -} - -type oIDCProviderConfigInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewOIDCProviderConfigInformer constructs a new informer for OIDCProviderConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewOIDCProviderConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredOIDCProviderConfigInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredOIDCProviderConfigInformer constructs a new informer for OIDCProviderConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredOIDCProviderConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviderConfigs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Watch(context.TODO(), options) - }, - }, - &configv1alpha1.OIDCProviderConfig{}, - resyncPeriod, - indexers, - ) -} - -func (f *oIDCProviderConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredOIDCProviderConfigInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *oIDCProviderConfigInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.OIDCProviderConfig{}, f.defaultInformer) -} - -func (f *oIDCProviderConfigInformer) Lister() v1alpha1.OIDCProviderConfigLister { - return v1alpha1.NewOIDCProviderConfigLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.18/client/supervisor/informers/externalversions/generic.go b/generated/1.18/client/supervisor/informers/externalversions/generic.go index 858d01b5..d9cb0928 100644 --- a/generated/1.18/client/supervisor/informers/externalversions/generic.go +++ b/generated/1.18/client/supervisor/informers/externalversions/generic.go @@ -40,8 +40,8 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=config.supervisor.pinniped.dev, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("oidcproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviders().Informer()}, nil } diff --git a/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go b/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go index 8b7b04e0..3d2b7e22 100644 --- a/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.18/client/supervisor/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// OIDCProviderConfigListerExpansion allows custom methods to be added to -// OIDCProviderConfigLister. -type OIDCProviderConfigListerExpansion interface{} +// OIDCProviderListerExpansion allows custom methods to be added to +// OIDCProviderLister. +type OIDCProviderListerExpansion interface{} -// OIDCProviderConfigNamespaceListerExpansion allows custom methods to be added to -// OIDCProviderConfigNamespaceLister. -type OIDCProviderConfigNamespaceListerExpansion interface{} +// OIDCProviderNamespaceListerExpansion allows custom methods to be added to +// OIDCProviderNamespaceLister. +type OIDCProviderNamespaceListerExpansion interface{} diff --git a/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go b/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..f93e49f7 --- /dev/null +++ b/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcprovider.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OIDCProviderLister helps list OIDCProviders. +type OIDCProviderLister interface { + // List lists all OIDCProviders in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) + // OIDCProviders returns an object that can list and get OIDCProviders. + OIDCProviders(namespace string) OIDCProviderNamespaceLister + OIDCProviderListerExpansion +} + +// oIDCProviderLister implements the OIDCProviderLister interface. +type oIDCProviderLister struct { + indexer cache.Indexer +} + +// NewOIDCProviderLister returns a new OIDCProviderLister. +func NewOIDCProviderLister(indexer cache.Indexer) OIDCProviderLister { + return &oIDCProviderLister{indexer: indexer} +} + +// List lists all OIDCProviders in the indexer. +func (s *oIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCProvider)) + }) + return ret, err +} + +// OIDCProviders returns an object that can list and get OIDCProviders. +func (s *oIDCProviderLister) OIDCProviders(namespace string) OIDCProviderNamespaceLister { + return oIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OIDCProviderNamespaceLister helps list and get OIDCProviders. +type OIDCProviderNamespaceLister interface { + // List lists all OIDCProviders in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) + // Get retrieves the OIDCProvider from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.OIDCProvider, error) + OIDCProviderNamespaceListerExpansion +} + +// oIDCProviderNamespaceLister implements the OIDCProviderNamespaceLister +// interface. +type oIDCProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all OIDCProviders in the indexer for a given namespace. +func (s oIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCProvider)) + }) + return ret, err +} + +// Get retrieves the OIDCProvider from the indexer for a given namespace and name. +func (s oIDCProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("oidcprovider"), name) + } + return obj.(*v1alpha1.OIDCProvider), nil +} diff --git a/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go b/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index f8bf0cc4..00000000 --- a/generated/1.18/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// OIDCProviderConfigLister helps list OIDCProviderConfigs. -type OIDCProviderConfigLister interface { - // List lists all OIDCProviderConfigs in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) - // OIDCProviderConfigs returns an object that can list and get OIDCProviderConfigs. - OIDCProviderConfigs(namespace string) OIDCProviderConfigNamespaceLister - OIDCProviderConfigListerExpansion -} - -// oIDCProviderConfigLister implements the OIDCProviderConfigLister interface. -type oIDCProviderConfigLister struct { - indexer cache.Indexer -} - -// NewOIDCProviderConfigLister returns a new OIDCProviderConfigLister. -func NewOIDCProviderConfigLister(indexer cache.Indexer) OIDCProviderConfigLister { - return &oIDCProviderConfigLister{indexer: indexer} -} - -// List lists all OIDCProviderConfigs in the indexer. -func (s *oIDCProviderConfigLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProviderConfig)) - }) - return ret, err -} - -// OIDCProviderConfigs returns an object that can list and get OIDCProviderConfigs. -func (s *oIDCProviderConfigLister) OIDCProviderConfigs(namespace string) OIDCProviderConfigNamespaceLister { - return oIDCProviderConfigNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// OIDCProviderConfigNamespaceLister helps list and get OIDCProviderConfigs. -type OIDCProviderConfigNamespaceLister interface { - // List lists all OIDCProviderConfigs in the indexer for a given namespace. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) - // Get retrieves the OIDCProviderConfig from the indexer for a given namespace and name. - Get(name string) (*v1alpha1.OIDCProviderConfig, error) - OIDCProviderConfigNamespaceListerExpansion -} - -// oIDCProviderConfigNamespaceLister implements the OIDCProviderConfigNamespaceLister -// interface. -type oIDCProviderConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all OIDCProviderConfigs in the indexer for a given namespace. -func (s oIDCProviderConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProviderConfig)) - }) - return ret, err -} - -// Get retrieves the OIDCProviderConfig from the indexer for a given namespace and name. -func (s oIDCProviderConfigNamespaceLister) Get(name string) (*v1alpha1.OIDCProviderConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("oidcproviderconfig"), name) - } - return obj.(*v1alpha1.OIDCProviderConfig), nil -} diff --git a/generated/1.18/client/supervisor/openapi/zz_generated.openapi.go b/generated/1.18/client/supervisor/openapi/zz_generated.openapi.go index 21d14d61..9c840d1d 100644 --- a/generated/1.18/client/supervisor/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/supervisor/openapi/zz_generated.openapi.go @@ -17,69 +17,70 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfig": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref), - "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigList": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref), - "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref), - "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProvider": schema_apis_supervisor_config_v1alpha1_OIDCProvider(ref), + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderList": schema_apis_supervisor_config_v1alpha1_OIDCProviderList(ref), + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderSpec(ref), + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderStatus": schema_apis_supervisor_config_v1alpha1_OIDCProviderStatus(ref), + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderTLSSpec(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfig describes the configuration of an OIDC provider.", + Description: "OIDCProvider describes the configuration of an OIDC provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -104,13 +105,13 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.Refere "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec of the OIDC provider.", - Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status of the OIDC provider.", - Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderStatus"), }, }, }, @@ -118,15 +119,16 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.Refere }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderSpec", "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "List of OIDCProvider objects.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { SchemaProps: spec.SchemaProps{ @@ -153,7 +155,7 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.Re Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfig"), + Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProvider"), }, }, }, @@ -164,15 +166,15 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.Re }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfigSpec is a struct that describes an OIDC Provider.", + Description: "OIDCProviderSpec is a struct that describes an OIDC Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "issuer": { @@ -182,25 +184,26 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref common.Re Format: "", }, }, - "sniCertificateSecretName": { + "tls": { SchemaProps: spec.SchemaProps{ - Description: "SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.\n\nServer Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.\n\nSNICertificateSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers.\n\nSNICertificateSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.\n\nWhen your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.", - Type: []string{"string"}, - Format: "", + Description: "TLS configures how this OIDCProvider is served over Transport Layer Security (TLS).", + Ref: ref("go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec"), }, }, }, Required: []string{"issuer"}, }, }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.18/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.", + Description: "OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "status": { @@ -237,6 +240,26 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref common. } } +func schema_apis_supervisor_config_v1alpha1_OIDCProviderTLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "secretName": { + SchemaProps: spec.SchemaProps{ + Description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.\n\nServer Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.\n\nSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.\n\nSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.\n\nWhen your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/deploy/concierge/config.concierge.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml similarity index 94% rename from deploy/concierge/config.concierge.pinniped.dev_credentialissuerconfigs.yaml rename to generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 97af12c0..430bf649 100644 --- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuerconfigs.yaml +++ b/generated/1.18/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -6,16 +6,14 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: credentialissuerconfigs.config.concierge.pinniped.dev + name: credentialissuers.config.concierge.pinniped.dev spec: group: config.concierge.pinniped.dev names: - kind: CredentialIssuerConfig - listKind: CredentialIssuerConfigList - plural: credentialissuerconfigs - shortNames: - - cic - singular: credentialissuerconfig + kind: CredentialIssuer + listKind: CredentialIssuerList + plural: credentialissuers + singular: credentialissuer scope: Namespaced versions: - name: v1alpha1 diff --git a/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml b/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml similarity index 64% rename from generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml rename to generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml index a04e97ce..9ffea8c7 100644 --- a/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml +++ b/generated/1.18/crds/config.supervisor.pinniped.dev_oidcproviders.yaml @@ -6,22 +6,20 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviderconfigs.config.supervisor.pinniped.dev + name: oidcproviders.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: - kind: OIDCProviderConfig - listKind: OIDCProviderConfigList - plural: oidcproviderconfigs - shortNames: - - opc - singular: oidcproviderconfig + kind: OIDCProvider + listKind: OIDCProviderList + plural: oidcproviders + singular: oidcprovider scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProviderConfig describes the configuration of an OIDC provider. + description: OIDCProvider describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -49,26 +47,32 @@ spec: for more information." minLength: 1 type: string - sniCertificateSecretName: - description: "SNICertificateSecretName is an optional name of a Secret - in the same namespace, of type `kubernetes.io/tls`, which contains - the TLS serving certificate for the HTTPS endpoints served by this - OIDC Provider. When provided, the TLS Secret named here must contain - keys named `tls.crt` and `tls.key` that contain the certificate - and private key to use for TLS. \n Server Name Indication (SNI) - is an extension to the Transport Layer Security (TLS) supported - by all major browsers. \n SNICertificateSecretName is required if - you would like to use different TLS certificates for issuers of - different hostnames. SNI requests do not include port numbers, so - all issuers with the same DNS hostname must use the same SNICertificateSecretName - value even if they have different port numbers. \n SNICertificateSecretName - is not required when you would like to use only the HTTP endpoints - (e.g. when terminating TLS at an Ingress). It is also not required - when you would like all requests to this OIDC Provider's HTTPS endpoints - to use the default TLS certificate, which is configured elsewhere. - \n When your Issuer URL's host is an IP address, then this field - is ignored. SNI does not work for IP addresses." - type: string + tls: + description: TLS configures how this OIDCProvider is served over Transport + Layer Security (TLS). + properties: + secretName: + description: "SecretName is an optional name of a Secret in the + same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the HTTPS endpoints served by + this OIDCProvider. When provided, the TLS Secret named here + must contain keys named `tls.crt` and `tls.key` that contain + the certificate and private key to use for TLS. \n Server Name + Indication (SNI) is an extension to the Transport Layer Security + (TLS) supported by all major browsers. \n SecretName is required + if you would like to use different TLS certificates for issuers + of different hostnames. SNI requests do not include port numbers, + so all issuers with the same DNS hostname must use the same + SecretName value even if they have different port numbers. \n + SecretName is not required when you would like to use only the + HTTP endpoints (e.g. when terminating TLS at an Ingress). It + is also not required when you would like all requests to this + OIDC Provider's HTTPS endpoints to use the default TLS certificate, + which is configured elsewhere. \n When your Issuer URL's host + is an IP address, then this field is ignored. SNI does not work + for IP addresses." + type: string + type: object required: - issuer type: object diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index ed4c6ab7..92a2e83f 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -131,14 +131,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfig"] -==== CredentialIssuerConfig +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuer"] +==== CredentialIssuer .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfiglist[$$CredentialIssuerConfigList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerlist[$$CredentialIssuerList$$] **** [cols="25a,75a", options="header"] @@ -146,18 +146,18 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$]__ | Status of the credential issuer. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigkubeconfiginfo"] -==== CredentialIssuerConfigKubeConfigInfo +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo"] +==== CredentialIssuerKubeConfigInfo .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] **** [cols="25a,75a", options="header"] @@ -170,32 +170,32 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge configuration -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigstatus"] -==== CredentialIssuerConfigStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstatus"] +==== CredentialIssuerStatus Status of a credential issuer. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfig[$$CredentialIssuerConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuer[$$CredentialIssuer$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. -| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. +| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstrategy[$$CredentialIssuerStrategy$$] array__ | List of integration strategies that were attempted by Pinniped. +| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerkubeconfiginfo[$$CredentialIssuerKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigstrategy"] -==== CredentialIssuerConfigStrategy +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstrategy"] +==== CredentialIssuerStrategy .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-config-v1alpha1-credentialissuerstatus[$$CredentialIssuerStatus$$] **** [cols="25a,75a", options="header"] @@ -217,14 +217,14 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuratio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfig"] -==== OIDCProviderConfig +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovider"] +==== OIDCProvider -OIDCProviderConfig describes the configuration of an OIDC provider. +OIDCProvider describes the configuration of an OIDC provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfiglist[$$OIDCProviderConfigList$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderlist[$$OIDCProviderList$$] **** [cols="25a,75a", options="header"] @@ -232,21 +232,21 @@ OIDCProviderConfig describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderstatus[$$OIDCProviderStatus$$]__ | Status of the OIDC provider. |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfigspec"] -==== OIDCProviderConfigSpec +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderspec"] +==== OIDCProviderSpec -OIDCProviderConfigSpec is a struct that describes an OIDC Provider. +OIDCProviderSpec is a struct that describes an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] **** [cols="25a,75a", options="header"] @@ -254,34 +254,51 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider. | Field | Description | *`issuer`* __string__ | Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the identifier that it will use for the iss claim in issued JWTs. This field will also be used as the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is https://example.com/foo, then your authorization endpoint will look like https://example.com/foo/some/path/to/auth/endpoint). See https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information. -| *`sniCertificateSecretName`* __string__ | SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. - Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - SNICertificateSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - SNICertificateSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. - When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. +| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovidertlsspec[$$OIDCProviderTLSSpec$$]__ | TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfigstatus"] -==== OIDCProviderConfigStatus +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderstatus"] +==== OIDCProviderStatus -OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. .Appears In: **** -- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovider[$$OIDCProvider$$] **** [cols="25a,75a", options="header"] |=== | Field | Description -| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. +| *`status`* __OIDCProviderStatusCondition__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure. | *`message`* __string__ | Message provides human-readable details about the Status. | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811). | *`jwksSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ | JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcprovidertlsspec"] +==== OIDCProviderTLSSpec + +OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-config-v1alpha1-oidcproviderspec[$$OIDCProviderSpec$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`secretName`* __string__ | SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. + Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers. + SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere. + When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. +|=== + + [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"] === login.concierge.pinniped.dev/v1alpha1 diff --git a/generated/1.19/apis/concierge/config/v1alpha1/register.go b/generated/1.19/apis/concierge/config/v1alpha1/register.go index 2082688a..dae9108d 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/register.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &CredentialIssuerConfig{}, - &CredentialIssuerConfigList{}, + &CredentialIssuer{}, + &CredentialIssuerList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go similarity index 80% rename from generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go rename to generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go index e751be02..20e3bf08 100644 --- a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuerconfig.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go @@ -25,17 +25,17 @@ const ( ) // Status of a credential issuer. -type CredentialIssuerConfigStatus struct { +type CredentialIssuerStatus struct { // List of integration strategies that were attempted by Pinniped. - Strategies []CredentialIssuerConfigStrategy `json:"strategies"` + Strategies []CredentialIssuerStrategy `json:"strategies"` // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. // +optional - KubeConfigInfo *CredentialIssuerConfigKubeConfigInfo `json:"kubeConfigInfo,omitempty"` + KubeConfigInfo *CredentialIssuerKubeConfigInfo `json:"kubeConfigInfo,omitempty"` } // Information needed to form a valid Pinniped-based kubeconfig using this credential issuer. -type CredentialIssuerConfigKubeConfigInfo struct { +type CredentialIssuerKubeConfigInfo struct { // The K8s API server URL. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://|^http://` @@ -47,7 +47,7 @@ type CredentialIssuerConfigKubeConfigInfo struct { } // Status of an integration strategy that was attempted by Pinniped. -type CredentialIssuerConfigStrategy struct { +type CredentialIssuerStrategy struct { // Type of integration attempted. Type StrategyType `json:"type"` @@ -68,22 +68,21 @@ type CredentialIssuerConfigStrategy struct { // Describes the configuration status of a Pinniped credential issuer. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=cic -type CredentialIssuerConfig struct { +type CredentialIssuer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Status of the credential issuer. - Status CredentialIssuerConfigStatus `json:"status"` + Status CredentialIssuerStatus `json:"status"` } -// List of CredentialIssuerConfig objects. +// List of CredentialIssuer objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type CredentialIssuerConfigList struct { +type CredentialIssuerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []CredentialIssuerConfig `json:"items"` + Items []CredentialIssuer `json:"items"` } diff --git a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go index 4e72d35d..ef9877e8 100644 --- a/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go @@ -12,7 +12,7 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfig) DeepCopyInto(out *CredentialIssuerConfig) { +func (in *CredentialIssuer) DeepCopyInto(out *CredentialIssuer) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) @@ -20,18 +20,18 @@ func (in *CredentialIssuerConfig) DeepCopyInto(out *CredentialIssuerConfig) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfig. -func (in *CredentialIssuerConfig) DeepCopy() *CredentialIssuerConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuer. +func (in *CredentialIssuer) DeepCopy() *CredentialIssuer { if in == nil { return nil } - out := new(CredentialIssuerConfig) + out := new(CredentialIssuer) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialIssuerConfig) DeepCopyObject() runtime.Object { +func (in *CredentialIssuer) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -39,29 +39,29 @@ func (in *CredentialIssuerConfig) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigKubeConfigInfo) DeepCopyInto(out *CredentialIssuerConfigKubeConfigInfo) { +func (in *CredentialIssuerKubeConfigInfo) DeepCopyInto(out *CredentialIssuerKubeConfigInfo) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigKubeConfigInfo. -func (in *CredentialIssuerConfigKubeConfigInfo) DeepCopy() *CredentialIssuerConfigKubeConfigInfo { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerKubeConfigInfo. +func (in *CredentialIssuerKubeConfigInfo) DeepCopy() *CredentialIssuerKubeConfigInfo { if in == nil { return nil } - out := new(CredentialIssuerConfigKubeConfigInfo) + out := new(CredentialIssuerKubeConfigInfo) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigList) DeepCopyInto(out *CredentialIssuerConfigList) { +func (in *CredentialIssuerList) DeepCopyInto(out *CredentialIssuerList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]CredentialIssuerConfig, len(*in)) + *out = make([]CredentialIssuer, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -69,18 +69,18 @@ func (in *CredentialIssuerConfigList) DeepCopyInto(out *CredentialIssuerConfigLi return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigList. -func (in *CredentialIssuerConfigList) DeepCopy() *CredentialIssuerConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerList. +func (in *CredentialIssuerList) DeepCopy() *CredentialIssuerList { if in == nil { return nil } - out := new(CredentialIssuerConfigList) + out := new(CredentialIssuerList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialIssuerConfigList) DeepCopyObject() runtime.Object { +func (in *CredentialIssuerList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -88,46 +88,46 @@ func (in *CredentialIssuerConfigList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigStatus) DeepCopyInto(out *CredentialIssuerConfigStatus) { +func (in *CredentialIssuerStatus) DeepCopyInto(out *CredentialIssuerStatus) { *out = *in if in.Strategies != nil { in, out := &in.Strategies, &out.Strategies - *out = make([]CredentialIssuerConfigStrategy, len(*in)) + *out = make([]CredentialIssuerStrategy, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } } if in.KubeConfigInfo != nil { in, out := &in.KubeConfigInfo, &out.KubeConfigInfo - *out = new(CredentialIssuerConfigKubeConfigInfo) + *out = new(CredentialIssuerKubeConfigInfo) **out = **in } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigStatus. -func (in *CredentialIssuerConfigStatus) DeepCopy() *CredentialIssuerConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStatus. +func (in *CredentialIssuerStatus) DeepCopy() *CredentialIssuerStatus { if in == nil { return nil } - out := new(CredentialIssuerConfigStatus) + out := new(CredentialIssuerStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialIssuerConfigStrategy) DeepCopyInto(out *CredentialIssuerConfigStrategy) { +func (in *CredentialIssuerStrategy) DeepCopyInto(out *CredentialIssuerStrategy) { *out = *in in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerConfigStrategy. -func (in *CredentialIssuerConfigStrategy) DeepCopy() *CredentialIssuerConfigStrategy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialIssuerStrategy. +func (in *CredentialIssuerStrategy) DeepCopy() *CredentialIssuerStrategy { if in == nil { return nil } - out := new(CredentialIssuerConfigStrategy) + out := new(CredentialIssuerStrategy) in.DeepCopyInto(out) return out } diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/register.go b/generated/1.19/apis/supervisor/config/v1alpha1/register.go index 9195c5aa..458ffe35 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/register.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/register.go @@ -30,8 +30,8 @@ func init() { // Adds the list of known types to the given scheme. func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, - &OIDCProviderConfig{}, - &OIDCProviderConfigList{}, + &OIDCProvider{}, + &OIDCProviderList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go b/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go similarity index 51% rename from generated/1.19/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go rename to generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go index a2dc9cbc..fd05127e 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcproviderconfig.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/types_oidcprovider.go @@ -9,17 +9,40 @@ import ( ) // +kubebuilder:validation:Enum=Success;Duplicate;Invalid -type OIDCProviderStatus string +type OIDCProviderStatusCondition string const ( - SuccessOIDCProviderStatus = OIDCProviderStatus("Success") - DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") - SameIssuerHostMustUseSameSecretOIDCProviderStatus = OIDCProviderStatus("SameIssuerHostMustUseSameSecret") - InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") + SuccessOIDCProviderStatusCondition = OIDCProviderStatusCondition("Success") + DuplicateOIDCProviderStatusCondition = OIDCProviderStatusCondition("Duplicate") + SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition = OIDCProviderStatusCondition("SameIssuerHostMustUseSameSecret") + InvalidOIDCProviderStatusCondition = OIDCProviderStatusCondition("Invalid") ) -// OIDCProviderConfigSpec is a struct that describes an OIDC Provider. -type OIDCProviderConfigSpec struct { +// OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider. +type OIDCProviderTLSSpec struct { + // SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains + // the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret + // named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use + // for TLS. + // + // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. + // + // SecretName is required if you would like to use different TLS certificates for issuers of different hostnames. + // SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same + // SecretName value even if they have different port numbers. + // + // SecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an + // Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to + // use the default TLS certificate, which is configured elsewhere. + // + // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses. + // + // +optional + SecretName string `json:"secretName,omitempty"` +} + +// OIDCProviderSpec is a struct that describes an OIDC Provider. +type OIDCProviderSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the // identifier that it will use for the iss claim in issued JWTs. This field will also be used as // the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is @@ -31,35 +54,17 @@ type OIDCProviderConfigSpec struct { // +kubebuilder:validation:MinLength=1 Issuer string `json:"issuer"` - // SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, - // which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. - // When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that - // contain the certificate and private key to use for TLS. - // - // Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers. - // - // SNICertificateSecretName is required if you would like to use different TLS certificates for - // issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same - // DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers. - // - // SNICertificateSecretName is not required when you would like to use only the - // HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you - // would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, - // which is configured elsewhere. - // - // When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work - // for IP addresses. - // + // TLS configures how this OIDCProvider is served over Transport Layer Security (TLS). // +optional - SNICertificateSecretName string `json:"sniCertificateSecretName,omitempty"` + TLS *OIDCProviderTLSSpec `json:"tls,omitempty"` } -// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. -type OIDCProviderConfigStatus struct { +// OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderStatus struct { // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can // represent success or failure. // +optional - Status OIDCProviderStatus `json:"status,omitempty"` + Status OIDCProviderStatusCondition `json:"status,omitempty"` // Message provides human-readable details about the Status. // +optional @@ -78,27 +83,25 @@ type OIDCProviderConfigStatus struct { JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"` } -// OIDCProviderConfig describes the configuration of an OIDC provider. +// OIDCProvider describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:shortName=opc -type OIDCProviderConfig struct { +type OIDCProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"spec"` + Spec OIDCProviderSpec `json:"spec"` // Status of the OIDC provider. - Status OIDCProviderConfigStatus `json:"status,omitempty"` + Status OIDCProviderStatus `json:"status,omitempty"` } -// List of OIDCProviderConfig objects. +// List of OIDCProvider objects. // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -type OIDCProviderConfigList struct { +type OIDCProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []OIDCProviderConfig `json:"items"` + Items []OIDCProvider `json:"items"` } diff --git a/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go index f0a785d3..f208d4d0 100644 --- a/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go @@ -12,27 +12,27 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) { +func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfig. -func (in *OIDCProviderConfig) DeepCopy() *OIDCProviderConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. +func (in *OIDCProvider) DeepCopy() *OIDCProvider { if in == nil { return nil } - out := new(OIDCProviderConfig) + out := new(OIDCProvider) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderConfig) DeepCopyObject() runtime.Object { +func (in *OIDCProvider) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -40,13 +40,13 @@ func (in *OIDCProviderConfig) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigList) DeepCopyInto(out *OIDCProviderConfigList) { +func (in *OIDCProviderList) DeepCopyInto(out *OIDCProviderList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]OIDCProviderConfig, len(*in)) + *out = make([]OIDCProvider, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -54,18 +54,18 @@ func (in *OIDCProviderConfigList) DeepCopyInto(out *OIDCProviderConfigList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigList. -func (in *OIDCProviderConfigList) DeepCopy() *OIDCProviderConfigList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderList. +func (in *OIDCProviderList) DeepCopy() *OIDCProviderList { if in == nil { return nil } - out := new(OIDCProviderConfigList) + out := new(OIDCProviderList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *OIDCProviderConfigList) DeepCopyObject() runtime.Object { +func (in *OIDCProviderList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -73,23 +73,28 @@ func (in *OIDCProviderConfigList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigSpec) DeepCopyInto(out *OIDCProviderConfigSpec) { +func (in *OIDCProviderSpec) DeepCopyInto(out *OIDCProviderSpec) { *out = *in + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = new(OIDCProviderTLSSpec) + **out = **in + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigSpec. -func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderSpec. +func (in *OIDCProviderSpec) DeepCopy() *OIDCProviderSpec { if in == nil { return nil } - out := new(OIDCProviderConfigSpec) + out := new(OIDCProviderSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) { +func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus) { *out = *in if in.LastUpdateTime != nil { in, out := &in.LastUpdateTime, &out.LastUpdateTime @@ -99,12 +104,28 @@ func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus. -func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus. +func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus { if in == nil { return nil } - out := new(OIDCProviderConfigStatus) + out := new(OIDCProviderStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderTLSSpec) DeepCopyInto(out *OIDCProviderTLSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderTLSSpec. +func (in *OIDCProviderTLSSpec) DeepCopy() *OIDCProviderTLSSpec { + if in == nil { + return nil + } + out := new(OIDCProviderTLSSpec) in.DeepCopyInto(out) return out } diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go index 7099e073..231d473b 100644 --- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - CredentialIssuerConfigsGetter + CredentialIssuersGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.concierge.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) CredentialIssuerConfigs(namespace string) CredentialIssuerConfigInterface { - return newCredentialIssuerConfigs(c, namespace) +func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface { + return newCredentialIssuers(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..f5d07b99 --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// CredentialIssuersGetter has a method to return a CredentialIssuerInterface. +// A group's client should implement this interface. +type CredentialIssuersGetter interface { + CredentialIssuers(namespace string) CredentialIssuerInterface +} + +// CredentialIssuerInterface has methods to work with CredentialIssuer resources. +type CredentialIssuerInterface interface { + Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (*v1alpha1.CredentialIssuer, error) + Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) + UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.CredentialIssuer, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.CredentialIssuerList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) + CredentialIssuerExpansion +} + +// credentialIssuers implements CredentialIssuerInterface +type credentialIssuers struct { + client rest.Interface + ns string +} + +// newCredentialIssuers returns a CredentialIssuers +func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers { + return &credentialIssuers{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any. +func (c *credentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors. +func (c *credentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.CredentialIssuerList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested credentialIssuers. +func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Post(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(credentialIssuer). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(credentialIssuer.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(credentialIssuer). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Put(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(credentialIssuer.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(credentialIssuer). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs. +func (c *credentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("credentialissuers"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched credentialIssuer. +func (c *credentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) { + result = &v1alpha1.CredentialIssuer{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("credentialissuers"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index c6ae579d..00000000 --- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// CredentialIssuerConfigsGetter has a method to return a CredentialIssuerConfigInterface. -// A group's client should implement this interface. -type CredentialIssuerConfigsGetter interface { - CredentialIssuerConfigs(namespace string) CredentialIssuerConfigInterface -} - -// CredentialIssuerConfigInterface has methods to work with CredentialIssuerConfig resources. -type CredentialIssuerConfigInterface interface { - Create(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.CreateOptions) (*v1alpha1.CredentialIssuerConfig, error) - Update(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuerConfig, error) - UpdateStatus(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuerConfig, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.CredentialIssuerConfig, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.CredentialIssuerConfigList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) - CredentialIssuerConfigExpansion -} - -// credentialIssuerConfigs implements CredentialIssuerConfigInterface -type credentialIssuerConfigs struct { - client rest.Interface - ns string -} - -// newCredentialIssuerConfigs returns a CredentialIssuerConfigs -func newCredentialIssuerConfigs(c *ConfigV1alpha1Client, namespace string) *credentialIssuerConfigs { - return &credentialIssuerConfigs{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the credentialIssuerConfig, and returns the corresponding credentialIssuerConfig object, and an error if there is any. -func (c *credentialIssuerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of CredentialIssuerConfigs that match those selectors. -func (c *credentialIssuerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.CredentialIssuerConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested credentialIssuerConfigs. -func (c *credentialIssuerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a credentialIssuerConfig and creates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *credentialIssuerConfigs) Create(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(credentialIssuerConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a credentialIssuerConfig and updates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *credentialIssuerConfigs) Update(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(credentialIssuerConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(credentialIssuerConfig). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *credentialIssuerConfigs) UpdateStatus(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(credentialIssuerConfig.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(credentialIssuerConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the credentialIssuerConfig and deletes it. Returns an error if one occurs. -func (c *credentialIssuerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *credentialIssuerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched credentialIssuerConfig. -func (c *credentialIssuerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) { - result = &v1alpha1.CredentialIssuerConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("credentialissuerconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index 0c5e7b60..f0a5da25 100644 --- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) CredentialIssuerConfigs(namespace string) v1alpha1.CredentialIssuerConfigInterface { - return &FakeCredentialIssuerConfigs{c, namespace} +func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface { + return &FakeCredentialIssuers{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go new file mode 100644 index 00000000..a8e4b569 --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeCredentialIssuers implements CredentialIssuerInterface +type FakeCredentialIssuers struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"} + +var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuer"} + +// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any. +func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors. +func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.CredentialIssuerList{ListMeta: obj.(*v1alpha1.CredentialIssuerList).ListMeta} + for _, item := range obj.(*v1alpha1.CredentialIssuerList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested credentialIssuers. +func (c *FakeCredentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts)) + +} + +// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any. +func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} + +// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs. +func (c *FakeCredentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{}) + return err +} + +// Patch applies the patch and returns the patched credentialIssuer. +func (c *FakeCredentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.CredentialIssuer), err +} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go deleted file mode 100644 index cde78535..00000000 --- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuerconfig.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeCredentialIssuerConfigs implements CredentialIssuerConfigInterface -type FakeCredentialIssuerConfigs struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var credentialissuerconfigsResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuerconfigs"} - -var credentialissuerconfigsKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuerConfig"} - -// Get takes name of the credentialIssuerConfig, and returns the corresponding credentialIssuerConfig object, and an error if there is any. -func (c *FakeCredentialIssuerConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(credentialissuerconfigsResource, c.ns, name), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// List takes label and field selectors, and returns the list of CredentialIssuerConfigs that match those selectors. -func (c *FakeCredentialIssuerConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerConfigList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(credentialissuerconfigsResource, credentialissuerconfigsKind, c.ns, opts), &v1alpha1.CredentialIssuerConfigList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.CredentialIssuerConfigList{ListMeta: obj.(*v1alpha1.CredentialIssuerConfigList).ListMeta} - for _, item := range obj.(*v1alpha1.CredentialIssuerConfigList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested credentialIssuerConfigs. -func (c *FakeCredentialIssuerConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(credentialissuerconfigsResource, c.ns, opts)) - -} - -// Create takes the representation of a credentialIssuerConfig and creates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *FakeCredentialIssuerConfigs) Create(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(credentialissuerconfigsResource, c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// Update takes the representation of a credentialIssuerConfig and updates it. Returns the server's representation of the credentialIssuerConfig, and an error, if there is any. -func (c *FakeCredentialIssuerConfigs) Update(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(credentialissuerconfigsResource, c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeCredentialIssuerConfigs) UpdateStatus(ctx context.Context, credentialIssuerConfig *v1alpha1.CredentialIssuerConfig, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuerConfig, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(credentialissuerconfigsResource, "status", c.ns, credentialIssuerConfig), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} - -// Delete takes name of the credentialIssuerConfig and deletes it. Returns an error if one occurs. -func (c *FakeCredentialIssuerConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(credentialissuerconfigsResource, c.ns, name), &v1alpha1.CredentialIssuerConfig{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeCredentialIssuerConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(credentialissuerconfigsResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerConfigList{}) - return err -} - -// Patch applies the patch and returns the patched credentialIssuerConfig. -func (c *FakeCredentialIssuerConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuerConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(credentialissuerconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuerConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.CredentialIssuerConfig), err -} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 61507202..f2906a0c 100644 --- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type CredentialIssuerConfigExpansion interface{} +type CredentialIssuerExpansion interface{} diff --git a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..a0e06f11 --- /dev/null +++ b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// CredentialIssuerInformer provides access to a shared informer and lister for +// CredentialIssuers. +type CredentialIssuerInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.CredentialIssuerLister +} + +type credentialIssuerInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CredentialIssuers(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(context.TODO(), options) + }, + }, + &configv1alpha1.CredentialIssuer{}, + resyncPeriod, + indexers, + ) +} + +func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.CredentialIssuer{}, f.defaultInformer) +} + +func (f *credentialIssuerInformer) Lister() v1alpha1.CredentialIssuerLister { + return v1alpha1.NewCredentialIssuerLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 1748c811..00000000 --- a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// CredentialIssuerConfigInformer provides access to a shared informer and lister for -// CredentialIssuerConfigs. -type CredentialIssuerConfigInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.CredentialIssuerConfigLister -} - -type credentialIssuerConfigInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewCredentialIssuerConfigInformer constructs a new informer for CredentialIssuerConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewCredentialIssuerConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredCredentialIssuerConfigInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredCredentialIssuerConfigInformer constructs a new informer for CredentialIssuerConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredCredentialIssuerConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().CredentialIssuerConfigs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().CredentialIssuerConfigs(namespace).Watch(context.TODO(), options) - }, - }, - &configv1alpha1.CredentialIssuerConfig{}, - resyncPeriod, - indexers, - ) -} - -func (f *credentialIssuerConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredCredentialIssuerConfigInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *credentialIssuerConfigInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.CredentialIssuerConfig{}, f.defaultInformer) -} - -func (f *credentialIssuerConfigInformer) Lister() v1alpha1.CredentialIssuerConfigLister { - return v1alpha1.NewCredentialIssuerConfigLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/interface.go b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/interface.go index 100743ad..01832fe4 100644 --- a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // CredentialIssuerConfigs returns a CredentialIssuerConfigInformer. - CredentialIssuerConfigs() CredentialIssuerConfigInformer + // CredentialIssuers returns a CredentialIssuerInformer. + CredentialIssuers() CredentialIssuerInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// CredentialIssuerConfigs returns a CredentialIssuerConfigInformer. -func (v *version) CredentialIssuerConfigs() CredentialIssuerConfigInformer { - return &credentialIssuerConfigInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// CredentialIssuers returns a CredentialIssuerInformer. +func (v *version) CredentialIssuers() CredentialIssuerInformer { + return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.19/client/concierge/informers/externalversions/generic.go b/generated/1.19/client/concierge/informers/externalversions/generic.go index 49e777d4..14fca38c 100644 --- a/generated/1.19/client/concierge/informers/externalversions/generic.go +++ b/generated/1.19/client/concierge/informers/externalversions/generic.go @@ -46,8 +46,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().WebhookAuthenticators().Informer()}, nil // Group=config.concierge.pinniped.dev, Version=v1alpha1 - case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil + case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil // Group=login.concierge.pinniped.dev, Version=v1alpha1 case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): diff --git a/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuer.go b/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuer.go new file mode 100644 index 00000000..ee1d4ace --- /dev/null +++ b/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuer.go @@ -0,0 +1,86 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// CredentialIssuerLister helps list CredentialIssuers. +// All objects returned here must be treated as read-only. +type CredentialIssuerLister interface { + // List lists all CredentialIssuers in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) + // CredentialIssuers returns an object that can list and get CredentialIssuers. + CredentialIssuers(namespace string) CredentialIssuerNamespaceLister + CredentialIssuerListerExpansion +} + +// credentialIssuerLister implements the CredentialIssuerLister interface. +type credentialIssuerLister struct { + indexer cache.Indexer +} + +// NewCredentialIssuerLister returns a new CredentialIssuerLister. +func NewCredentialIssuerLister(indexer cache.Indexer) CredentialIssuerLister { + return &credentialIssuerLister{indexer: indexer} +} + +// List lists all CredentialIssuers in the indexer. +func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.CredentialIssuer)) + }) + return ret, err +} + +// CredentialIssuers returns an object that can list and get CredentialIssuers. +func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister { + return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// CredentialIssuerNamespaceLister helps list and get CredentialIssuers. +// All objects returned here must be treated as read-only. +type CredentialIssuerNamespaceLister interface { + // List lists all CredentialIssuers in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) + // Get retrieves the CredentialIssuer from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.CredentialIssuer, error) + CredentialIssuerNamespaceListerExpansion +} + +// credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister +// interface. +type credentialIssuerNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all CredentialIssuers in the indexer for a given namespace. +func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.CredentialIssuer)) + }) + return ret, err +} + +// Get retrieves the CredentialIssuer from the indexer for a given namespace and name. +func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuer"), name) + } + return obj.(*v1alpha1.CredentialIssuer), nil +} diff --git a/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go b/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go deleted file mode 100644 index 1c9a391a..00000000 --- a/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuerconfig.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// CredentialIssuerConfigLister helps list CredentialIssuerConfigs. -// All objects returned here must be treated as read-only. -type CredentialIssuerConfigLister interface { - // List lists all CredentialIssuerConfigs in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) - // CredentialIssuerConfigs returns an object that can list and get CredentialIssuerConfigs. - CredentialIssuerConfigs(namespace string) CredentialIssuerConfigNamespaceLister - CredentialIssuerConfigListerExpansion -} - -// credentialIssuerConfigLister implements the CredentialIssuerConfigLister interface. -type credentialIssuerConfigLister struct { - indexer cache.Indexer -} - -// NewCredentialIssuerConfigLister returns a new CredentialIssuerConfigLister. -func NewCredentialIssuerConfigLister(indexer cache.Indexer) CredentialIssuerConfigLister { - return &credentialIssuerConfigLister{indexer: indexer} -} - -// List lists all CredentialIssuerConfigs in the indexer. -func (s *credentialIssuerConfigLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CredentialIssuerConfig)) - }) - return ret, err -} - -// CredentialIssuerConfigs returns an object that can list and get CredentialIssuerConfigs. -func (s *credentialIssuerConfigLister) CredentialIssuerConfigs(namespace string) CredentialIssuerConfigNamespaceLister { - return credentialIssuerConfigNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// CredentialIssuerConfigNamespaceLister helps list and get CredentialIssuerConfigs. -// All objects returned here must be treated as read-only. -type CredentialIssuerConfigNamespaceLister interface { - // List lists all CredentialIssuerConfigs in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) - // Get retrieves the CredentialIssuerConfig from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.CredentialIssuerConfig, error) - CredentialIssuerConfigNamespaceListerExpansion -} - -// credentialIssuerConfigNamespaceLister implements the CredentialIssuerConfigNamespaceLister -// interface. -type credentialIssuerConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all CredentialIssuerConfigs in the indexer for a given namespace. -func (s credentialIssuerConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuerConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.CredentialIssuerConfig)) - }) - return ret, err -} - -// Get retrieves the CredentialIssuerConfig from the indexer for a given namespace and name. -func (s credentialIssuerConfigNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuerConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuerconfig"), name) - } - return obj.(*v1alpha1.CredentialIssuerConfig), nil -} diff --git a/generated/1.19/client/concierge/listers/config/v1alpha1/expansion_generated.go b/generated/1.19/client/concierge/listers/config/v1alpha1/expansion_generated.go index 68c725a9..e5a0b56a 100644 --- a/generated/1.19/client/concierge/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.19/client/concierge/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// CredentialIssuerConfigListerExpansion allows custom methods to be added to -// CredentialIssuerConfigLister. -type CredentialIssuerConfigListerExpansion interface{} +// CredentialIssuerListerExpansion allows custom methods to be added to +// CredentialIssuerLister. +type CredentialIssuerListerExpansion interface{} -// CredentialIssuerConfigNamespaceListerExpansion allows custom methods to be added to -// CredentialIssuerConfigNamespaceLister. -type CredentialIssuerConfigNamespaceListerExpansion interface{} +// CredentialIssuerNamespaceListerExpansion allows custom methods to be added to +// CredentialIssuerNamespaceLister. +type CredentialIssuerNamespaceListerExpansion interface{} diff --git a/generated/1.19/client/concierge/openapi/zz_generated.openapi.go b/generated/1.19/client/concierge/openapi/zz_generated.openapi.go index d9dda01f..65f22d85 100644 --- a/generated/1.19/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/concierge/openapi/zz_generated.openapi.go @@ -17,74 +17,74 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfig": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigList": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy": schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStrategy(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestSpec": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref), - "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestStatus": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestStatus(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.Condition": schema_apis_concierge_authentication_v1alpha1_Condition(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.TLSSpec": schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticator": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticator(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorList": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorList(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorSpec": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorSpec(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1.WebhookAuthenticatorStatus": schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuer": schema_apis_concierge_config_v1alpha1_CredentialIssuer(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo": schema_apis_concierge_config_v1alpha1_CredentialIssuerKubeConfigInfo(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerList": schema_apis_concierge_config_v1alpha1_CredentialIssuerList(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerStatus": schema_apis_concierge_config_v1alpha1_CredentialIssuerStatus(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerStrategy": schema_apis_concierge_config_v1alpha1_CredentialIssuerStrategy(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestSpec": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestStatus": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestStatus(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), } } @@ -326,7 +326,7 @@ func schema_apis_concierge_authentication_v1alpha1_WebhookAuthenticatorStatus(re } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuer(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -354,7 +354,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.Ref "status": { SchemaProps: spec.SchemaProps{ Description: "Status of the credential issuer.", - Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerStatus"), }, }, }, @@ -362,11 +362,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfig(ref common.Ref }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerKubeConfigInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -394,7 +394,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigKubeConfigInfo( } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -425,7 +425,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfig"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuer"), }, }, }, @@ -436,11 +436,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigList(ref common }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -454,7 +454,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerStrategy"), }, }, }, @@ -463,7 +463,7 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm "kubeConfigInfo": { SchemaProps: spec.SchemaProps{ Description: "Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.", - Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo"), }, }, }, @@ -471,11 +471,11 @@ func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStatus(ref comm }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigKubeConfigInfo", "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerConfigStrategy"}, + "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerKubeConfigInfo", "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1.CredentialIssuerStrategy"}, } } -func schema_apis_concierge_config_v1alpha1_CredentialIssuerConfigStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_concierge_config_v1alpha1_CredentialIssuerStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go index 79635e85..b9ff785c 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -13,7 +13,7 @@ import ( type ConfigV1alpha1Interface interface { RESTClient() rest.Interface - OIDCProviderConfigsGetter + OIDCProvidersGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group. @@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct { restClient rest.Interface } -func (c *ConfigV1alpha1Client) OIDCProviderConfigs(namespace string) OIDCProviderConfigInterface { - return newOIDCProviderConfigs(c, namespace) +func (c *ConfigV1alpha1Client) OIDCProviders(namespace string) OIDCProviderInterface { + return newOIDCProviders(c, namespace) } // NewForConfig creates a new ConfigV1alpha1Client for the given config. diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index f7e4183e..8925e998 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct { *testing.Fake } -func (c *FakeConfigV1alpha1) OIDCProviderConfigs(namespace string) v1alpha1.OIDCProviderConfigInterface { - return &FakeOIDCProviderConfigs{c, namespace} +func (c *FakeConfigV1alpha1) OIDCProviders(namespace string) v1alpha1.OIDCProviderInterface { + return &FakeOIDCProviders{c, namespace} } // RESTClient returns a RESTClient that is used to communicate diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go new file mode 100644 index 00000000..675f29ca --- /dev/null +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcprovider.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeOIDCProviders implements OIDCProviderInterface +type FakeOIDCProviders struct { + Fake *FakeConfigV1alpha1 + ns string +} + +var oidcprovidersResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviders"} + +var oidcprovidersKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProvider"} + +// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. +func (c *FakeOIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. +func (c *FakeOIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(oidcprovidersResource, oidcprovidersKind, c.ns, opts), &v1alpha1.OIDCProviderList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.OIDCProviderList{ListMeta: obj.(*v1alpha1.OIDCProviderList).ListMeta} + for _, item := range obj.(*v1alpha1.OIDCProviderList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested oIDCProviders. +func (c *FakeOIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(oidcprovidersResource, c.ns, opts)) + +} + +// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *FakeOIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *FakeOIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(oidcprovidersResource, c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcprovidersResource, "status", c.ns, oIDCProvider), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} + +// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. +func (c *FakeOIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(oidcprovidersResource, c.ns, name), &v1alpha1.OIDCProvider{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeOIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(oidcprovidersResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderList{}) + return err +} + +// Patch applies the patch and returns the patched oIDCProvider. +func (c *FakeOIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(oidcprovidersResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProvider{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProvider), err +} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go deleted file mode 100644 index c2417eaa..00000000 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeOIDCProviderConfigs implements OIDCProviderConfigInterface -type FakeOIDCProviderConfigs struct { - Fake *FakeConfigV1alpha1 - ns string -} - -var oidcproviderconfigsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcproviderconfigs"} - -var oidcproviderconfigsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCProviderConfig"} - -// Get takes name of the oIDCProviderConfig, and returns the corresponding oIDCProviderConfig object, and an error if there is any. -func (c *FakeOIDCProviderConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(oidcproviderconfigsResource, c.ns, name), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// List takes label and field selectors, and returns the list of OIDCProviderConfigs that match those selectors. -func (c *FakeOIDCProviderConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderConfigList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(oidcproviderconfigsResource, oidcproviderconfigsKind, c.ns, opts), &v1alpha1.OIDCProviderConfigList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.OIDCProviderConfigList{ListMeta: obj.(*v1alpha1.OIDCProviderConfigList).ListMeta} - for _, item := range obj.(*v1alpha1.OIDCProviderConfigList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested oIDCProviderConfigs. -func (c *FakeOIDCProviderConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(oidcproviderconfigsResource, c.ns, opts)) - -} - -// Create takes the representation of a oIDCProviderConfig and creates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *FakeOIDCProviderConfigs) Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(oidcproviderconfigsResource, c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// Update takes the representation of a oIDCProviderConfig and updates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *FakeOIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(oidcproviderconfigsResource, c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeOIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} - -// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. -func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(oidcproviderconfigsResource, c.ns, name), &v1alpha1.OIDCProviderConfig{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeOIDCProviderConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(oidcproviderconfigsResource, c.ns, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.OIDCProviderConfigList{}) - return err -} - -// Patch applies the patch and returns the patched oIDCProviderConfig. -func (c *FakeOIDCProviderConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(oidcproviderconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.OIDCProviderConfig{}) - - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.OIDCProviderConfig), err -} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index ec834b7c..09541c9a 100644 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -5,4 +5,4 @@ package v1alpha1 -type OIDCProviderConfigExpansion interface{} +type OIDCProviderExpansion interface{} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..362fa07f --- /dev/null +++ b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcprovider.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// OIDCProvidersGetter has a method to return a OIDCProviderInterface. +// A group's client should implement this interface. +type OIDCProvidersGetter interface { + OIDCProviders(namespace string) OIDCProviderInterface +} + +// OIDCProviderInterface has methods to work with OIDCProvider resources. +type OIDCProviderInterface interface { + Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (*v1alpha1.OIDCProvider, error) + Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) + UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (*v1alpha1.OIDCProvider, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProvider, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCProviderList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) + OIDCProviderExpansion +} + +// oIDCProviders implements OIDCProviderInterface +type oIDCProviders struct { + client rest.Interface + ns string +} + +// newOIDCProviders returns a OIDCProviders +func newOIDCProviders(c *ConfigV1alpha1Client, namespace string) *oIDCProviders { + return &oIDCProviders{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the oIDCProvider, and returns the corresponding oIDCProvider object, and an error if there is any. +func (c *oIDCProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of OIDCProviders that match those selectors. +func (c *oIDCProviders) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.OIDCProviderList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested oIDCProviders. +func (c *oIDCProviders) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a oIDCProvider and creates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *oIDCProviders) Create(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.CreateOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Post(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProvider). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a oIDCProvider and updates it. Returns the server's representation of the oIDCProvider, and an error, if there is any. +func (c *oIDCProviders) Update(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(oIDCProvider.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProvider). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *oIDCProviders) UpdateStatus(ctx context.Context, oIDCProvider *v1alpha1.OIDCProvider, opts v1.UpdateOptions) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(oIDCProvider.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProvider). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the oIDCProvider and deletes it. Returns an error if one occurs. +func (c *oIDCProviders) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *oIDCProviders) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("oidcproviders"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched oIDCProvider. +func (c *oIDCProviders) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProvider, err error) { + result = &v1alpha1.OIDCProvider{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("oidcproviders"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go b/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index 7f2c7c28..00000000 --- a/generated/1.19/client/supervisor/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,182 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - "time" - - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - scheme "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" -) - -// OIDCProviderConfigsGetter has a method to return a OIDCProviderConfigInterface. -// A group's client should implement this interface. -type OIDCProviderConfigsGetter interface { - OIDCProviderConfigs(namespace string) OIDCProviderConfigInterface -} - -// OIDCProviderConfigInterface has methods to work with OIDCProviderConfig resources. -type OIDCProviderConfigInterface interface { - Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error) - Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) - UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OIDCProviderConfigList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) - OIDCProviderConfigExpansion -} - -// oIDCProviderConfigs implements OIDCProviderConfigInterface -type oIDCProviderConfigs struct { - client rest.Interface - ns string -} - -// newOIDCProviderConfigs returns a OIDCProviderConfigs -func newOIDCProviderConfigs(c *ConfigV1alpha1Client, namespace string) *oIDCProviderConfigs { - return &oIDCProviderConfigs{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the oIDCProviderConfig, and returns the corresponding oIDCProviderConfig object, and an error if there is any. -func (c *oIDCProviderConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of OIDCProviderConfigs that match those selectors. -func (c *oIDCProviderConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OIDCProviderConfigList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.OIDCProviderConfigList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested oIDCProviderConfigs. -func (c *oIDCProviderConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - -// Create takes the representation of a oIDCProviderConfig and creates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *oIDCProviderConfigs) Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Post(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProviderConfig). - Do(ctx). - Into(result) - return -} - -// Update takes the representation of a oIDCProviderConfig and updates it. Returns the server's representation of the oIDCProviderConfig, and an error, if there is any. -func (c *oIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(oIDCProviderConfig.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProviderConfig). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *oIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Put(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(oIDCProviderConfig.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(oIDCProviderConfig). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. -func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *oIDCProviderConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched oIDCProviderConfig. -func (c *oIDCProviderConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OIDCProviderConfig, err error) { - result = &v1alpha1.OIDCProviderConfig{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("oidcproviderconfigs"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go index fd319c74..92c87ad3 100644 --- a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go +++ b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/interface.go @@ -11,8 +11,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // OIDCProviderConfigs returns a OIDCProviderConfigInformer. - OIDCProviderConfigs() OIDCProviderConfigInformer + // OIDCProviders returns a OIDCProviderInformer. + OIDCProviders() OIDCProviderInformer } type version struct { @@ -26,7 +26,7 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// OIDCProviderConfigs returns a OIDCProviderConfigInformer. -func (v *version) OIDCProviderConfigs() OIDCProviderConfigInformer { - return &oIDCProviderConfigInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +// OIDCProviders returns a OIDCProviderInformer. +func (v *version) OIDCProviders() OIDCProviderInformer { + return &oIDCProviderInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } diff --git a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..7714b8a4 --- /dev/null +++ b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcprovider.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned" + internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces" + v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/config/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// OIDCProviderInformer provides access to a shared informer and lister for +// OIDCProviders. +type OIDCProviderInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.OIDCProviderLister +} + +type oIDCProviderInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewOIDCProviderInformer constructs a new informer for OIDCProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOIDCProviderInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredOIDCProviderInformer constructs a new informer for OIDCProvider type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredOIDCProviderInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().OIDCProviders(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1alpha1().OIDCProviders(namespace).Watch(context.TODO(), options) + }, + }, + &configv1alpha1.OIDCProvider{}, + resyncPeriod, + indexers, + ) +} + +func (f *oIDCProviderInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOIDCProviderInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *oIDCProviderInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&configv1alpha1.OIDCProvider{}, f.defaultInformer) +} + +func (f *oIDCProviderInformer) Lister() v1alpha1.OIDCProviderLister { + return v1alpha1.NewOIDCProviderLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go b/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index 364de62c..00000000 --- a/generated/1.19/client/supervisor/informers/externalversions/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - versioned "go.pinniped.dev/generated/1.19/client/supervisor/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.19/client/supervisor/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.19/client/supervisor/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// OIDCProviderConfigInformer provides access to a shared informer and lister for -// OIDCProviderConfigs. -type OIDCProviderConfigInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.OIDCProviderConfigLister -} - -type oIDCProviderConfigInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string -} - -// NewOIDCProviderConfigInformer constructs a new informer for OIDCProviderConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewOIDCProviderConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredOIDCProviderConfigInformer(client, namespace, resyncPeriod, indexers, nil) -} - -// NewFilteredOIDCProviderConfigInformer constructs a new informer for OIDCProviderConfig type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredOIDCProviderConfigInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviderConfigs(namespace).List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Watch(context.TODO(), options) - }, - }, - &configv1alpha1.OIDCProviderConfig{}, - resyncPeriod, - indexers, - ) -} - -func (f *oIDCProviderConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredOIDCProviderConfigInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *oIDCProviderConfigInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&configv1alpha1.OIDCProviderConfig{}, f.defaultInformer) -} - -func (f *oIDCProviderConfigInformer) Lister() v1alpha1.OIDCProviderConfigLister { - return v1alpha1.NewOIDCProviderConfigLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.19/client/supervisor/informers/externalversions/generic.go b/generated/1.19/client/supervisor/informers/externalversions/generic.go index 21fc17dd..c4479bb2 100644 --- a/generated/1.19/client/supervisor/informers/externalversions/generic.go +++ b/generated/1.19/client/supervisor/informers/externalversions/generic.go @@ -40,8 +40,8 @@ func (f *genericInformer) Lister() cache.GenericLister { func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { // Group=config.supervisor.pinniped.dev, Version=v1alpha1 - case v1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("oidcproviders"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviders().Informer()}, nil } diff --git a/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go b/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go index 8b7b04e0..3d2b7e22 100644 --- a/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go +++ b/generated/1.19/client/supervisor/listers/config/v1alpha1/expansion_generated.go @@ -5,10 +5,10 @@ package v1alpha1 -// OIDCProviderConfigListerExpansion allows custom methods to be added to -// OIDCProviderConfigLister. -type OIDCProviderConfigListerExpansion interface{} +// OIDCProviderListerExpansion allows custom methods to be added to +// OIDCProviderLister. +type OIDCProviderListerExpansion interface{} -// OIDCProviderConfigNamespaceListerExpansion allows custom methods to be added to -// OIDCProviderConfigNamespaceLister. -type OIDCProviderConfigNamespaceListerExpansion interface{} +// OIDCProviderNamespaceListerExpansion allows custom methods to be added to +// OIDCProviderNamespaceLister. +type OIDCProviderNamespaceListerExpansion interface{} diff --git a/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go b/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go new file mode 100644 index 00000000..59bf42fc --- /dev/null +++ b/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcprovider.go @@ -0,0 +1,86 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// OIDCProviderLister helps list OIDCProviders. +// All objects returned here must be treated as read-only. +type OIDCProviderLister interface { + // List lists all OIDCProviders in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) + // OIDCProviders returns an object that can list and get OIDCProviders. + OIDCProviders(namespace string) OIDCProviderNamespaceLister + OIDCProviderListerExpansion +} + +// oIDCProviderLister implements the OIDCProviderLister interface. +type oIDCProviderLister struct { + indexer cache.Indexer +} + +// NewOIDCProviderLister returns a new OIDCProviderLister. +func NewOIDCProviderLister(indexer cache.Indexer) OIDCProviderLister { + return &oIDCProviderLister{indexer: indexer} +} + +// List lists all OIDCProviders in the indexer. +func (s *oIDCProviderLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCProvider)) + }) + return ret, err +} + +// OIDCProviders returns an object that can list and get OIDCProviders. +func (s *oIDCProviderLister) OIDCProviders(namespace string) OIDCProviderNamespaceLister { + return oIDCProviderNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// OIDCProviderNamespaceLister helps list and get OIDCProviders. +// All objects returned here must be treated as read-only. +type OIDCProviderNamespaceLister interface { + // List lists all OIDCProviders in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) + // Get retrieves the OIDCProvider from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.OIDCProvider, error) + OIDCProviderNamespaceListerExpansion +} + +// oIDCProviderNamespaceLister implements the OIDCProviderNamespaceLister +// interface. +type oIDCProviderNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all OIDCProviders in the indexer for a given namespace. +func (s oIDCProviderNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProvider, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.OIDCProvider)) + }) + return ret, err +} + +// Get retrieves the OIDCProvider from the indexer for a given namespace and name. +func (s oIDCProviderNamespaceLister) Get(name string) (*v1alpha1.OIDCProvider, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("oidcprovider"), name) + } + return obj.(*v1alpha1.OIDCProvider), nil +} diff --git a/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go b/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go deleted file mode 100644 index bbffea61..00000000 --- a/generated/1.19/client/supervisor/listers/config/v1alpha1/oidcproviderconfig.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2020 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// OIDCProviderConfigLister helps list OIDCProviderConfigs. -// All objects returned here must be treated as read-only. -type OIDCProviderConfigLister interface { - // List lists all OIDCProviderConfigs in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) - // OIDCProviderConfigs returns an object that can list and get OIDCProviderConfigs. - OIDCProviderConfigs(namespace string) OIDCProviderConfigNamespaceLister - OIDCProviderConfigListerExpansion -} - -// oIDCProviderConfigLister implements the OIDCProviderConfigLister interface. -type oIDCProviderConfigLister struct { - indexer cache.Indexer -} - -// NewOIDCProviderConfigLister returns a new OIDCProviderConfigLister. -func NewOIDCProviderConfigLister(indexer cache.Indexer) OIDCProviderConfigLister { - return &oIDCProviderConfigLister{indexer: indexer} -} - -// List lists all OIDCProviderConfigs in the indexer. -func (s *oIDCProviderConfigLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProviderConfig)) - }) - return ret, err -} - -// OIDCProviderConfigs returns an object that can list and get OIDCProviderConfigs. -func (s *oIDCProviderConfigLister) OIDCProviderConfigs(namespace string) OIDCProviderConfigNamespaceLister { - return oIDCProviderConfigNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// OIDCProviderConfigNamespaceLister helps list and get OIDCProviderConfigs. -// All objects returned here must be treated as read-only. -type OIDCProviderConfigNamespaceLister interface { - // List lists all OIDCProviderConfigs in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) - // Get retrieves the OIDCProviderConfig from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.OIDCProviderConfig, error) - OIDCProviderConfigNamespaceListerExpansion -} - -// oIDCProviderConfigNamespaceLister implements the OIDCProviderConfigNamespaceLister -// interface. -type oIDCProviderConfigNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all OIDCProviderConfigs in the indexer for a given namespace. -func (s oIDCProviderConfigNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.OIDCProviderConfig, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.OIDCProviderConfig)) - }) - return ret, err -} - -// Get retrieves the OIDCProviderConfig from the indexer for a given namespace and name. -func (s oIDCProviderConfigNamespaceLister) Get(name string) (*v1alpha1.OIDCProviderConfig, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("oidcproviderconfig"), name) - } - return obj.(*v1alpha1.OIDCProviderConfig), nil -} diff --git a/generated/1.19/client/supervisor/openapi/zz_generated.openapi.go b/generated/1.19/client/supervisor/openapi/zz_generated.openapi.go index b44b8ce3..d84b594d 100644 --- a/generated/1.19/client/supervisor/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/supervisor/openapi/zz_generated.openapi.go @@ -17,70 +17,71 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfig": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref), - "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigList": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref), - "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref), - "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus": schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProvider": schema_apis_supervisor_config_v1alpha1_OIDCProvider(ref), + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderList": schema_apis_supervisor_config_v1alpha1_OIDCProviderList(ref), + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderSpec(ref), + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderStatus": schema_apis_supervisor_config_v1alpha1_OIDCProviderStatus(ref), + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec": schema_apis_supervisor_config_v1alpha1_OIDCProviderTLSSpec(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ExportOptions": schema_pkg_apis_meta_v1_ExportOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/version.Info": schema_k8sio_apimachinery_pkg_version_Info(ref), } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfig describes the configuration of an OIDC provider.", + Description: "OIDCProvider describes the configuration of an OIDC provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -105,13 +106,13 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.Refere "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec of the OIDC provider.", - Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status of the OIDC provider.", - Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderStatus"), }, }, }, @@ -119,15 +120,16 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfig(ref common.Refere }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderSpec", "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "List of OIDCProvider objects.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { SchemaProps: spec.SchemaProps{ @@ -154,7 +156,7 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.Re Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfig"), + Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProvider"), }, }, }, @@ -165,15 +167,15 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigList(ref common.Re }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfigSpec is a struct that describes an OIDC Provider.", + Description: "OIDCProviderSpec is a struct that describes an OIDC Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "issuer": { @@ -183,25 +185,26 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigSpec(ref common.Re Format: "", }, }, - "sniCertificateSecretName": { + "tls": { SchemaProps: spec.SchemaProps{ - Description: "SNICertificateSecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDC Provider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.\n\nServer Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.\n\nSNICertificateSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SNICertificateSecretName value even if they have different port numbers.\n\nSNICertificateSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.\n\nWhen your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.", - Type: []string{"string"}, - Format: "", + Description: "TLS configures how this OIDCProvider is served over Transport Layer Security (TLS).", + Ref: ref("go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec"), }, }, }, Required: []string{"issuer"}, }, }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1.OIDCProviderTLSSpec"}, } } -func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_apis_supervisor_config_v1alpha1_OIDCProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.", + Description: "OIDCProviderStatus is a struct that describes the actual state of an OIDC Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "status": { @@ -238,6 +241,26 @@ func schema_apis_supervisor_config_v1alpha1_OIDCProviderConfigStatus(ref common. } } +func schema_apis_supervisor_config_v1alpha1_OIDCProviderTLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OIDCProviderTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "secretName": { + SchemaProps: spec.SchemaProps{ + Description: "SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains the TLS serving certificate for the HTTPS endpoints served by this OIDCProvider. When provided, the TLS Secret named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS.\n\nServer Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.\n\nSecretName is required if you would like to use different TLS certificates for issuers of different hostnames. SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same SecretName value even if they have different port numbers.\n\nSecretName is not required when you would like to use only the HTTP endpoints (e.g. when terminating TLS at an Ingress). It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to use the default TLS certificate, which is configured elsewhere.\n\nWhen your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml similarity index 94% rename from generated/1.19/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml rename to generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml index 97af12c0..430bf649 100644 --- a/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuerconfigs.yaml +++ b/generated/1.19/crds/config.concierge.pinniped.dev_credentialissuers.yaml @@ -6,16 +6,14 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: credentialissuerconfigs.config.concierge.pinniped.dev + name: credentialissuers.config.concierge.pinniped.dev spec: group: config.concierge.pinniped.dev names: - kind: CredentialIssuerConfig - listKind: CredentialIssuerConfigList - plural: credentialissuerconfigs - shortNames: - - cic - singular: credentialissuerconfig + kind: CredentialIssuer + listKind: CredentialIssuerList + plural: credentialissuers + singular: credentialissuer scope: Namespaced versions: - name: v1alpha1 diff --git a/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml b/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml similarity index 64% rename from deploy/supervisor/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml rename to generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml index a04e97ce..9ffea8c7 100644 --- a/deploy/supervisor/config.supervisor.pinniped.dev_oidcproviderconfigs.yaml +++ b/generated/1.19/crds/config.supervisor.pinniped.dev_oidcproviders.yaml @@ -6,22 +6,20 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null - name: oidcproviderconfigs.config.supervisor.pinniped.dev + name: oidcproviders.config.supervisor.pinniped.dev spec: group: config.supervisor.pinniped.dev names: - kind: OIDCProviderConfig - listKind: OIDCProviderConfigList - plural: oidcproviderconfigs - shortNames: - - opc - singular: oidcproviderconfig + kind: OIDCProvider + listKind: OIDCProviderList + plural: oidcproviders + singular: oidcprovider scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: OIDCProviderConfig describes the configuration of an OIDC provider. + description: OIDCProvider describes the configuration of an OIDC provider. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -49,26 +47,32 @@ spec: for more information." minLength: 1 type: string - sniCertificateSecretName: - description: "SNICertificateSecretName is an optional name of a Secret - in the same namespace, of type `kubernetes.io/tls`, which contains - the TLS serving certificate for the HTTPS endpoints served by this - OIDC Provider. When provided, the TLS Secret named here must contain - keys named `tls.crt` and `tls.key` that contain the certificate - and private key to use for TLS. \n Server Name Indication (SNI) - is an extension to the Transport Layer Security (TLS) supported - by all major browsers. \n SNICertificateSecretName is required if - you would like to use different TLS certificates for issuers of - different hostnames. SNI requests do not include port numbers, so - all issuers with the same DNS hostname must use the same SNICertificateSecretName - value even if they have different port numbers. \n SNICertificateSecretName - is not required when you would like to use only the HTTP endpoints - (e.g. when terminating TLS at an Ingress). It is also not required - when you would like all requests to this OIDC Provider's HTTPS endpoints - to use the default TLS certificate, which is configured elsewhere. - \n When your Issuer URL's host is an IP address, then this field - is ignored. SNI does not work for IP addresses." - type: string + tls: + description: TLS configures how this OIDCProvider is served over Transport + Layer Security (TLS). + properties: + secretName: + description: "SecretName is an optional name of a Secret in the + same namespace, of type `kubernetes.io/tls`, which contains + the TLS serving certificate for the HTTPS endpoints served by + this OIDCProvider. When provided, the TLS Secret named here + must contain keys named `tls.crt` and `tls.key` that contain + the certificate and private key to use for TLS. \n Server Name + Indication (SNI) is an extension to the Transport Layer Security + (TLS) supported by all major browsers. \n SecretName is required + if you would like to use different TLS certificates for issuers + of different hostnames. SNI requests do not include port numbers, + so all issuers with the same DNS hostname must use the same + SecretName value even if they have different port numbers. \n + SecretName is not required when you would like to use only the + HTTP endpoints (e.g. when terminating TLS at an Ingress). It + is also not required when you would like all requests to this + OIDC Provider's HTTPS endpoints to use the default TLS certificate, + which is configured elsewhere. \n When your Issuer URL's host + is an IP address, then this field is ignored. SNI does not work + for IP addresses." + type: string + type: object required: - issuer type: object diff --git a/hack/lib/tilt/Tiltfile b/hack/lib/tilt/Tiltfile index fed76372..899b5ada 100644 --- a/hack/lib/tilt/Tiltfile +++ b/hack/lib/tilt/Tiltfile @@ -111,7 +111,7 @@ k8s_resource( new_name='supervisor', # this is the name that will appear in the tilt UI objects=[ # these are the objects that would otherwise appear in the "uncategorized" tab in the tilt UI - 'oidcproviderconfigs.config.supervisor.pinniped.dev:customresourcedefinition', + 'oidcproviders.config.supervisor.pinniped.dev:customresourcedefinition', 'pinniped-supervisor-static-config:configmap', 'supervisor:namespace', 'pinniped-supervisor:role', @@ -169,7 +169,7 @@ k8s_resource( 'pinniped-concierge-kube-system-pod-read:rolebinding', 'pinniped-concierge:clusterrolebinding', 'pinniped-concierge:serviceaccount', - 'credentialissuerconfigs.config.concierge.pinniped.dev:customresourcedefinition', + 'credentialissuers.config.concierge.pinniped.dev:customresourcedefinition', 'webhookauthenticators.authentication.concierge.pinniped.dev:customresourcedefinition', 'v1alpha1.login.concierge.pinniped.dev:apiservice', ], diff --git a/internal/config/concierge/config.go b/internal/config/concierge/config.go index b942ce78..9d448a0b 100644 --- a/internal/config/concierge/config.go +++ b/internal/config/concierge/config.go @@ -79,13 +79,13 @@ func maybeSetKubeCertAgentDefaults(cfg *KubeCertAgentSpec) { func validateNames(names *NamesConfigSpec) error { missingNames := []string{} if names == nil { - missingNames = append(missingNames, "servingCertificateSecret", "credentialIssuerConfig", "apiService") + missingNames = append(missingNames, "servingCertificateSecret", "credentialIssuer", "apiService") } else { if names.ServingCertificateSecret == "" { missingNames = append(missingNames, "servingCertificateSecret") } - if names.CredentialIssuerConfig == "" { - missingNames = append(missingNames, "credentialIssuerConfig") + if names.CredentialIssuer == "" { + missingNames = append(missingNames, "credentialIssuer") } if names.APIService == "" { missingNames = append(missingNames, "apiService") diff --git a/internal/config/concierge/config_test.go b/internal/config/concierge/config_test.go index 883893c9..38315d74 100644 --- a/internal/config/concierge/config_test.go +++ b/internal/config/concierge/config_test.go @@ -32,7 +32,7 @@ func TestFromPath(t *testing.T) { renewBeforeSeconds: 2400 names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config apiService: pinniped-api kubeCertAgentPrefix: kube-cert-agent-prefix labels: @@ -55,7 +55,7 @@ func TestFromPath(t *testing.T) { }, NamesConfig: NamesConfigSpec{ ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", - CredentialIssuerConfig: "pinniped-config", + CredentialIssuer: "pinniped-config", APIService: "pinniped-api", }, Labels: map[string]string{ @@ -75,7 +75,7 @@ func TestFromPath(t *testing.T) { --- names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config apiService: pinniped-api `), wantConfig: &Config{ @@ -90,7 +90,7 @@ func TestFromPath(t *testing.T) { }, NamesConfig: NamesConfigSpec{ ServingCertificateSecret: "pinniped-concierge-api-tls-serving-certificate", - CredentialIssuerConfig: "pinniped-config", + CredentialIssuer: "pinniped-config", APIService: "pinniped-api", }, Labels: map[string]string{}, @@ -103,7 +103,7 @@ func TestFromPath(t *testing.T) { { name: "Empty", yaml: here.Doc(``), - wantError: "validate names: missing required names: servingCertificateSecret, credentialIssuerConfig, apiService", + wantError: "validate names: missing required names: servingCertificateSecret, credentialIssuer, apiService", }, { name: "Missing apiService name", @@ -111,26 +111,26 @@ func TestFromPath(t *testing.T) { --- names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config `), wantError: "validate names: missing required names: apiService", }, { - name: "Missing credentialIssuerConfig name", + name: "Missing credentialIssuer name", yaml: here.Doc(` --- names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate apiService: pinniped-api `), - wantError: "validate names: missing required names: credentialIssuerConfig", + wantError: "validate names: missing required names: credentialIssuer", }, { name: "Missing servingCertificateSecret name", yaml: here.Doc(` --- names: - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config apiService: pinniped-api `), wantError: "validate names: missing required names: servingCertificateSecret", @@ -145,7 +145,7 @@ func TestFromPath(t *testing.T) { renewBeforeSeconds: 3600 names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config apiService: pinniped-api `), wantError: "validate api: durationSeconds cannot be smaller than renewBeforeSeconds", @@ -160,7 +160,7 @@ func TestFromPath(t *testing.T) { renewBeforeSeconds: -10 names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config apiService: pinniped-api `), wantError: "validate api: renewBefore must be positive", @@ -175,7 +175,7 @@ func TestFromPath(t *testing.T) { renewBeforeSeconds: -10 names: servingCertificateSecret: pinniped-concierge-api-tls-serving-certificate - credentialIssuerConfig: pinniped-config + credentialIssuer: pinniped-config apiService: pinniped-api `), wantError: "validate api: renewBefore must be positive", diff --git a/internal/config/concierge/types.go b/internal/config/concierge/types.go index 392db864..47326541 100644 --- a/internal/config/concierge/types.go +++ b/internal/config/concierge/types.go @@ -30,7 +30,7 @@ type APIConfigSpec struct { // NamesConfigSpec configures the names of some Kubernetes resources for the Concierge. type NamesConfigSpec struct { ServingCertificateSecret string `json:"servingCertificateSecret"` - CredentialIssuerConfig string `json:"credentialIssuerConfig"` + CredentialIssuer string `json:"credentialIssuer"` APIService string `json:"apiService"` } diff --git a/internal/controller/issuerconfig/create_or_update_credential_issuer_config.go b/internal/controller/issuerconfig/create_or_update_credential_issuer_config.go index 1e849c10..9e11cd53 100644 --- a/internal/controller/issuerconfig/create_or_update_credential_issuer_config.go +++ b/internal/controller/issuerconfig/create_or_update_credential_issuer_config.go @@ -17,48 +17,48 @@ import ( pinnipedclientset "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned" ) -func CreateOrUpdateCredentialIssuerConfig( +func CreateOrUpdateCredentialIssuer( ctx context.Context, - credentialIssuerConfigNamespace string, - credentialIssuerConfigResourceName string, - credentialIssuerConfigLabels map[string]string, + credentialIssuerNamespace string, + credentialIssuerResourceName string, + credentialIssuerLabels map[string]string, pinnipedClient pinnipedclientset.Interface, - applyUpdatesToCredentialIssuerConfigFunc func(configToUpdate *configv1alpha1.CredentialIssuerConfig), + applyUpdatesToCredentialIssuerFunc func(configToUpdate *configv1alpha1.CredentialIssuer), ) error { err := retry.RetryOnConflict(retry.DefaultRetry, func() error { - existingCredentialIssuerConfig, err := pinnipedClient. + existingCredentialIssuer, err := pinnipedClient. ConfigV1alpha1(). - CredentialIssuerConfigs(credentialIssuerConfigNamespace). - Get(ctx, credentialIssuerConfigResourceName, metav1.GetOptions{}) + CredentialIssuers(credentialIssuerNamespace). + Get(ctx, credentialIssuerResourceName, metav1.GetOptions{}) notFound := k8serrors.IsNotFound(err) if err != nil && !notFound { return fmt.Errorf("get failed: %w", err) } - credentialIssuerConfigsClient := pinnipedClient.ConfigV1alpha1().CredentialIssuerConfigs(credentialIssuerConfigNamespace) + credentialIssuersClient := pinnipedClient.ConfigV1alpha1().CredentialIssuers(credentialIssuerNamespace) if notFound { // Create it - credentialIssuerConfig := minimalValidCredentialIssuerConfig( - credentialIssuerConfigResourceName, credentialIssuerConfigNamespace, credentialIssuerConfigLabels, + credentialIssuer := minimalValidCredentialIssuer( + credentialIssuerResourceName, credentialIssuerNamespace, credentialIssuerLabels, ) - applyUpdatesToCredentialIssuerConfigFunc(credentialIssuerConfig) + applyUpdatesToCredentialIssuerFunc(credentialIssuer) - if _, err := credentialIssuerConfigsClient.Create(ctx, credentialIssuerConfig, metav1.CreateOptions{}); err != nil { + if _, err := credentialIssuersClient.Create(ctx, credentialIssuer, metav1.CreateOptions{}); err != nil { return fmt.Errorf("create failed: %w", err) } } else { // Already exists, so check to see if we need to update it - credentialIssuerConfig := existingCredentialIssuerConfig.DeepCopy() - applyUpdatesToCredentialIssuerConfigFunc(credentialIssuerConfig) + credentialIssuer := existingCredentialIssuer.DeepCopy() + applyUpdatesToCredentialIssuerFunc(credentialIssuer) - if equality.Semantic.DeepEqual(existingCredentialIssuerConfig, credentialIssuerConfig) { + if equality.Semantic.DeepEqual(existingCredentialIssuer, credentialIssuer) { // Nothing interesting would change as a result of this update, so skip it return nil } - if _, err := credentialIssuerConfigsClient.Update(ctx, credentialIssuerConfig, metav1.UpdateOptions{}); err != nil { + if _, err := credentialIssuersClient.Update(ctx, credentialIssuer, metav1.UpdateOptions{}); err != nil { return err } } @@ -66,25 +66,25 @@ func CreateOrUpdateCredentialIssuerConfig( }) if err != nil { - return fmt.Errorf("could not create or update credentialissuerconfig: %w", err) + return fmt.Errorf("could not create or update credentialissuer: %w", err) } return nil } -func minimalValidCredentialIssuerConfig( - credentialIssuerConfigName string, - credentialIssuerConfigNamespace string, - credentialIssuerConfigLabels map[string]string, -) *configv1alpha1.CredentialIssuerConfig { - return &configv1alpha1.CredentialIssuerConfig{ +func minimalValidCredentialIssuer( + credentialIssuerName string, + credentialIssuerNamespace string, + credentialIssuerLabels map[string]string, +) *configv1alpha1.CredentialIssuer { + return &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigName, - Namespace: credentialIssuerConfigNamespace, - Labels: credentialIssuerConfigLabels, + Name: credentialIssuerName, + Namespace: credentialIssuerNamespace, + Labels: credentialIssuerLabels, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, KubeConfigInfo: nil, }, } diff --git a/internal/controller/issuerconfig/create_or_update_credential_issuer_config_test.go b/internal/controller/issuerconfig/create_or_update_credential_issuer_config_test.go index 4a3d219d..e56c0413 100644 --- a/internal/controller/issuerconfig/create_or_update_credential_issuer_config_test.go +++ b/internal/controller/issuerconfig/create_or_update_credential_issuer_config_test.go @@ -23,63 +23,63 @@ import ( pinnipedfake "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/fake" ) -func TestCreateOrUpdateCredentialIssuerConfig(t *testing.T) { +func TestCreateOrUpdateCredentialIssuer(t *testing.T) { spec.Run(t, "specs", func(t *testing.T, when spec.G, it spec.S) { var r *require.Assertions var ctx context.Context var pinnipedAPIClient *pinnipedfake.Clientset - var credentialIssuerConfigGVR schema.GroupVersionResource + var credentialIssuerGVR schema.GroupVersionResource const installationNamespace = "some-namespace" - const credentialIssuerConfigResourceName = "some-resource-name" + const credentialIssuerResourceName = "some-resource-name" it.Before(func() { r = require.New(t) ctx = context.Background() pinnipedAPIClient = pinnipedfake.NewSimpleClientset() - credentialIssuerConfigGVR = schema.GroupVersionResource{ + credentialIssuerGVR = schema.GroupVersionResource{ Group: configv1alpha1.GroupName, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "credentialissuerconfigs", + Resource: "credentialissuers", } }) when("the config does not exist", func() { it("creates a new config which includes only the updates made by the func parameter", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) { - configToUpdate.Status.KubeConfigInfo = &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + func(configToUpdate *configv1alpha1.CredentialIssuer) { + configToUpdate.Status.KubeConfigInfo = &configv1alpha1.CredentialIssuerKubeConfigInfo{ CertificateAuthorityData: "some-ca-value", } }, ) r.NoError(err) - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, installationNamespace, credentialIssuerConfigResourceName) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, installationNamespace, credentialIssuerResourceName) expectedCreateAction := coretesting.NewCreateAction( - credentialIssuerConfigGVR, + credentialIssuerGVR, installationNamespace, - &configv1alpha1.CredentialIssuerConfig{ + &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, + Name: credentialIssuerResourceName, Namespace: installationNamespace, Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: "", CertificateAuthorityData: "some-ca-value", }, @@ -92,40 +92,40 @@ func TestCreateOrUpdateCredentialIssuerConfig(t *testing.T) { when("there is an unexpected error while creating the existing object", func() { it.Before(func() { - pinnipedAPIClient.PrependReactor("create", "credentialissuerconfigs", func(_ coretesting.Action) (bool, runtime.Object, error) { + pinnipedAPIClient.PrependReactor("create", "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, fmt.Errorf("error on create") }) }) it("returns an error", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{}, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) {}, + func(configToUpdate *configv1alpha1.CredentialIssuer) {}, ) - r.EqualError(err, "could not create or update credentialissuerconfig: create failed: error on create") + r.EqualError(err, "could not create or update credentialissuer: create failed: error on create") }) }) }) when("the config already exists", func() { - var existingConfig *configv1alpha1.CredentialIssuerConfig + var existingConfig *configv1alpha1.CredentialIssuer it.Before(func() { - existingConfig = &configv1alpha1.CredentialIssuerConfig{ + existingConfig = &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, + Name: credentialIssuerResourceName, Namespace: installationNamespace, Labels: map[string]string{ "myLabelKey1": "myLabelValue1", }, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.SuccessStrategyStatus, @@ -134,7 +134,7 @@ func TestCreateOrUpdateCredentialIssuerConfig(t *testing.T) { LastUpdateTime: metav1.Now(), }, }, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: "initial-server-value", CertificateAuthorityData: "initial-ca-value", }, @@ -144,39 +144,39 @@ func TestCreateOrUpdateCredentialIssuerConfig(t *testing.T) { }) it("updates the existing config to only apply the updates made by the func parameter", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) { + func(configToUpdate *configv1alpha1.CredentialIssuer) { configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" }, ) r.NoError(err) - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, installationNamespace, credentialIssuerConfigResourceName) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, installationNamespace, credentialIssuerResourceName) // Only the edited field should be changed. expectedUpdatedConfig := existingConfig.DeepCopy() expectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" - expectedUpdateAction := coretesting.NewUpdateAction(credentialIssuerConfigGVR, installationNamespace, expectedUpdatedConfig) + expectedUpdateAction := coretesting.NewUpdateAction(credentialIssuerGVR, installationNamespace, expectedUpdatedConfig) r.Equal([]coretesting.Action{expectedGetAction, expectedUpdateAction}, pinnipedAPIClient.Actions()) }) it("avoids the cost of an update if the local updates made by the func parameter did not actually change anything", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{}, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) { + func(configToUpdate *configv1alpha1.CredentialIssuer) { configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "initial-ca-value" t := configToUpdate.Status.Strategies[0].LastUpdateTime @@ -187,70 +187,70 @@ func TestCreateOrUpdateCredentialIssuerConfig(t *testing.T) { ) r.NoError(err) - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, installationNamespace, credentialIssuerConfigResourceName) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, installationNamespace, credentialIssuerResourceName) r.Equal([]coretesting.Action{expectedGetAction}, pinnipedAPIClient.Actions()) }) when("there is an unexpected error while getting the existing object", func() { it.Before(func() { - pinnipedAPIClient.PrependReactor("get", "credentialissuerconfigs", func(_ coretesting.Action) (bool, runtime.Object, error) { + pinnipedAPIClient.PrependReactor("get", "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, fmt.Errorf("error on get") }) }) it("returns an error", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{}, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) {}, + func(configToUpdate *configv1alpha1.CredentialIssuer) {}, ) - r.EqualError(err, "could not create or update credentialissuerconfig: get failed: error on get") + r.EqualError(err, "could not create or update credentialissuer: get failed: error on get") }) }) when("there is an unexpected error while updating the existing object", func() { it.Before(func() { - pinnipedAPIClient.PrependReactor("update", "credentialissuerconfigs", func(_ coretesting.Action) (bool, runtime.Object, error) { + pinnipedAPIClient.PrependReactor("update", "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, fmt.Errorf("error on update") }) }) it("returns an error", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{}, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) { + func(configToUpdate *configv1alpha1.CredentialIssuer) { configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" }, ) - r.EqualError(err, "could not create or update credentialissuerconfig: error on update") + r.EqualError(err, "could not create or update credentialissuer: error on update") }) }) when("there is a conflict error while updating the existing object on the first try and the next try succeeds", func() { - var slightlyDifferentExistingConfig *configv1alpha1.CredentialIssuerConfig + var slightlyDifferentExistingConfig *configv1alpha1.CredentialIssuer it.Before(func() { hit := false slightlyDifferentExistingConfig = existingConfig.DeepCopy() slightlyDifferentExistingConfig.Status.KubeConfigInfo.Server = "some-other-server-value-from-conflicting-update" - pinnipedAPIClient.PrependReactor("update", "credentialissuerconfigs", func(_ coretesting.Action) (bool, runtime.Object, error) { + pinnipedAPIClient.PrependReactor("update", "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { // Return an error on the first call, then fall through to the default (successful) response. if !hit { // Before the update fails, also change the object that will be returned by the next Get(), // to make sure that the production code does a fresh Get() after detecting a conflict. - r.NoError(pinnipedAPIClient.Tracker().Update(credentialIssuerConfigGVR, slightlyDifferentExistingConfig, installationNamespace)) + r.NoError(pinnipedAPIClient.Tracker().Update(credentialIssuerGVR, slightlyDifferentExistingConfig, installationNamespace)) hit = true return true, nil, apierrors.NewConflict(schema.GroupResource{ Group: apiregistrationv1.GroupName, - Resource: "credentialissuerconfigs", + Resource: "credentialissuers", }, "alphav1.pinniped.dev", fmt.Errorf("there was a conflict")) } return false, nil, nil @@ -258,33 +258,33 @@ func TestCreateOrUpdateCredentialIssuerConfig(t *testing.T) { }) it("retries updates on conflict", func() { - err := CreateOrUpdateCredentialIssuerConfig( + err := CreateOrUpdateCredentialIssuer( ctx, installationNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) { + func(configToUpdate *configv1alpha1.CredentialIssuer) { configToUpdate.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" }, ) r.NoError(err) - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, installationNamespace, credentialIssuerConfigResourceName) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, installationNamespace, credentialIssuerResourceName) // The first attempted update only includes its own edits. firstExpectedUpdatedConfig := existingConfig.DeepCopy() firstExpectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" - firstExpectedUpdateAction := coretesting.NewUpdateAction(credentialIssuerConfigGVR, installationNamespace, firstExpectedUpdatedConfig) + firstExpectedUpdateAction := coretesting.NewUpdateAction(credentialIssuerGVR, installationNamespace, firstExpectedUpdatedConfig) // Both the edits made by this update and the edits made by the conflicting update should be included. secondExpectedUpdatedConfig := existingConfig.DeepCopy() secondExpectedUpdatedConfig.Status.KubeConfigInfo.Server = "some-other-server-value-from-conflicting-update" secondExpectedUpdatedConfig.Status.KubeConfigInfo.CertificateAuthorityData = "new-ca-value" - secondExpectedUpdateAction := coretesting.NewUpdateAction(credentialIssuerConfigGVR, installationNamespace, secondExpectedUpdatedConfig) + secondExpectedUpdateAction := coretesting.NewUpdateAction(credentialIssuerGVR, installationNamespace, secondExpectedUpdatedConfig) expectedActions := []coretesting.Action{ expectedGetAction, diff --git a/internal/controller/issuerconfig/doc.go b/internal/controller/issuerconfig/doc.go index dbc395c7..a30f1283 100644 --- a/internal/controller/issuerconfig/doc.go +++ b/internal/controller/issuerconfig/doc.go @@ -1,5 +1,5 @@ // Copyright 2020 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -// Package issuerconfig contains controller(s) for reconciling CredentialIssuerConfig's. +// Package issuerconfig contains controller(s) for reconciling CredentialIssuer's. package issuerconfig diff --git a/internal/controller/issuerconfig/kube_config_info_publisher.go b/internal/controller/issuerconfig/kube_config_info_publisher.go index cfbe0fa6..90056432 100644 --- a/internal/controller/issuerconfig/kube_config_info_publisher.go +++ b/internal/controller/issuerconfig/kube_config_info_publisher.go @@ -25,21 +25,21 @@ const ( ) type kubeConigInfoPublisherController struct { - credentialIssuerConfigNamespaceName string - credentialIssuerConfigResourceName string - credentialIssuerConfigLabels map[string]string - serverOverride *string - pinnipedClient pinnipedclientset.Interface - configMapInformer corev1informers.ConfigMapInformer + credentialIssuerNamespaceName string + credentialIssuerResourceName string + credentialIssuerLabels map[string]string + serverOverride *string + pinnipedClient pinnipedclientset.Interface + configMapInformer corev1informers.ConfigMapInformer } // NewKubeConfigInfoPublisherController returns a controller that syncs the -// configv1alpha1.CredentialIssuerConfig.Status.KubeConfigInfo field with the cluster-info ConfigMap +// configv1alpha1.CredentialIssuer.Status.KubeConfigInfo field with the cluster-info ConfigMap // in the kube-public namespace. func NewKubeConfigInfoPublisherController( - credentialIssuerConfigNamespaceName string, - credentialIssuerConfigResourceName string, - credentialIssuerConfigLabels map[string]string, + credentialIssuerNamespaceName string, + credentialIssuerResourceName string, + credentialIssuerLabels map[string]string, serverOverride *string, pinnipedClient pinnipedclientset.Interface, configMapInformer corev1informers.ConfigMapInformer, @@ -49,12 +49,12 @@ func NewKubeConfigInfoPublisherController( controllerlib.Config{ Name: "publisher-controller", Syncer: &kubeConigInfoPublisherController{ - credentialIssuerConfigResourceName: credentialIssuerConfigResourceName, - credentialIssuerConfigNamespaceName: credentialIssuerConfigNamespaceName, - credentialIssuerConfigLabels: credentialIssuerConfigLabels, - serverOverride: serverOverride, - pinnipedClient: pinnipedClient, - configMapInformer: configMapInformer, + credentialIssuerResourceName: credentialIssuerResourceName, + credentialIssuerNamespaceName: credentialIssuerNamespaceName, + credentialIssuerLabels: credentialIssuerLabels, + serverOverride: serverOverride, + pinnipedClient: pinnipedClient, + configMapInformer: configMapInformer, }, }, withInformer( @@ -106,18 +106,18 @@ func (c *kubeConigInfoPublisherController) Sync(ctx controllerlib.Context) error server = *c.serverOverride } - updateServerAndCAFunc := func(c *configv1alpha1.CredentialIssuerConfig) { - c.Status.KubeConfigInfo = &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + updateServerAndCAFunc := func(c *configv1alpha1.CredentialIssuer) { + c.Status.KubeConfigInfo = &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: server, CertificateAuthorityData: certificateAuthorityData, } } - return CreateOrUpdateCredentialIssuerConfig( + return CreateOrUpdateCredentialIssuer( ctx.Context, - c.credentialIssuerConfigNamespaceName, - c.credentialIssuerConfigResourceName, - c.credentialIssuerConfigLabels, + c.credentialIssuerNamespaceName, + c.credentialIssuerResourceName, + c.credentialIssuerLabels, c.pinnipedClient, updateServerAndCAFunc, ) diff --git a/internal/controller/issuerconfig/kube_config_info_publisher_test.go b/internal/controller/issuerconfig/kube_config_info_publisher_test.go index 30650efa..c193714b 100644 --- a/internal/controller/issuerconfig/kube_config_info_publisher_test.go +++ b/internal/controller/issuerconfig/kube_config_info_publisher_test.go @@ -29,7 +29,7 @@ import ( func TestInformerFilters(t *testing.T) { spec.Run(t, "informer filters", func(t *testing.T, when spec.G, it spec.S) { - const credentialIssuerConfigResourceName = "some-resource-name" + const credentialIssuerResourceName = "some-resource-name" const installedInNamespace = "some-namespace" var r *require.Assertions @@ -42,7 +42,7 @@ func TestInformerFilters(t *testing.T) { configMapInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().ConfigMaps() _ = NewKubeConfigInfoPublisherController( installedInNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{}, nil, nil, @@ -104,7 +104,7 @@ func TestInformerFilters(t *testing.T) { func TestSync(t *testing.T) { spec.Run(t, "Sync", func(t *testing.T, when spec.G, it spec.S) { - const credentialIssuerConfigResourceName = "some-resource-name" + const credentialIssuerResourceName = "some-resource-name" const installedInNamespace = "some-namespace" var r *require.Assertions @@ -118,30 +118,30 @@ func TestSync(t *testing.T) { var timeoutContextCancel context.CancelFunc var syncContext *controllerlib.Context - var expectedCredentialIssuerConfig = func(expectedNamespace, expectedServerURL, expectedCAData string) (schema.GroupVersionResource, *configv1alpha1.CredentialIssuerConfig) { - expectedCredentialIssuerConfigGVR := schema.GroupVersionResource{ + var expectedCredentialIssuer = func(expectedNamespace, expectedServerURL, expectedCAData string) (schema.GroupVersionResource, *configv1alpha1.CredentialIssuer) { + expectedCredentialIssuerGVR := schema.GroupVersionResource{ Group: configv1alpha1.GroupName, Version: "v1alpha1", - Resource: "credentialissuerconfigs", + Resource: "credentialissuers", } - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, + Name: credentialIssuerResourceName, Namespace: expectedNamespace, Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: expectedServerURL, CertificateAuthorityData: expectedCAData, }, }, } - return expectedCredentialIssuerConfigGVR, expectedCredentialIssuerConfig + return expectedCredentialIssuerGVR, expectedCredentialIssuer } // Defer starting the informers until the last possible moment so that the @@ -150,7 +150,7 @@ func TestSync(t *testing.T) { // Set this at the last second to allow for injection of server override. subject = NewKubeConfigInfoPublisherController( installedInNamespace, - credentialIssuerConfigResourceName, + credentialIssuerResourceName, map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", @@ -216,13 +216,13 @@ func TestSync(t *testing.T) { r.NoError(err) }) - when("the CredentialIssuerConfig does not already exist", func() { - it("creates a CredentialIssuerConfig", func() { + when("the CredentialIssuer does not already exist", func() { + it("creates a CredentialIssuer", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - expectedCredentialIssuerConfigGVR, expectedCredentialIssuerConfig := expectedCredentialIssuerConfig( + expectedCredentialIssuerGVR, expectedCredentialIssuer := expectedCredentialIssuer( installedInNamespace, kubeServerURL, caData, @@ -230,22 +230,22 @@ func TestSync(t *testing.T) { r.Equal( []coretesting.Action{ - coretesting.NewGetAction(expectedCredentialIssuerConfigGVR, installedInNamespace, expectedCredentialIssuerConfig.Name), + coretesting.NewGetAction(expectedCredentialIssuerGVR, installedInNamespace, expectedCredentialIssuer.Name), coretesting.NewCreateAction( - expectedCredentialIssuerConfigGVR, + expectedCredentialIssuerGVR, installedInNamespace, - expectedCredentialIssuerConfig, + expectedCredentialIssuer, ), }, pinnipedAPIClient.Actions(), ) }) - when("creating the CredentialIssuerConfig fails", func() { + when("creating the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "create", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("create failed") }, @@ -255,7 +255,7 @@ func TestSync(t *testing.T) { it("returns the create error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: create failed: create failed") + r.EqualError(err, "could not create or update credentialissuer: create failed: create failed") }) }) @@ -268,20 +268,20 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - expectedCredentialIssuerConfigGVR, expectedCredentialIssuerConfig := expectedCredentialIssuerConfig( + expectedCredentialIssuerGVR, expectedCredentialIssuer := expectedCredentialIssuer( installedInNamespace, kubeServerURL, caData, ) - expectedCredentialIssuerConfig.Status.KubeConfigInfo.Server = "https://some-server-override" + expectedCredentialIssuer.Status.KubeConfigInfo.Server = "https://some-server-override" r.Equal( []coretesting.Action{ - coretesting.NewGetAction(expectedCredentialIssuerConfigGVR, installedInNamespace, expectedCredentialIssuerConfig.Name), + coretesting.NewGetAction(expectedCredentialIssuerGVR, installedInNamespace, expectedCredentialIssuer.Name), coretesting.NewCreateAction( - expectedCredentialIssuerConfigGVR, + expectedCredentialIssuerGVR, installedInNamespace, - expectedCredentialIssuerConfig, + expectedCredentialIssuer, ), }, pinnipedAPIClient.Actions(), @@ -290,72 +290,72 @@ func TestSync(t *testing.T) { }) }) - when("the CredentialIssuerConfig already exists", func() { - when("the CredentialIssuerConfig is already up to date according to the data in the ConfigMap", func() { - var credentialIssuerConfigGVR schema.GroupVersionResource - var credentialIssuerConfig *configv1alpha1.CredentialIssuerConfig + when("the CredentialIssuer already exists", func() { + when("the CredentialIssuer is already up to date according to the data in the ConfigMap", func() { + var credentialIssuerGVR schema.GroupVersionResource + var credentialIssuer *configv1alpha1.CredentialIssuer it.Before(func() { - credentialIssuerConfigGVR, credentialIssuerConfig = expectedCredentialIssuerConfig( + credentialIssuerGVR, credentialIssuer = expectedCredentialIssuer( installedInNamespace, kubeServerURL, caData, ) - err := pinnipedAPIClient.Tracker().Add(credentialIssuerConfig) + err := pinnipedAPIClient.Tracker().Add(credentialIssuer) r.NoError(err) }) - it("does not update the CredentialIssuerConfig to avoid unnecessary etcd writes/api calls", func() { + it("does not update the CredentialIssuer to avoid unnecessary etcd writes/api calls", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) r.Equal( []coretesting.Action{ - coretesting.NewGetAction(credentialIssuerConfigGVR, installedInNamespace, credentialIssuerConfig.Name), + coretesting.NewGetAction(credentialIssuerGVR, installedInNamespace, credentialIssuer.Name), }, pinnipedAPIClient.Actions(), ) }) }) - when("the CredentialIssuerConfig is stale compared to the data in the ConfigMap", func() { + when("the CredentialIssuer is stale compared to the data in the ConfigMap", func() { it.Before(func() { - _, expectedCredentialIssuerConfig := expectedCredentialIssuerConfig( + _, expectedCredentialIssuer := expectedCredentialIssuer( installedInNamespace, kubeServerURL, caData, ) - expectedCredentialIssuerConfig.Status.KubeConfigInfo.Server = "https://some-other-server" - r.NoError(pinnipedAPIClient.Tracker().Add(expectedCredentialIssuerConfig)) + expectedCredentialIssuer.Status.KubeConfigInfo.Server = "https://some-other-server" + r.NoError(pinnipedAPIClient.Tracker().Add(expectedCredentialIssuer)) }) - it("updates the existing CredentialIssuerConfig", func() { + it("updates the existing CredentialIssuer", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - expectedCredentialIssuerConfigGVR, expectedCredentialIssuerConfig := expectedCredentialIssuerConfig( + expectedCredentialIssuerGVR, expectedCredentialIssuer := expectedCredentialIssuer( installedInNamespace, kubeServerURL, caData, ) expectedActions := []coretesting.Action{ - coretesting.NewGetAction(expectedCredentialIssuerConfigGVR, installedInNamespace, expectedCredentialIssuerConfig.Name), + coretesting.NewGetAction(expectedCredentialIssuerGVR, installedInNamespace, expectedCredentialIssuer.Name), coretesting.NewUpdateAction( - expectedCredentialIssuerConfigGVR, + expectedCredentialIssuerGVR, installedInNamespace, - expectedCredentialIssuerConfig, + expectedCredentialIssuer, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) }) - when("updating the CredentialIssuerConfig fails", func() { + when("updating the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("update failed") }, @@ -365,7 +365,7 @@ func TestSync(t *testing.T) { it("returns the update error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: update failed") + r.EqualError(err, "could not create or update credentialissuer: update failed") }) }) }) diff --git a/internal/controller/kubecertagent/annotater.go b/internal/controller/kubecertagent/annotater.go index 69956406..79219846 100644 --- a/internal/controller/kubecertagent/annotater.go +++ b/internal/controller/kubecertagent/annotater.go @@ -29,13 +29,13 @@ const ( ) type annotaterController struct { - agentPodConfig *AgentPodConfig - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig - clock clock.Clock - k8sClient kubernetes.Interface - pinnipedAPIClient pinnipedclientset.Interface - kubeSystemPodInformer corev1informers.PodInformer - agentPodInformer corev1informers.PodInformer + agentPodConfig *AgentPodConfig + credentialIssuerLocationConfig *CredentialIssuerLocationConfig + clock clock.Clock + k8sClient kubernetes.Interface + pinnipedAPIClient pinnipedclientset.Interface + kubeSystemPodInformer corev1informers.PodInformer + agentPodInformer corev1informers.PodInformer } // NewAnnotaterController returns a controller that updates agent pods with the path to the kube @@ -44,11 +44,11 @@ type annotaterController struct { // This controller will add annotations to agent pods with the best-guess paths to the kube API's // certificate and key. // -// It also is tasked with updating the CredentialIssuerConfig, located via the provided -// credentialIssuerConfigLocationConfig, with any errors that it encounters. +// It also is tasked with updating the CredentialIssuer, located via the provided +// credentialIssuerLocationConfig, with any errors that it encounters. func NewAnnotaterController( agentPodConfig *AgentPodConfig, - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig *CredentialIssuerLocationConfig, clock clock.Clock, k8sClient kubernetes.Interface, pinnipedAPIClient pinnipedclientset.Interface, @@ -60,13 +60,13 @@ func NewAnnotaterController( controllerlib.Config{ Name: "kube-cert-agent-annotater-controller", Syncer: &annotaterController{ - agentPodConfig: agentPodConfig, - credentialIssuerConfigLocationConfig: credentialIssuerConfigLocationConfig, - clock: clock, - k8sClient: k8sClient, - pinnipedAPIClient: pinnipedAPIClient, - kubeSystemPodInformer: kubeSystemPodInformer, - agentPodInformer: agentPodInformer, + agentPodConfig: agentPodConfig, + credentialIssuerLocationConfig: credentialIssuerLocationConfig, + clock: clock, + k8sClient: k8sClient, + pinnipedAPIClient: pinnipedAPIClient, + kubeSystemPodInformer: kubeSystemPodInformer, + agentPodInformer: agentPodInformer, }, }, withInformer( @@ -120,11 +120,11 @@ func (c *annotaterController) Sync(ctx controllerlib.Context) error { keyPath, ); err != nil { err = fmt.Errorf("cannot update agent pod: %w", err) - strategyResultUpdateErr := createOrUpdateCredentialIssuerConfig(ctx.Context, *c.credentialIssuerConfigLocationConfig, nil, c.clock, c.pinnipedAPIClient, err) + strategyResultUpdateErr := createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, err) if strategyResultUpdateErr != nil { - // If the CIC update fails, then we probably want to try again. This controller will get - // called again because of the pod create failure, so just try the CIC update again then. - klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuerConfig") + // If the CI update fails, then we probably want to try again. This controller will get + // called again because of the pod create failure, so just try the CI update again then. + klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuer") } return err diff --git a/internal/controller/kubecertagent/annotater_test.go b/internal/controller/kubecertagent/annotater_test.go index 581d4239..d66cdf7b 100644 --- a/internal/controller/kubecertagent/annotater_test.go +++ b/internal/controller/kubecertagent/annotater_test.go @@ -34,14 +34,14 @@ func TestAnnotaterControllerFilter(t *testing.T) { "AnnotaterControllerFilter", func( agentPodConfig *AgentPodConfig, - _ *CredentialIssuerConfigLocationConfig, + _ *CredentialIssuerLocationConfig, kubeSystemPodInformer corev1informers.PodInformer, agentPodInformer corev1informers.PodInformer, observableWithInformerOption *testutil.ObservableWithInformerOption, ) { _ = NewAnnotaterController( agentPodConfig, - nil, // credentialIssuerConfigLocationConfig, shouldn't matter + nil, // credentialIssuerLocationConfig, shouldn't matter nil, // clock, shouldn't matter nil, // k8sClient, shouldn't matter nil, // pinnipedClient, shouldn't matter @@ -59,8 +59,8 @@ func TestAnnotaterControllerSync(t *testing.T) { const agentPodNamespace = "agent-pod-namespace" const defaultKubeControllerManagerClusterSigningCertFileFlagValue = "/etc/kubernetes/ca/ca.pem" const defaultKubeControllerManagerClusterSigningKeyFileFlagValue = "/etc/kubernetes/ca/ca.key" - const credentialIssuerConfigNamespaceName = "cic-namespace-name" - const credentialIssuerConfigResourceName = "cic-resource-name" + const credentialIssuerNamespaceName = "ci-namespace-name" + const credentialIssuerResourceName = "ci-resource-name" const ( certPath = "some-cert-path" @@ -84,7 +84,7 @@ func TestAnnotaterControllerSync(t *testing.T) { var syncContext *controllerlib.Context var controllerManagerPod, agentPod *corev1.Pod var podsGVR schema.GroupVersionResource - var credentialIssuerConfigGVR schema.GroupVersionResource + var credentialIssuerGVR schema.GroupVersionResource var frozenNow time.Time // Defer starting the informers until the last possible moment so that the @@ -101,9 +101,9 @@ func TestAnnotaterControllerSync(t *testing.T) { "myLabelKey2": "myLabelValue2", }, }, - &CredentialIssuerConfigLocationConfig{ - Namespace: credentialIssuerConfigNamespaceName, - Name: credentialIssuerConfigResourceName, + &CredentialIssuerLocationConfig{ + Namespace: credentialIssuerNamespaceName, + Name: credentialIssuerResourceName, }, clock.NewFakeClock(frozenNow), kubeAPIClient, @@ -154,10 +154,10 @@ func TestAnnotaterControllerSync(t *testing.T) { Resource: "pods", } - credentialIssuerConfigGVR = schema.GroupVersionResource{ + credentialIssuerGVR = schema.GroupVersionResource{ Group: configv1alpha1.GroupName, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "credentialissuerconfigs", + Resource: "credentialissuers", } frozenNow = time.Date(2020, time.September, 23, 7, 42, 0, 0, time.Local) @@ -229,33 +229,33 @@ func TestAnnotaterControllerSync(t *testing.T) { r.EqualError(err, "cannot update agent pod: some update error") }) - when("there is already a CredentialIssuerConfig", func() { - var initialCredentialIssuerConfig *configv1alpha1.CredentialIssuerConfig + when("there is already a CredentialIssuer", func() { + var initialCredentialIssuer *configv1alpha1.CredentialIssuer it.Before(func() { - initialCredentialIssuerConfig = &configv1alpha1.CredentialIssuerConfig{ + initialCredentialIssuer = &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: "some-server", CertificateAuthorityData: "some-ca-value", }, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuerConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuer)) }) - it("updates the CredentialIssuerConfig status with the error", func() { + it("updates the CredentialIssuer status with the error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - expectedCredentialIssuerConfig := initialCredentialIssuerConfig.DeepCopy() - expectedCredentialIssuerConfig.Status.Strategies = []configv1alpha1.CredentialIssuerConfigStrategy{ + expectedCredentialIssuer := initialCredentialIssuer.DeepCopy() + expectedCredentialIssuer.Status.Strategies = []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -265,14 +265,14 @@ func TestAnnotaterControllerSync(t *testing.T) { }, } expectedGetAction := coretesting.NewGetAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - credentialIssuerConfigResourceName, + credentialIssuerGVR, + credentialIssuerNamespaceName, + credentialIssuerResourceName, ) expectedUpdateAction := coretesting.NewUpdateAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - expectedCredentialIssuerConfig, + credentialIssuerGVR, + credentialIssuerNamespaceName, + expectedCredentialIssuer, ) r.EqualError(err, "cannot update agent pod: some update error") @@ -285,11 +285,11 @@ func TestAnnotaterControllerSync(t *testing.T) { ) }) - when("updating the CredentialIssuerConfig fails", func() { + when("updating the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }, @@ -304,19 +304,19 @@ func TestAnnotaterControllerSync(t *testing.T) { }) }) - when("there is not already a CredentialIssuerConfig", func() { - it("creates the CredentialIssuerConfig status with the error", func() { + when("there is not already a CredentialIssuer", func() { + it("creates the CredentialIssuer status with the error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -328,14 +328,14 @@ func TestAnnotaterControllerSync(t *testing.T) { }, } expectedGetAction := coretesting.NewGetAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - credentialIssuerConfigResourceName, + credentialIssuerGVR, + credentialIssuerNamespaceName, + credentialIssuerResourceName, ) expectedCreateAction := coretesting.NewCreateAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - expectedCredentialIssuerConfig, + credentialIssuerGVR, + credentialIssuerNamespaceName, + expectedCredentialIssuer, ) r.EqualError(err, "cannot update agent pod: some update error") diff --git a/internal/controller/kubecertagent/creater.go b/internal/controller/kubecertagent/creater.go index 7f546a45..03d2043f 100644 --- a/internal/controller/kubecertagent/creater.go +++ b/internal/controller/kubecertagent/creater.go @@ -21,25 +21,25 @@ import ( ) type createrController struct { - agentPodConfig *AgentPodConfig - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig - credentialIssuerConfigLabels map[string]string - clock clock.Clock - k8sClient kubernetes.Interface - pinnipedAPIClient pinnipedclientset.Interface - kubeSystemPodInformer corev1informers.PodInformer - agentPodInformer corev1informers.PodInformer + agentPodConfig *AgentPodConfig + credentialIssuerLocationConfig *CredentialIssuerLocationConfig + credentialIssuerLabels map[string]string + clock clock.Clock + k8sClient kubernetes.Interface + pinnipedAPIClient pinnipedclientset.Interface + kubeSystemPodInformer corev1informers.PodInformer + agentPodInformer corev1informers.PodInformer } // NewCreaterController returns a controller that creates new kube-cert-agent pods for every known // kube-controller-manager pod. // -// It also is tasked with updating the CredentialIssuerConfig, located via the provided -// credentialIssuerConfigLocationConfig, with any errors that it encounters. +// It also is tasked with updating the CredentialIssuer, located via the provided +// credentialIssuerLocationConfig, with any errors that it encounters. func NewCreaterController( agentPodConfig *AgentPodConfig, - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig, - credentialIssuerConfigLabels map[string]string, + credentialIssuerLocationConfig *CredentialIssuerLocationConfig, + credentialIssuerLabels map[string]string, clock clock.Clock, k8sClient kubernetes.Interface, pinnipedAPIClient pinnipedclientset.Interface, @@ -53,14 +53,14 @@ func NewCreaterController( //nolint: misspell Name: "kube-cert-agent-creater-controller", Syncer: &createrController{ - agentPodConfig: agentPodConfig, - credentialIssuerConfigLocationConfig: credentialIssuerConfigLocationConfig, - credentialIssuerConfigLabels: credentialIssuerConfigLabels, - clock: clock, - k8sClient: k8sClient, - pinnipedAPIClient: pinnipedAPIClient, - kubeSystemPodInformer: kubeSystemPodInformer, - agentPodInformer: agentPodInformer, + agentPodConfig: agentPodConfig, + credentialIssuerLocationConfig: credentialIssuerLocationConfig, + credentialIssuerLabels: credentialIssuerLabels, + clock: clock, + k8sClient: k8sClient, + pinnipedAPIClient: pinnipedAPIClient, + kubeSystemPodInformer: kubeSystemPodInformer, + agentPodInformer: agentPodInformer, }, }, withInformer( @@ -73,7 +73,7 @@ func NewCreaterController( pinnipedcontroller.SimpleFilter(isAgentPod), controllerlib.InformerOption{}, ), - // Be sure to run once even to make sure the CIC is updated if there are no controller manager + // Be sure to run once even to make sure the CI is updated if there are no controller manager // pods. We should be able to pass an empty key since we don't use the key in the sync (we sync // the world). withInitialEvent(controllerlib.Key{}), @@ -94,11 +94,11 @@ func (c *createrController) Sync(ctx controllerlib.Context) error { if len(controllerManagerPods) == 0 { // If there are no controller manager pods, we alert the user that we can't find the keypair via - // the CredentialIssuerConfig. - return createOrUpdateCredentialIssuerConfig( + // the CredentialIssuer. + return createOrUpdateCredentialIssuer( ctx.Context, - *c.credentialIssuerConfigLocationConfig, - c.credentialIssuerConfigLabels, + *c.credentialIssuerLocationConfig, + c.credentialIssuerLabels, c.clock, c.pinnipedAPIClient, constable.Error("did not find kube-controller-manager pod(s)"), @@ -130,18 +130,18 @@ func (c *createrController) Sync(ctx controllerlib.Context) error { Create(ctx.Context, agentPod, metav1.CreateOptions{}) if err != nil { err = fmt.Errorf("cannot create agent pod: %w", err) - strategyResultUpdateErr := createOrUpdateCredentialIssuerConfig( + strategyResultUpdateErr := createOrUpdateCredentialIssuer( ctx.Context, - *c.credentialIssuerConfigLocationConfig, - c.credentialIssuerConfigLabels, + *c.credentialIssuerLocationConfig, + c.credentialIssuerLabels, c.clock, c.pinnipedAPIClient, err, ) if strategyResultUpdateErr != nil { - // If the CIC update fails, then we probably want to try again. This controller will get - // called again because of the pod create failure, so just try the CIC update again then. - klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuerConfig") + // If the CI update fails, then we probably want to try again. This controller will get + // called again because of the pod create failure, so just try the CI update again then. + klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuer") } return err diff --git a/internal/controller/kubecertagent/creater_test.go b/internal/controller/kubecertagent/creater_test.go index 0ad25f30..a0b62b56 100644 --- a/internal/controller/kubecertagent/creater_test.go +++ b/internal/controller/kubecertagent/creater_test.go @@ -34,14 +34,14 @@ func TestCreaterControllerFilter(t *testing.T) { "CreaterControllerFilter", func( agentPodConfig *AgentPodConfig, - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig *CredentialIssuerLocationConfig, kubeSystemPodInformer corev1informers.PodInformer, agentPodInformer corev1informers.PodInformer, observableWithInformerOption *testutil.ObservableWithInformerOption, ) { _ = NewCreaterController( agentPodConfig, - credentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig, map[string]string{}, nil, // clock, shouldn't matter nil, // k8sClient, shouldn't matter @@ -66,7 +66,7 @@ func TestCreaterControllerInitialEvent(t *testing.T) { _ = NewCreaterController( nil, // agentPodConfig, shouldn't matter - nil, // credentialIssuerConfigLocationConfig, shouldn't matter + nil, // credentialIssuerLocationConfig, shouldn't matter map[string]string{}, nil, // clock, shouldn't matter nil, // k8sClient, shouldn't matter @@ -83,8 +83,8 @@ func TestCreaterControllerSync(t *testing.T) { spec.Run(t, "CreaterControllerSync", func(t *testing.T, when spec.G, it spec.S) { const kubeSystemNamespace = "kube-system" const agentPodNamespace = "agent-pod-namespace" - const credentialIssuerConfigNamespaceName = "cic-namespace-name" - const credentialIssuerConfigResourceName = "cic-resource-name" + const credentialIssuerNamespaceName = "ci-namespace-name" + const credentialIssuerResourceName = "ci-resource-name" var r *require.Assertions @@ -100,7 +100,7 @@ func TestCreaterControllerSync(t *testing.T) { var syncContext *controllerlib.Context var controllerManagerPod, agentPod *corev1.Pod var podsGVR schema.GroupVersionResource - var credentialIssuerConfigGVR schema.GroupVersionResource + var credentialIssuerGVR schema.GroupVersionResource var frozenNow time.Time // Defer starting the informers until the last possible moment so that the @@ -118,9 +118,9 @@ func TestCreaterControllerSync(t *testing.T) { "myLabelKey2": "myLabelValue2", }, }, - &CredentialIssuerConfigLocationConfig{ - Namespace: credentialIssuerConfigNamespaceName, - Name: credentialIssuerConfigResourceName, + &CredentialIssuerLocationConfig{ + Namespace: credentialIssuerNamespaceName, + Name: credentialIssuerResourceName, }, map[string]string{ "myLabelKey1": "myLabelValue1", @@ -176,10 +176,10 @@ func TestCreaterControllerSync(t *testing.T) { Resource: "pods", } - credentialIssuerConfigGVR = schema.GroupVersionResource{ + credentialIssuerGVR = schema.GroupVersionResource{ Group: configv1alpha1.GroupName, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "credentialissuerconfigs", + Resource: "credentialissuers", } frozenNow = time.Date(2020, time.September, 23, 7, 42, 0, 0, time.Local) @@ -300,33 +300,33 @@ func TestCreaterControllerSync(t *testing.T) { ) }) - when("there is already a CredentialIssuerConfig", func() { - var initialCredentialIssuerConfig *configv1alpha1.CredentialIssuerConfig + when("there is already a CredentialIssuer", func() { + var initialCredentialIssuer *configv1alpha1.CredentialIssuer it.Before(func() { - initialCredentialIssuerConfig = &configv1alpha1.CredentialIssuerConfig{ + initialCredentialIssuer = &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: "some-server", CertificateAuthorityData: "some-ca-value", }, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuerConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuer)) }) - it("updates the CredentialIssuerConfig status saying that controller manager pods couldn't be found", func() { + it("updates the CredentialIssuer status saying that controller manager pods couldn't be found", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - expectedCredentialIssuerConfig := initialCredentialIssuerConfig.DeepCopy() - expectedCredentialIssuerConfig.Status.Strategies = []configv1alpha1.CredentialIssuerConfigStrategy{ + expectedCredentialIssuer := initialCredentialIssuer.DeepCopy() + expectedCredentialIssuer.Status.Strategies = []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -336,14 +336,14 @@ func TestCreaterControllerSync(t *testing.T) { }, } expectedGetAction := coretesting.NewGetAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - credentialIssuerConfigResourceName, + credentialIssuerGVR, + credentialIssuerNamespaceName, + credentialIssuerResourceName, ) expectedUpdateAction := coretesting.NewUpdateAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - expectedCredentialIssuerConfig, + credentialIssuerGVR, + credentialIssuerNamespaceName, + expectedCredentialIssuer, ) r.EqualError(err, "cannot create agent pod: some create error") @@ -356,11 +356,11 @@ func TestCreaterControllerSync(t *testing.T) { ) }) - when("the CredentialIssuerConfig operation fails", func() { + when("the CredentialIssuer operation fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }, @@ -375,23 +375,23 @@ func TestCreaterControllerSync(t *testing.T) { }) }) - when("there is not already a CredentialIssuerConfig", func() { - it("returns an error and updates the CredentialIssuerConfig status", func() { + when("there is not already a CredentialIssuer", func() { + it("returns an error and updates the CredentialIssuer status", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -403,14 +403,14 @@ func TestCreaterControllerSync(t *testing.T) { }, } expectedGetAction := coretesting.NewGetAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - credentialIssuerConfigResourceName, + credentialIssuerGVR, + credentialIssuerNamespaceName, + credentialIssuerResourceName, ) expectedCreateAction := coretesting.NewCreateAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - expectedCredentialIssuerConfig, + credentialIssuerGVR, + credentialIssuerNamespaceName, + expectedCredentialIssuer, ) r.EqualError(err, "cannot create agent pod: some create error") @@ -428,33 +428,33 @@ func TestCreaterControllerSync(t *testing.T) { }) when("there is no controller manager pod", func() { - when("there is already a CredentialIssuerConfig", func() { - var initialCredentialIssuerConfig *configv1alpha1.CredentialIssuerConfig + when("there is already a CredentialIssuer", func() { + var initialCredentialIssuer *configv1alpha1.CredentialIssuer it.Before(func() { - initialCredentialIssuerConfig = &configv1alpha1.CredentialIssuerConfig{ + initialCredentialIssuer = &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: "some-server", CertificateAuthorityData: "some-ca-value", }, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuerConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuer)) }) - it("updates the CredentialIssuerConfig status saying that controller manager pods couldn't be found", func() { + it("updates the CredentialIssuer status saying that controller manager pods couldn't be found", func() { startInformersAndController() r.NoError(controllerlib.TestSync(t, subject, *syncContext)) - expectedCredentialIssuerConfig := initialCredentialIssuerConfig.DeepCopy() - expectedCredentialIssuerConfig.Status.Strategies = []configv1alpha1.CredentialIssuerConfigStrategy{ + expectedCredentialIssuer := initialCredentialIssuer.DeepCopy() + expectedCredentialIssuer.Status.Strategies = []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -464,14 +464,14 @@ func TestCreaterControllerSync(t *testing.T) { }, } expectedGetAction := coretesting.NewGetAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - credentialIssuerConfigResourceName, + credentialIssuerGVR, + credentialIssuerNamespaceName, + credentialIssuerResourceName, ) expectedUpdateAction := coretesting.NewUpdateAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - expectedCredentialIssuerConfig, + credentialIssuerGVR, + credentialIssuerNamespaceName, + expectedCredentialIssuer, ) r.Equal( @@ -483,11 +483,11 @@ func TestCreaterControllerSync(t *testing.T) { ) }) - when("when updating the CredentialIssuerConfig fails", func() { + when("when updating the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }, @@ -497,15 +497,15 @@ func TestCreaterControllerSync(t *testing.T) { it("returns an error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: some update error") + r.EqualError(err, "could not create or update credentialissuer: some update error") }) }) - when("when getting the CredentialIssuerConfig fails", func() { + when("when getting the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -515,28 +515,28 @@ func TestCreaterControllerSync(t *testing.T) { it("returns an error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: get failed: some get error") + r.EqualError(err, "could not create or update credentialissuer: get failed: some get error") }) }) }) - when("there is not already a CredentialIssuerConfig", func() { - it("creates the CredentialIssuerConfig status saying that controller manager pods couldn't be found", func() { + when("there is not already a CredentialIssuer", func() { + it("creates the CredentialIssuer status saying that controller manager pods couldn't be found", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, Labels: map[string]string{ "myLabelKey1": "myLabelValue1", "myLabelKey2": "myLabelValue2", }, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -548,14 +548,14 @@ func TestCreaterControllerSync(t *testing.T) { }, } expectedGetAction := coretesting.NewGetAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - credentialIssuerConfigResourceName, + credentialIssuerGVR, + credentialIssuerNamespaceName, + credentialIssuerResourceName, ) expectedCreateAction := coretesting.NewCreateAction( - credentialIssuerConfigGVR, - credentialIssuerConfigNamespaceName, - expectedCredentialIssuerConfig, + credentialIssuerGVR, + credentialIssuerNamespaceName, + expectedCredentialIssuer, ) r.NoError(err) @@ -568,11 +568,11 @@ func TestCreaterControllerSync(t *testing.T) { ) }) - when("when creating the CredentialIssuerConfig fails", func() { + when("when creating the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "create", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some create error") }, @@ -582,15 +582,15 @@ func TestCreaterControllerSync(t *testing.T) { it("returns an error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: create failed: some create error") + r.EqualError(err, "could not create or update credentialissuer: create failed: some create error") }) }) - when("when getting the CredentialIssuerConfig fails", func() { + when("when getting the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -600,7 +600,7 @@ func TestCreaterControllerSync(t *testing.T) { it("returns an error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: get failed: some get error") + r.EqualError(err, "could not create or update credentialissuer: get failed: some get error") }) }) }) diff --git a/internal/controller/kubecertagent/deleter_test.go b/internal/controller/kubecertagent/deleter_test.go index 6f5f2a28..2a8b5721 100644 --- a/internal/controller/kubecertagent/deleter_test.go +++ b/internal/controller/kubecertagent/deleter_test.go @@ -28,7 +28,7 @@ func TestDeleterControllerFilter(t *testing.T) { "DeleterControllerFilter", func( agentPodConfig *AgentPodConfig, - _ *CredentialIssuerConfigLocationConfig, + _ *CredentialIssuerLocationConfig, kubeSystemPodInformer corev1informers.PodInformer, agentPodInformer corev1informers.PodInformer, observableWithInformerOption *testutil.ObservableWithInformerOption, diff --git a/internal/controller/kubecertagent/execer.go b/internal/controller/kubecertagent/execer.go index a8e62d61..ec50e49f 100644 --- a/internal/controller/kubecertagent/execer.go +++ b/internal/controller/kubecertagent/execer.go @@ -19,22 +19,22 @@ import ( ) type execerController struct { - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig - dynamicCertProvider dynamiccert.Provider - podCommandExecutor PodCommandExecutor - clock clock.Clock - pinnipedAPIClient pinnipedclientset.Interface - agentPodInformer corev1informers.PodInformer + credentialIssuerLocationConfig *CredentialIssuerLocationConfig + dynamicCertProvider dynamiccert.Provider + podCommandExecutor PodCommandExecutor + clock clock.Clock + pinnipedAPIClient pinnipedclientset.Interface + agentPodInformer corev1informers.PodInformer } // NewExecerController returns a controllerlib.Controller that listens for agent pods with proper // cert/key path annotations and execs into them to get the cert/key material. It sets the retrieved // key material in a provided dynamicCertProvider. // -// It also is tasked with updating the CredentialIssuerConfig, located via the provided -// credentialIssuerConfigLocationConfig, with any errors that it encounters. +// It also is tasked with updating the CredentialIssuer, located via the provided +// credentialIssuerLocationConfig, with any errors that it encounters. func NewExecerController( - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig *CredentialIssuerLocationConfig, dynamicCertProvider dynamiccert.Provider, podCommandExecutor PodCommandExecutor, pinnipedAPIClient pinnipedclientset.Interface, @@ -46,12 +46,12 @@ func NewExecerController( controllerlib.Config{ Name: "kube-cert-agent-execer-controller", Syncer: &execerController{ - credentialIssuerConfigLocationConfig: credentialIssuerConfigLocationConfig, - dynamicCertProvider: dynamicCertProvider, - podCommandExecutor: podCommandExecutor, - pinnipedAPIClient: pinnipedAPIClient, - clock: clock, - agentPodInformer: agentPodInformer, + credentialIssuerLocationConfig: credentialIssuerLocationConfig, + dynamicCertProvider: dynamicCertProvider, + podCommandExecutor: podCommandExecutor, + pinnipedAPIClient: pinnipedAPIClient, + clock: clock, + agentPodInformer: agentPodInformer, }, }, withInformer( @@ -87,21 +87,21 @@ func (c *execerController) Sync(ctx controllerlib.Context) error { certPEM, err := c.podCommandExecutor.Exec(agentPod.Namespace, agentPod.Name, "cat", certPath) if err != nil { - strategyResultUpdateErr := createOrUpdateCredentialIssuerConfig(ctx.Context, *c.credentialIssuerConfigLocationConfig, nil, c.clock, c.pinnipedAPIClient, err) - klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuerConfig with strategy success") + strategyResultUpdateErr := createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, err) + klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuer with strategy success") return err } keyPEM, err := c.podCommandExecutor.Exec(agentPod.Namespace, agentPod.Name, "cat", keyPath) if err != nil { - strategyResultUpdateErr := createOrUpdateCredentialIssuerConfig(ctx.Context, *c.credentialIssuerConfigLocationConfig, nil, c.clock, c.pinnipedAPIClient, err) - klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuerConfig with strategy success") + strategyResultUpdateErr := createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, err) + klog.ErrorS(strategyResultUpdateErr, "could not create or update CredentialIssuer with strategy success") return err } c.dynamicCertProvider.Set([]byte(certPEM), []byte(keyPEM)) - err = createOrUpdateCredentialIssuerConfig(ctx.Context, *c.credentialIssuerConfigLocationConfig, nil, c.clock, c.pinnipedAPIClient, nil) + err = createOrUpdateCredentialIssuer(ctx.Context, *c.credentialIssuerLocationConfig, nil, c.clock, c.pinnipedAPIClient, nil) if err != nil { return err } diff --git a/internal/controller/kubecertagent/execer_test.go b/internal/controller/kubecertagent/execer_test.go index 20af1bbd..9f1bd369 100644 --- a/internal/controller/kubecertagent/execer_test.go +++ b/internal/controller/kubecertagent/execer_test.go @@ -43,7 +43,7 @@ func TestExecerControllerOptions(t *testing.T) { observableWithInformerOption = testutil.NewObservableWithInformerOption() agentPodsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Pods() _ = NewExecerController( - &CredentialIssuerConfigLocationConfig{ + &CredentialIssuerLocationConfig{ Namespace: "ignored by this test", Name: "ignored by this test", }, @@ -136,8 +136,8 @@ func TestManagerControllerSync(t *testing.T) { const fakeKeyPath = "/some/key/path" const defaultDynamicCertProviderCert = "initial-cert" const defaultDynamicCertProviderKey = "initial-key" - const credentialIssuerConfigNamespaceName = "cic-namespace-name" - const credentialIssuerConfigResourceName = "cic-resource-name" + const credentialIssuerNamespaceName = "ci-namespace-name" + const credentialIssuerResourceName = "ci-resource-name" var r *require.Assertions @@ -151,7 +151,7 @@ func TestManagerControllerSync(t *testing.T) { var fakeExecutor *fakePodExecutor var dynamicCertProvider dynamiccert.Provider var fakeCertPEM, fakeKeyPEM string - var credentialIssuerConfigGVR schema.GroupVersionResource + var credentialIssuerGVR schema.GroupVersionResource var frozenNow time.Time // Defer starting the informers until the last possible moment so that the @@ -159,9 +159,9 @@ func TestManagerControllerSync(t *testing.T) { var startInformersAndController = func() { // Set this at the last second to allow for injection of server override. subject = NewExecerController( - &CredentialIssuerConfigLocationConfig{ - Namespace: credentialIssuerConfigNamespaceName, - Name: credentialIssuerConfigResourceName, + &CredentialIssuerLocationConfig{ + Namespace: credentialIssuerNamespaceName, + Name: credentialIssuerResourceName, }, dynamicCertProvider, fakeExecutor, @@ -237,10 +237,10 @@ func TestManagerControllerSync(t *testing.T) { fakeCertPEM = loadFile("./testdata/test.crt") fakeKeyPEM = loadFile("./testdata/test.key") - credentialIssuerConfigGVR = schema.GroupVersionResource{ + credentialIssuerGVR = schema.GroupVersionResource{ Group: configv1alpha1.GroupName, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "credentialissuerconfigs", + Resource: "credentialissuers", } }) @@ -326,33 +326,33 @@ func TestManagerControllerSync(t *testing.T) { r.Equal(fakeKeyPEM, string(actualKeyPEM)) }) - when("there is already a CredentialIssuerConfig", func() { - var initialCredentialIssuerConfig *configv1alpha1.CredentialIssuerConfig + when("there is already a CredentialIssuer", func() { + var initialCredentialIssuer *configv1alpha1.CredentialIssuer it.Before(func() { - initialCredentialIssuerConfig = &configv1alpha1.CredentialIssuerConfig{ + initialCredentialIssuer = &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{}, - KubeConfigInfo: &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{}, + KubeConfigInfo: &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: "some-server", CertificateAuthorityData: "some-ca-value", }, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuerConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(initialCredentialIssuer)) }) - it("also updates the the existing CredentialIssuerConfig status field", func() { + it("also updates the the existing CredentialIssuer status field", func() { startInformersAndController() r.NoError(controllerlib.TestSync(t, subject, *syncContext)) - expectedCredentialIssuerConfig := initialCredentialIssuerConfig.DeepCopy() - expectedCredentialIssuerConfig.Status.Strategies = []configv1alpha1.CredentialIssuerConfigStrategy{ + expectedCredentialIssuer := initialCredentialIssuer.DeepCopy() + expectedCredentialIssuer.Status.Strategies = []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.SuccessStrategyStatus, @@ -361,16 +361,16 @@ func TestManagerControllerSync(t *testing.T) { LastUpdateTime: metav1.NewTime(frozenNow), }, } - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, credentialIssuerConfigResourceName) - expectedCreateAction := coretesting.NewUpdateAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, expectedCredentialIssuerConfig) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, credentialIssuerNamespaceName, credentialIssuerResourceName) + expectedCreateAction := coretesting.NewUpdateAction(credentialIssuerGVR, credentialIssuerNamespaceName, expectedCredentialIssuer) r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) }) - when("updating the CredentialIssuerConfig fails", func() { + when("updating the CredentialIssuer fails", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "credentialissuerconfigs", + "credentialissuers", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }, @@ -380,27 +380,27 @@ func TestManagerControllerSync(t *testing.T) { it("returns an error", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) - r.EqualError(err, "could not create or update credentialissuerconfig: some update error") + r.EqualError(err, "could not create or update credentialissuer: some update error") }) }) }) - when("there is not already a CredentialIssuerConfig", func() { + when("there is not already a CredentialIssuer", func() { it.Before(func() { startInformersAndController() }) - it("also creates the the CredentialIssuerConfig with the appropriate status field", func() { + it("also creates the the CredentialIssuer with the appropriate status field", func() { r.NoError(controllerlib.TestSync(t, subject, *syncContext)) - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.SuccessStrategyStatus, @@ -411,8 +411,8 @@ func TestManagerControllerSync(t *testing.T) { }, }, } - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, credentialIssuerConfigResourceName) - expectedCreateAction := coretesting.NewCreateAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, expectedCredentialIssuerConfig) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, credentialIssuerNamespaceName, credentialIssuerResourceName) + expectedCreateAction := coretesting.NewCreateAction(credentialIssuerGVR, credentialIssuerNamespaceName, expectedCredentialIssuer) r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) }) }) @@ -433,17 +433,17 @@ func TestManagerControllerSync(t *testing.T) { requireDynamicCertProviderHasDefaultValues() }) - it("creates or updates the the CredentialIssuerConfig status field with an error", func() { + it("creates or updates the the CredentialIssuer status field with an error", func() { r.EqualError(controllerlib.TestSync(t, subject, *syncContext), podExecErrorMessage) - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -454,8 +454,8 @@ func TestManagerControllerSync(t *testing.T) { }, }, } - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, credentialIssuerConfigResourceName) - expectedCreateAction := coretesting.NewCreateAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, expectedCredentialIssuerConfig) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, credentialIssuerNamespaceName, credentialIssuerResourceName) + expectedCreateAction := coretesting.NewCreateAction(credentialIssuerGVR, credentialIssuerNamespaceName, expectedCredentialIssuer) r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) }) }) @@ -475,17 +475,17 @@ func TestManagerControllerSync(t *testing.T) { requireDynamicCertProviderHasDefaultValues() }) - it("creates or updates the the CredentialIssuerConfig status field with an error", func() { + it("creates or updates the the CredentialIssuer status field with an error", func() { r.EqualError(controllerlib.TestSync(t, subject, *syncContext), podExecErrorMessage) - expectedCredentialIssuerConfig := &configv1alpha1.CredentialIssuerConfig{ + expectedCredentialIssuer := &configv1alpha1.CredentialIssuer{ TypeMeta: metav1.TypeMeta{}, ObjectMeta: metav1.ObjectMeta{ - Name: credentialIssuerConfigResourceName, - Namespace: credentialIssuerConfigNamespaceName, + Name: credentialIssuerResourceName, + Namespace: credentialIssuerNamespaceName, }, - Status: configv1alpha1.CredentialIssuerConfigStatus{ - Strategies: []configv1alpha1.CredentialIssuerConfigStrategy{ + Status: configv1alpha1.CredentialIssuerStatus{ + Strategies: []configv1alpha1.CredentialIssuerStrategy{ { Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, @@ -496,8 +496,8 @@ func TestManagerControllerSync(t *testing.T) { }, }, } - expectedGetAction := coretesting.NewGetAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, credentialIssuerConfigResourceName) - expectedCreateAction := coretesting.NewCreateAction(credentialIssuerConfigGVR, credentialIssuerConfigNamespaceName, expectedCredentialIssuerConfig) + expectedGetAction := coretesting.NewGetAction(credentialIssuerGVR, credentialIssuerNamespaceName, credentialIssuerResourceName) + expectedCreateAction := coretesting.NewCreateAction(credentialIssuerGVR, credentialIssuerNamespaceName, expectedCredentialIssuer) r.Equal([]coretesting.Action{expectedGetAction, expectedCreateAction}, pinnipedAPIClient.Actions()) }) }) diff --git a/internal/controller/kubecertagent/kubecertagent.go b/internal/controller/kubecertagent/kubecertagent.go index 3d58b964..17a0dcf6 100644 --- a/internal/controller/kubecertagent/kubecertagent.go +++ b/internal/controller/kubecertagent/kubecertagent.go @@ -73,11 +73,11 @@ type AgentPodConfig struct { AdditionalLabels map[string]string } -type CredentialIssuerConfigLocationConfig struct { - // The namespace in which the CredentialIssuerConfig should be created/updated. +type CredentialIssuerLocationConfig struct { + // The namespace in which the CredentialIssuer should be created/updated. Namespace string - // The resource name for the CredentialIssuerConfig to be created/updated. + // The resource name for the CredentialIssuer to be created/updated. Name string } @@ -283,35 +283,35 @@ func findControllerManagerPodForSpecificAgentPod( return maybeControllerManagerPod, nil } -func createOrUpdateCredentialIssuerConfig(ctx context.Context, - cicConfig CredentialIssuerConfigLocationConfig, - credentialIssuerConfigLabels map[string]string, +func createOrUpdateCredentialIssuer(ctx context.Context, + ciConfig CredentialIssuerLocationConfig, + credentialIssuerLabels map[string]string, clock clock.Clock, pinnipedAPIClient pinnipedclientset.Interface, err error, ) error { - return issuerconfig.CreateOrUpdateCredentialIssuerConfig( + return issuerconfig.CreateOrUpdateCredentialIssuer( ctx, - cicConfig.Namespace, - cicConfig.Name, - credentialIssuerConfigLabels, + ciConfig.Namespace, + ciConfig.Name, + credentialIssuerLabels, pinnipedAPIClient, - func(configToUpdate *configv1alpha1.CredentialIssuerConfig) { - var strategyResult configv1alpha1.CredentialIssuerConfigStrategy + func(configToUpdate *configv1alpha1.CredentialIssuer) { + var strategyResult configv1alpha1.CredentialIssuerStrategy if err == nil { strategyResult = strategySuccess(clock) } else { strategyResult = strategyError(clock, err) } - configToUpdate.Status.Strategies = []configv1alpha1.CredentialIssuerConfigStrategy{ + configToUpdate.Status.Strategies = []configv1alpha1.CredentialIssuerStrategy{ strategyResult, } }, ) } -func strategySuccess(clock clock.Clock) configv1alpha1.CredentialIssuerConfigStrategy { - return configv1alpha1.CredentialIssuerConfigStrategy{ +func strategySuccess(clock clock.Clock) configv1alpha1.CredentialIssuerStrategy { + return configv1alpha1.CredentialIssuerStrategy{ Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.SuccessStrategyStatus, Reason: configv1alpha1.FetchedKeyStrategyReason, @@ -320,8 +320,8 @@ func strategySuccess(clock clock.Clock) configv1alpha1.CredentialIssuerConfigStr } } -func strategyError(clock clock.Clock, err error) configv1alpha1.CredentialIssuerConfigStrategy { - return configv1alpha1.CredentialIssuerConfigStrategy{ +func strategyError(clock clock.Clock, err error) configv1alpha1.CredentialIssuerStrategy { + return configv1alpha1.CredentialIssuerStrategy{ Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, Status: configv1alpha1.ErrorStrategyStatus, Reason: configv1alpha1.CouldNotFetchKeyStrategyReason, diff --git a/internal/controller/kubecertagent/kubecertagent_test.go b/internal/controller/kubecertagent/kubecertagent_test.go index a0dc704e..29bb5955 100644 --- a/internal/controller/kubecertagent/kubecertagent_test.go +++ b/internal/controller/kubecertagent/kubecertagent_test.go @@ -131,7 +131,7 @@ func defineSharedKubecertagentFilterSpecs( name string, newFunc func( agentPodConfig *AgentPodConfig, - credentialIssuerConfigLocationConfig *CredentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig *CredentialIssuerLocationConfig, kubeSystemPodInformer corev1informers.PodInformer, agentPodInformer corev1informers.PodInformer, observableWithInformerOption *testutil.ObservableWithInformerOption, @@ -149,7 +149,7 @@ func defineSharedKubecertagentFilterSpecs( kubeSystemPodInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Pods() agentPodInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Pods() observableWithInformerOption := testutil.NewObservableWithInformerOption() - newFunc(&AgentPodConfig{}, &CredentialIssuerConfigLocationConfig{}, kubeSystemPodInformer, agentPodInformer, observableWithInformerOption) + newFunc(&AgentPodConfig{}, &CredentialIssuerLocationConfig{}, kubeSystemPodInformer, agentPodInformer, observableWithInformerOption) kubeSystemPodInformerFilter = observableWithInformerOption.GetFilterForInformer(kubeSystemPodInformer) agentPodInformerFilter = observableWithInformerOption.GetFilterForInformer(agentPodInformer) diff --git a/internal/controller/supervisorconfig/jwks_observer.go b/internal/controller/supervisorconfig/jwks_observer.go index f2870c08..1ea4c0fc 100644 --- a/internal/controller/supervisorconfig/jwks_observer.go +++ b/internal/controller/supervisorconfig/jwks_observer.go @@ -18,16 +18,16 @@ import ( ) type jwksObserverController struct { - issuerToJWKSSetter IssuerToJWKSMapSetter - oidcProviderConfigInformer v1alpha1.OIDCProviderConfigInformer - secretInformer corev1informers.SecretInformer + issuerToJWKSSetter IssuerToJWKSMapSetter + oidcProviderInformer v1alpha1.OIDCProviderInformer + secretInformer corev1informers.SecretInformer } type IssuerToJWKSMapSetter interface { SetIssuerToJWKSMap(issuerToJWKSMap map[string]*jose.JSONWebKeySet) } -// Returns a controller which watches all of the OIDCProviderConfigs and their corresponding Secrets +// Returns a controller which watches all of the OIDCProviders and their corresponding Secrets // and fills an in-memory cache of the JWKS info for each currently configured issuer. // This controller assumes that the informers passed to it are already scoped down to the // appropriate namespace. It also assumes that the IssuerToJWKSMapSetter passed to it has an @@ -35,16 +35,16 @@ type IssuerToJWKSMapSetter interface { func NewJWKSObserverController( issuerToJWKSSetter IssuerToJWKSMapSetter, secretInformer corev1informers.SecretInformer, - oidcProviderConfigInformer v1alpha1.OIDCProviderConfigInformer, + oidcProviderInformer v1alpha1.OIDCProviderInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ Name: "jwks-observer-controller", Syncer: &jwksObserverController{ - issuerToJWKSSetter: issuerToJWKSSetter, - oidcProviderConfigInformer: oidcProviderConfigInformer, - secretInformer: secretInformer, + issuerToJWKSSetter: issuerToJWKSSetter, + oidcProviderInformer: oidcProviderInformer, + secretInformer: secretInformer, }, }, withInformer( @@ -53,7 +53,7 @@ func NewJWKSObserverController( controllerlib.InformerOption{}, ), withInformer( - oidcProviderConfigInformer, + oidcProviderInformer, pinnipedcontroller.MatchAnythingFilter(), controllerlib.InformerOption{}, ), @@ -62,9 +62,9 @@ func NewJWKSObserverController( func (c *jwksObserverController) Sync(ctx controllerlib.Context) error { ns := ctx.Key.Namespace - allProviders, err := c.oidcProviderConfigInformer.Lister().OIDCProviderConfigs(ns).List(labels.Everything()) + allProviders, err := c.oidcProviderInformer.Lister().OIDCProviders(ns).List(labels.Everything()) if err != nil { - return fmt.Errorf("failed to list OIDCProviderConfigs: %w", err) + return fmt.Errorf("failed to list OIDCProviders: %w", err) } // Rebuild the whole map on any change to any Secret or OIDCProvider, because either can have changes that diff --git a/internal/controller/supervisorconfig/jwks_observer_test.go b/internal/controller/supervisorconfig/jwks_observer_test.go index 50d7574f..8bf920ef 100644 --- a/internal/controller/supervisorconfig/jwks_observer_test.go +++ b/internal/controller/supervisorconfig/jwks_observer_test.go @@ -28,25 +28,25 @@ import ( func TestJWKSObserverControllerInformerFilters(t *testing.T) { spec.Run(t, "informer filters", func(t *testing.T, when spec.G, it spec.S) { var ( - r *require.Assertions - observableWithInformerOption *testutil.ObservableWithInformerOption - secretsInformerFilter controllerlib.Filter - oidcProviderConfigInformerFilter controllerlib.Filter + r *require.Assertions + observableWithInformerOption *testutil.ObservableWithInformerOption + secretsInformerFilter controllerlib.Filter + oidcProviderInformerFilter controllerlib.Filter ) it.Before(func() { r = require.New(t) observableWithInformerOption = testutil.NewObservableWithInformerOption() secretsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Secrets() - oidcProviderConfigInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().OIDCProviderConfigs() + oidcProviderInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().OIDCProviders() _ = NewJWKSObserverController( nil, secretsInformer, - oidcProviderConfigInformer, + oidcProviderInformer, observableWithInformerOption.WithInformer, // make it possible to observe the behavior of the Filters ) secretsInformerFilter = observableWithInformerOption.GetFilterForInformer(secretsInformer) - oidcProviderConfigInformerFilter = observableWithInformerOption.GetFilterForInformer(oidcProviderConfigInformer) + oidcProviderInformerFilter = observableWithInformerOption.GetFilterForInformer(oidcProviderInformer) }) when("watching Secret objects", func() { @@ -71,19 +71,19 @@ func TestJWKSObserverControllerInformerFilters(t *testing.T) { }) }) - when("watching OIDCProviderConfig objects", func() { + when("watching OIDCProvider objects", func() { var ( subject controllerlib.Filter - provider, otherProvider *v1alpha1.OIDCProviderConfig + provider, otherProvider *v1alpha1.OIDCProvider ) it.Before(func() { - subject = oidcProviderConfigInformerFilter - provider = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} - otherProvider = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} + subject = oidcProviderInformerFilter + provider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} + otherProvider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} }) - when("any OIDCProviderConfig changes", func() { + when("any OIDCProvider changes", func() { it("returns true to trigger the sync method", func() { r.True(subject.Add(provider)) r.True(subject.Update(provider, otherProvider)) @@ -129,7 +129,7 @@ func TestJWKSObserverControllerSync(t *testing.T) { subject = NewJWKSObserverController( issuerToJWKSSetter, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ) @@ -173,7 +173,7 @@ func TestJWKSObserverControllerSync(t *testing.T) { timeoutContextCancel() }) - when("there are no OIDCProviderConfigs and no JWKS Secrets yet", func() { + when("there are no OIDCProviders and no JWKS Secrets yet", func() { it("sets the issuerToJWKSSetter's map to be empty", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) @@ -184,55 +184,55 @@ func TestJWKSObserverControllerSync(t *testing.T) { }) }) - when("there are OIDCProviderConfigs where some have corresponding JWKS Secrets and some don't", func() { + when("there are OIDCProviders where some have corresponding JWKS Secrets and some don't", func() { var ( expectedJWK1, expectedJWK2 string ) it.Before(func() { - oidcProviderConfigWithoutSecret1 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithoutSecret1 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcproviderconfig1", + Name: "no-secret-oidcprovider1", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://no-secret-issuer1.com"}, - Status: v1alpha1.OIDCProviderConfigStatus{}, // no JWKSSecret field + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://no-secret-issuer1.com"}, + Status: v1alpha1.OIDCProviderStatus{}, // no JWKSSecret field } - oidcProviderConfigWithoutSecret2 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithoutSecret2 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcproviderconfig2", + Name: "no-secret-oidcprovider2", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://no-secret-issuer2.com"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://no-secret-issuer2.com"}, // no Status field } - oidcProviderConfigWithBadSecret := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithBadSecret := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-secret-oidcproviderconfig", + Name: "bad-secret-oidcprovider", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://bad-secret-issuer.com"}, - Status: v1alpha1.OIDCProviderConfigStatus{ + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://bad-secret-issuer.com"}, + Status: v1alpha1.OIDCProviderStatus{ JWKSSecret: corev1.LocalObjectReference{Name: "bad-jwks-secret-name"}, }, } - oidcProviderConfigWithGoodSecret1 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithGoodSecret1 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcproviderconfig1", + Name: "good-secret-oidcprovider1", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer-with-good-secret1.com"}, - Status: v1alpha1.OIDCProviderConfigStatus{ + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-with-good-secret1.com"}, + Status: v1alpha1.OIDCProviderStatus{ JWKSSecret: corev1.LocalObjectReference{Name: "good-jwks-secret-name1"}, }, } - oidcProviderConfigWithGoodSecret2 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithGoodSecret2 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcproviderconfig2", + Name: "good-secret-oidcprovider2", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer-with-good-secret2.com"}, - Status: v1alpha1.OIDCProviderConfigStatus{ + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-with-good-secret2.com"}, + Status: v1alpha1.OIDCProviderStatus{ JWKSSecret: corev1.LocalObjectReference{Name: "good-jwks-secret-name2"}, }, } @@ -267,11 +267,11 @@ func TestJWKSObserverControllerSync(t *testing.T) { }, Data: map[string][]byte{"junk": nil}, } - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithoutSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithoutSecret2)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithBadSecret)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithGoodSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithGoodSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadSecret)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret2)) r.NoError(kubeInformerClient.Tracker().Add(goodJWKSSecret1)) r.NoError(kubeInformerClient.Tracker().Add(goodJWKSSecret2)) r.NoError(kubeInformerClient.Tracker().Add(badJWKSSecret)) diff --git a/internal/controller/supervisorconfig/jwks_writer.go b/internal/controller/supervisorconfig/jwks_writer.go index 7f16298e..8af5fb97 100644 --- a/internal/controller/supervisorconfig/jwks_writer.go +++ b/internal/controller/supervisorconfig/jwks_writer.go @@ -42,7 +42,7 @@ const ( ) const ( - opcKind = "OIDCProviderConfig" + opcKind = "OIDCProvider" ) // generateKey is stubbed out for the purpose of testing. The default behavior is to generate an EC key. @@ -59,7 +59,7 @@ type jwksWriterController struct { jwksSecretLabels map[string]string pinnipedClient pinnipedclientset.Interface kubeClient kubernetes.Interface - opcInformer configinformers.OIDCProviderConfigInformer + opcInformer configinformers.OIDCProviderInformer secretInformer corev1informers.SecretInformer } @@ -70,7 +70,7 @@ func NewJWKSWriterController( kubeClient kubernetes.Interface, pinnipedClient pinnipedclientset.Interface, secretInformer corev1informers.SecretInformer, - opcInformer configinformers.OIDCProviderConfigInformer, + opcInformer configinformers.OIDCProviderInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( @@ -118,11 +118,11 @@ func NewJWKSWriterController( // Sync implements controllerlib.Syncer. func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { - opc, err := c.opcInformer.Lister().OIDCProviderConfigs(ctx.Key.Namespace).Get(ctx.Key.Name) + opc, err := c.opcInformer.Lister().OIDCProviders(ctx.Key.Namespace).Get(ctx.Key.Name) notFound := k8serrors.IsNotFound(err) if err != nil && !notFound { return fmt.Errorf( - "failed to get %s/%s OIDCProviderConfig: %w", + "failed to get %s/%s OIDCProvider: %w", ctx.Key.Namespace, ctx.Key.Name, err, @@ -133,8 +133,8 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { // The corresponding secret to this OPC should have been garbage collected since it should have // had this OPC as its owner. klog.InfoS( - "oidcproviderconfig deleted", - "oidcproviderconfig", + "oidcprovider deleted", + "oidcprovider", klog.KRef(ctx.Key.Namespace, ctx.Key.Name), ) return nil @@ -148,7 +148,7 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { // Secret is up to date - we are good to go. klog.InfoS( "secret is up to date", - "oidcproviderconfig", + "oidcprovider", klog.KRef(ctx.Key.Namespace, ctx.Key.Name), ) return nil @@ -172,12 +172,12 @@ func (c *jwksWriterController) Sync(ctx controllerlib.Context) error { if err := c.updateOPC(ctx.Context, newOPC); err != nil { return fmt.Errorf("cannot update opc: %w", err) } - klog.InfoS("updated oidcproviderconfig", "oidcproviderconfig", klog.KObj(newOPC)) + klog.InfoS("updated oidcprovider", "oidcprovider", klog.KObj(newOPC)) return nil } -func (c *jwksWriterController) secretNeedsUpdate(opc *configv1alpha1.OIDCProviderConfig) (bool, error) { +func (c *jwksWriterController) secretNeedsUpdate(opc *configv1alpha1.OIDCProvider) (bool, error) { if opc.Status.JWKSSecret.Name == "" { // If the OPC says it doesn't have a secret associated with it, then let's create one. return true, nil @@ -202,7 +202,7 @@ func (c *jwksWriterController) secretNeedsUpdate(opc *configv1alpha1.OIDCProvide return false, nil } -func (c *jwksWriterController) generateSecret(opc *configv1alpha1.OIDCProviderConfig) (*corev1.Secret, error) { +func (c *jwksWriterController) generateSecret(opc *configv1alpha1.OIDCProvider) (*corev1.Secret, error) { // Note! This is where we could potentially add more handling of OPC spec fields which tell us how // this OIDC provider should sign and verify ID tokens (e.g., hardcoded token secret, gRPC // connection to KMS, etc). @@ -291,9 +291,9 @@ func (c *jwksWriterController) createOrUpdateSecret( func (c *jwksWriterController) updateOPC( ctx context.Context, - newOPC *configv1alpha1.OIDCProviderConfig, + newOPC *configv1alpha1.OIDCProvider, ) error { - opcClient := c.pinnipedClient.ConfigV1alpha1().OIDCProviderConfigs(newOPC.Namespace) + opcClient := c.pinnipedClient.ConfigV1alpha1().OIDCProviders(newOPC.Namespace) return retry.RetryOnConflict(retry.DefaultRetry, func() error { oldOPC, err := opcClient.Get(ctx, newOPC.Name, metav1.GetOptions{}) if err != nil { diff --git a/internal/controller/supervisorconfig/jwks_writer_test.go b/internal/controller/supervisorconfig/jwks_writer_test.go index 667562a1..9afdc486 100644 --- a/internal/controller/supervisorconfig/jwks_writer_test.go +++ b/internal/controller/supervisorconfig/jwks_writer_test.go @@ -54,7 +54,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { Namespace: "some-namespace", OwnerReferences: []metav1.OwnerReference{ { - Kind: "OIDCProviderConfig", + Kind: "OIDCProvider", Name: "some-name", Controller: boolPtr(true), }, @@ -85,7 +85,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProviderConfig", + Kind: "OIDCProvider", Name: "some-name", }, }, @@ -100,7 +100,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProviderConfig", + Kind: "OIDCProvider", Name: "some-name", Controller: boolPtr(true), }, @@ -123,7 +123,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { }, { APIVersion: configv1alpha1.SchemeGroupVersion.String(), - Kind: "OIDCProviderConfig", + Kind: "OIDCProvider", Name: "some-name", Controller: boolPtr(true), }, @@ -148,7 +148,7 @@ func TestJWKSWriterControllerFilterSecret(t *testing.T) { opcInformer := pinnipedinformers.NewSharedInformerFactory( pinnipedfake.NewSimpleClientset(), 0, - ).Config().V1alpha1().OIDCProviderConfigs() + ).Config().V1alpha1().OIDCProviders() withInformer := testutil.NewObservableWithInformerOption() _ = NewJWKSWriterController( nil, // labels, not needed @@ -175,7 +175,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { tests := []struct { name string - opc configv1alpha1.OIDCProviderConfig + opc configv1alpha1.OIDCProvider wantAdd bool wantUpdate bool wantDelete bool @@ -183,7 +183,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { }{ { name: "anything goes", - opc: configv1alpha1.OIDCProviderConfig{}, + opc: configv1alpha1.OIDCProvider{}, wantAdd: true, wantUpdate: true, wantDelete: true, @@ -202,7 +202,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { opcInformer := pinnipedinformers.NewSharedInformerFactory( pinnipedfake.NewSimpleClientset(), 0, - ).Config().V1alpha1().OIDCProviderConfigs() + ).Config().V1alpha1().OIDCProviders() withInformer := testutil.NewObservableWithInformerOption() _ = NewJWKSWriterController( nil, // labels, not needed @@ -213,7 +213,7 @@ func TestJWKSWriterControllerFilterOPC(t *testing.T) { withInformer.WithInformer, ) - unrelated := configv1alpha1.OIDCProviderConfig{} + unrelated := configv1alpha1.OIDCProvider{} filter := withInformer.GetFilterForInformer(opcInformer) require.Equal(t, test.wantAdd, filter.Add(&test.opc)) require.Equal(t, test.wantUpdate, filter.Update(&unrelated, &test.opc)) @@ -239,16 +239,16 @@ func TestJWKSWriterControllerSync(t *testing.T) { opcGVR := schema.GroupVersionResource{ Group: configv1alpha1.SchemeGroupVersion.Group, Version: configv1alpha1.SchemeGroupVersion.Version, - Resource: "oidcproviderconfigs", + Resource: "oidcproviders", } - goodOPC := &configv1alpha1.OIDCProviderConfig{ + goodOPC := &configv1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ Name: "good-opc", Namespace: namespace, UID: "good-opc-uid", }, - Spec: configv1alpha1.OIDCProviderConfigSpec{ + Spec: configv1alpha1.OIDCProviderSpec{ Issuer: "https://some-issuer.com", }, } @@ -273,7 +273,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { OwnerReferences: []metav1.OwnerReference{ { APIVersion: opcGVR.GroupVersion().String(), - Kind: "OIDCProviderConfig", + Kind: "OIDCProvider", Name: goodOPC.Name, UID: goodOPC.UID, BlockOwnerDeletion: boolPtr(true), @@ -300,7 +300,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { secrets []*corev1.Secret configKubeClient func(*kubernetesfake.Clientset) configPinnipedClient func(*pinnipedfake.Clientset) - opcs []*configv1alpha1.OIDCProviderConfig + opcs []*configv1alpha1.OIDCProvider generateKeyErr error wantGenerateKeyCount int wantSecretActions []kubetesting.Action @@ -310,7 +310,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "new opc with no secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, wantGenerateKeyCount: 1, @@ -326,7 +326,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "opc without status with existing secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, secrets: []*corev1.Secret{ @@ -344,7 +344,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "existing opc with no secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, wantGenerateKeyCount: 1, @@ -359,7 +359,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "existing opc with existing secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -374,7 +374,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "missing jwk in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -392,7 +392,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "missing jwks in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -410,7 +410,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwk JSON in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -428,7 +428,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwks JSON in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -446,7 +446,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "public jwk in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -464,7 +464,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "private jwks in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -482,7 +482,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwk key in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -500,7 +500,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "invalid jwks key in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -518,7 +518,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "missing active jwks in secret", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, secrets: []*corev1.Secret{ @@ -536,7 +536,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "generate key fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPCWithStatus, }, generateKeyErr: errors.New("some generate error"), @@ -545,7 +545,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "get secret fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, configKubeClient: func(client *kubernetesfake.Clientset) { @@ -558,7 +558,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "create secret fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, configKubeClient: func(client *kubernetesfake.Clientset) { @@ -571,7 +571,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "update secret fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, secrets: []*corev1.Secret{ @@ -587,11 +587,11 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "get opc fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, configPinnipedClient: func(client *pinnipedfake.Clientset) { - client.PrependReactor("get", "oidcproviderconfigs", func(_ kubetesting.Action) (bool, runtime.Object, error) { + client.PrependReactor("get", "oidcproviders", func(_ kubetesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }) }, @@ -600,11 +600,11 @@ func TestJWKSWriterControllerSync(t *testing.T) { { name: "update opc fails", key: controllerlib.Key{Namespace: goodOPC.Namespace, Name: goodOPC.Name}, - opcs: []*configv1alpha1.OIDCProviderConfig{ + opcs: []*configv1alpha1.OIDCProvider{ goodOPC, }, configPinnipedClient: func(client *pinnipedfake.Clientset) { - client.PrependReactor("update", "oidcproviderconfigs", func(_ kubetesting.Action) (bool, runtime.Object, error) { + client.PrependReactor("update", "oidcproviders", func(_ kubetesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }) }, @@ -661,7 +661,7 @@ func TestJWKSWriterControllerSync(t *testing.T) { kubeAPIClient, pinnipedAPIClient, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ) diff --git a/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go b/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go index 2f3a1f37..99b55894 100644 --- a/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go +++ b/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go @@ -32,26 +32,26 @@ type ProvidersSetter interface { SetProviders(oidcProviders ...*provider.OIDCProvider) } -type oidcProviderConfigWatcherController struct { +type oidcProviderWatcherController struct { providerSetter ProvidersSetter clock clock.Clock client pinnipedclientset.Interface - opcInformer configinformers.OIDCProviderConfigInformer + opcInformer configinformers.OIDCProviderInformer } -// NewOIDCProviderConfigWatcherController creates a controllerlib.Controller that watches -// OIDCProviderConfig objects and notifies a callback object of the collection of provider configs. -func NewOIDCProviderConfigWatcherController( +// NewOIDCProviderWatcherController creates a controllerlib.Controller that watches +// OIDCProvider objects and notifies a callback object of the collection of provider configs. +func NewOIDCProviderWatcherController( providerSetter ProvidersSetter, clock clock.Clock, client pinnipedclientset.Interface, - opcInformer configinformers.OIDCProviderConfigInformer, + opcInformer configinformers.OIDCProviderInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( controllerlib.Config{ - Name: "OIDCProviderConfigWatcherController", - Syncer: &oidcProviderConfigWatcherController{ + Name: "OIDCProviderWatcherController", + Syncer: &oidcProviderWatcherController{ providerSetter: providerSetter, clock: clock, client: client, @@ -67,7 +67,7 @@ func NewOIDCProviderConfigWatcherController( } // Sync implements controllerlib.Syncer. -func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) error { +func (c *oidcProviderWatcherController) Sync(ctx controllerlib.Context) error { all, err := c.opcInformer.Lister().List(labels.Everything()) if err != nil { return err @@ -82,7 +82,7 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er } // Make a map of issuer hostnames -> set of unique secret names. This will help us complain when - // multiple OIDCProviderConfigs have the same issuer hostname (excluding port) but specify + // multiple OIDCProviders have the same issuer hostname (excluding port) but specify // different TLS serving Secrets. Doesn't make sense to have the one address use more than one // TLS cert. Ignore ports because SNI information on the incoming requests is not going to include // port numbers. Also make a helper function for forming keys into this map. @@ -102,7 +102,9 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er setOfSecretNames = make(map[string]bool) uniqueSecretNamesPerIssuerAddress[issuerURLToHostnameKey(issuerURL)] = setOfSecretNames } - setOfSecretNames[opc.Spec.SNICertificateSecretName] = true + if opc.Spec.TLS != nil { + setOfSecretNames[opc.Spec.TLS.SecretName] = true + } } errs := multierror.New() @@ -118,7 +120,7 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.DuplicateOIDCProviderStatus, + configv1alpha1.DuplicateOIDCProviderStatusCondition, "Duplicate issuer: "+opc.Spec.Issuer, ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -133,7 +135,7 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatus, + configv1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition, "Issuers with the same DNS hostname (address not including port) must use the same secretName: "+issuerURLToHostnameKey(issuerURL), ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -147,7 +149,7 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.InvalidOIDCProviderStatus, + configv1alpha1.InvalidOIDCProviderStatusCondition, "Invalid: "+err.Error(), ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -159,7 +161,7 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er ctx.Context, opc.Namespace, opc.Name, - configv1alpha1.SuccessOIDCProviderStatus, + configv1alpha1.SuccessOIDCProviderStatusCondition, "Provider successfully created", ); err != nil { errs.Add(fmt.Errorf("could not update status: %w", err)) @@ -173,14 +175,14 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er return errs.ErrOrNil() } -func (c *oidcProviderConfigWatcherController) updateStatus( +func (c *oidcProviderWatcherController) updateStatus( ctx context.Context, namespace, name string, - status configv1alpha1.OIDCProviderStatus, + status configv1alpha1.OIDCProviderStatusCondition, message string, ) error { return retry.RetryOnConflict(retry.DefaultRetry, func() error { - opc, err := c.client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Get(ctx, name, metav1.GetOptions{}) + opc, err := c.client.ConfigV1alpha1().OIDCProviders(namespace).Get(ctx, name, metav1.GetOptions{}) if err != nil { return fmt.Errorf("get failed: %w", err) } @@ -201,7 +203,7 @@ func (c *oidcProviderConfigWatcherController) updateStatus( opc.Status.Status = status opc.Status.Message = message opc.Status.LastUpdateTime = timePtr(metav1.NewTime(c.clock.Now())) - _, err = c.client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Update(ctx, opc, metav1.UpdateOptions{}) + _, err = c.client.ConfigV1alpha1().OIDCProviders(namespace).Update(ctx, opc, metav1.UpdateOptions{}) return err }) } diff --git a/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go b/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go index 80292de9..91270999 100644 --- a/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcproviderconfig_watcher_test.go @@ -40,8 +40,8 @@ func TestInformerFilters(t *testing.T) { it.Before(func() { r = require.New(t) observableWithInformerOption = testutil.NewObservableWithInformerOption() - opcInformer := pinnipedinformers.NewSharedInformerFactoryWithOptions(nil, 0).Config().V1alpha1().OIDCProviderConfigs() - _ = NewOIDCProviderConfigWatcherController( + opcInformer := pinnipedinformers.NewSharedInformerFactoryWithOptions(nil, 0).Config().V1alpha1().OIDCProviders() + _ = NewOIDCProviderWatcherController( nil, nil, nil, @@ -51,18 +51,18 @@ func TestInformerFilters(t *testing.T) { configMapInformerFilter = observableWithInformerOption.GetFilterForInformer(opcInformer) }) - when("watching OIDCProviderConfig objects", func() { + when("watching OIDCProvider objects", func() { var subject controllerlib.Filter - var target, otherNamespace, otherName *v1alpha1.OIDCProviderConfig + var target, otherNamespace, otherName *v1alpha1.OIDCProvider it.Before(func() { subject = configMapInformerFilter - target = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"}} - otherNamespace = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "other-namespace"}} - otherName = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "other-name", Namespace: "some-namespace"}} + target = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "some-namespace"}} + otherNamespace = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "some-name", Namespace: "other-namespace"}} + otherName = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "other-name", Namespace: "some-namespace"}} }) - when("any OIDCProviderConfig changes", func() { + when("any OIDCProvider changes", func() { it("returns true to trigger the sync method", func() { r.True(subject.Add(target)) r.True(subject.Add(otherName)) @@ -107,17 +107,17 @@ func TestSync(t *testing.T) { var syncContext *controllerlib.Context var frozenNow time.Time var providersSetter *fakeProvidersSetter - var oidcProviderConfigGVR schema.GroupVersionResource + var oidcProviderGVR schema.GroupVersionResource // Defer starting the informers until the last possible moment so that the // nested Before's can keep adding things to the informer caches. var startInformersAndController = func() { // Set this at the last second to allow for injection of server override. - subject = NewOIDCProviderConfigWatcherController( + subject = NewOIDCProviderWatcherController( providersSetter, clock.NewFakeClock(frozenNow), pinnipedAPIClient, - opcInformers.Config().V1alpha1().OIDCProviderConfigs(), + opcInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ) @@ -148,10 +148,10 @@ func TestSync(t *testing.T) { opcInformers = pinnipedinformers.NewSharedInformerFactory(opcInformerClient, 0) pinnipedAPIClient = pinnipedfake.NewSimpleClientset() - oidcProviderConfigGVR = schema.GroupVersionResource{ + oidcProviderGVR = schema.GroupVersionResource{ Group: v1alpha1.SchemeGroupVersion.Group, Version: v1alpha1.SchemeGroupVersion.Version, - Resource: "oidcproviderconfigs", + Resource: "oidcproviders", } }) @@ -159,26 +159,26 @@ func TestSync(t *testing.T) { timeoutContextCancel() }) - when("there are some valid OIDCProviderConfigs in the informer", func() { + when("there are some valid OIDCProviders in the informer", func() { var ( - oidcProviderConfig1 *v1alpha1.OIDCProviderConfig - oidcProviderConfig2 *v1alpha1.OIDCProviderConfig + oidcProvider1 *v1alpha1.OIDCProvider + oidcProvider2 *v1alpha1.OIDCProvider ) it.Before(func() { - oidcProviderConfig1 = &v1alpha1.OIDCProviderConfig{ + oidcProvider1 = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "config1", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer1.com"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer1.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfig1)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfig1)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider1)) + r.NoError(opcInformerClient.Tracker().Add(oidcProvider1)) - oidcProviderConfig2 = &v1alpha1.OIDCProviderConfig{ + oidcProvider2 = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "config2", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer2.com"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer2.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfig2)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfig2)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider2)) + r.NoError(opcInformerClient.Tracker().Add(oidcProvider2)) }) it("calls the ProvidersSetter", func() { @@ -186,10 +186,10 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - provider1, err := provider.NewOIDCProvider(oidcProviderConfig1.Spec.Issuer) + provider1, err := provider.NewOIDCProvider(oidcProvider1.Spec.Issuer) r.NoError(err) - provider2, err := provider.NewOIDCProvider(oidcProviderConfig2.Spec.Issuer) + provider2, err := provider.NewOIDCProvider(oidcProvider2.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -202,92 +202,92 @@ func TestSync(t *testing.T) { ) }) - it("updates the status to success in the OIDCProviderConfigs", func() { + it("updates the status to success in the OIDCProviders", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProviderConfig1.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig1.Status.Message = "Provider successfully created" - oidcProviderConfig1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider1.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider1.Status.Message = "Provider successfully created" + oidcProvider1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfig2.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig2.Status.Message = "Provider successfully created" - oidcProviderConfig2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider2.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider2.Status.Message = "Provider successfully created" + oidcProvider2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig1.Namespace, - oidcProviderConfig1.Name, + oidcProviderGVR, + oidcProvider1.Namespace, + oidcProvider1.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig1.Namespace, - oidcProviderConfig1, + oidcProviderGVR, + oidcProvider1.Namespace, + oidcProvider1, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig2.Namespace, - oidcProviderConfig2.Name, + oidcProviderGVR, + oidcProvider2.Namespace, + oidcProvider2.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig2.Namespace, - oidcProviderConfig2, + oidcProviderGVR, + oidcProvider2.Namespace, + oidcProvider2, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) }) - when("one OIDCProviderConfig is already up to date", func() { + when("one OIDCProvider is already up to date", func() { it.Before(func() { - oidcProviderConfig1.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig1.Status.Message = "Provider successfully created" - oidcProviderConfig1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider1.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider1.Status.Message = "Provider successfully created" + oidcProvider1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - r.NoError(pinnipedAPIClient.Tracker().Update(oidcProviderConfigGVR, oidcProviderConfig1, oidcProviderConfig1.Namespace)) - r.NoError(opcInformerClient.Tracker().Update(oidcProviderConfigGVR, oidcProviderConfig1, oidcProviderConfig1.Namespace)) + r.NoError(pinnipedAPIClient.Tracker().Update(oidcProviderGVR, oidcProvider1, oidcProvider1.Namespace)) + r.NoError(opcInformerClient.Tracker().Update(oidcProviderGVR, oidcProvider1, oidcProvider1.Namespace)) }) - it("only updates the out-of-date OIDCProviderConfig", func() { + it("only updates the out-of-date OIDCProvider", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProviderConfig2.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig2.Status.Message = "Provider successfully created" - oidcProviderConfig2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider2.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider2.Status.Message = "Provider successfully created" + oidcProvider2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig1.Namespace, - oidcProviderConfig1.Name, + oidcProviderGVR, + oidcProvider1.Namespace, + oidcProvider1.Name, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig2.Namespace, - oidcProviderConfig2.Name, + oidcProviderGVR, + oidcProvider2.Namespace, + oidcProvider2.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig2.Namespace, - oidcProviderConfig2, + oidcProviderGVR, + oidcProvider2.Namespace, + oidcProvider2, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) }) - it("calls the ProvidersSetter with both OIDCProviderConfig's", func() { + it("calls the ProvidersSetter with both OIDCProvider's", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - provider1, err := provider.NewOIDCProvider(oidcProviderConfig1.Spec.Issuer) + provider1, err := provider.NewOIDCProvider(oidcProvider1.Spec.Issuer) r.NoError(err) - provider2, err := provider.NewOIDCProvider(oidcProviderConfig2.Spec.Issuer) + provider2, err := provider.NewOIDCProvider(oidcProvider2.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -301,12 +301,12 @@ func TestSync(t *testing.T) { }) }) - when("updating only one OIDCProviderConfig fails for a reason other than conflict", func() { + when("updating only one OIDCProvider fails for a reason other than conflict", func() { it.Before(func() { once := sync.Once{} pinnipedAPIClient.PrependReactor( "update", - "oidcproviderconfigs", + "oidcproviders", func(_ coretesting.Action) (bool, runtime.Object, error) { var err error once.Do(func() { @@ -322,10 +322,10 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - provider1, err := provider.NewOIDCProvider(oidcProviderConfig1.Spec.Issuer) + provider1, err := provider.NewOIDCProvider(oidcProvider1.Spec.Issuer) r.NoError(err) - provider2, err := provider.NewOIDCProvider(oidcProviderConfig2.Spec.Issuer) + provider2, err := provider.NewOIDCProvider(oidcProvider2.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -341,34 +341,34 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - oidcProviderConfig1.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig1.Status.Message = "Provider successfully created" - oidcProviderConfig1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider1.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider1.Status.Message = "Provider successfully created" + oidcProvider1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfig2.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig2.Status.Message = "Provider successfully created" - oidcProviderConfig2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider2.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider2.Status.Message = "Provider successfully created" + oidcProvider2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig1.Namespace, - oidcProviderConfig1.Name, + oidcProviderGVR, + oidcProvider1.Namespace, + oidcProvider1.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig1.Namespace, - oidcProviderConfig1, + oidcProviderGVR, + oidcProvider1.Namespace, + oidcProvider1, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig2.Namespace, - oidcProviderConfig2.Name, + oidcProviderGVR, + oidcProvider2.Namespace, + oidcProvider2.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig2.Namespace, - oidcProviderConfig2, + oidcProviderGVR, + oidcProvider2.Namespace, + oidcProvider2, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -376,26 +376,26 @@ func TestSync(t *testing.T) { }) }) - when("there are errors updating the OIDCProviderConfigs", func() { + when("there are errors updating the OIDCProviders", func() { var ( - oidcProviderConfig *v1alpha1.OIDCProviderConfig + oidcProvider *v1alpha1.OIDCProvider ) it.Before(func() { - oidcProviderConfig = &v1alpha1.OIDCProviderConfig{ + oidcProvider = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "config", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer.com"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfig)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider)) + r.NoError(opcInformerClient.Tracker().Add(oidcProvider)) }) - when("there is a conflict while updating an OIDCProviderConfig", func() { + when("there is a conflict while updating an OIDCProvider", func() { it.Before(func() { once := sync.Once{} pinnipedAPIClient.PrependReactor( "update", - "oidcproviderconfigs", + "oidcproviders", func(_ coretesting.Action) (bool, runtime.Object, error) { var err error once.Do(func() { @@ -406,46 +406,46 @@ func TestSync(t *testing.T) { ) }) - it("retries updating the OIDCProviderConfig", func() { + it("retries updating the OIDCProvider", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig.Status.Message = "Provider successfully created" - oidcProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider.Status.Message = "Provider successfully created" + oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig.Name, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig.Name, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) }) }) - when("updating the OIDCProviderConfig fails for a reason other than conflict", func() { + when("updating the OIDCProvider fails for a reason other than conflict", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "oidcproviderconfigs", + "oidcproviders", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some update error") }, @@ -457,31 +457,31 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - oidcProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig.Status.Message = "Provider successfully created" - oidcProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider.Status.Message = "Provider successfully created" + oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig.Name, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) }) }) - when("there is an error when getting the OIDCProviderConfig", func() { + when("there is an error when getting the OIDCProvider", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "oidcproviderconfigs", + "oidcproviders", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -493,15 +493,15 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: get failed: some get error") - oidcProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig.Status.Message = "Provider successfully created" - oidcProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider.Status.Message = "Provider successfully created" + oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig.Name, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider.Name, ), } r.Equal(expectedActions, pinnipedAPIClient.Actions()) @@ -509,26 +509,26 @@ func TestSync(t *testing.T) { }) }) - when("there are both valid and invalid OIDCProviderConfigs in the informer", func() { + when("there are both valid and invalid OIDCProviders in the informer", func() { var ( - validOIDCProviderConfig *v1alpha1.OIDCProviderConfig - invalidOIDCProviderConfig *v1alpha1.OIDCProviderConfig + validOIDCProvider *v1alpha1.OIDCProvider + invalidOIDCProvider *v1alpha1.OIDCProvider ) it.Before(func() { - validOIDCProviderConfig = &v1alpha1.OIDCProviderConfig{ + validOIDCProvider = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "valid-config", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://valid-issuer.com"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://valid-issuer.com"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(validOIDCProviderConfig)) - r.NoError(opcInformerClient.Tracker().Add(validOIDCProviderConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(validOIDCProvider)) + r.NoError(opcInformerClient.Tracker().Add(validOIDCProvider)) - invalidOIDCProviderConfig = &v1alpha1.OIDCProviderConfig{ + invalidOIDCProvider = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "invalid-config", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://invalid-issuer.com?some=query"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://invalid-issuer.com?some=query"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(invalidOIDCProviderConfig)) - r.NoError(opcInformerClient.Tracker().Add(invalidOIDCProviderConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(invalidOIDCProvider)) + r.NoError(opcInformerClient.Tracker().Add(invalidOIDCProvider)) }) it("calls the ProvidersSetter with the valid provider", func() { @@ -536,7 +536,7 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - validProvider, err := provider.NewOIDCProvider(validOIDCProviderConfig.Spec.Issuer) + validProvider, err := provider.NewOIDCProvider(validOIDCProvider.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -548,53 +548,53 @@ func TestSync(t *testing.T) { ) }) - it("updates the status to success/invalid in the OIDCProviderConfigs", func() { + it("updates the status to success/invalid in the OIDCProviders", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - validOIDCProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - validOIDCProviderConfig.Status.Message = "Provider successfully created" - validOIDCProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + validOIDCProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + validOIDCProvider.Status.Message = "Provider successfully created" + validOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - invalidOIDCProviderConfig.Status.Status = v1alpha1.InvalidOIDCProviderStatus - invalidOIDCProviderConfig.Status.Message = "Invalid: issuer must not have query" - invalidOIDCProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + invalidOIDCProvider.Status.Status = v1alpha1.InvalidOIDCProviderStatusCondition + invalidOIDCProvider.Status.Message = "Invalid: issuer must not have query" + invalidOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - invalidOIDCProviderConfig.Namespace, - invalidOIDCProviderConfig.Name, + oidcProviderGVR, + invalidOIDCProvider.Namespace, + invalidOIDCProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - invalidOIDCProviderConfig.Namespace, - invalidOIDCProviderConfig, + oidcProviderGVR, + invalidOIDCProvider.Namespace, + invalidOIDCProvider, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - validOIDCProviderConfig.Namespace, - validOIDCProviderConfig.Name, + oidcProviderGVR, + validOIDCProvider.Namespace, + validOIDCProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - validOIDCProviderConfig.Namespace, - validOIDCProviderConfig, + oidcProviderGVR, + validOIDCProvider.Namespace, + validOIDCProvider, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) }) - when("updating only the invalid OIDCProviderConfig fails for a reason other than conflict", func() { + when("updating only the invalid OIDCProvider fails for a reason other than conflict", func() { it.Before(func() { pinnipedAPIClient.PrependReactor( "update", - "oidcproviderconfigs", + "oidcproviders", func(action coretesting.Action) (bool, runtime.Object, error) { updateAction := action.(coretesting.UpdateActionImpl) - opc := updateAction.Object.(*v1alpha1.OIDCProviderConfig) - if opc.Name == validOIDCProviderConfig.Name { + opc := updateAction.Object.(*v1alpha1.OIDCProvider) + if opc.Name == validOIDCProvider.Name { return true, nil, nil } @@ -608,7 +608,7 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - validProvider, err := provider.NewOIDCProvider(validOIDCProviderConfig.Spec.Issuer) + validProvider, err := provider.NewOIDCProvider(validOIDCProvider.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -625,34 +625,34 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, "1 error(s):\n- could not update status: some update error") - validOIDCProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - validOIDCProviderConfig.Status.Message = "Provider successfully created" - validOIDCProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + validOIDCProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + validOIDCProvider.Status.Message = "Provider successfully created" + validOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - invalidOIDCProviderConfig.Status.Status = v1alpha1.InvalidOIDCProviderStatus - invalidOIDCProviderConfig.Status.Message = "Invalid: issuer must not have query" - invalidOIDCProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + invalidOIDCProvider.Status.Status = v1alpha1.InvalidOIDCProviderStatusCondition + invalidOIDCProvider.Status.Message = "Invalid: issuer must not have query" + invalidOIDCProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - invalidOIDCProviderConfig.Namespace, - invalidOIDCProviderConfig.Name, + oidcProviderGVR, + invalidOIDCProvider.Namespace, + invalidOIDCProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - invalidOIDCProviderConfig.Namespace, - invalidOIDCProviderConfig, + oidcProviderGVR, + invalidOIDCProvider.Namespace, + invalidOIDCProvider, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - validOIDCProviderConfig.Namespace, - validOIDCProviderConfig.Name, + oidcProviderGVR, + validOIDCProvider.Namespace, + validOIDCProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - validOIDCProviderConfig.Namespace, - validOIDCProviderConfig, + oidcProviderGVR, + validOIDCProvider.Namespace, + validOIDCProvider, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -660,35 +660,35 @@ func TestSync(t *testing.T) { }) }) - when("there are OIDCProviderConfigs with duplicate issuer names in the informer", func() { + when("there are OIDCProviders with duplicate issuer names in the informer", func() { var ( - oidcProviderConfigDuplicate1 *v1alpha1.OIDCProviderConfig - oidcProviderConfigDuplicate2 *v1alpha1.OIDCProviderConfig - oidcProviderConfig *v1alpha1.OIDCProviderConfig + oidcProviderDuplicate1 *v1alpha1.OIDCProvider + oidcProviderDuplicate2 *v1alpha1.OIDCProvider + oidcProvider *v1alpha1.OIDCProvider ) it.Before(func() { // Hostnames are case-insensitive, so consider them to be duplicates if they only differ by case. // Paths are case-sensitive, so having a path that differs only by case makes a new issuer. - oidcProviderConfigDuplicate1 = &v1alpha1.OIDCProviderConfig{ + oidcProviderDuplicate1 = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "duplicate1", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://iSSueR-duPlicAte.cOm/a"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://iSSueR-duPlicAte.cOm/a"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfigDuplicate1)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfigDuplicate1)) - oidcProviderConfigDuplicate2 = &v1alpha1.OIDCProviderConfig{ + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderDuplicate1)) + r.NoError(opcInformerClient.Tracker().Add(oidcProviderDuplicate1)) + oidcProviderDuplicate2 = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "duplicate2", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer-duplicate.com/a"}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-duplicate.com/a"}, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfigDuplicate2)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfigDuplicate2)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderDuplicate2)) + r.NoError(opcInformerClient.Tracker().Add(oidcProviderDuplicate2)) - oidcProviderConfig = &v1alpha1.OIDCProviderConfig{ + oidcProvider = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "not-duplicate", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://issuer-duplicate.com/A"}, // different path + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://issuer-duplicate.com/A"}, // different path } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfig)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfig)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProvider)) + r.NoError(opcInformerClient.Tracker().Add(oidcProvider)) }) it("calls the ProvidersSetter with the non-duplicate", func() { @@ -696,7 +696,7 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - nonDuplicateProvider, err := provider.NewOIDCProvider(oidcProviderConfig.Spec.Issuer) + nonDuplicateProvider, err := provider.NewOIDCProvider(oidcProvider.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -713,48 +713,48 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig.Status.Message = "Provider successfully created" - oidcProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider.Status.Message = "Provider successfully created" + oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfigDuplicate1.Status.Status = v1alpha1.DuplicateOIDCProviderStatus - oidcProviderConfigDuplicate1.Status.Message = "Duplicate issuer: https://iSSueR-duPlicAte.cOm/a" - oidcProviderConfigDuplicate1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderDuplicate1.Status.Status = v1alpha1.DuplicateOIDCProviderStatusCondition + oidcProviderDuplicate1.Status.Message = "Duplicate issuer: https://iSSueR-duPlicAte.cOm/a" + oidcProviderDuplicate1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfigDuplicate2.Status.Status = v1alpha1.DuplicateOIDCProviderStatus - oidcProviderConfigDuplicate2.Status.Message = "Duplicate issuer: https://issuer-duplicate.com/a" - oidcProviderConfigDuplicate2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderDuplicate2.Status.Status = v1alpha1.DuplicateOIDCProviderStatusCondition + oidcProviderDuplicate2.Status.Message = "Duplicate issuer: https://issuer-duplicate.com/a" + oidcProviderDuplicate2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigDuplicate1.Namespace, - oidcProviderConfigDuplicate1.Name, + oidcProviderGVR, + oidcProviderDuplicate1.Namespace, + oidcProviderDuplicate1.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfigDuplicate1.Namespace, - oidcProviderConfigDuplicate1, + oidcProviderGVR, + oidcProviderDuplicate1.Namespace, + oidcProviderDuplicate1, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigDuplicate2.Namespace, - oidcProviderConfigDuplicate2.Name, + oidcProviderGVR, + oidcProviderDuplicate2.Namespace, + oidcProviderDuplicate2.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfigDuplicate2.Namespace, - oidcProviderConfigDuplicate2, + oidcProviderGVR, + oidcProviderDuplicate2.Namespace, + oidcProviderDuplicate2, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig.Name, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -764,7 +764,7 @@ func TestSync(t *testing.T) { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "oidcproviderconfigs", + "oidcproviders", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -781,25 +781,25 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, expectedError) - oidcProviderConfig.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfig.Status.Message = "Provider successfully created" - oidcProviderConfig.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProvider.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProvider.Status.Message = "Provider successfully created" + oidcProvider.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigDuplicate1.Namespace, - oidcProviderConfigDuplicate1.Name, + oidcProviderGVR, + oidcProviderDuplicate1.Namespace, + oidcProviderDuplicate1.Name, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigDuplicate2.Namespace, - oidcProviderConfigDuplicate2.Name, + oidcProviderGVR, + oidcProviderDuplicate2.Namespace, + oidcProviderDuplicate2.Name, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfig.Namespace, - oidcProviderConfig.Name, + oidcProviderGVR, + oidcProvider.Namespace, + oidcProvider.Name, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -807,60 +807,60 @@ func TestSync(t *testing.T) { }) }) - when("there are OIDCProviderConfigs with the same issuer DNS hostname using different secretNames", func() { + when("there are OIDCProviders with the same issuer DNS hostname using different secretNames", func() { var ( - oidcProviderConfigSameIssuerAddress1 *v1alpha1.OIDCProviderConfig - oidcProviderConfigSameIssuerAddress2 *v1alpha1.OIDCProviderConfig - oidcProviderConfigDifferentIssuerAddress *v1alpha1.OIDCProviderConfig - oidcProviderConfigWithInvalidIssuerURL *v1alpha1.OIDCProviderConfig + oidcProviderSameIssuerAddress1 *v1alpha1.OIDCProvider + oidcProviderSameIssuerAddress2 *v1alpha1.OIDCProvider + oidcProviderDifferentIssuerAddress *v1alpha1.OIDCProvider + oidcProviderWithInvalidIssuerURL *v1alpha1.OIDCProvider ) it.Before(func() { - oidcProviderConfigSameIssuerAddress1 = &v1alpha1.OIDCProviderConfig{ + oidcProviderSameIssuerAddress1 = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "provider1", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: "https://iSSueR-duPlicAte-adDress.cOm/path1", - SNICertificateSecretName: "secret1", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: "https://iSSueR-duPlicAte-adDress.cOm/path1", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret1"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfigSameIssuerAddress1)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfigSameIssuerAddress1)) - oidcProviderConfigSameIssuerAddress2 = &v1alpha1.OIDCProviderConfig{ + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderSameIssuerAddress1)) + r.NoError(opcInformerClient.Tracker().Add(oidcProviderSameIssuerAddress1)) + oidcProviderSameIssuerAddress2 = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "provider2", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{ + Spec: v1alpha1.OIDCProviderSpec{ // Validation treats these as the same DNS hostname even though they have different port numbers, // because SNI information on the incoming requests is not going to include port numbers. - Issuer: "https://issuer-duplicate-address.com:1234/path2", - SNICertificateSecretName: "secret2", + Issuer: "https://issuer-duplicate-address.com:1234/path2", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret2"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfigSameIssuerAddress2)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfigSameIssuerAddress2)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderSameIssuerAddress2)) + r.NoError(opcInformerClient.Tracker().Add(oidcProviderSameIssuerAddress2)) - oidcProviderConfigDifferentIssuerAddress = &v1alpha1.OIDCProviderConfig{ + oidcProviderDifferentIssuerAddress = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "differentIssuerAddressProvider", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: "https://issuer-not-duplicate.com", - SNICertificateSecretName: "secret1", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: "https://issuer-not-duplicate.com", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret1"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfigDifferentIssuerAddress)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfigDifferentIssuerAddress)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderDifferentIssuerAddress)) + r.NoError(opcInformerClient.Tracker().Add(oidcProviderDifferentIssuerAddress)) // Also add one with a URL that cannot be parsed to make sure that the error handling // for the duplicate issuers and secret names are not confused by invalid URLs. invalidIssuerURL := ":/host//path" _, err := url.Parse(invalidIssuerURL) //nolint:staticcheck // Yes, this URL is intentionally invalid. r.Error(err) - oidcProviderConfigWithInvalidIssuerURL = &v1alpha1.OIDCProviderConfig{ + oidcProviderWithInvalidIssuerURL = &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{Name: "invalidIssuerURLProvider", Namespace: namespace}, - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: invalidIssuerURL, - SNICertificateSecretName: "secret1", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: invalidIssuerURL, + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "secret1"}, }, } - r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderConfigWithInvalidIssuerURL)) - r.NoError(opcInformerClient.Tracker().Add(oidcProviderConfigWithInvalidIssuerURL)) + r.NoError(pinnipedAPIClient.Tracker().Add(oidcProviderWithInvalidIssuerURL)) + r.NoError(opcInformerClient.Tracker().Add(oidcProviderWithInvalidIssuerURL)) }) it("calls the ProvidersSetter with the non-duplicate", func() { @@ -868,7 +868,7 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - nonDuplicateProvider, err := provider.NewOIDCProvider(oidcProviderConfigDifferentIssuerAddress.Spec.Issuer) + nonDuplicateProvider, err := provider.NewOIDCProvider(oidcProviderDifferentIssuerAddress.Spec.Issuer) r.NoError(err) r.True(providersSetter.SetProvidersWasCalled) @@ -885,62 +885,62 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.NoError(err) - oidcProviderConfigDifferentIssuerAddress.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfigDifferentIssuerAddress.Status.Message = "Provider successfully created" - oidcProviderConfigDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderDifferentIssuerAddress.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProviderDifferentIssuerAddress.Status.Message = "Provider successfully created" + oidcProviderDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfigSameIssuerAddress1.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatus - oidcProviderConfigSameIssuerAddress1.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" - oidcProviderConfigSameIssuerAddress1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderSameIssuerAddress1.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition + oidcProviderSameIssuerAddress1.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" + oidcProviderSameIssuerAddress1.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfigSameIssuerAddress2.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatus - oidcProviderConfigSameIssuerAddress2.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" - oidcProviderConfigSameIssuerAddress2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderSameIssuerAddress2.Status.Status = v1alpha1.SameIssuerHostMustUseSameSecretOIDCProviderStatusCondition + oidcProviderSameIssuerAddress2.Status.Message = "Issuers with the same DNS hostname (address not including port) must use the same secretName: issuer-duplicate-address.com" + oidcProviderSameIssuerAddress2.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) - oidcProviderConfigWithInvalidIssuerURL.Status.Status = v1alpha1.InvalidOIDCProviderStatus - oidcProviderConfigWithInvalidIssuerURL.Status.Message = `Invalid: could not parse issuer as URL: parse ":/host//path": missing protocol scheme` - oidcProviderConfigWithInvalidIssuerURL.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderWithInvalidIssuerURL.Status.Status = v1alpha1.InvalidOIDCProviderStatusCondition + oidcProviderWithInvalidIssuerURL.Status.Message = `Invalid: could not parse issuer as URL: parse ":/host//path": missing protocol scheme` + oidcProviderWithInvalidIssuerURL.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigSameIssuerAddress1.Namespace, - oidcProviderConfigSameIssuerAddress1.Name, + oidcProviderGVR, + oidcProviderSameIssuerAddress1.Namespace, + oidcProviderSameIssuerAddress1.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfigSameIssuerAddress1.Namespace, - oidcProviderConfigSameIssuerAddress1, + oidcProviderGVR, + oidcProviderSameIssuerAddress1.Namespace, + oidcProviderSameIssuerAddress1, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigSameIssuerAddress2.Namespace, - oidcProviderConfigSameIssuerAddress2.Name, + oidcProviderGVR, + oidcProviderSameIssuerAddress2.Namespace, + oidcProviderSameIssuerAddress2.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfigSameIssuerAddress2.Namespace, - oidcProviderConfigSameIssuerAddress2, + oidcProviderGVR, + oidcProviderSameIssuerAddress2.Namespace, + oidcProviderSameIssuerAddress2, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigDifferentIssuerAddress.Namespace, - oidcProviderConfigDifferentIssuerAddress.Name, + oidcProviderGVR, + oidcProviderDifferentIssuerAddress.Namespace, + oidcProviderDifferentIssuerAddress.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfigDifferentIssuerAddress.Namespace, - oidcProviderConfigDifferentIssuerAddress, + oidcProviderGVR, + oidcProviderDifferentIssuerAddress.Namespace, + oidcProviderDifferentIssuerAddress, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigWithInvalidIssuerURL.Namespace, - oidcProviderConfigWithInvalidIssuerURL.Name, + oidcProviderGVR, + oidcProviderWithInvalidIssuerURL.Namespace, + oidcProviderWithInvalidIssuerURL.Name, ), coretesting.NewUpdateAction( - oidcProviderConfigGVR, - oidcProviderConfigWithInvalidIssuerURL.Namespace, - oidcProviderConfigWithInvalidIssuerURL, + oidcProviderGVR, + oidcProviderWithInvalidIssuerURL.Namespace, + oidcProviderWithInvalidIssuerURL, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -950,7 +950,7 @@ func TestSync(t *testing.T) { it.Before(func() { pinnipedAPIClient.PrependReactor( "get", - "oidcproviderconfigs", + "oidcproviders", func(_ coretesting.Action) (bool, runtime.Object, error) { return true, nil, errors.New("some get error") }, @@ -968,30 +968,30 @@ func TestSync(t *testing.T) { err := controllerlib.TestSync(t, subject, *syncContext) r.EqualError(err, expectedError) - oidcProviderConfigDifferentIssuerAddress.Status.Status = v1alpha1.SuccessOIDCProviderStatus - oidcProviderConfigDifferentIssuerAddress.Status.Message = "Provider successfully created" - oidcProviderConfigDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) + oidcProviderDifferentIssuerAddress.Status.Status = v1alpha1.SuccessOIDCProviderStatusCondition + oidcProviderDifferentIssuerAddress.Status.Message = "Provider successfully created" + oidcProviderDifferentIssuerAddress.Status.LastUpdateTime = timePtr(metav1.NewTime(frozenNow)) expectedActions := []coretesting.Action{ coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigSameIssuerAddress1.Namespace, - oidcProviderConfigSameIssuerAddress1.Name, + oidcProviderGVR, + oidcProviderSameIssuerAddress1.Namespace, + oidcProviderSameIssuerAddress1.Name, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigSameIssuerAddress2.Namespace, - oidcProviderConfigSameIssuerAddress2.Name, + oidcProviderGVR, + oidcProviderSameIssuerAddress2.Namespace, + oidcProviderSameIssuerAddress2.Name, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigDifferentIssuerAddress.Namespace, - oidcProviderConfigDifferentIssuerAddress.Name, + oidcProviderGVR, + oidcProviderDifferentIssuerAddress.Namespace, + oidcProviderDifferentIssuerAddress.Name, ), coretesting.NewGetAction( - oidcProviderConfigGVR, - oidcProviderConfigWithInvalidIssuerURL.Namespace, - oidcProviderConfigWithInvalidIssuerURL.Name, + oidcProviderGVR, + oidcProviderWithInvalidIssuerURL.Namespace, + oidcProviderWithInvalidIssuerURL.Name, ), } r.ElementsMatch(expectedActions, pinnipedAPIClient.Actions()) @@ -999,7 +999,7 @@ func TestSync(t *testing.T) { }) }) - when("there are no OIDCProviderConfigs in the informer", func() { + when("there are no OIDCProviders in the informer", func() { it("keeps waiting for one", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) diff --git a/internal/controller/supervisorconfig/tls_cert_observer.go b/internal/controller/supervisorconfig/tls_cert_observer.go index 0aa13f66..7b604f57 100644 --- a/internal/controller/supervisorconfig/tls_cert_observer.go +++ b/internal/controller/supervisorconfig/tls_cert_observer.go @@ -21,7 +21,7 @@ import ( type tlsCertObserverController struct { issuerTLSCertSetter IssuerTLSCertSetter defaultTLSCertificateSecretName string - oidcProviderConfigInformer v1alpha1.OIDCProviderConfigInformer + oidcProviderInformer v1alpha1.OIDCProviderInformer secretInformer corev1informers.SecretInformer } @@ -34,7 +34,7 @@ func NewTLSCertObserverController( issuerTLSCertSetter IssuerTLSCertSetter, defaultTLSCertificateSecretName string, secretInformer corev1informers.SecretInformer, - oidcProviderConfigInformer v1alpha1.OIDCProviderConfigInformer, + oidcProviderInformer v1alpha1.OIDCProviderInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { return controllerlib.New( @@ -43,7 +43,7 @@ func NewTLSCertObserverController( Syncer: &tlsCertObserverController{ issuerTLSCertSetter: issuerTLSCertSetter, defaultTLSCertificateSecretName: defaultTLSCertificateSecretName, - oidcProviderConfigInformer: oidcProviderConfigInformer, + oidcProviderInformer: oidcProviderInformer, secretInformer: secretInformer, }, }, @@ -53,7 +53,7 @@ func NewTLSCertObserverController( controllerlib.InformerOption{}, ), withInformer( - oidcProviderConfigInformer, + oidcProviderInformer, pinnipedcontroller.MatchAnythingFilter(), controllerlib.InformerOption{}, ), @@ -62,9 +62,9 @@ func NewTLSCertObserverController( func (c *tlsCertObserverController) Sync(ctx controllerlib.Context) error { ns := ctx.Key.Namespace - allProviders, err := c.oidcProviderConfigInformer.Lister().OIDCProviderConfigs(ns).List(labels.Everything()) + allProviders, err := c.oidcProviderInformer.Lister().OIDCProviders(ns).List(labels.Everything()) if err != nil { - return fmt.Errorf("failed to list OIDCProviderConfigs: %w", err) + return fmt.Errorf("failed to list OIDCProviders: %w", err) } // Rebuild the whole map on any change to any Secret or OIDCProvider, because either can have changes that @@ -72,7 +72,10 @@ func (c *tlsCertObserverController) Sync(ctx controllerlib.Context) error { issuerHostToTLSCertMap := map[string]*tls.Certificate{} for _, provider := range allProviders { - secretName := provider.Spec.SNICertificateSecretName + secretName := "" + if provider.Spec.TLS != nil { + secretName = provider.Spec.TLS.SecretName + } issuerURL, err := url.Parse(provider.Spec.Issuer) if err != nil { klog.InfoS("tlsCertObserverController Sync found an invalid issuer URL", "namespace", ns, "issuer", provider.Spec.Issuer) diff --git a/internal/controller/supervisorconfig/tls_cert_observer_test.go b/internal/controller/supervisorconfig/tls_cert_observer_test.go index 3f84223a..7950af29 100644 --- a/internal/controller/supervisorconfig/tls_cert_observer_test.go +++ b/internal/controller/supervisorconfig/tls_cert_observer_test.go @@ -29,26 +29,26 @@ import ( func TestTLSCertObserverControllerInformerFilters(t *testing.T) { spec.Run(t, "informer filters", func(t *testing.T, when spec.G, it spec.S) { var ( - r *require.Assertions - observableWithInformerOption *testutil.ObservableWithInformerOption - secretsInformerFilter controllerlib.Filter - oidcProviderConfigInformerFilter controllerlib.Filter + r *require.Assertions + observableWithInformerOption *testutil.ObservableWithInformerOption + secretsInformerFilter controllerlib.Filter + oidcProviderInformerFilter controllerlib.Filter ) it.Before(func() { r = require.New(t) observableWithInformerOption = testutil.NewObservableWithInformerOption() secretsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Secrets() - oidcProviderConfigInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().OIDCProviderConfigs() + oidcProviderInformer := pinnipedinformers.NewSharedInformerFactory(nil, 0).Config().V1alpha1().OIDCProviders() _ = NewTLSCertObserverController( nil, "", // don't care about the secret name for this test secretsInformer, - oidcProviderConfigInformer, + oidcProviderInformer, observableWithInformerOption.WithInformer, // make it possible to observe the behavior of the Filters ) secretsInformerFilter = observableWithInformerOption.GetFilterForInformer(secretsInformer) - oidcProviderConfigInformerFilter = observableWithInformerOption.GetFilterForInformer(oidcProviderConfigInformer) + oidcProviderInformerFilter = observableWithInformerOption.GetFilterForInformer(oidcProviderInformer) }) when("watching Secret objects", func() { @@ -73,19 +73,19 @@ func TestTLSCertObserverControllerInformerFilters(t *testing.T) { }) }) - when("watching OIDCProviderConfig objects", func() { + when("watching OIDCProvider objects", func() { var ( subject controllerlib.Filter - provider, otherProvider *v1alpha1.OIDCProviderConfig + provider, otherProvider *v1alpha1.OIDCProvider ) it.Before(func() { - subject = oidcProviderConfigInformerFilter - provider = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} - otherProvider = &v1alpha1.OIDCProviderConfig{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} + subject = oidcProviderInformerFilter + provider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-name", Namespace: "any-namespace"}} + otherProvider = &v1alpha1.OIDCProvider{ObjectMeta: metav1.ObjectMeta{Name: "any-other-name", Namespace: "any-other-namespace"}} }) - when("any OIDCProviderConfig changes", func() { + when("any OIDCProvider changes", func() { it("returns true to trigger the sync method", func() { r.True(subject.Add(provider)) r.True(subject.Update(provider, otherProvider)) @@ -142,7 +142,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { issuerTLSCertSetter, defaultTLSSecretName, kubeInformers.Core().V1().Secrets(), - pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), + pinnipedInformers.Config().V1alpha1().OIDCProviders(), controllerlib.WithInformer, ) @@ -192,7 +192,7 @@ func TestTLSCertObserverControllerSync(t *testing.T) { timeoutContextCancel() }) - when("there are no OIDCProviderConfigs and no TLS Secrets yet", func() { + when("there are no OIDCProviders and no TLS Secrets yet", func() { it("sets the issuerTLSCertSetter's map to be empty", func() { startInformersAndController() err := controllerlib.TestSync(t, subject, *syncContext) @@ -205,71 +205,71 @@ func TestTLSCertObserverControllerSync(t *testing.T) { }) }) - when("there are OIDCProviderConfigs where some have corresponding TLS Secrets and some don't", func() { + when("there are OIDCProviders where some have corresponding TLS Secrets and some don't", func() { var ( expectedCertificate1, expectedCertificate2 tls.Certificate ) it.Before(func() { var err error - oidcProviderConfigWithoutSecret1 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithoutSecret1 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcproviderconfig1", + Name: "no-secret-oidcprovider1", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: "https://no-secret-issuer1.com"}, // no SNICertificateSecretName field + Spec: v1alpha1.OIDCProviderSpec{Issuer: "https://no-secret-issuer1.com"}, // no SNICertificateSecretName field } - oidcProviderConfigWithoutSecret2 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithoutSecret2 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "no-secret-oidcproviderconfig2", + Name: "no-secret-oidcprovider2", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: "https://no-secret-issuer2.com", - SNICertificateSecretName: "", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: "https://no-secret-issuer2.com", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: ""}, }, } - oidcProviderConfigWithBadSecret := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithBadSecret := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-secret-oidcproviderconfig", + Name: "bad-secret-oidcprovider", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: "https://bad-secret-issuer.com", - SNICertificateSecretName: "bad-tls-secret-name", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: "https://bad-secret-issuer.com", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "bad-tls-secret-name"}, }, } // Also add one with a URL that cannot be parsed to make sure that the controller is not confused by invalid URLs. invalidIssuerURL := ":/host//path" _, err = url.Parse(invalidIssuerURL) //nolint:staticcheck // Yes, this URL is intentionally invalid. r.Error(err) - oidcProviderConfigWithBadIssuer := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithBadIssuer := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "bad-issuer-oidcproviderconfig", + Name: "bad-issuer-oidcprovider", Namespace: installedInNamespace, }, - Spec: v1alpha1.OIDCProviderConfigSpec{Issuer: invalidIssuerURL}, + Spec: v1alpha1.OIDCProviderSpec{Issuer: invalidIssuerURL}, } - oidcProviderConfigWithGoodSecret1 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithGoodSecret1 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcproviderconfig1", + Name: "good-secret-oidcprovider1", Namespace: installedInNamespace, }, // Issuer hostname should be treated in a case-insensitive way and SNI ignores port numbers. Test without a port number. - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: "https://www.iSSuer-wiTh-goOd-secRet1.cOm/path", - SNICertificateSecretName: "good-tls-secret-name1", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: "https://www.iSSuer-wiTh-goOd-secRet1.cOm/path", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "good-tls-secret-name1"}, }, } - oidcProviderConfigWithGoodSecret2 := &v1alpha1.OIDCProviderConfig{ + oidcProviderWithGoodSecret2 := &v1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-secret-oidcproviderconfig2", + Name: "good-secret-oidcprovider2", Namespace: installedInNamespace, }, // Issuer hostname should be treated in a case-insensitive way and SNI ignores port numbers. Test with a port number. - Spec: v1alpha1.OIDCProviderConfigSpec{ - Issuer: "https://www.issUEr-WIth-gOOd-seCret2.com:1234/path", - SNICertificateSecretName: "good-tls-secret-name2", + Spec: v1alpha1.OIDCProviderSpec{ + Issuer: "https://www.issUEr-WIth-gOOd-seCret2.com:1234/path", + TLS: &v1alpha1.OIDCProviderTLSSpec{SecretName: "good-tls-secret-name2"}, }, } testCrt1 := readTestFile("testdata/test.crt") @@ -296,12 +296,12 @@ func TestTLSCertObserverControllerSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{Name: "bad-tls-secret-name", Namespace: installedInNamespace}, Data: map[string][]byte{"junk": nil}, } - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithoutSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithoutSecret2)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithBadSecret)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithBadIssuer)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithGoodSecret1)) - r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderConfigWithGoodSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithoutSecret2)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadSecret)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithBadIssuer)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret1)) + r.NoError(pinnipedInformerClient.Tracker().Add(oidcProviderWithGoodSecret2)) r.NoError(kubeInformerClient.Tracker().Add(goodTLSSecret1)) r.NoError(kubeInformerClient.Tracker().Add(goodTLSSecret2)) r.NoError(kubeInformerClient.Tracker().Add(badTLSSecret)) diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index d349a301..bb8c3523 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -101,9 +101,9 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { ContainerImagePullSecrets: c.KubeCertAgentConfig.ImagePullSecrets, AdditionalLabels: c.Labels, } - credentialIssuerConfigLocationConfig := &kubecertagent.CredentialIssuerConfigLocationConfig{ + credentialIssuerLocationConfig := &kubecertagent.CredentialIssuerLocationConfig{ Namespace: c.ServerInstallationNamespace, - Name: c.NamesConfig.CredentialIssuerConfig, + Name: c.NamesConfig.CredentialIssuer, } // Create controller manager. @@ -111,11 +111,11 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { NewManager(). // KubeConfig info publishing controller is responsible for writing the KubeConfig information to the - // CredentialIssuerConfig resource and keeping that information up to date. + // CredentialIssuer resource and keeping that information up to date. WithController( issuerconfig.NewKubeConfigInfoPublisherController( c.ServerInstallationNamespace, - c.NamesConfig.CredentialIssuerConfig, + c.NamesConfig.CredentialIssuer, c.Labels, c.DiscoveryURLOverride, pinnipedClient, @@ -179,7 +179,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { WithController( kubecertagent.NewCreaterController( agentPodConfig, - credentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig, c.Labels, clock.RealClock{}, k8sClient, @@ -194,7 +194,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { WithController( kubecertagent.NewAnnotaterController( agentPodConfig, - credentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig, clock.RealClock{}, k8sClient, pinnipedClient, @@ -206,7 +206,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { ). WithController( kubecertagent.NewExecerController( - credentialIssuerConfigLocationConfig, + credentialIssuerLocationConfig, c.DynamicSigningCertProvider, kubecertagent.NewPodCommandExecutor(kubeConfig, k8sClient), pinnipedClient, diff --git a/test/integration/concierge_credentialissuerconfig_test.go b/test/integration/concierge_credentialissuerconfig_test.go index d65ccc09..3079d0e1 100644 --- a/test/integration/concierge_credentialissuerconfig_test.go +++ b/test/integration/concierge_credentialissuerconfig_test.go @@ -16,7 +16,7 @@ import ( "go.pinniped.dev/test/library" ) -func TestCredentialIssuerConfig(t *testing.T) { +func TestCredentialIssuer(t *testing.T) { env := library.IntegrationEnv(t) config := library.NewClientConfig(t) client := library.NewConciergeClientset(t) @@ -24,10 +24,10 @@ func TestCredentialIssuerConfig(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - t.Run("test successful CredentialIssuerConfig", func(t *testing.T) { + t.Run("test successful CredentialIssuer", func(t *testing.T) { actualConfigList, err := client. ConfigV1alpha1(). - CredentialIssuerConfigs(env.ConciergeNamespace). + CredentialIssuers(env.ConciergeNamespace). List(ctx, metav1.ListOptions{}) require.NoError(t, err) @@ -37,7 +37,7 @@ func TestCredentialIssuerConfig(t *testing.T) { actualStatusKubeConfigInfo := actualConfigList.Items[0].Status.KubeConfigInfo for k, v := range env.ConciergeCustomLabels { - require.Equalf(t, v, actualConfig.Labels[k], "expected cic to have label `%s: %s`", k, v) + require.Equalf(t, v, actualConfig.Labels[k], "expected ci to have label `%s: %s`", k, v) } require.Equal(t, env.ConciergeAppName, actualConfig.Labels["app"]) @@ -54,7 +54,7 @@ func TestCredentialIssuerConfig(t *testing.T) { // Verify the published kube config info. require.Equal( t, - &configv1alpha1.CredentialIssuerConfigKubeConfigInfo{ + &configv1alpha1.CredentialIssuerKubeConfigInfo{ Server: config.Host, CertificateAuthorityData: base64.StdEncoding.EncodeToString(config.TLSClientConfig.CAData), }, diff --git a/test/integration/kube_api_discovery_test.go b/test/integration/kube_api_discovery_test.go index 6ea08c8e..85c31921 100644 --- a/test/integration/kube_api_discovery_test.go +++ b/test/integration/kube_api_discovery_test.go @@ -71,12 +71,11 @@ func TestGetAPIResourceList(t *testing.T) { resourceByVersion: map[string][]metav1.APIResource{ "config.supervisor.pinniped.dev/v1alpha1": { { - Name: "oidcproviderconfigs", - SingularName: "oidcproviderconfig", + Name: "oidcproviders", + SingularName: "oidcprovider", Namespaced: true, - Kind: "OIDCProviderConfig", + Kind: "OIDCProvider", Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, - ShortNames: []string{"opc"}, }, }, }, @@ -98,12 +97,11 @@ func TestGetAPIResourceList(t *testing.T) { resourceByVersion: map[string][]metav1.APIResource{ "config.concierge.pinniped.dev/v1alpha1": { { - Name: "credentialissuerconfigs", - SingularName: "credentialissuerconfig", + Name: "credentialissuers", + SingularName: "credentialissuer", Namespaced: true, - Kind: "CredentialIssuerConfig", + Kind: "CredentialIssuer", Verbs: []string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"}, - ShortNames: []string{"cic"}, }, }, }, diff --git a/test/integration/supervisor_discovery_test.go b/test/integration/supervisor_discovery_test.go index 1975ec8d..32c4c004 100644 --- a/test/integration/supervisor_discovery_test.go +++ b/test/integration/supervisor_discovery_test.go @@ -48,7 +48,7 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), client, library.NewClientset(t)) + temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), client, library.NewClientset(t)) tests := []struct { Scheme string @@ -69,7 +69,7 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { continue } - // Test that there is no default discovery endpoint available when there are no OIDCProviderConfigs. + // Test that there is no default discovery endpoint available when there are no OIDCProviders. requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, fmt.Sprintf("%s://%s", scheme, addr)) // Define several unique issuer strings. Always use https in the issuer name even when we are accessing the http port. @@ -81,48 +81,48 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { issuer6 := fmt.Sprintf("https://%s/issuer6", addr) badIssuer := fmt.Sprintf("https://%s/badIssuer?cannot-use=queries", addr) - // When OIDCProviderConfig are created in sequence they each cause a discovery endpoint to appear only for as long as the OIDCProviderConfig exists. - config1, jwks1 := requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer1, client) - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, config1, client, ns, scheme, addr, caBundle, issuer1) - config2, jwks2 := requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer2, client) - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, config2, client, ns, scheme, addr, caBundle, issuer2) + // When OIDCProvider are created in sequence they each cause a discovery endpoint to appear only for as long as the OIDCProvider exists. + config1, jwks1 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer1, client) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config1, client, ns, scheme, addr, caBundle, issuer1) + config2, jwks2 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer2, client) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config2, client, ns, scheme, addr, caBundle, issuer2) // The auto-created JWK's were different from each other. require.NotEqual(t, jwks1.Keys[0]["x"], jwks2.Keys[0]["x"]) require.NotEqual(t, jwks1.Keys[0]["y"], jwks2.Keys[0]["y"]) - // When multiple OIDCProviderConfigs exist at the same time they each serve a unique discovery endpoint. - config3, jwks3 := requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer3, client) - config4, jwks4 := requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer4, client) + // When multiple OIDCProviders exist at the same time they each serve a unique discovery endpoint. + config3, jwks3 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer3, client) + config4, jwks4 := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer4, client) requireDiscoveryEndpointsAreWorking(t, scheme, addr, caBundle, issuer3, nil) // discovery for issuer3 is still working after issuer4 started working // The auto-created JWK's were different from each other. require.NotEqual(t, jwks3.Keys[0]["x"], jwks4.Keys[0]["x"]) require.NotEqual(t, jwks3.Keys[0]["y"], jwks4.Keys[0]["y"]) // Editing a provider to change the issuer name updates the endpoints that are being served. - updatedConfig4 := editOIDCProviderConfigIssuerName(t, config4, client, ns, issuer5) + updatedConfig4 := editOIDCProviderIssuerName(t, config4, client, ns, issuer5) requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, issuer4) jwks5 := requireDiscoveryEndpointsAreWorking(t, scheme, addr, caBundle, issuer5, nil) // The JWK did not change when the issuer name was updated. require.Equal(t, jwks4.Keys[0], jwks5.Keys[0]) // When they are deleted they stop serving discovery endpoints. - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, config3, client, ns, scheme, addr, caBundle, issuer3) - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, updatedConfig4, client, ns, scheme, addr, caBundle, issuer5) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config3, client, ns, scheme, addr, caBundle, issuer3) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, updatedConfig4, client, ns, scheme, addr, caBundle, issuer5) // When the same issuer is added twice, both issuers are marked as duplicates, and neither provider is serving. - config6Duplicate1, _ := requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer6, client) + config6Duplicate1, _ := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer6, client) config6Duplicate2 := library.CreateTestOIDCProvider(ctx, t, issuer6, "") - requireStatus(t, client, ns, config6Duplicate1.Name, v1alpha1.DuplicateOIDCProviderStatus) - requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.DuplicateOIDCProviderStatus) + requireStatus(t, client, ns, config6Duplicate1.Name, v1alpha1.DuplicateOIDCProviderStatusCondition) + requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.DuplicateOIDCProviderStatusCondition) requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, issuer6) // If we delete the first duplicate issuer, the second duplicate issuer starts serving. requireDelete(t, client, ns, config6Duplicate1.Name) requireWellKnownEndpointIsWorking(t, scheme, addr, caBundle, issuer6, nil) - requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.SuccessOIDCProviderStatus) + requireStatus(t, client, ns, config6Duplicate2.Name, v1alpha1.SuccessOIDCProviderStatusCondition) // When we finally delete all issuers, the endpoint should be down. - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, config6Duplicate2, client, ns, scheme, addr, caBundle, issuer6) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config6Duplicate2, client, ns, scheme, addr, caBundle, issuer6) // Only test this for http endpoints because https endpoints are going through an Ingress, // and while it is possible to configure an Ingress to serve multiple hostnames with matching TLS certs @@ -131,15 +131,15 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { if scheme == "http" { // "Host" headers can be used to send requests to discovery endpoints when the public address is different from the issuer name. issuer7 := "https://some-issuer-host-and-port-that-doesnt-match-public-supervisor-address.com:2684/issuer7" - config7, _ := requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer7, client) - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, config7, client, ns, scheme, addr, caBundle, issuer7) + config7, _ := requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear(ctx, t, scheme, addr, caBundle, issuer7, client) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, config7, client, ns, scheme, addr, caBundle, issuer7) } // When we create a provider with an invalid issuer, the status is set to invalid. badConfig := library.CreateTestOIDCProvider(ctx, t, badIssuer, "") - requireStatus(t, client, ns, badConfig.Name, v1alpha1.InvalidOIDCProviderStatus) + requireStatus(t, client, ns, badConfig.Name, v1alpha1.InvalidOIDCProviderStatusCondition) requireDiscoveryEndpointsAreNotFound(t, scheme, addr, caBundle, badIssuer) - requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear(t, badConfig, client, ns, scheme, addr, caBundle, badIssuer) + requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear(t, badConfig, client, ns, scheme, addr, caBundle, badIssuer) } } @@ -152,41 +152,41 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) + temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) scheme := "https" address := env.SupervisorHTTPSAddress // hostname and port for direct access to the supervisor's port 8443 hostname1 := strings.Split(address, ":")[0] issuer1 := fmt.Sprintf("%s://%s/issuer1", scheme, address) - sniCertificateSecretName1 := "integration-test-sni-cert-1" + certSecretName1 := "integration-test-cert-1" - // Create an OIDCProviderConfig with an sniCertificateSecretName. - oidcProviderConfig1 := library.CreateTestOIDCProvider(ctx, t, issuer1, sniCertificateSecretName1) - requireStatus(t, pinnipedClient, oidcProviderConfig1.Namespace, oidcProviderConfig1.Name, v1alpha1.SuccessOIDCProviderStatus) + // Create an OIDCProvider with a spec.tls.secretName. + oidcProvider1 := library.CreateTestOIDCProvider(ctx, t, issuer1, certSecretName1) + requireStatus(t, pinnipedClient, oidcProvider1.Namespace, oidcProvider1.Name, v1alpha1.SuccessOIDCProviderStatusCondition) - // The sniCertificateSecretName Secret does not exist, so the endpoints should fail with TLS errors. + // The spec.tls.secretName Secret does not exist, so the endpoints should fail with TLS errors. requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuer1) // Create the Secret. - ca1 := createTLSCertificateSecret(ctx, t, ns, hostname1, nil, sniCertificateSecretName1, kubeClient) + ca1 := createTLSCertificateSecret(ctx, t, ns, hostname1, nil, certSecretName1, kubeClient) // Now that the Secret exists, we should be able to access the endpoints by hostname using the CA. _ = requireDiscoveryEndpointsAreWorking(t, scheme, address, string(ca1.Bundle()), issuer1, nil) - // Update the config to take away the sniCertificateSecretName. - sniCertificateSecretName1update := "integration-test-sni-cert-1-update" - oidcProviderConfig1LatestVersion, err := pinnipedClient.ConfigV1alpha1().OIDCProviderConfigs(ns).Get(ctx, oidcProviderConfig1.Name, metav1.GetOptions{}) + // Update the config to with a new .spec.tls.secretName. + certSecretName1update := "integration-test-cert-1-update" + oidcProvider1LatestVersion, err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Get(ctx, oidcProvider1.Name, metav1.GetOptions{}) require.NoError(t, err) - oidcProviderConfig1LatestVersion.Spec.SNICertificateSecretName = sniCertificateSecretName1update - _, err = pinnipedClient.ConfigV1alpha1().OIDCProviderConfigs(ns).Update(ctx, oidcProviderConfig1LatestVersion, metav1.UpdateOptions{}) + oidcProvider1LatestVersion.Spec.TLS = &v1alpha1.OIDCProviderTLSSpec{SecretName: certSecretName1update} + _, err = pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Update(ctx, oidcProvider1LatestVersion, metav1.UpdateOptions{}) require.NoError(t, err) // The the endpoints should fail with TLS errors again. requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuer1) // Create a Secret at the updated name. - ca1update := createTLSCertificateSecret(ctx, t, ns, hostname1, nil, sniCertificateSecretName1update, kubeClient) + ca1update := createTLSCertificateSecret(ctx, t, ns, hostname1, nil, certSecretName1update, kubeClient) // Now that the Secret exists at the new name, we should be able to access the endpoints by hostname using the CA. _ = requireDiscoveryEndpointsAreWorking(t, scheme, address, string(ca1update.Bundle()), issuer1, nil) @@ -195,14 +195,14 @@ func TestSupervisorTLSTerminationWithSNI(t *testing.T) { hostname2 := "some-issuer-host-and-port-that-doesnt-match-public-supervisor-address.com" hostnamePort2 := "2684" issuer2 := fmt.Sprintf("%s://%s:%s/issuer2", scheme, hostname2, hostnamePort2) - sniCertificateSecretName2 := "integration-test-sni-cert-2" + certSecretName2 := "integration-test-cert-2" - // Create an OIDCProviderConfig with an sniCertificateSecretName. - oidcProviderConfig2 := library.CreateTestOIDCProvider(ctx, t, issuer2, sniCertificateSecretName2) - requireStatus(t, pinnipedClient, oidcProviderConfig2.Namespace, oidcProviderConfig2.Name, v1alpha1.SuccessOIDCProviderStatus) + // Create an OIDCProvider with a spec.tls.secretName. + oidcProvider2 := library.CreateTestOIDCProvider(ctx, t, issuer2, certSecretName2) + requireStatus(t, pinnipedClient, oidcProvider2.Namespace, oidcProvider2.Name, v1alpha1.SuccessOIDCProviderStatusCondition) // Create the Secret. - ca2 := createTLSCertificateSecret(ctx, t, ns, hostname2, nil, sniCertificateSecretName2, kubeClient) + ca2 := createTLSCertificateSecret(ctx, t, ns, hostname2, nil, certSecretName2, kubeClient) // Now that the Secret exists, we should be able to access the endpoints by hostname using the CA. _ = requireDiscoveryEndpointsAreWorking(t, scheme, hostname2+":"+hostnamePort2, string(ca2.Bundle()), issuer2, map[string]string{ @@ -219,7 +219,7 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) defer cancel() - temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) + temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret(ctx, t, ns, defaultTLSCertSecretName(env), pinnipedClient, kubeClient) scheme := "https" address := env.SupervisorHTTPSAddress // hostname and port for direct access to the supervisor's port 8443 @@ -240,11 +240,11 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) { issuerUsingIPAddress := fmt.Sprintf("%s://%s/issuer1", scheme, ipWithPort) issuerUsingHostname := fmt.Sprintf("%s://%s/issuer1", scheme, address) - // Create an OIDCProviderConfig without an sniCertificateSecretName. - oidcProviderConfig1 := library.CreateTestOIDCProvider(ctx, t, issuerUsingIPAddress, "") - requireStatus(t, pinnipedClient, oidcProviderConfig1.Namespace, oidcProviderConfig1.Name, v1alpha1.SuccessOIDCProviderStatus) + // Create an OIDCProvider without a spec.tls.secretName. + oidcProvider1 := library.CreateTestOIDCProvider(ctx, t, issuerUsingIPAddress, "") + requireStatus(t, pinnipedClient, oidcProvider1.Namespace, oidcProvider1.Name, v1alpha1.SuccessOIDCProviderStatusCondition) - // There is no default TLS cert and the sniCertificateSecretName was not set, so the endpoints should fail with TLS errors. + // There is no default TLS cert and the spec.tls.secretName was not set, so the endpoints should fail with TLS errors. requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t, issuerUsingIPAddress) // Create a Secret at the special name which represents the default TLS cert. @@ -253,18 +253,18 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) { // Now that the Secret exists, we should be able to access the endpoints by IP address using the CA. _ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil) - // Create an OIDCProviderConfig with an sniCertificateSecretName. - sniCertificateSecretName := "integration-test-sni-cert-1" - oidcProviderConfig2 := library.CreateTestOIDCProvider(ctx, t, issuerUsingHostname, sniCertificateSecretName) - requireStatus(t, pinnipedClient, oidcProviderConfig2.Namespace, oidcProviderConfig2.Name, v1alpha1.SuccessOIDCProviderStatus) + // Create an OIDCProvider with a spec.tls.secretName. + certSecretName := "integration-test-cert-1" + oidcProvider2 := library.CreateTestOIDCProvider(ctx, t, issuerUsingHostname, certSecretName) + requireStatus(t, pinnipedClient, oidcProvider2.Namespace, oidcProvider2.Name, v1alpha1.SuccessOIDCProviderStatusCondition) // Create the Secret. - sniCA := createTLSCertificateSecret(ctx, t, ns, hostname, nil, sniCertificateSecretName, kubeClient) + certCA := createTLSCertificateSecret(ctx, t, ns, hostname, nil, certSecretName, kubeClient) // Now that the Secret exists, we should be able to access the endpoints by hostname using the CA from the SNI cert. // Hostnames are case-insensitive, so the request should still work even if the case of the hostname is different // from the case of the issuer URL's hostname. - _ = requireDiscoveryEndpointsAreWorking(t, scheme, strings.ToUpper(hostname)+":"+port, string(sniCA.Bundle()), issuerUsingHostname, nil) + _ = requireDiscoveryEndpointsAreWorking(t, scheme, strings.ToUpper(hostname)+":"+port, string(certCA.Bundle()), issuerUsingHostname, nil) // And we can still access the other issuer using the default cert. _ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil) @@ -312,7 +312,7 @@ func createTLSCertificateSecret(ctx context.Context, t *testing.T, ns string, ho return ca } -func temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret( +func temporarilyRemoveAllOIDCProvidersAndDefaultTLSCertSecret( ctx context.Context, t *testing.T, ns string, @@ -320,11 +320,11 @@ func temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret( pinnipedClient pinnipedclientset.Interface, kubeClient kubernetes.Interface, ) { - // Temporarily remove any existing OIDCProviderConfigs from the cluster so we can test from a clean slate. - originalConfigList, err := pinnipedClient.ConfigV1alpha1().OIDCProviderConfigs(ns).List(ctx, metav1.ListOptions{}) + // Temporarily remove any existing OIDCProviders from the cluster so we can test from a clean slate. + originalConfigList, err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).List(ctx, metav1.ListOptions{}) require.NoError(t, err) for _, config := range originalConfigList.Items { - err := pinnipedClient.ConfigV1alpha1().OIDCProviderConfigs(ns).Delete(ctx, config.Name, metav1.DeleteOptions{}) + err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Delete(ctx, config.Name, metav1.DeleteOptions{}) require.NoError(t, err) } @@ -339,7 +339,7 @@ func temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret( require.NoError(t, err) } - // When this test has finished, recreate any OIDCProviderConfigs and default secret that had existed on the cluster before this test. + // When this test has finished, recreate any OIDCProviders and default secret that had existed on the cluster before this test. t.Cleanup(func() { cleanupCtx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() @@ -347,7 +347,7 @@ func temporarilyRemoveAllOIDCProviderConfigsAndDefaultTLSCertSecret( for _, config := range originalConfigList.Items { thisConfig := config thisConfig.ResourceVersion = "" // Get rid of resource version since we can't create an object with one. - _, err := pinnipedClient.ConfigV1alpha1().OIDCProviderConfigs(ns).Create(cleanupCtx, &thisConfig, metav1.CreateOptions{}) + _, err := pinnipedClient.ConfigV1alpha1().OIDCProviders(ns).Create(cleanupCtx, &thisConfig, metav1.CreateOptions{}) require.NoError(t, err) } @@ -420,18 +420,18 @@ func requireEndpointHasTLSErrorBecauseCertificatesAreNotReady(t *testing.T, url require.EqualError(t, err, fmt.Sprintf(`Get "%s": remote error: tls: unrecognized name`, url)) } -func requireCreatingOIDCProviderConfigCausesDiscoveryEndpointsToAppear( +func requireCreatingOIDCProviderCausesDiscoveryEndpointsToAppear( ctx context.Context, t *testing.T, supervisorScheme, supervisorAddress, supervisorCABundle string, issuerName string, client pinnipedclientset.Interface, -) (*v1alpha1.OIDCProviderConfig, *ExpectedJWKSResponseFormat) { +) (*v1alpha1.OIDCProvider, *ExpectedJWKSResponseFormat) { t.Helper() - newOIDCProviderConfig := library.CreateTestOIDCProvider(ctx, t, issuerName, "") + newOIDCProvider := library.CreateTestOIDCProvider(ctx, t, issuerName, "") jwksResult := requireDiscoveryEndpointsAreWorking(t, supervisorScheme, supervisorAddress, supervisorCABundle, issuerName, nil) - requireStatus(t, client, newOIDCProviderConfig.Namespace, newOIDCProviderConfig.Name, v1alpha1.SuccessOIDCProviderStatus) - return newOIDCProviderConfig, jwksResult + requireStatus(t, client, newOIDCProvider.Namespace, newOIDCProvider.Name, v1alpha1.SuccessOIDCProviderStatusCondition) + return newOIDCProvider, jwksResult } func requireDiscoveryEndpointsAreWorking(t *testing.T, supervisorScheme, supervisorAddress, supervisorCABundle, issuerName string, dnsOverrides map[string]string) *ExpectedJWKSResponseFormat { @@ -440,9 +440,9 @@ func requireDiscoveryEndpointsAreWorking(t *testing.T, supervisorScheme, supervi return jwksResult } -func requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear( +func requireDeletingOIDCProviderCausesDiscoveryEndpointsToDisappear( t *testing.T, - existingOIDCProviderConfig *v1alpha1.OIDCProviderConfig, + existingOIDCProvider *v1alpha1.OIDCProvider, client pinnipedclientset.Interface, ns string, supervisorScheme, supervisorAddress, supervisorCABundle string, @@ -452,8 +452,8 @@ func requireDeletingOIDCProviderConfigCausesDiscoveryEndpointsToDisappear( ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - // Delete the OIDCProviderConfig. - err := client.ConfigV1alpha1().OIDCProviderConfigs(ns).Delete(ctx, existingOIDCProviderConfig.Name, metav1.DeleteOptions{}) + // Delete the OIDCProvider. + err := client.ConfigV1alpha1().OIDCProviders(ns).Delete(ctx, existingOIDCProvider.Name, metav1.DeleteOptions{}) require.NoError(t, err) // Fetch that same discovery endpoint as before, but now it should not exist anymore. Give it some time for the endpoint to go away. @@ -529,7 +529,7 @@ func requireSuccessEndpointResponse(t *testing.T, endpointURL, issuer, caBundle ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - // Define a request to the new discovery endpoint which should have been created by an OIDCProviderConfig. + // Define a request to the new discovery endpoint which should have been created by an OIDCProvider. requestDiscoveryEndpoint, err := http.NewRequestWithContext( ctx, http.MethodGet, @@ -561,22 +561,22 @@ func requireSuccessEndpointResponse(t *testing.T, endpointURL, issuer, caBundle return response, string(responseBody) } -func editOIDCProviderConfigIssuerName( +func editOIDCProviderIssuerName( t *testing.T, - existingOIDCProviderConfig *v1alpha1.OIDCProviderConfig, + existingOIDCProvider *v1alpha1.OIDCProvider, client pinnipedclientset.Interface, ns string, newIssuerName string, -) *v1alpha1.OIDCProviderConfig { +) *v1alpha1.OIDCProvider { t.Helper() ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() - mostRecentVersion, err := client.ConfigV1alpha1().OIDCProviderConfigs(ns).Get(ctx, existingOIDCProviderConfig.Name, metav1.GetOptions{}) + mostRecentVersion, err := client.ConfigV1alpha1().OIDCProviders(ns).Get(ctx, existingOIDCProvider.Name, metav1.GetOptions{}) require.NoError(t, err) mostRecentVersion.Spec.Issuer = newIssuerName - updated, err := client.ConfigV1alpha1().OIDCProviderConfigs(ns).Update(ctx, mostRecentVersion, metav1.UpdateOptions{}) + updated, err := client.ConfigV1alpha1().OIDCProviders(ns).Update(ctx, mostRecentVersion, metav1.UpdateOptions{}) require.NoError(t, err) return updated @@ -587,19 +587,19 @@ func requireDelete(t *testing.T, client pinnipedclientset.Interface, ns, name st ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - err := client.ConfigV1alpha1().OIDCProviderConfigs(ns).Delete(ctx, name, metav1.DeleteOptions{}) + err := client.ConfigV1alpha1().OIDCProviders(ns).Delete(ctx, name, metav1.DeleteOptions{}) require.NoError(t, err) } -func requireStatus(t *testing.T, client pinnipedclientset.Interface, ns, name string, status v1alpha1.OIDCProviderStatus) { +func requireStatus(t *testing.T, client pinnipedclientset.Interface, ns, name string, status v1alpha1.OIDCProviderStatusCondition) { t.Helper() ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() - var opc *v1alpha1.OIDCProviderConfig + var opc *v1alpha1.OIDCProvider var err error assert.Eventually(t, func() bool { - opc, err = client.ConfigV1alpha1().OIDCProviderConfigs(ns).Get(ctx, name, metav1.GetOptions{}) + opc, err = client.ConfigV1alpha1().OIDCProviders(ns).Get(ctx, name, metav1.GetOptions{}) return err == nil && opc.Status.Status == status }, 10*time.Second, 200*time.Millisecond) require.NoError(t, err) diff --git a/test/integration/supervisor_keys_test.go b/test/integration/supervisor_keys_test.go index d54aec3b..17e6a580 100644 --- a/test/integration/supervisor_keys_test.go +++ b/test/integration/supervisor_keys_test.go @@ -30,12 +30,12 @@ func TestSupervisorOIDCKeys(t *testing.T) { opc := library.CreateTestOIDCProvider(ctx, t, "", "") // Ensure a secret is created with the OPC's JWKS. - var updatedOPC *configv1alpha1.OIDCProviderConfig + var updatedOPC *configv1alpha1.OIDCProvider var err error assert.Eventually(t, func() bool { updatedOPC, err = supervisorClient. ConfigV1alpha1(). - OIDCProviderConfigs(env.SupervisorNamespace). + OIDCProviders(env.SupervisorNamespace). Get(ctx, opc.Name, metav1.GetOptions{}) return err == nil && updatedOPC.Status.JWKSSecret.Name != "" }, time.Second*10, time.Millisecond*500) diff --git a/test/library/client.go b/test/library/client.go index d507dc12..f5aba3a6 100644 --- a/test/library/client.go +++ b/test/library/client.go @@ -166,13 +166,13 @@ func CreateTestWebhookAuthenticator(ctx context.Context, t *testing.T) corev1.Ty } } -// CreateTestOIDCProvider creates and returns a test OIDCProviderConfig in +// CreateTestOIDCProvider creates and returns a test OIDCProvider in // $PINNIPED_TEST_SUPERVISOR_NAMESPACE, which will be automatically deleted at the end of the -// current test's lifetime. It generates a random, valid, issuer for the OIDCProviderConfig. +// current test's lifetime. It generates a random, valid, issuer for the OIDCProvider. // // If the provided issuer is not the empty string, then it will be used for the -// OIDCProviderConfig.Spec.Issuer field. Else, a random issuer will be generated. -func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer, sniCertificateSecretName string) *configv1alpha1.OIDCProviderConfig { +// OIDCProvider.Spec.Issuer field. Else, a random issuer will be generated. +func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer, certSecretName string) *configv1alpha1.OIDCProvider { t.Helper() testEnv := IntegrationEnv(t) @@ -185,31 +185,31 @@ func CreateTestOIDCProvider(ctx context.Context, t *testing.T, issuer, sniCertif require.NoError(t, err) } - opcs := NewSupervisorClientset(t).ConfigV1alpha1().OIDCProviderConfigs(testEnv.SupervisorNamespace) - opc, err := opcs.Create(createContext, &configv1alpha1.OIDCProviderConfig{ + opcs := NewSupervisorClientset(t).ConfigV1alpha1().OIDCProviders(testEnv.SupervisorNamespace) + opc, err := opcs.Create(createContext, &configv1alpha1.OIDCProvider{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "test-oidc-provider-", Labels: map[string]string{"pinniped.dev/test": ""}, Annotations: map[string]string{"pinniped.dev/testName": t.Name()}, }, - Spec: configv1alpha1.OIDCProviderConfigSpec{ - Issuer: issuer, - SNICertificateSecretName: sniCertificateSecretName, + Spec: configv1alpha1.OIDCProviderSpec{ + Issuer: issuer, + TLS: &configv1alpha1.OIDCProviderTLSSpec{SecretName: certSecretName}, }, }, metav1.CreateOptions{}) - require.NoError(t, err, "could not create test OIDCProviderConfig") - t.Logf("created test OIDCProviderConfig %s/%s", opc.Namespace, opc.Name) + require.NoError(t, err, "could not create test OIDCProvider") + t.Logf("created test OIDCProvider %s/%s", opc.Namespace, opc.Name) t.Cleanup(func() { t.Helper() - t.Logf("cleaning up test OIDCProviderConfig %s/%s", opc.Namespace, opc.Name) + t.Logf("cleaning up test OIDCProvider %s/%s", opc.Namespace, opc.Name) deleteCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() err := opcs.Delete(deleteCtx, opc.Name, metav1.DeleteOptions{}) notFound := k8serrors.IsNotFound(err) // It's okay if it is not found, because it might have been deleted by another part of this test. if !notFound { - require.NoErrorf(t, err, "could not cleanup test OIDCProviderConfig %s/%s", opc.Namespace, opc.Name) + require.NoErrorf(t, err, "could not cleanup test OIDCProvider %s/%s", opc.Namespace, opc.Name) } })