diff --git a/apis/config/v1alpha1/types_oidcproviderconfig.go.tmpl b/apis/config/v1alpha1/types_oidcproviderconfig.go.tmpl index 7000aead..a2850bdf 100644 --- a/apis/config/v1alpha1/types_oidcproviderconfig.go.tmpl +++ b/apis/config/v1alpha1/types_oidcproviderconfig.go.tmpl @@ -5,6 +5,15 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=Success;Duplicate;Invalid +type OIDCProviderStatus string + +const ( + SuccessOIDCProviderStatus = OIDCProviderStatus("Success") + DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") + InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") +) + // OIDCProviderConfigSpec is a struct that describes an OIDC Provider. type OIDCProviderConfigSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the @@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct { Issuer string `json:"issuer"` } +// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderConfigStatus struct { + // Status holds an enum that describes the state of this OIDC Provider. Note that this Status can + // represent success or failure. + // +optional + Status OIDCProviderStatus `json:"status,omitempty"` + + // Message provides human-readable details about the Status. + // +optional + Message string `json:"message,omitempty"` +} + // OIDCProviderConfig describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -28,7 +49,10 @@ type OIDCProviderConfig struct { metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"status"` + Spec OIDCProviderConfigSpec `json:"spec"` + + // Status of the OIDC provider. + Status OIDCProviderConfigStatus `json:"status,omitempty"` } // List of OIDCProviderConfig objects. diff --git a/cmd/pinniped-supervisor/main.go b/cmd/pinniped-supervisor/main.go index 9b111f50..dbbf5cfc 100644 --- a/cmd/pinniped-supervisor/main.go +++ b/cmd/pinniped-supervisor/main.go @@ -12,6 +12,7 @@ import ( "os/signal" "time" + "k8s.io/apimachinery/pkg/util/clock" "k8s.io/client-go/pkg/version" "k8s.io/client-go/rest" restclient "k8s.io/client-go/rest" @@ -61,6 +62,7 @@ func waitForSignal() os.Signal { func startControllers( ctx context.Context, issuerProvider *provider.Manager, + pinnipedClient pinnipedclientset.Interface, pinnipedInformers pinnipedinformers.SharedInformerFactory, ) { // Create controller manager. @@ -69,6 +71,8 @@ func startControllers( WithController( supervisorconfig.NewOIDCProviderConfigWatcherController( issuerProvider, + clock.RealClock{}, + pinnipedClient, pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(), controllerlib.WithInformer, ), @@ -111,7 +115,7 @@ func run(serverInstallationNamespace string) error { ) oidProvidersManager := provider.NewManager(http.NotFoundHandler()) - startControllers(ctx, oidProvidersManager, pinnipedInformers) + startControllers(ctx, oidProvidersManager, pinnipedClient, pinnipedInformers) //nolint: gosec // Intentionally binding to all network interfaces. l, err := net.Listen("tcp", ":80") diff --git a/deploy-supervisor/rbac.yaml b/deploy-supervisor/rbac.yaml index a4b34e9a..bfa4ac95 100644 --- a/deploy-supervisor/rbac.yaml +++ b/deploy-supervisor/rbac.yaml @@ -15,7 +15,7 @@ metadata: rules: - apiGroups: [config.pinniped.dev] resources: [oidcproviderconfigs] - verbs: [get, list, watch] + verbs: [update, get, list, watch] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/deploy/config.pinniped.dev_oidcproviderconfigs.yaml b/deploy/config.pinniped.dev_oidcproviderconfigs.yaml index 961da253..c1cb5525 100644 --- a/deploy/config.pinniped.dev_oidcproviderconfigs.yaml +++ b/deploy/config.pinniped.dev_oidcproviderconfigs.yaml @@ -35,7 +35,7 @@ spec: type: string metadata: type: object - status: + spec: description: Spec of the OIDC provider. properties: issuer: @@ -52,8 +52,23 @@ spec: required: - issuer type: object + status: + description: Status of the OIDC provider. + properties: + message: + description: Message provides human-readable details about the Status. + type: string + status: + description: Status holds an enum that describes the state of this + OIDCProvider. Note that this Status can represent success or failure. + enum: + - Success + - Duplicate + - Invalid + type: string + type: object required: - - status + - spec type: object served: true storage: true diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 1953af02..716d1b03 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -110,7 +110,8 @@ OIDCProviderConfig describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider. |=== @@ -134,6 +135,24 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigstatus"] +==== OIDCProviderConfigStatus + +OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure. +| *`message`* __string__ | Message provides human-readable details about the Status. +|=== + + [id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"] === idp.pinniped.dev/v1alpha1 diff --git a/generated/1.17/apis/config/v1alpha1/types_oidcproviderconfig.go b/generated/1.17/apis/config/v1alpha1/types_oidcproviderconfig.go index 7000aead..75931e70 100644 --- a/generated/1.17/apis/config/v1alpha1/types_oidcproviderconfig.go +++ b/generated/1.17/apis/config/v1alpha1/types_oidcproviderconfig.go @@ -5,6 +5,15 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=Success;Duplicate;Invalid +type OIDCProviderStatus string + +const ( + SuccessOIDCProviderStatus = OIDCProviderStatus("Success") + DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") + InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") +) + // OIDCProviderConfigSpec is a struct that describes an OIDC Provider. type OIDCProviderConfigSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the @@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct { Issuer string `json:"issuer"` } +// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderConfigStatus struct { + // Status holds an enum that describes the state of this OIDCProvider. Note that this Status can + // represent success or failure. + // +optional + Status OIDCProviderStatus `json:"status,omitempty"` + + // Message provides human-readable details about the Status. + // +optional + Message string `json:"message,omitempty"` +} + // OIDCProviderConfig describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -28,7 +49,10 @@ type OIDCProviderConfig struct { metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"status"` + Spec OIDCProviderConfigSpec `json:"spec"` + + // Status of the OIDC provider. + Status OIDCProviderConfigStatus `json:"status,omitempty"` } // List of OIDCProviderConfig objects. diff --git a/generated/1.17/apis/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/config/v1alpha1/zz_generated.deepcopy.go index f45d80c3..253a5c5b 100644 --- a/generated/1.17/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.17/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -138,6 +138,7 @@ func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec + out.Status = in.Status return } @@ -207,3 +208,19 @@ func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus. +func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus { + if in == nil { + return nil + } + out := new(OIDCProviderConfigStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go b/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go index 6cd7dc42..a0a85394 100644 --- a/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go +++ b/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go @@ -87,6 +87,18 @@ func (c *FakeOIDCProviderConfigs) Update(oIDCProviderConfig *v1alpha1.OIDCProvid return obj.(*v1alpha1.OIDCProviderConfig), err } +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCProviderConfigs) UpdateStatus(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProviderConfig), err +} + // Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. func (c *FakeOIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error { _, err := c.Fake. diff --git a/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go b/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go index 23f8760f..b080830d 100644 --- a/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go +++ b/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go @@ -26,6 +26,7 @@ type OIDCProviderConfigsGetter interface { type OIDCProviderConfigInterface interface { Create(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) Update(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) + UpdateStatus(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) Delete(name string, options *v1.DeleteOptions) error DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error Get(name string, options v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error) @@ -119,6 +120,22 @@ func (c *oIDCProviderConfigs) Update(oIDCProviderConfig *v1alpha1.OIDCProviderCo return } +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *oIDCProviderConfigs) UpdateStatus(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) { + result = &v1alpha1.OIDCProviderConfig{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviderconfigs"). + Name(oIDCProviderConfig.Name). + SubResource("status"). + Body(oIDCProviderConfig). + Do(). + Into(result) + return +} + // Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. func (c *oIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error { return c.client.Delete(). diff --git a/generated/1.17/client/openapi/zz_generated.openapi.go b/generated/1.17/client/openapi/zz_generated.openapi.go index 55aecb0a..d25d0c88 100644 --- a/generated/1.17/client/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/openapi/zz_generated.openapi.go @@ -25,6 +25,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfig": schema_117_apis_config_v1alpha1_OIDCProviderConfig(ref), "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigList": schema_117_apis_config_v1alpha1_OIDCProviderConfigList(ref), "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_117_apis_config_v1alpha1_OIDCProviderConfigSpec(ref), + "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref), "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.Condition": schema_117_apis_idp_v1alpha1_Condition(ref), "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.TLSSpec": schema_117_apis_idp_v1alpha1_TLSSpec(ref), "go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider": schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref), @@ -315,18 +316,24 @@ func schema_117_apis_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCall Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "status": { + "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec of the OIDC provider.", Ref: ref("go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec"), }, }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status of the OIDC provider.", + Ref: ref("go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus"), + }, + }, }, - Required: []string{"status"}, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -397,6 +404,33 @@ func schema_117_apis_config_v1alpha1_OIDCProviderConfigSpec(ref common.Reference } } +func schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "Message provides human-readable details about the Status.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_117_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.17/crds/config.pinniped.dev_oidcproviderconfigs.yaml b/generated/1.17/crds/config.pinniped.dev_oidcproviderconfigs.yaml index 961da253..c1cb5525 100644 --- a/generated/1.17/crds/config.pinniped.dev_oidcproviderconfigs.yaml +++ b/generated/1.17/crds/config.pinniped.dev_oidcproviderconfigs.yaml @@ -35,7 +35,7 @@ spec: type: string metadata: type: object - status: + spec: description: Spec of the OIDC provider. properties: issuer: @@ -52,8 +52,23 @@ spec: required: - issuer type: object + status: + description: Status of the OIDC provider. + properties: + message: + description: Message provides human-readable details about the Status. + type: string + status: + description: Status holds an enum that describes the state of this + OIDCProvider. Note that this Status can represent success or failure. + enum: + - Success + - Duplicate + - Invalid + type: string + type: object required: - - status + - spec type: object served: true storage: true diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 82976801..6eef0246 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -110,7 +110,8 @@ OIDCProviderConfig describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider. |=== @@ -134,6 +135,24 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigstatus"] +==== OIDCProviderConfigStatus + +OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure. +| *`message`* __string__ | Message provides human-readable details about the Status. +|=== + + [id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"] === idp.pinniped.dev/v1alpha1 diff --git a/generated/1.18/apis/config/v1alpha1/types_oidcproviderconfig.go b/generated/1.18/apis/config/v1alpha1/types_oidcproviderconfig.go index 7000aead..75931e70 100644 --- a/generated/1.18/apis/config/v1alpha1/types_oidcproviderconfig.go +++ b/generated/1.18/apis/config/v1alpha1/types_oidcproviderconfig.go @@ -5,6 +5,15 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=Success;Duplicate;Invalid +type OIDCProviderStatus string + +const ( + SuccessOIDCProviderStatus = OIDCProviderStatus("Success") + DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") + InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") +) + // OIDCProviderConfigSpec is a struct that describes an OIDC Provider. type OIDCProviderConfigSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the @@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct { Issuer string `json:"issuer"` } +// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderConfigStatus struct { + // Status holds an enum that describes the state of this OIDCProvider. Note that this Status can + // represent success or failure. + // +optional + Status OIDCProviderStatus `json:"status,omitempty"` + + // Message provides human-readable details about the Status. + // +optional + Message string `json:"message,omitempty"` +} + // OIDCProviderConfig describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -28,7 +49,10 @@ type OIDCProviderConfig struct { metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"status"` + Spec OIDCProviderConfigSpec `json:"spec"` + + // Status of the OIDC provider. + Status OIDCProviderConfigStatus `json:"status,omitempty"` } // List of OIDCProviderConfig objects. diff --git a/generated/1.18/apis/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/config/v1alpha1/zz_generated.deepcopy.go index f45d80c3..253a5c5b 100644 --- a/generated/1.18/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.18/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -138,6 +138,7 @@ func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec + out.Status = in.Status return } @@ -207,3 +208,19 @@ func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus. +func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus { + if in == nil { + return nil + } + out := new(OIDCProviderConfigStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go b/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go index fc430580..a2c2db1b 100644 --- a/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go +++ b/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go @@ -89,6 +89,18 @@ func (c *FakeOIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig return obj.(*v1alpha1.OIDCProviderConfig), err } +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProviderConfig), err +} + // Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { _, err := c.Fake. diff --git a/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go b/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go index 99042aa3..c1abf9ed 100644 --- a/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go +++ b/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go @@ -27,6 +27,7 @@ type OIDCProviderConfigsGetter interface { type OIDCProviderConfigInterface interface { Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error) Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) + UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error) @@ -122,6 +123,22 @@ func (c *oIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1 return } +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *oIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { + result = &v1alpha1.OIDCProviderConfig{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviderconfigs"). + Name(oIDCProviderConfig.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProviderConfig). + Do(ctx). + Into(result) + return +} + // Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { return c.client.Delete(). diff --git a/generated/1.18/client/openapi/zz_generated.openapi.go b/generated/1.18/client/openapi/zz_generated.openapi.go index 76c671b6..eb0e2dfa 100644 --- a/generated/1.18/client/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/openapi/zz_generated.openapi.go @@ -25,6 +25,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfig": schema_118_apis_config_v1alpha1_OIDCProviderConfig(ref), "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigList": schema_118_apis_config_v1alpha1_OIDCProviderConfigList(ref), "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_118_apis_config_v1alpha1_OIDCProviderConfigSpec(ref), + "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_118_apis_config_v1alpha1_OIDCProviderConfigStatus(ref), "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.Condition": schema_118_apis_idp_v1alpha1_Condition(ref), "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.TLSSpec": schema_118_apis_idp_v1alpha1_TLSSpec(ref), "go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProvider": schema_118_apis_idp_v1alpha1_WebhookIdentityProvider(ref), @@ -315,18 +316,24 @@ func schema_118_apis_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCall Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "status": { + "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec of the OIDC provider.", Ref: ref("go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec"), }, }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status of the OIDC provider.", + Ref: ref("go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigStatus"), + }, + }, }, - Required: []string{"status"}, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -397,6 +404,33 @@ func schema_118_apis_config_v1alpha1_OIDCProviderConfigSpec(ref common.Reference } } +func schema_118_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "Message provides human-readable details about the Status.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_118_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.18/crds/config.pinniped.dev_oidcproviderconfigs.yaml b/generated/1.18/crds/config.pinniped.dev_oidcproviderconfigs.yaml index 961da253..c1cb5525 100644 --- a/generated/1.18/crds/config.pinniped.dev_oidcproviderconfigs.yaml +++ b/generated/1.18/crds/config.pinniped.dev_oidcproviderconfigs.yaml @@ -35,7 +35,7 @@ spec: type: string metadata: type: object - status: + spec: description: Spec of the OIDC provider. properties: issuer: @@ -52,8 +52,23 @@ spec: required: - issuer type: object + status: + description: Status of the OIDC provider. + properties: + message: + description: Message provides human-readable details about the Status. + type: string + status: + description: Status holds an enum that describes the state of this + OIDCProvider. Note that this Status can represent success or failure. + enum: + - Success + - Duplicate + - Invalid + type: string + type: object required: - - status + - spec type: object served: true storage: true diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index 6de47016..3008fb69 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -110,7 +110,8 @@ OIDCProviderConfig describes the configuration of an OIDC provider. | Field | Description | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. -| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider. +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider. |=== @@ -134,6 +135,24 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider. |=== +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigstatus"] +==== OIDCProviderConfigStatus + +OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure. +| *`message`* __string__ | Message provides human-readable details about the Status. +|=== + + [id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"] === idp.pinniped.dev/v1alpha1 diff --git a/generated/1.19/apis/config/v1alpha1/types_oidcproviderconfig.go b/generated/1.19/apis/config/v1alpha1/types_oidcproviderconfig.go index 7000aead..75931e70 100644 --- a/generated/1.19/apis/config/v1alpha1/types_oidcproviderconfig.go +++ b/generated/1.19/apis/config/v1alpha1/types_oidcproviderconfig.go @@ -5,6 +5,15 @@ package v1alpha1 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +// +kubebuilder:validation:Enum=Success;Duplicate;Invalid +type OIDCProviderStatus string + +const ( + SuccessOIDCProviderStatus = OIDCProviderStatus("Success") + DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate") + InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid") +) + // OIDCProviderConfigSpec is a struct that describes an OIDC Provider. type OIDCProviderConfigSpec struct { // Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the @@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct { Issuer string `json:"issuer"` } +// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider. +type OIDCProviderConfigStatus struct { + // Status holds an enum that describes the state of this OIDCProvider. Note that this Status can + // represent success or failure. + // +optional + Status OIDCProviderStatus `json:"status,omitempty"` + + // Message provides human-readable details about the Status. + // +optional + Message string `json:"message,omitempty"` +} + // OIDCProviderConfig describes the configuration of an OIDC provider. // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -28,7 +49,10 @@ type OIDCProviderConfig struct { metav1.ObjectMeta `json:"metadata,omitempty"` // Spec of the OIDC provider. - Spec OIDCProviderConfigSpec `json:"status"` + Spec OIDCProviderConfigSpec `json:"spec"` + + // Status of the OIDC provider. + Status OIDCProviderConfigStatus `json:"status,omitempty"` } // List of OIDCProviderConfig objects. diff --git a/generated/1.19/apis/config/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/config/v1alpha1/zz_generated.deepcopy.go index f45d80c3..253a5c5b 100644 --- a/generated/1.19/apis/config/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.19/apis/config/v1alpha1/zz_generated.deepcopy.go @@ -138,6 +138,7 @@ func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec + out.Status = in.Status return } @@ -207,3 +208,19 @@ func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus. +func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus { + if in == nil { + return nil + } + out := new(OIDCProviderConfigStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go b/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go index 8e01a067..5011336e 100644 --- a/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go +++ b/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/fake/fake_oidcproviderconfig.go @@ -89,6 +89,18 @@ func (c *FakeOIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig return obj.(*v1alpha1.OIDCProviderConfig), err } +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeOIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.OIDCProviderConfig), err +} + // Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { _, err := c.Fake. diff --git a/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go b/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go index 7b32bf1e..42765a4c 100644 --- a/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go +++ b/generated/1.19/client/clientset/versioned/typed/config/v1alpha1/oidcproviderconfig.go @@ -27,6 +27,7 @@ type OIDCProviderConfigsGetter interface { type OIDCProviderConfigInterface interface { Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error) Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) + UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error) @@ -122,6 +123,22 @@ func (c *oIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1 return } +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *oIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) { + result = &v1alpha1.OIDCProviderConfig{} + err = c.client.Put(). + Namespace(c.ns). + Resource("oidcproviderconfigs"). + Name(oIDCProviderConfig.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(oIDCProviderConfig). + Do(ctx). + Into(result) + return +} + // Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs. func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { return c.client.Delete(). diff --git a/generated/1.19/client/openapi/zz_generated.openapi.go b/generated/1.19/client/openapi/zz_generated.openapi.go index 95454e7b..c7ed5084 100644 --- a/generated/1.19/client/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/openapi/zz_generated.openapi.go @@ -25,6 +25,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfig": schema_119_apis_config_v1alpha1_OIDCProviderConfig(ref), "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigList": schema_119_apis_config_v1alpha1_OIDCProviderConfigList(ref), "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_119_apis_config_v1alpha1_OIDCProviderConfigSpec(ref), + "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_119_apis_config_v1alpha1_OIDCProviderConfigStatus(ref), "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.Condition": schema_119_apis_idp_v1alpha1_Condition(ref), "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.TLSSpec": schema_119_apis_idp_v1alpha1_TLSSpec(ref), "go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProvider": schema_119_apis_idp_v1alpha1_WebhookIdentityProvider(ref), @@ -316,18 +317,24 @@ func schema_119_apis_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCall Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "status": { + "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec of the OIDC provider.", Ref: ref("go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec"), }, }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status of the OIDC provider.", + Ref: ref("go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigStatus"), + }, + }, }, - Required: []string{"status"}, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -398,6 +405,33 @@ func schema_119_apis_config_v1alpha1_OIDCProviderConfigSpec(ref common.Reference } } +func schema_119_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "Message provides human-readable details about the Status.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + func schema_119_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.19/crds/config.pinniped.dev_oidcproviderconfigs.yaml b/generated/1.19/crds/config.pinniped.dev_oidcproviderconfigs.yaml index 961da253..c1cb5525 100644 --- a/generated/1.19/crds/config.pinniped.dev_oidcproviderconfigs.yaml +++ b/generated/1.19/crds/config.pinniped.dev_oidcproviderconfigs.yaml @@ -35,7 +35,7 @@ spec: type: string metadata: type: object - status: + spec: description: Spec of the OIDC provider. properties: issuer: @@ -52,8 +52,23 @@ spec: required: - issuer type: object + status: + description: Status of the OIDC provider. + properties: + message: + description: Message provides human-readable details about the Status. + type: string + status: + description: Status holds an enum that describes the state of this + OIDCProvider. Note that this Status can represent success or failure. + enum: + - Success + - Duplicate + - Invalid + type: string + type: object required: - - status + - spec type: object served: true storage: true diff --git a/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go b/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go index 204600ab..cd827c94 100644 --- a/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go +++ b/internal/controller/supervisorconfig/oidcproviderconfig_watcher.go @@ -4,11 +4,19 @@ package supervisorconfig import ( + "context" + "fmt" "net/url" + "strings" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/util/clock" + "k8s.io/client-go/util/retry" "k8s.io/klog/v2" + configv1alpha1 "go.pinniped.dev/generated/1.19/apis/config/v1alpha1" + pinnipedclientset "go.pinniped.dev/generated/1.19/client/clientset/versioned" configinformers "go.pinniped.dev/generated/1.19/client/informers/externalversions/config/v1alpha1" pinnipedcontroller "go.pinniped.dev/internal/controller" "go.pinniped.dev/internal/controllerlib" @@ -24,13 +32,17 @@ type ProvidersSetter interface { type oidcProviderConfigWatcherController struct { providerSetter ProvidersSetter + clock clock.Clock + client pinnipedclientset.Interface opcInformer configinformers.OIDCProviderConfigInformer } // NewOIDCProviderConfigWatcherController creates a controllerlib.Controller that watches // OIDCProviderConfig objects and notifies a callback object of the collection of provider configs. func NewOIDCProviderConfigWatcherController( - issuerObserver ProvidersSetter, + providerSetter ProvidersSetter, + clock clock.Clock, + client pinnipedclientset.Interface, opcInformer configinformers.OIDCProviderConfigInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, ) controllerlib.Controller { @@ -38,7 +50,9 @@ func NewOIDCProviderConfigWatcherController( controllerlib.Config{ Name: "OIDCProviderConfigWatcherController", Syncer: &oidcProviderConfigWatcherController{ - providerSetter: issuerObserver, + providerSetter: providerSetter, + clock: clock, + client: client, opcInformer: opcInformer, }, }, @@ -57,35 +71,133 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er return err } + issuerCounts := make(map[string]int) + for _, opc := range all { + issuerCounts[opc.Spec.Issuer] = issuerCounts[opc.Spec.Issuer] + 1 + } + + errs := newMultiError() + oidcProviders := make([]*provider.OIDCProvider, 0) for _, opc := range all { - issuerURL, err := url.Parse(opc.Spec.Issuer) - if err != nil { - klog.InfoS( - "OIDCProviderConfigWatcherController Sync failed to parse issuer", - "err", - err, - ) + if issuerCount := issuerCounts[opc.Spec.Issuer]; issuerCount > 1 { + if err := c.updateStatus( + ctx.Context, + opc.Namespace, + opc.Name, + configv1alpha1.DuplicateOIDCProviderStatus, + "Duplicate issuer", + ); err != nil { + errs.add(fmt.Errorf("could not update status: %w", err)) + } continue } + + issuerURL, err := url.Parse(opc.Spec.Issuer) + if err != nil { + if err := c.updateStatus( + ctx.Context, + opc.Namespace, + opc.Name, + configv1alpha1.InvalidOIDCProviderStatus, + "Invalid issuer URL: "+err.Error(), + ); err != nil { + errs.add(fmt.Errorf("could not update status: %w", err)) + } + continue + } + oidcProvider := &provider.OIDCProvider{Issuer: issuerURL} err = oidcProvider.Validate() if err != nil { - klog.InfoS( - "OIDCProviderConfigWatcherController Sync could failed to validate OIDCProviderConfig", - "err", - err, - ) + if err := c.updateStatus( + ctx.Context, + opc.Namespace, + opc.Name, + configv1alpha1.InvalidOIDCProviderStatus, + "Invalid issuer: "+err.Error(), + ); err != nil { + errs.add(fmt.Errorf("could not update status: %w", err)) + } continue } + oidcProviders = append(oidcProviders, oidcProvider) - klog.InfoS( - "OIDCProviderConfigWatcherController Sync accepted OIDCProviderConfig", - "issuer", - issuerURL, - ) + if err := c.updateStatus( + ctx.Context, + opc.Namespace, + opc.Name, + configv1alpha1.SuccessOIDCProviderStatus, + "Provider successfully created", + ); err != nil { + // errs.add(fmt.Errorf("could not update status: %w", err)) + return fmt.Errorf("could not update status: %w", err) + } } c.providerSetter.SetProviders(oidcProviders...) + + return errs.errOrNil() +} + +func (c *oidcProviderConfigWatcherController) updateStatus( + ctx context.Context, + namespace, name string, + status configv1alpha1.OIDCProviderStatus, + message string, +) error { + return retry.RetryOnConflict(retry.DefaultRetry, func() error { + opc, err := c.client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Get(ctx, name, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("get failed: %w", err) + } + + if opc.Status.Status == status && opc.Status.Message == message { + return nil + } + + klog.InfoS( + "attempting status update", + "openidproviderconfig", + klog.KRef(namespace, name), + "status", + status, + "message", + message, + ) + opc.Status.Status = status + opc.Status.Message = message + _, err = c.client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Update(ctx, opc, metav1.UpdateOptions{}) + return err + }) +} + +type multiError []error + +func newMultiError() multiError { + return make([]error, 0) +} + +func (m *multiError) add(err error) { + *m = append(*m, err) +} + +func (m multiError) len() int { + return len(m) +} + +func (m multiError) Error() string { + sb := strings.Builder{} + fmt.Fprintf(&sb, "%d errors:", m.len()) + for _, err := range m { + fmt.Fprintf(&sb, "\n- %s", err.Error()) + } + return sb.String() +} + +func (m multiError) errOrNil() error { + if m.len() > 0 { + return m + } return nil } diff --git a/test/integration/supervisor_discovery_test.go b/test/integration/supervisor_discovery_test.go index 148e1878..94f3cd9d 100644 --- a/test/integration/supervisor_discovery_test.go +++ b/test/integration/supervisor_discovery_test.go @@ -59,21 +59,43 @@ func TestSupervisorOIDCDiscovery(t *testing.T) { issuer2 := fmt.Sprintf("http://%s/nested/issuer2", env.SupervisorAddress) issuer3 := fmt.Sprintf("http://%s/issuer3", env.SupervisorAddress) issuer4 := fmt.Sprintf("http://%s/issuer4", env.SupervisorAddress) + issuer5 := fmt.Sprintf("http://%s/issuer5", env.SupervisorAddress) + badIssuer := fmt.Sprintf("http://%s/badIssuer?cannot-use=queries", env.SupervisorAddress) // When OIDCProviderConfig are created in sequence they each cause a discovery endpoint to appear only for as long as the OIDCProviderConfig exists. - createdOIDCProviderConfig1 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer1, "from-integration-test1") - requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig1, client, ns, issuer1) - createdOIDCProviderConfig2 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer2, "from-integration-test2") - requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig2, client, ns, issuer2) + config1 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer1, "from-integration-test1") + requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config1, client, ns, issuer1) + config2 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer2, "from-integration-test2") + requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config2, client, ns, issuer2) // When multiple OIDCProviderConfigs exist at the same time they each serve a unique discovery endpoint. - createdOIDCProviderConfig3 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer3, "from-integration-test3") - createdOIDCProviderConfig4 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer4, "from-integration-test4") + config3 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer3, "from-integration-test3") + config4 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer4, "from-integration-test4") requireWellKnownEndpointIsWorking(t, issuer3) // discovery for issuer3 is still working after issuer4 started working // When they are deleted they stop serving discovery endpoints. - requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig3, client, ns, issuer2) - requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig4, client, ns, issuer2) + requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config3, client, ns, issuer3) + requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config4, client, ns, issuer4) + + // When the same issuer is added twice, both issuers are marked as duplicates, and neither provider is serving. + config5Duplicate1 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer5, "from-integration-test5") + config5Duplicate2 := createOIDCProviderConfig(t, "from-integration-test5-duplicate", client, ns, issuer5) + requireStatus(t, client, ns, config5Duplicate1.Name, v1alpha1.DuplicateOIDCProviderStatus) + requireStatus(t, client, ns, config5Duplicate2.Name, v1alpha1.DuplicateOIDCProviderStatus) + requireDiscoveryEndpointIsNotFound(t, issuer5) + + // If we delete the first duplicate issuer, the second duplicate issuer starts serving. + requireDelete(t, client, ns, config5Duplicate1.Name) + requireWellKnownEndpointIsWorking(t, issuer5) + requireStatus(t, client, ns, config5Duplicate2.Name, v1alpha1.SuccessOIDCProviderStatus) + + // When we finally delete all issuers, the endpoint should be down. + requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config5Duplicate2, client, ns, issuer5) + + // When we create a provider with an invalid issuer, the status is set to invalid. + badConfig := createOIDCProviderConfig(t, "from-integration-test6", client, ns, badIssuer) + requireStatus(t, client, ns, badConfig.Name, v1alpha1.InvalidOIDCProviderStatus) + requireDiscoveryEndpointIsNotFound(t, badIssuer) } func requireDiscoveryEndpointIsNotFound(t *testing.T, issuerName string) { @@ -104,6 +126,7 @@ func requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t *testing t.Helper() newOIDCProviderConfig := createOIDCProviderConfig(t, oidcProviderConfigName, client, ns, issuerName) requireWellKnownEndpointIsWorking(t, issuerName) + requireStatus(t, client, ns, oidcProviderConfigName, v1alpha1.SuccessOIDCProviderStatus) return newOIDCProviderConfig } @@ -205,3 +228,27 @@ func createOIDCProviderConfig(t *testing.T, oidcProviderConfigName string, clien return createdOIDCProviderConfig } + +func requireDelete(t *testing.T, client pinnipedclientset.Interface, ns, name string) { + t.Helper() + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + err := client.ConfigV1alpha1().OIDCProviderConfigs(ns).Delete(ctx, name, metav1.DeleteOptions{}) + require.NoError(t, err) +} + +func requireStatus(t *testing.T, client pinnipedclientset.Interface, ns, name string, status v1alpha1.OIDCProviderStatus) { + t.Helper() + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + var opc *v1alpha1.OIDCProviderConfig + var err error + assert.Eventually(t, func() bool { + opc, err = client.ConfigV1alpha1().OIDCProviderConfigs(ns).Get(ctx, name, metav1.GetOptions{}) + return err == nil && opc.Status.Status == status + }, 10*time.Second, 200*time.Millisecond) + require.NoError(t, err) + require.Equalf(t, status, opc.Status.Status, "unexpected status (message = '%s')", opc.Status.Message) +}