supervisor-oidc: checkpoint: add status to provider CRD
Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
parent
6b653fc663
commit
da00fc708f
@ -5,6 +5,15 @@ package v1alpha1
|
|||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
||||||
|
type OIDCProviderStatus string
|
||||||
|
|
||||||
|
const (
|
||||||
|
SuccessOIDCProviderStatus = OIDCProviderStatus("Success")
|
||||||
|
DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate")
|
||||||
|
InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid")
|
||||||
|
)
|
||||||
|
|
||||||
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
||||||
type OIDCProviderConfigSpec struct {
|
type OIDCProviderConfigSpec struct {
|
||||||
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
||||||
@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct {
|
|||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
type OIDCProviderConfigStatus struct {
|
||||||
|
// Status holds an enum that describes the state of this OIDC Provider. Note that this Status can
|
||||||
|
// represent success or failure.
|
||||||
|
// +optional
|
||||||
|
Status OIDCProviderStatus `json:"status,omitempty"`
|
||||||
|
|
||||||
|
// Message provides human-readable details about the Status.
|
||||||
|
// +optional
|
||||||
|
Message string `json:"message,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
@ -28,7 +49,10 @@ type OIDCProviderConfig struct {
|
|||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
// Spec of the OIDC provider.
|
// Spec of the OIDC provider.
|
||||||
Spec OIDCProviderConfigSpec `json:"status"`
|
Spec OIDCProviderConfigSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the OIDC provider.
|
||||||
|
Status OIDCProviderConfigStatus `json:"status,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// List of OIDCProviderConfig objects.
|
// List of OIDCProviderConfig objects.
|
||||||
|
@ -12,6 +12,7 @@ import (
|
|||||||
"os/signal"
|
"os/signal"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"k8s.io/apimachinery/pkg/util/clock"
|
||||||
"k8s.io/client-go/pkg/version"
|
"k8s.io/client-go/pkg/version"
|
||||||
"k8s.io/client-go/rest"
|
"k8s.io/client-go/rest"
|
||||||
restclient "k8s.io/client-go/rest"
|
restclient "k8s.io/client-go/rest"
|
||||||
@ -61,6 +62,7 @@ func waitForSignal() os.Signal {
|
|||||||
func startControllers(
|
func startControllers(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
issuerProvider *provider.Manager,
|
issuerProvider *provider.Manager,
|
||||||
|
pinnipedClient pinnipedclientset.Interface,
|
||||||
pinnipedInformers pinnipedinformers.SharedInformerFactory,
|
pinnipedInformers pinnipedinformers.SharedInformerFactory,
|
||||||
) {
|
) {
|
||||||
// Create controller manager.
|
// Create controller manager.
|
||||||
@ -69,6 +71,8 @@ func startControllers(
|
|||||||
WithController(
|
WithController(
|
||||||
supervisorconfig.NewOIDCProviderConfigWatcherController(
|
supervisorconfig.NewOIDCProviderConfigWatcherController(
|
||||||
issuerProvider,
|
issuerProvider,
|
||||||
|
clock.RealClock{},
|
||||||
|
pinnipedClient,
|
||||||
pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(),
|
pinnipedInformers.Config().V1alpha1().OIDCProviderConfigs(),
|
||||||
controllerlib.WithInformer,
|
controllerlib.WithInformer,
|
||||||
),
|
),
|
||||||
@ -111,7 +115,7 @@ func run(serverInstallationNamespace string) error {
|
|||||||
)
|
)
|
||||||
|
|
||||||
oidProvidersManager := provider.NewManager(http.NotFoundHandler())
|
oidProvidersManager := provider.NewManager(http.NotFoundHandler())
|
||||||
startControllers(ctx, oidProvidersManager, pinnipedInformers)
|
startControllers(ctx, oidProvidersManager, pinnipedClient, pinnipedInformers)
|
||||||
|
|
||||||
//nolint: gosec // Intentionally binding to all network interfaces.
|
//nolint: gosec // Intentionally binding to all network interfaces.
|
||||||
l, err := net.Listen("tcp", ":80")
|
l, err := net.Listen("tcp", ":80")
|
||||||
|
@ -15,7 +15,7 @@ metadata:
|
|||||||
rules:
|
rules:
|
||||||
- apiGroups: [config.pinniped.dev]
|
- apiGroups: [config.pinniped.dev]
|
||||||
resources: [oidcproviderconfigs]
|
resources: [oidcproviderconfigs]
|
||||||
verbs: [get, list, watch]
|
verbs: [update, get, list, watch]
|
||||||
---
|
---
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
type: object
|
type: object
|
||||||
status:
|
spec:
|
||||||
description: Spec of the OIDC provider.
|
description: Spec of the OIDC provider.
|
||||||
properties:
|
properties:
|
||||||
issuer:
|
issuer:
|
||||||
@ -52,8 +52,23 @@ spec:
|
|||||||
required:
|
required:
|
||||||
- issuer
|
- issuer
|
||||||
type: object
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status of the OIDC provider.
|
||||||
|
properties:
|
||||||
|
message:
|
||||||
|
description: Message provides human-readable details about the Status.
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: Status holds an enum that describes the state of this
|
||||||
|
OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
enum:
|
||||||
|
- Success
|
||||||
|
- Duplicate
|
||||||
|
- Invalid
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- status
|
- spec
|
||||||
type: object
|
type: object
|
||||||
served: true
|
served: true
|
||||||
storage: true
|
storage: true
|
||||||
|
21
generated/1.17/README.adoc
generated
21
generated/1.17/README.adoc
generated
@ -110,7 +110,8 @@ OIDCProviderConfig describes the configuration of an OIDC provider.
|
|||||||
| Field | Description
|
| Field | Description
|
||||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||||
|
|
||||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider.
|
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider.
|
||||||
|
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -134,6 +135,24 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
|||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfigstatus"]
|
||||||
|
==== OIDCProviderConfigStatus
|
||||||
|
|
||||||
|
OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
|
||||||
|
.Appears In:
|
||||||
|
****
|
||||||
|
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$]
|
||||||
|
****
|
||||||
|
|
||||||
|
[cols="25a,75a", options="header"]
|
||||||
|
|===
|
||||||
|
| Field | Description
|
||||||
|
| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
| *`message`* __string__ | Message provides human-readable details about the Status.
|
||||||
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
|
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
|
||||||
=== idp.pinniped.dev/v1alpha1
|
=== idp.pinniped.dev/v1alpha1
|
||||||
|
@ -5,6 +5,15 @@ package v1alpha1
|
|||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
||||||
|
type OIDCProviderStatus string
|
||||||
|
|
||||||
|
const (
|
||||||
|
SuccessOIDCProviderStatus = OIDCProviderStatus("Success")
|
||||||
|
DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate")
|
||||||
|
InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid")
|
||||||
|
)
|
||||||
|
|
||||||
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
||||||
type OIDCProviderConfigSpec struct {
|
type OIDCProviderConfigSpec struct {
|
||||||
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
||||||
@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct {
|
|||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
type OIDCProviderConfigStatus struct {
|
||||||
|
// Status holds an enum that describes the state of this OIDCProvider. Note that this Status can
|
||||||
|
// represent success or failure.
|
||||||
|
// +optional
|
||||||
|
Status OIDCProviderStatus `json:"status,omitempty"`
|
||||||
|
|
||||||
|
// Message provides human-readable details about the Status.
|
||||||
|
// +optional
|
||||||
|
Message string `json:"message,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
@ -28,7 +49,10 @@ type OIDCProviderConfig struct {
|
|||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
// Spec of the OIDC provider.
|
// Spec of the OIDC provider.
|
||||||
Spec OIDCProviderConfigSpec `json:"status"`
|
Spec OIDCProviderConfigSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the OIDC provider.
|
||||||
|
Status OIDCProviderConfigStatus `json:"status,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// List of OIDCProviderConfig objects.
|
// List of OIDCProviderConfig objects.
|
||||||
|
@ -138,6 +138,7 @@ func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) {
|
|||||||
out.TypeMeta = in.TypeMeta
|
out.TypeMeta = in.TypeMeta
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||||
out.Spec = in.Spec
|
out.Spec = in.Spec
|
||||||
|
out.Status = in.Status
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -207,3 +208,19 @@ func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec {
|
|||||||
in.DeepCopyInto(out)
|
in.DeepCopyInto(out)
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus.
|
||||||
|
func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(OIDCProviderConfigStatus)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
@ -87,6 +87,18 @@ func (c *FakeOIDCProviderConfigs) Update(oIDCProviderConfig *v1alpha1.OIDCProvid
|
|||||||
return obj.(*v1alpha1.OIDCProviderConfig), err
|
return obj.(*v1alpha1.OIDCProviderConfig), err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UpdateStatus was generated because the type contains a Status member.
|
||||||
|
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
||||||
|
func (c *FakeOIDCProviderConfigs) UpdateStatus(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error) {
|
||||||
|
obj, err := c.Fake.
|
||||||
|
Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{})
|
||||||
|
|
||||||
|
if obj == nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return obj.(*v1alpha1.OIDCProviderConfig), err
|
||||||
|
}
|
||||||
|
|
||||||
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
||||||
func (c *FakeOIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error {
|
func (c *FakeOIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error {
|
||||||
_, err := c.Fake.
|
_, err := c.Fake.
|
||||||
|
@ -26,6 +26,7 @@ type OIDCProviderConfigsGetter interface {
|
|||||||
type OIDCProviderConfigInterface interface {
|
type OIDCProviderConfigInterface interface {
|
||||||
Create(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error)
|
Create(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
Update(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error)
|
Update(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
|
UpdateStatus(*v1alpha1.OIDCProviderConfig) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
Delete(name string, options *v1.DeleteOptions) error
|
Delete(name string, options *v1.DeleteOptions) error
|
||||||
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
|
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
|
||||||
Get(name string, options v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Get(name string, options v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
@ -119,6 +120,22 @@ func (c *oIDCProviderConfigs) Update(oIDCProviderConfig *v1alpha1.OIDCProviderCo
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UpdateStatus was generated because the type contains a Status member.
|
||||||
|
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
||||||
|
|
||||||
|
func (c *oIDCProviderConfigs) UpdateStatus(oIDCProviderConfig *v1alpha1.OIDCProviderConfig) (result *v1alpha1.OIDCProviderConfig, err error) {
|
||||||
|
result = &v1alpha1.OIDCProviderConfig{}
|
||||||
|
err = c.client.Put().
|
||||||
|
Namespace(c.ns).
|
||||||
|
Resource("oidcproviderconfigs").
|
||||||
|
Name(oIDCProviderConfig.Name).
|
||||||
|
SubResource("status").
|
||||||
|
Body(oIDCProviderConfig).
|
||||||
|
Do().
|
||||||
|
Into(result)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
||||||
func (c *oIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error {
|
func (c *oIDCProviderConfigs) Delete(name string, options *v1.DeleteOptions) error {
|
||||||
return c.client.Delete().
|
return c.client.Delete().
|
||||||
|
@ -25,6 +25,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
|
|||||||
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfig": schema_117_apis_config_v1alpha1_OIDCProviderConfig(ref),
|
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfig": schema_117_apis_config_v1alpha1_OIDCProviderConfig(ref),
|
||||||
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigList": schema_117_apis_config_v1alpha1_OIDCProviderConfigList(ref),
|
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigList": schema_117_apis_config_v1alpha1_OIDCProviderConfigList(ref),
|
||||||
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_117_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
|
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_117_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
|
||||||
|
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref),
|
||||||
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.Condition": schema_117_apis_idp_v1alpha1_Condition(ref),
|
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.Condition": schema_117_apis_idp_v1alpha1_Condition(ref),
|
||||||
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.TLSSpec": schema_117_apis_idp_v1alpha1_TLSSpec(ref),
|
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.TLSSpec": schema_117_apis_idp_v1alpha1_TLSSpec(ref),
|
||||||
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider": schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
|
"go.pinniped.dev/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProvider": schema_117_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
|
||||||
@ -315,18 +316,24 @@ func schema_117_apis_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCall
|
|||||||
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"status": {
|
"spec": {
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Spec of the OIDC provider.",
|
Description: "Spec of the OIDC provider.",
|
||||||
Ref: ref("go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec"),
|
Ref: ref("go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"status": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Status of the OIDC provider.",
|
||||||
|
Ref: ref("go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus"),
|
||||||
},
|
},
|
||||||
Required: []string{"status"},
|
},
|
||||||
|
},
|
||||||
|
Required: []string{"spec"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Dependencies: []string{
|
Dependencies: []string{
|
||||||
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
"go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.17/apis/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -397,6 +404,33 @@ func schema_117_apis_config_v1alpha1_OIDCProviderConfigSpec(ref common.Reference
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||||
|
return common.OpenAPIDefinition{
|
||||||
|
Schema: spec.Schema{
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.",
|
||||||
|
Type: []string{"object"},
|
||||||
|
Properties: map[string]spec.Schema{
|
||||||
|
"status": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.",
|
||||||
|
Type: []string{"string"},
|
||||||
|
Format: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Message provides human-readable details about the Status.",
|
||||||
|
Type: []string{"string"},
|
||||||
|
Format: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func schema_117_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
func schema_117_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||||
return common.OpenAPIDefinition{
|
return common.OpenAPIDefinition{
|
||||||
Schema: spec.Schema{
|
Schema: spec.Schema{
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
type: object
|
type: object
|
||||||
status:
|
spec:
|
||||||
description: Spec of the OIDC provider.
|
description: Spec of the OIDC provider.
|
||||||
properties:
|
properties:
|
||||||
issuer:
|
issuer:
|
||||||
@ -52,8 +52,23 @@ spec:
|
|||||||
required:
|
required:
|
||||||
- issuer
|
- issuer
|
||||||
type: object
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status of the OIDC provider.
|
||||||
|
properties:
|
||||||
|
message:
|
||||||
|
description: Message provides human-readable details about the Status.
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: Status holds an enum that describes the state of this
|
||||||
|
OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
enum:
|
||||||
|
- Success
|
||||||
|
- Duplicate
|
||||||
|
- Invalid
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- status
|
- spec
|
||||||
type: object
|
type: object
|
||||||
served: true
|
served: true
|
||||||
storage: true
|
storage: true
|
||||||
|
21
generated/1.18/README.adoc
generated
21
generated/1.18/README.adoc
generated
@ -110,7 +110,8 @@ OIDCProviderConfig describes the configuration of an OIDC provider.
|
|||||||
| Field | Description
|
| Field | Description
|
||||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||||
|
|
||||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider.
|
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider.
|
||||||
|
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -134,6 +135,24 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
|||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfigstatus"]
|
||||||
|
==== OIDCProviderConfigStatus
|
||||||
|
|
||||||
|
OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
|
||||||
|
.Appears In:
|
||||||
|
****
|
||||||
|
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$]
|
||||||
|
****
|
||||||
|
|
||||||
|
[cols="25a,75a", options="header"]
|
||||||
|
|===
|
||||||
|
| Field | Description
|
||||||
|
| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
| *`message`* __string__ | Message provides human-readable details about the Status.
|
||||||
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
|
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
|
||||||
=== idp.pinniped.dev/v1alpha1
|
=== idp.pinniped.dev/v1alpha1
|
||||||
|
@ -5,6 +5,15 @@ package v1alpha1
|
|||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
||||||
|
type OIDCProviderStatus string
|
||||||
|
|
||||||
|
const (
|
||||||
|
SuccessOIDCProviderStatus = OIDCProviderStatus("Success")
|
||||||
|
DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate")
|
||||||
|
InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid")
|
||||||
|
)
|
||||||
|
|
||||||
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
||||||
type OIDCProviderConfigSpec struct {
|
type OIDCProviderConfigSpec struct {
|
||||||
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
||||||
@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct {
|
|||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
type OIDCProviderConfigStatus struct {
|
||||||
|
// Status holds an enum that describes the state of this OIDCProvider. Note that this Status can
|
||||||
|
// represent success or failure.
|
||||||
|
// +optional
|
||||||
|
Status OIDCProviderStatus `json:"status,omitempty"`
|
||||||
|
|
||||||
|
// Message provides human-readable details about the Status.
|
||||||
|
// +optional
|
||||||
|
Message string `json:"message,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
@ -28,7 +49,10 @@ type OIDCProviderConfig struct {
|
|||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
// Spec of the OIDC provider.
|
// Spec of the OIDC provider.
|
||||||
Spec OIDCProviderConfigSpec `json:"status"`
|
Spec OIDCProviderConfigSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the OIDC provider.
|
||||||
|
Status OIDCProviderConfigStatus `json:"status,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// List of OIDCProviderConfig objects.
|
// List of OIDCProviderConfig objects.
|
||||||
|
@ -138,6 +138,7 @@ func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) {
|
|||||||
out.TypeMeta = in.TypeMeta
|
out.TypeMeta = in.TypeMeta
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||||
out.Spec = in.Spec
|
out.Spec = in.Spec
|
||||||
|
out.Status = in.Status
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -207,3 +208,19 @@ func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec {
|
|||||||
in.DeepCopyInto(out)
|
in.DeepCopyInto(out)
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus.
|
||||||
|
func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(OIDCProviderConfigStatus)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
@ -89,6 +89,18 @@ func (c *FakeOIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig
|
|||||||
return obj.(*v1alpha1.OIDCProviderConfig), err
|
return obj.(*v1alpha1.OIDCProviderConfig), err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UpdateStatus was generated because the type contains a Status member.
|
||||||
|
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
||||||
|
func (c *FakeOIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) {
|
||||||
|
obj, err := c.Fake.
|
||||||
|
Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{})
|
||||||
|
|
||||||
|
if obj == nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return obj.(*v1alpha1.OIDCProviderConfig), err
|
||||||
|
}
|
||||||
|
|
||||||
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
||||||
func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
||||||
_, err := c.Fake.
|
_, err := c.Fake.
|
||||||
|
@ -27,6 +27,7 @@ type OIDCProviderConfigsGetter interface {
|
|||||||
type OIDCProviderConfigInterface interface {
|
type OIDCProviderConfigInterface interface {
|
||||||
Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
|
UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
|
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
|
||||||
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
|
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
|
||||||
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
@ -122,6 +123,22 @@ func (c *oIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UpdateStatus was generated because the type contains a Status member.
|
||||||
|
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
||||||
|
func (c *oIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) {
|
||||||
|
result = &v1alpha1.OIDCProviderConfig{}
|
||||||
|
err = c.client.Put().
|
||||||
|
Namespace(c.ns).
|
||||||
|
Resource("oidcproviderconfigs").
|
||||||
|
Name(oIDCProviderConfig.Name).
|
||||||
|
SubResource("status").
|
||||||
|
VersionedParams(&opts, scheme.ParameterCodec).
|
||||||
|
Body(oIDCProviderConfig).
|
||||||
|
Do(ctx).
|
||||||
|
Into(result)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
||||||
func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
||||||
return c.client.Delete().
|
return c.client.Delete().
|
||||||
|
@ -25,6 +25,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
|
|||||||
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfig": schema_118_apis_config_v1alpha1_OIDCProviderConfig(ref),
|
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfig": schema_118_apis_config_v1alpha1_OIDCProviderConfig(ref),
|
||||||
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigList": schema_118_apis_config_v1alpha1_OIDCProviderConfigList(ref),
|
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigList": schema_118_apis_config_v1alpha1_OIDCProviderConfigList(ref),
|
||||||
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_118_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
|
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_118_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
|
||||||
|
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_118_apis_config_v1alpha1_OIDCProviderConfigStatus(ref),
|
||||||
"go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.Condition": schema_118_apis_idp_v1alpha1_Condition(ref),
|
"go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.Condition": schema_118_apis_idp_v1alpha1_Condition(ref),
|
||||||
"go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.TLSSpec": schema_118_apis_idp_v1alpha1_TLSSpec(ref),
|
"go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.TLSSpec": schema_118_apis_idp_v1alpha1_TLSSpec(ref),
|
||||||
"go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProvider": schema_118_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
|
"go.pinniped.dev/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProvider": schema_118_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
|
||||||
@ -315,18 +316,24 @@ func schema_118_apis_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCall
|
|||||||
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"status": {
|
"spec": {
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Spec of the OIDC provider.",
|
Description: "Spec of the OIDC provider.",
|
||||||
Ref: ref("go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec"),
|
Ref: ref("go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"status": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Status of the OIDC provider.",
|
||||||
|
Ref: ref("go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigStatus"),
|
||||||
},
|
},
|
||||||
Required: []string{"status"},
|
},
|
||||||
|
},
|
||||||
|
Required: []string{"spec"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Dependencies: []string{
|
Dependencies: []string{
|
||||||
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
"go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.18/apis/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -397,6 +404,33 @@ func schema_118_apis_config_v1alpha1_OIDCProviderConfigSpec(ref common.Reference
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func schema_118_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||||
|
return common.OpenAPIDefinition{
|
||||||
|
Schema: spec.Schema{
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.",
|
||||||
|
Type: []string{"object"},
|
||||||
|
Properties: map[string]spec.Schema{
|
||||||
|
"status": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.",
|
||||||
|
Type: []string{"string"},
|
||||||
|
Format: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Message provides human-readable details about the Status.",
|
||||||
|
Type: []string{"string"},
|
||||||
|
Format: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func schema_118_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
func schema_118_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||||
return common.OpenAPIDefinition{
|
return common.OpenAPIDefinition{
|
||||||
Schema: spec.Schema{
|
Schema: spec.Schema{
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
type: object
|
type: object
|
||||||
status:
|
spec:
|
||||||
description: Spec of the OIDC provider.
|
description: Spec of the OIDC provider.
|
||||||
properties:
|
properties:
|
||||||
issuer:
|
issuer:
|
||||||
@ -52,8 +52,23 @@ spec:
|
|||||||
required:
|
required:
|
||||||
- issuer
|
- issuer
|
||||||
type: object
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status of the OIDC provider.
|
||||||
|
properties:
|
||||||
|
message:
|
||||||
|
description: Message provides human-readable details about the Status.
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: Status holds an enum that describes the state of this
|
||||||
|
OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
enum:
|
||||||
|
- Success
|
||||||
|
- Duplicate
|
||||||
|
- Invalid
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- status
|
- spec
|
||||||
type: object
|
type: object
|
||||||
served: true
|
served: true
|
||||||
storage: true
|
storage: true
|
||||||
|
21
generated/1.19/README.adoc
generated
21
generated/1.19/README.adoc
generated
@ -110,7 +110,8 @@ OIDCProviderConfig describes the configuration of an OIDC provider.
|
|||||||
| Field | Description
|
| Field | Description
|
||||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||||
|
|
||||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider.
|
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigspec[$$OIDCProviderConfigSpec$$]__ | Spec of the OIDC provider.
|
||||||
|
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigstatus[$$OIDCProviderConfigStatus$$]__ | Status of the OIDC provider.
|
||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
@ -134,6 +135,24 @@ OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
|||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfigstatus"]
|
||||||
|
==== OIDCProviderConfigStatus
|
||||||
|
|
||||||
|
OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
|
||||||
|
.Appears In:
|
||||||
|
****
|
||||||
|
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-config-v1alpha1-oidcproviderconfig[$$OIDCProviderConfig$$]
|
||||||
|
****
|
||||||
|
|
||||||
|
[cols="25a,75a", options="header"]
|
||||||
|
|===
|
||||||
|
| Field | Description
|
||||||
|
| *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
| *`message`* __string__ | Message provides human-readable details about the Status.
|
||||||
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
|
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
|
||||||
=== idp.pinniped.dev/v1alpha1
|
=== idp.pinniped.dev/v1alpha1
|
||||||
|
@ -5,6 +5,15 @@ package v1alpha1
|
|||||||
|
|
||||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
|
// +kubebuilder:validation:Enum=Success;Duplicate;Invalid
|
||||||
|
type OIDCProviderStatus string
|
||||||
|
|
||||||
|
const (
|
||||||
|
SuccessOIDCProviderStatus = OIDCProviderStatus("Success")
|
||||||
|
DuplicateOIDCProviderStatus = OIDCProviderStatus("Duplicate")
|
||||||
|
InvalidOIDCProviderStatus = OIDCProviderStatus("Invalid")
|
||||||
|
)
|
||||||
|
|
||||||
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
// OIDCProviderConfigSpec is a struct that describes an OIDC Provider.
|
||||||
type OIDCProviderConfigSpec struct {
|
type OIDCProviderConfigSpec struct {
|
||||||
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
|
||||||
@ -19,6 +28,18 @@ type OIDCProviderConfigSpec struct {
|
|||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.
|
||||||
|
type OIDCProviderConfigStatus struct {
|
||||||
|
// Status holds an enum that describes the state of this OIDCProvider. Note that this Status can
|
||||||
|
// represent success or failure.
|
||||||
|
// +optional
|
||||||
|
Status OIDCProviderStatus `json:"status,omitempty"`
|
||||||
|
|
||||||
|
// Message provides human-readable details about the Status.
|
||||||
|
// +optional
|
||||||
|
Message string `json:"message,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
// OIDCProviderConfig describes the configuration of an OIDC provider.
|
||||||
// +genclient
|
// +genclient
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
@ -28,7 +49,10 @@ type OIDCProviderConfig struct {
|
|||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
|
||||||
// Spec of the OIDC provider.
|
// Spec of the OIDC provider.
|
||||||
Spec OIDCProviderConfigSpec `json:"status"`
|
Spec OIDCProviderConfigSpec `json:"spec"`
|
||||||
|
|
||||||
|
// Status of the OIDC provider.
|
||||||
|
Status OIDCProviderConfigStatus `json:"status,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// List of OIDCProviderConfig objects.
|
// List of OIDCProviderConfig objects.
|
||||||
|
@ -138,6 +138,7 @@ func (in *OIDCProviderConfig) DeepCopyInto(out *OIDCProviderConfig) {
|
|||||||
out.TypeMeta = in.TypeMeta
|
out.TypeMeta = in.TypeMeta
|
||||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||||
out.Spec = in.Spec
|
out.Spec = in.Spec
|
||||||
|
out.Status = in.Status
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -207,3 +208,19 @@ func (in *OIDCProviderConfigSpec) DeepCopy() *OIDCProviderConfigSpec {
|
|||||||
in.DeepCopyInto(out)
|
in.DeepCopyInto(out)
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderConfigStatus.
|
||||||
|
func (in *OIDCProviderConfigStatus) DeepCopy() *OIDCProviderConfigStatus {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(OIDCProviderConfigStatus)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
@ -89,6 +89,18 @@ func (c *FakeOIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig
|
|||||||
return obj.(*v1alpha1.OIDCProviderConfig), err
|
return obj.(*v1alpha1.OIDCProviderConfig), err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UpdateStatus was generated because the type contains a Status member.
|
||||||
|
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
||||||
|
func (c *FakeOIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error) {
|
||||||
|
obj, err := c.Fake.
|
||||||
|
Invokes(testing.NewUpdateSubresourceAction(oidcproviderconfigsResource, "status", c.ns, oIDCProviderConfig), &v1alpha1.OIDCProviderConfig{})
|
||||||
|
|
||||||
|
if obj == nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return obj.(*v1alpha1.OIDCProviderConfig), err
|
||||||
|
}
|
||||||
|
|
||||||
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
||||||
func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
func (c *FakeOIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
||||||
_, err := c.Fake.
|
_, err := c.Fake.
|
||||||
|
@ -27,6 +27,7 @@ type OIDCProviderConfigsGetter interface {
|
|||||||
type OIDCProviderConfigInterface interface {
|
type OIDCProviderConfigInterface interface {
|
||||||
Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Create(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.CreateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Update(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
|
UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
|
Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
|
||||||
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
|
DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
|
||||||
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error)
|
Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OIDCProviderConfig, error)
|
||||||
@ -122,6 +123,22 @@ func (c *oIDCProviderConfigs) Update(ctx context.Context, oIDCProviderConfig *v1
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UpdateStatus was generated because the type contains a Status member.
|
||||||
|
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
|
||||||
|
func (c *oIDCProviderConfigs) UpdateStatus(ctx context.Context, oIDCProviderConfig *v1alpha1.OIDCProviderConfig, opts v1.UpdateOptions) (result *v1alpha1.OIDCProviderConfig, err error) {
|
||||||
|
result = &v1alpha1.OIDCProviderConfig{}
|
||||||
|
err = c.client.Put().
|
||||||
|
Namespace(c.ns).
|
||||||
|
Resource("oidcproviderconfigs").
|
||||||
|
Name(oIDCProviderConfig.Name).
|
||||||
|
SubResource("status").
|
||||||
|
VersionedParams(&opts, scheme.ParameterCodec).
|
||||||
|
Body(oIDCProviderConfig).
|
||||||
|
Do(ctx).
|
||||||
|
Into(result)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
// Delete takes name of the oIDCProviderConfig and deletes it. Returns an error if one occurs.
|
||||||
func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
func (c *oIDCProviderConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
|
||||||
return c.client.Delete().
|
return c.client.Delete().
|
||||||
|
@ -25,6 +25,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
|
|||||||
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfig": schema_119_apis_config_v1alpha1_OIDCProviderConfig(ref),
|
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfig": schema_119_apis_config_v1alpha1_OIDCProviderConfig(ref),
|
||||||
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigList": schema_119_apis_config_v1alpha1_OIDCProviderConfigList(ref),
|
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigList": schema_119_apis_config_v1alpha1_OIDCProviderConfigList(ref),
|
||||||
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_119_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
|
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec": schema_119_apis_config_v1alpha1_OIDCProviderConfigSpec(ref),
|
||||||
|
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigStatus": schema_119_apis_config_v1alpha1_OIDCProviderConfigStatus(ref),
|
||||||
"go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.Condition": schema_119_apis_idp_v1alpha1_Condition(ref),
|
"go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.Condition": schema_119_apis_idp_v1alpha1_Condition(ref),
|
||||||
"go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.TLSSpec": schema_119_apis_idp_v1alpha1_TLSSpec(ref),
|
"go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.TLSSpec": schema_119_apis_idp_v1alpha1_TLSSpec(ref),
|
||||||
"go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProvider": schema_119_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
|
"go.pinniped.dev/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProvider": schema_119_apis_idp_v1alpha1_WebhookIdentityProvider(ref),
|
||||||
@ -316,18 +317,24 @@ func schema_119_apis_config_v1alpha1_OIDCProviderConfig(ref common.ReferenceCall
|
|||||||
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"status": {
|
"spec": {
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Spec of the OIDC provider.",
|
Description: "Spec of the OIDC provider.",
|
||||||
Ref: ref("go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec"),
|
Ref: ref("go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"status": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Status of the OIDC provider.",
|
||||||
|
Ref: ref("go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigStatus"),
|
||||||
},
|
},
|
||||||
Required: []string{"status"},
|
},
|
||||||
|
},
|
||||||
|
Required: []string{"spec"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Dependencies: []string{
|
Dependencies: []string{
|
||||||
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
"go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigSpec", "go.pinniped.dev/generated/1.19/apis/config/v1alpha1.OIDCProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -398,6 +405,33 @@ func schema_119_apis_config_v1alpha1_OIDCProviderConfigSpec(ref common.Reference
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func schema_119_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||||
|
return common.OpenAPIDefinition{
|
||||||
|
Schema: spec.Schema{
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC Provider.",
|
||||||
|
Type: []string{"object"},
|
||||||
|
Properties: map[string]spec.Schema{
|
||||||
|
"status": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Status holds an enum that describes the state of this OIDCProvider. Note that this Status can represent success or failure.",
|
||||||
|
Type: []string{"string"},
|
||||||
|
Format: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
SchemaProps: spec.SchemaProps{
|
||||||
|
Description: "Message provides human-readable details about the Status.",
|
||||||
|
Type: []string{"string"},
|
||||||
|
Format: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func schema_119_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
func schema_119_apis_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||||
return common.OpenAPIDefinition{
|
return common.OpenAPIDefinition{
|
||||||
Schema: spec.Schema{
|
Schema: spec.Schema{
|
||||||
|
@ -35,7 +35,7 @@ spec:
|
|||||||
type: string
|
type: string
|
||||||
metadata:
|
metadata:
|
||||||
type: object
|
type: object
|
||||||
status:
|
spec:
|
||||||
description: Spec of the OIDC provider.
|
description: Spec of the OIDC provider.
|
||||||
properties:
|
properties:
|
||||||
issuer:
|
issuer:
|
||||||
@ -52,8 +52,23 @@ spec:
|
|||||||
required:
|
required:
|
||||||
- issuer
|
- issuer
|
||||||
type: object
|
type: object
|
||||||
|
status:
|
||||||
|
description: Status of the OIDC provider.
|
||||||
|
properties:
|
||||||
|
message:
|
||||||
|
description: Message provides human-readable details about the Status.
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: Status holds an enum that describes the state of this
|
||||||
|
OIDCProvider. Note that this Status can represent success or failure.
|
||||||
|
enum:
|
||||||
|
- Success
|
||||||
|
- Duplicate
|
||||||
|
- Invalid
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- status
|
- spec
|
||||||
type: object
|
type: object
|
||||||
served: true
|
served: true
|
||||||
storage: true
|
storage: true
|
||||||
|
@ -4,11 +4,19 @@
|
|||||||
package supervisorconfig
|
package supervisorconfig
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/labels"
|
"k8s.io/apimachinery/pkg/labels"
|
||||||
|
"k8s.io/apimachinery/pkg/util/clock"
|
||||||
|
"k8s.io/client-go/util/retry"
|
||||||
"k8s.io/klog/v2"
|
"k8s.io/klog/v2"
|
||||||
|
|
||||||
|
configv1alpha1 "go.pinniped.dev/generated/1.19/apis/config/v1alpha1"
|
||||||
|
pinnipedclientset "go.pinniped.dev/generated/1.19/client/clientset/versioned"
|
||||||
configinformers "go.pinniped.dev/generated/1.19/client/informers/externalversions/config/v1alpha1"
|
configinformers "go.pinniped.dev/generated/1.19/client/informers/externalversions/config/v1alpha1"
|
||||||
pinnipedcontroller "go.pinniped.dev/internal/controller"
|
pinnipedcontroller "go.pinniped.dev/internal/controller"
|
||||||
"go.pinniped.dev/internal/controllerlib"
|
"go.pinniped.dev/internal/controllerlib"
|
||||||
@ -24,13 +32,17 @@ type ProvidersSetter interface {
|
|||||||
|
|
||||||
type oidcProviderConfigWatcherController struct {
|
type oidcProviderConfigWatcherController struct {
|
||||||
providerSetter ProvidersSetter
|
providerSetter ProvidersSetter
|
||||||
|
clock clock.Clock
|
||||||
|
client pinnipedclientset.Interface
|
||||||
opcInformer configinformers.OIDCProviderConfigInformer
|
opcInformer configinformers.OIDCProviderConfigInformer
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewOIDCProviderConfigWatcherController creates a controllerlib.Controller that watches
|
// NewOIDCProviderConfigWatcherController creates a controllerlib.Controller that watches
|
||||||
// OIDCProviderConfig objects and notifies a callback object of the collection of provider configs.
|
// OIDCProviderConfig objects and notifies a callback object of the collection of provider configs.
|
||||||
func NewOIDCProviderConfigWatcherController(
|
func NewOIDCProviderConfigWatcherController(
|
||||||
issuerObserver ProvidersSetter,
|
providerSetter ProvidersSetter,
|
||||||
|
clock clock.Clock,
|
||||||
|
client pinnipedclientset.Interface,
|
||||||
opcInformer configinformers.OIDCProviderConfigInformer,
|
opcInformer configinformers.OIDCProviderConfigInformer,
|
||||||
withInformer pinnipedcontroller.WithInformerOptionFunc,
|
withInformer pinnipedcontroller.WithInformerOptionFunc,
|
||||||
) controllerlib.Controller {
|
) controllerlib.Controller {
|
||||||
@ -38,7 +50,9 @@ func NewOIDCProviderConfigWatcherController(
|
|||||||
controllerlib.Config{
|
controllerlib.Config{
|
||||||
Name: "OIDCProviderConfigWatcherController",
|
Name: "OIDCProviderConfigWatcherController",
|
||||||
Syncer: &oidcProviderConfigWatcherController{
|
Syncer: &oidcProviderConfigWatcherController{
|
||||||
providerSetter: issuerObserver,
|
providerSetter: providerSetter,
|
||||||
|
clock: clock,
|
||||||
|
client: client,
|
||||||
opcInformer: opcInformer,
|
opcInformer: opcInformer,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -57,35 +71,133 @@ func (c *oidcProviderConfigWatcherController) Sync(ctx controllerlib.Context) er
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
issuerCounts := make(map[string]int)
|
||||||
|
for _, opc := range all {
|
||||||
|
issuerCounts[opc.Spec.Issuer] = issuerCounts[opc.Spec.Issuer] + 1
|
||||||
|
}
|
||||||
|
|
||||||
|
errs := newMultiError()
|
||||||
|
|
||||||
oidcProviders := make([]*provider.OIDCProvider, 0)
|
oidcProviders := make([]*provider.OIDCProvider, 0)
|
||||||
for _, opc := range all {
|
for _, opc := range all {
|
||||||
issuerURL, err := url.Parse(opc.Spec.Issuer)
|
if issuerCount := issuerCounts[opc.Spec.Issuer]; issuerCount > 1 {
|
||||||
if err != nil {
|
if err := c.updateStatus(
|
||||||
klog.InfoS(
|
ctx.Context,
|
||||||
"OIDCProviderConfigWatcherController Sync failed to parse issuer",
|
opc.Namespace,
|
||||||
"err",
|
opc.Name,
|
||||||
err,
|
configv1alpha1.DuplicateOIDCProviderStatus,
|
||||||
)
|
"Duplicate issuer",
|
||||||
|
); err != nil {
|
||||||
|
errs.add(fmt.Errorf("could not update status: %w", err))
|
||||||
|
}
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
issuerURL, err := url.Parse(opc.Spec.Issuer)
|
||||||
|
if err != nil {
|
||||||
|
if err := c.updateStatus(
|
||||||
|
ctx.Context,
|
||||||
|
opc.Namespace,
|
||||||
|
opc.Name,
|
||||||
|
configv1alpha1.InvalidOIDCProviderStatus,
|
||||||
|
"Invalid issuer URL: "+err.Error(),
|
||||||
|
); err != nil {
|
||||||
|
errs.add(fmt.Errorf("could not update status: %w", err))
|
||||||
|
}
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
oidcProvider := &provider.OIDCProvider{Issuer: issuerURL}
|
oidcProvider := &provider.OIDCProvider{Issuer: issuerURL}
|
||||||
err = oidcProvider.Validate()
|
err = oidcProvider.Validate()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.InfoS(
|
if err := c.updateStatus(
|
||||||
"OIDCProviderConfigWatcherController Sync could failed to validate OIDCProviderConfig",
|
ctx.Context,
|
||||||
"err",
|
opc.Namespace,
|
||||||
err,
|
opc.Name,
|
||||||
)
|
configv1alpha1.InvalidOIDCProviderStatus,
|
||||||
|
"Invalid issuer: "+err.Error(),
|
||||||
|
); err != nil {
|
||||||
|
errs.add(fmt.Errorf("could not update status: %w", err))
|
||||||
|
}
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
oidcProviders = append(oidcProviders, oidcProvider)
|
oidcProviders = append(oidcProviders, oidcProvider)
|
||||||
klog.InfoS(
|
if err := c.updateStatus(
|
||||||
"OIDCProviderConfigWatcherController Sync accepted OIDCProviderConfig",
|
ctx.Context,
|
||||||
"issuer",
|
opc.Namespace,
|
||||||
issuerURL,
|
opc.Name,
|
||||||
)
|
configv1alpha1.SuccessOIDCProviderStatus,
|
||||||
|
"Provider successfully created",
|
||||||
|
); err != nil {
|
||||||
|
// errs.add(fmt.Errorf("could not update status: %w", err))
|
||||||
|
return fmt.Errorf("could not update status: %w", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
c.providerSetter.SetProviders(oidcProviders...)
|
c.providerSetter.SetProviders(oidcProviders...)
|
||||||
|
|
||||||
|
return errs.errOrNil()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *oidcProviderConfigWatcherController) updateStatus(
|
||||||
|
ctx context.Context,
|
||||||
|
namespace, name string,
|
||||||
|
status configv1alpha1.OIDCProviderStatus,
|
||||||
|
message string,
|
||||||
|
) error {
|
||||||
|
return retry.RetryOnConflict(retry.DefaultRetry, func() error {
|
||||||
|
opc, err := c.client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Get(ctx, name, metav1.GetOptions{})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("get failed: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if opc.Status.Status == status && opc.Status.Message == message {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
klog.InfoS(
|
||||||
|
"attempting status update",
|
||||||
|
"openidproviderconfig",
|
||||||
|
klog.KRef(namespace, name),
|
||||||
|
"status",
|
||||||
|
status,
|
||||||
|
"message",
|
||||||
|
message,
|
||||||
|
)
|
||||||
|
opc.Status.Status = status
|
||||||
|
opc.Status.Message = message
|
||||||
|
_, err = c.client.ConfigV1alpha1().OIDCProviderConfigs(namespace).Update(ctx, opc, metav1.UpdateOptions{})
|
||||||
|
return err
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
type multiError []error
|
||||||
|
|
||||||
|
func newMultiError() multiError {
|
||||||
|
return make([]error, 0)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *multiError) add(err error) {
|
||||||
|
*m = append(*m, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m multiError) len() int {
|
||||||
|
return len(m)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m multiError) Error() string {
|
||||||
|
sb := strings.Builder{}
|
||||||
|
fmt.Fprintf(&sb, "%d errors:", m.len())
|
||||||
|
for _, err := range m {
|
||||||
|
fmt.Fprintf(&sb, "\n- %s", err.Error())
|
||||||
|
}
|
||||||
|
return sb.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m multiError) errOrNil() error {
|
||||||
|
if m.len() > 0 {
|
||||||
|
return m
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -59,21 +59,43 @@ func TestSupervisorOIDCDiscovery(t *testing.T) {
|
|||||||
issuer2 := fmt.Sprintf("http://%s/nested/issuer2", env.SupervisorAddress)
|
issuer2 := fmt.Sprintf("http://%s/nested/issuer2", env.SupervisorAddress)
|
||||||
issuer3 := fmt.Sprintf("http://%s/issuer3", env.SupervisorAddress)
|
issuer3 := fmt.Sprintf("http://%s/issuer3", env.SupervisorAddress)
|
||||||
issuer4 := fmt.Sprintf("http://%s/issuer4", env.SupervisorAddress)
|
issuer4 := fmt.Sprintf("http://%s/issuer4", env.SupervisorAddress)
|
||||||
|
issuer5 := fmt.Sprintf("http://%s/issuer5", env.SupervisorAddress)
|
||||||
|
badIssuer := fmt.Sprintf("http://%s/badIssuer?cannot-use=queries", env.SupervisorAddress)
|
||||||
|
|
||||||
// When OIDCProviderConfig are created in sequence they each cause a discovery endpoint to appear only for as long as the OIDCProviderConfig exists.
|
// When OIDCProviderConfig are created in sequence they each cause a discovery endpoint to appear only for as long as the OIDCProviderConfig exists.
|
||||||
createdOIDCProviderConfig1 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer1, "from-integration-test1")
|
config1 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer1, "from-integration-test1")
|
||||||
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig1, client, ns, issuer1)
|
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config1, client, ns, issuer1)
|
||||||
createdOIDCProviderConfig2 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer2, "from-integration-test2")
|
config2 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer2, "from-integration-test2")
|
||||||
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig2, client, ns, issuer2)
|
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config2, client, ns, issuer2)
|
||||||
|
|
||||||
// When multiple OIDCProviderConfigs exist at the same time they each serve a unique discovery endpoint.
|
// When multiple OIDCProviderConfigs exist at the same time they each serve a unique discovery endpoint.
|
||||||
createdOIDCProviderConfig3 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer3, "from-integration-test3")
|
config3 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer3, "from-integration-test3")
|
||||||
createdOIDCProviderConfig4 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer4, "from-integration-test4")
|
config4 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer4, "from-integration-test4")
|
||||||
requireWellKnownEndpointIsWorking(t, issuer3) // discovery for issuer3 is still working after issuer4 started working
|
requireWellKnownEndpointIsWorking(t, issuer3) // discovery for issuer3 is still working after issuer4 started working
|
||||||
|
|
||||||
// When they are deleted they stop serving discovery endpoints.
|
// When they are deleted they stop serving discovery endpoints.
|
||||||
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig3, client, ns, issuer2)
|
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config3, client, ns, issuer3)
|
||||||
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, createdOIDCProviderConfig4, client, ns, issuer2)
|
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config4, client, ns, issuer4)
|
||||||
|
|
||||||
|
// When the same issuer is added twice, both issuers are marked as duplicates, and neither provider is serving.
|
||||||
|
config5Duplicate1 := requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t, client, ns, issuer5, "from-integration-test5")
|
||||||
|
config5Duplicate2 := createOIDCProviderConfig(t, "from-integration-test5-duplicate", client, ns, issuer5)
|
||||||
|
requireStatus(t, client, ns, config5Duplicate1.Name, v1alpha1.DuplicateOIDCProviderStatus)
|
||||||
|
requireStatus(t, client, ns, config5Duplicate2.Name, v1alpha1.DuplicateOIDCProviderStatus)
|
||||||
|
requireDiscoveryEndpointIsNotFound(t, issuer5)
|
||||||
|
|
||||||
|
// If we delete the first duplicate issuer, the second duplicate issuer starts serving.
|
||||||
|
requireDelete(t, client, ns, config5Duplicate1.Name)
|
||||||
|
requireWellKnownEndpointIsWorking(t, issuer5)
|
||||||
|
requireStatus(t, client, ns, config5Duplicate2.Name, v1alpha1.SuccessOIDCProviderStatus)
|
||||||
|
|
||||||
|
// When we finally delete all issuers, the endpoint should be down.
|
||||||
|
requireDeletingOIDCProviderConfigCausesWellKnownEndpointToDisappear(t, config5Duplicate2, client, ns, issuer5)
|
||||||
|
|
||||||
|
// When we create a provider with an invalid issuer, the status is set to invalid.
|
||||||
|
badConfig := createOIDCProviderConfig(t, "from-integration-test6", client, ns, badIssuer)
|
||||||
|
requireStatus(t, client, ns, badConfig.Name, v1alpha1.InvalidOIDCProviderStatus)
|
||||||
|
requireDiscoveryEndpointIsNotFound(t, badIssuer)
|
||||||
}
|
}
|
||||||
|
|
||||||
func requireDiscoveryEndpointIsNotFound(t *testing.T, issuerName string) {
|
func requireDiscoveryEndpointIsNotFound(t *testing.T, issuerName string) {
|
||||||
@ -104,6 +126,7 @@ func requireCreatingOIDCProviderConfigCausesWellKnownEndpointToAppear(t *testing
|
|||||||
t.Helper()
|
t.Helper()
|
||||||
newOIDCProviderConfig := createOIDCProviderConfig(t, oidcProviderConfigName, client, ns, issuerName)
|
newOIDCProviderConfig := createOIDCProviderConfig(t, oidcProviderConfigName, client, ns, issuerName)
|
||||||
requireWellKnownEndpointIsWorking(t, issuerName)
|
requireWellKnownEndpointIsWorking(t, issuerName)
|
||||||
|
requireStatus(t, client, ns, oidcProviderConfigName, v1alpha1.SuccessOIDCProviderStatus)
|
||||||
return newOIDCProviderConfig
|
return newOIDCProviderConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -205,3 +228,27 @@ func createOIDCProviderConfig(t *testing.T, oidcProviderConfigName string, clien
|
|||||||
|
|
||||||
return createdOIDCProviderConfig
|
return createdOIDCProviderConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func requireDelete(t *testing.T, client pinnipedclientset.Interface, ns, name string) {
|
||||||
|
t.Helper()
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
err := client.ConfigV1alpha1().OIDCProviderConfigs(ns).Delete(ctx, name, metav1.DeleteOptions{})
|
||||||
|
require.NoError(t, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
func requireStatus(t *testing.T, client pinnipedclientset.Interface, ns, name string, status v1alpha1.OIDCProviderStatus) {
|
||||||
|
t.Helper()
|
||||||
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
var opc *v1alpha1.OIDCProviderConfig
|
||||||
|
var err error
|
||||||
|
assert.Eventually(t, func() bool {
|
||||||
|
opc, err = client.ConfigV1alpha1().OIDCProviderConfigs(ns).Get(ctx, name, metav1.GetOptions{})
|
||||||
|
return err == nil && opc.Status.Status == status
|
||||||
|
}, 10*time.Second, 200*time.Millisecond)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equalf(t, status, opc.Status.Status, "unexpected status (message = '%s')", opc.Status.Message)
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user