Merge pull request #1273 from vmware-tanzu/dynamic_client_create_secret
Implement OIDCClientSecretRequest API for managing dynamic client secrets
This commit is contained in:
commit
e27b04cb41
@ -2,7 +2,7 @@
|
||||
# On macOS, try `brew install pre-commit` and then run `pre-commit install`.
|
||||
exclude: '^(site|generated)/'
|
||||
repos:
|
||||
- repo: git://github.com/pre-commit/pre-commit-hooks
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v3.2.0
|
||||
hooks:
|
||||
# TODO: find a version of this to validate ytt templates?
|
||||
|
@ -17,11 +17,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
@ -35,6 +37,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -20,11 +20,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
@ -38,6 +40,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -5,7 +5,8 @@ package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
@ -8,6 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
@ -16,8 +17,9 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
@ -42,6 +44,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -8,7 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
@ -17,7 +17,7 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
@ -47,5 +47,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
@ -98,10 +98,26 @@ spec:
|
||||
readOnlyRootFilesystem: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
#! If OIDCClient CRs are being used, then the Supervisor needs enough CPU to run expensive bcrypt
|
||||
#! operations inside the implementation of the token endpoint for any authcode flows performed by those
|
||||
#! clients, so for that use case administrators may wish to increase the requests.cpu value to more
|
||||
#! closely align with their anticipated needs. Increasing this value will cause Kubernetes to give more
|
||||
#! available CPU to this process during times of high CPU contention. By default, don't ask for too much
|
||||
#! because that would make it impossible to install the Pinniped Supervisor on small clusters.
|
||||
#! Aside from performing bcrypts at the token endpoint for those clients, the Supervisor is not a
|
||||
#! particularly CPU-intensive process.
|
||||
cpu: "100m" #! by default, request one-tenth of a CPU
|
||||
memory: "128Mi"
|
||||
limits:
|
||||
cpu: "100m"
|
||||
#! By declaring a CPU limit that is not equal to the CPU request value, the Supervisor will be classified
|
||||
#! by Kubernetes to have "burstable" quality of service.
|
||||
#! See https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-burstable
|
||||
#! If OIDCClient CRs are being used, and lots of simultaneous users have active sessions, then it is hard
|
||||
#! pre-determine what the CPU limit should be for that use case. Guessing too low would cause the
|
||||
#! pod's CPU usage to be throttled, resulting in poor performance. Guessing too high would allow clients
|
||||
#! to cause the usage of lots of CPU resources. Administrators who have a good sense of anticipated usage
|
||||
#! patterns may choose to set the requests.cpu and limits.cpu differently from these defaults.
|
||||
cpu: "1000m" #! by default, throttle each pod's usage at 1 CPU
|
||||
memory: "128Mi"
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
|
64
generated/1.17/README.adoc
generated
64
generated/1.17/README.adoc
generated
@ -232,10 +232,32 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
| *`name`* __string__ | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
|
||||
| *`generateName`* __string__ | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
|
||||
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
|
||||
| *`namespace`* __string__ | Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
|
||||
| *`selfLink`* __string__ | SelfLink is a URL representing this object. Populated by the system. Read-only.
|
||||
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
|
||||
| *`uid`* __UID__ | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
|
||||
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
|
||||
| *`resourceVersion`* __string__ | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
| *`generation`* __integer__ | A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
|
||||
| *`creationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionGracePeriodSeconds`* __integer__ | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
|
||||
| *`labels`* __object (keys:string, values:string)__ | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
|
||||
| *`annotations`* __object (keys:string, values:string)__ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
|
||||
| *`ownerReferences`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#ownerreference-v1-meta[$$OwnerReference$$] array__ | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
|
||||
| *`finalizers`* __string array__ | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
|
||||
| *`clusterName`* __string__ | The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
|
||||
| *`managedFields`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#managedfieldsentry-v1-meta[$$ManagedFieldsEntry$$] array__ | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
|
||||
| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
|===
|
||||
|
||||
|
||||
@ -244,7 +266,7 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -254,15 +276,15 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GenerateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`RevokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -272,8 +294,8 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GeneratedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`TotalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -288,7 +310,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
|
||||
==== OIDCClientSecretRequest
|
||||
|
||||
|
||||
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -310,7 +332,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -320,15 +342,15 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ |
|
||||
| *`revokeOldSecrets`* __boolean__ |
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -338,8 +360,8 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ |
|
||||
| *`totalClientSecrets`* __integer__ |
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -868,7 +890,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -967,7 +989,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1540,7 +1562,7 @@ TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchang
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-login-v1alpha1-tokencredentialrequestspec"]
|
||||
==== TokenCredentialRequestSpec
|
||||
|
||||
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1558,7 +1580,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-login-v1alpha1-tokencredentialrequeststatus"]
|
||||
==== TokenCredentialRequestStatus
|
||||
|
||||
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
|
@ -17,11 +17,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
@ -35,6 +37,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -20,11 +20,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
@ -38,6 +40,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -5,7 +5,8 @@ package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
@ -8,6 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
@ -16,8 +17,9 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
@ -42,6 +44,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -8,7 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
@ -17,7 +17,7 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
@ -47,5 +47,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
13785
generated/1.17/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
13785
generated/1.17/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
2
generated/1.17/client/go.mod
generated
2
generated/1.17/client/go.mod
generated
@ -4,9 +4,11 @@ module go.pinniped.dev/generated/1.17/client
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501
|
||||
go.pinniped.dev/generated/1.17/apis v0.0.0
|
||||
k8s.io/apimachinery v0.17.17
|
||||
k8s.io/client-go v0.17.17
|
||||
k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29
|
||||
)
|
||||
|
||||
replace go.pinniped.dev/generated/1.17/apis => ../apis
|
||||
|
8
generated/1.17/client/go.sum
generated
8
generated/1.17/client/go.sum
generated
@ -10,7 +10,9 @@ github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6L
|
||||
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
||||
github.com/PuerkitoBio/purell v1.0.0 h1:0GoNN3taZV6QI81IXgCbxMyEaJDXMSIjArYBCYzVVvs=
|
||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2 h1:JCHLVE3B+kJde7bIEo5N4J+ZbLhp0J1Fs+ulyRws4gE=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
@ -19,6 +21,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
|
||||
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633 h1:H2pdYOb3KQ1/YsqVWoWNLQO+fusocsw354rqGTZtAgw=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
@ -26,9 +29,13 @@ github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1 h1:wSt/4CYxs70xbATrGXhokKF1i0tZjENLOo1ioIO13zk=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9 h1:tF+augKRWlWx0J0B7ZyyKSiTyV6E1zZe+7b3qQlcEf8=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501 h1:C1JKChikHGpXwT5UQDFaryIpDtyyGL/CR6C2kB7F1oc=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87 h1:zP3nY8Tk2E6RTkqGYrarZXuzh+ffyLDljLxCy1iJw80=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
|
||||
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
|
||||
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
|
||||
@ -74,6 +81,7 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a h1:TpvdAwDAt1K4ANVOfcihouRdvP+MgAfDWwBuct4l6ZY=
|
||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
||||
|
2451
generated/1.17/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
2451
generated/1.17/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
64
generated/1.18/README.adoc
generated
64
generated/1.18/README.adoc
generated
@ -232,10 +232,32 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
| *`name`* __string__ | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
|
||||
| *`generateName`* __string__ | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
|
||||
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
|
||||
| *`namespace`* __string__ | Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
|
||||
| *`selfLink`* __string__ | SelfLink is a URL representing this object. Populated by the system. Read-only.
|
||||
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
|
||||
| *`uid`* __UID__ | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
|
||||
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
|
||||
| *`resourceVersion`* __string__ | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
| *`generation`* __integer__ | A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
|
||||
| *`creationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionGracePeriodSeconds`* __integer__ | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
|
||||
| *`labels`* __object (keys:string, values:string)__ | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
|
||||
| *`annotations`* __object (keys:string, values:string)__ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
|
||||
| *`ownerReferences`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#ownerreference-v1-meta[$$OwnerReference$$] array__ | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
|
||||
| *`finalizers`* __string array__ | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
|
||||
| *`clusterName`* __string__ | The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
|
||||
| *`managedFields`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#managedfieldsentry-v1-meta[$$ManagedFieldsEntry$$] array__ | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
|
||||
| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
|===
|
||||
|
||||
|
||||
@ -244,7 +266,7 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -254,15 +276,15 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GenerateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`RevokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -272,8 +294,8 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GeneratedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`TotalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -288,7 +310,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
|
||||
==== OIDCClientSecretRequest
|
||||
|
||||
|
||||
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -310,7 +332,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -320,15 +342,15 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ |
|
||||
| *`revokeOldSecrets`* __boolean__ |
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -338,8 +360,8 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ |
|
||||
| *`totalClientSecrets`* __integer__ |
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -868,7 +890,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -967,7 +989,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1540,7 +1562,7 @@ TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchang
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-login-v1alpha1-tokencredentialrequestspec"]
|
||||
==== TokenCredentialRequestSpec
|
||||
|
||||
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1558,7 +1580,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-login-v1alpha1-tokencredentialrequeststatus"]
|
||||
==== TokenCredentialRequestStatus
|
||||
|
||||
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
|
@ -17,11 +17,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
@ -35,6 +37,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -20,11 +20,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
@ -38,6 +40,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -5,7 +5,8 @@ package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
@ -8,6 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
@ -16,8 +17,9 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
@ -42,6 +44,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -8,7 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
@ -17,7 +17,7 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
@ -47,5 +47,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
13821
generated/1.18/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
13821
generated/1.18/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
2
generated/1.18/client/go.mod
generated
2
generated/1.18/client/go.mod
generated
@ -4,9 +4,11 @@ module go.pinniped.dev/generated/1.18/client
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501
|
||||
go.pinniped.dev/generated/1.18/apis v0.0.0
|
||||
k8s.io/apimachinery v0.18.18
|
||||
k8s.io/client-go v0.18.18
|
||||
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6
|
||||
)
|
||||
|
||||
replace go.pinniped.dev/generated/1.18/apis => ../apis
|
||||
|
8
generated/1.18/client/go.sum
generated
8
generated/1.18/client/go.sum
generated
@ -10,7 +10,9 @@ github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6L
|
||||
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
||||
github.com/PuerkitoBio/purell v1.0.0 h1:0GoNN3taZV6QI81IXgCbxMyEaJDXMSIjArYBCYzVVvs=
|
||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2 h1:JCHLVE3B+kJde7bIEo5N4J+ZbLhp0J1Fs+ulyRws4gE=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
@ -19,6 +21,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633 h1:H2pdYOb3KQ1/YsqVWoWNLQO+fusocsw354rqGTZtAgw=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
@ -26,9 +29,13 @@ github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1 h1:wSt/4CYxs70xbATrGXhokKF1i0tZjENLOo1ioIO13zk=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9 h1:tF+augKRWlWx0J0B7ZyyKSiTyV6E1zZe+7b3qQlcEf8=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501 h1:C1JKChikHGpXwT5UQDFaryIpDtyyGL/CR6C2kB7F1oc=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87 h1:zP3nY8Tk2E6RTkqGYrarZXuzh+ffyLDljLxCy1iJw80=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
@ -76,6 +83,7 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a h1:TpvdAwDAt1K4ANVOfcihouRdvP+MgAfDWwBuct4l6ZY=
|
||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
||||
|
2451
generated/1.18/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
2451
generated/1.18/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
64
generated/1.19/README.adoc
generated
64
generated/1.19/README.adoc
generated
@ -232,10 +232,32 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
| *`name`* __string__ | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
|
||||
| *`generateName`* __string__ | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
|
||||
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
|
||||
| *`namespace`* __string__ | Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
|
||||
| *`selfLink`* __string__ | SelfLink is a URL representing this object. Populated by the system. Read-only.
|
||||
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
|
||||
| *`uid`* __UID__ | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
|
||||
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
|
||||
| *`resourceVersion`* __string__ | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
| *`generation`* __integer__ | A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
|
||||
| *`creationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionGracePeriodSeconds`* __integer__ | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
|
||||
| *`labels`* __object (keys:string, values:string)__ | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
|
||||
| *`annotations`* __object (keys:string, values:string)__ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
|
||||
| *`ownerReferences`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#ownerreference-v1-meta[$$OwnerReference$$] array__ | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
|
||||
| *`finalizers`* __string array__ | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
|
||||
| *`clusterName`* __string__ | The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
|
||||
| *`managedFields`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#managedfieldsentry-v1-meta[$$ManagedFieldsEntry$$] array__ | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
|
||||
| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
|===
|
||||
|
||||
|
||||
@ -244,7 +266,7 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -254,15 +276,15 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GenerateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`RevokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -272,8 +294,8 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GeneratedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`TotalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -288,7 +310,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
|
||||
==== OIDCClientSecretRequest
|
||||
|
||||
|
||||
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -310,7 +332,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -320,15 +342,15 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ |
|
||||
| *`revokeOldSecrets`* __boolean__ |
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -338,8 +360,8 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ |
|
||||
| *`totalClientSecrets`* __integer__ |
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -868,7 +890,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -967,7 +989,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1540,7 +1562,7 @@ TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchang
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-login-v1alpha1-tokencredentialrequestspec"]
|
||||
==== TokenCredentialRequestSpec
|
||||
|
||||
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1558,7 +1580,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-login-v1alpha1-tokencredentialrequeststatus"]
|
||||
==== TokenCredentialRequestStatus
|
||||
|
||||
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
|
@ -17,11 +17,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
@ -35,6 +37,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -20,11 +20,13 @@ type WhoAmIRequest struct {
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
@ -38,6 +40,6 @@ type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -5,7 +5,8 @@ package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
@ -8,6 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
@ -16,8 +17,9 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
@ -42,6 +44,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -8,7 +8,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
@ -17,7 +17,7 @@ type TokenCredentialRequestSpec struct {
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
@ -47,5 +47,6 @@ type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
14009
generated/1.19/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
14009
generated/1.19/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
2
generated/1.19/client/go.mod
generated
2
generated/1.19/client/go.mod
generated
@ -4,9 +4,11 @@ module go.pinniped.dev/generated/1.19/client
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501
|
||||
go.pinniped.dev/generated/1.19/apis v0.0.0
|
||||
k8s.io/apimachinery v0.19.16
|
||||
k8s.io/client-go v0.19.16
|
||||
k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6
|
||||
)
|
||||
|
||||
replace go.pinniped.dev/generated/1.19/apis => ../apis
|
||||
|
8
generated/1.19/client/go.sum
generated
8
generated/1.19/client/go.sum
generated
@ -25,7 +25,9 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
||||
github.com/PuerkitoBio/purell v1.0.0 h1:0GoNN3taZV6QI81IXgCbxMyEaJDXMSIjArYBCYzVVvs=
|
||||
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2 h1:JCHLVE3B+kJde7bIEo5N4J+ZbLhp0J1Fs+ulyRws4gE=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
|
||||
@ -39,6 +41,7 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
|
||||
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
|
||||
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633 h1:H2pdYOb3KQ1/YsqVWoWNLQO+fusocsw354rqGTZtAgw=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
@ -52,9 +55,13 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2
|
||||
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
|
||||
github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
|
||||
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1 h1:wSt/4CYxs70xbATrGXhokKF1i0tZjENLOo1ioIO13zk=
|
||||
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9 h1:tF+augKRWlWx0J0B7ZyyKSiTyV6E1zZe+7b3qQlcEf8=
|
||||
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501 h1:C1JKChikHGpXwT5UQDFaryIpDtyyGL/CR6C2kB7F1oc=
|
||||
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87 h1:zP3nY8Tk2E6RTkqGYrarZXuzh+ffyLDljLxCy1iJw80=
|
||||
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
@ -119,6 +126,7 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a h1:TpvdAwDAt1K4ANVOfcihouRdvP+MgAfDWwBuct4l6ZY=
|
||||
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
||||
|
2516
generated/1.19/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
2516
generated/1.19/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
64
generated/1.20/README.adoc
generated
64
generated/1.20/README.adoc
generated
@ -232,10 +232,32 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
| *`name`* __string__ | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
|
||||
| *`generateName`* __string__ | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
|
||||
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
|
||||
| *`namespace`* __string__ | Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
|
||||
| *`selfLink`* __string__ | SelfLink is a URL representing this object. Populated by the system. Read-only.
|
||||
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
|
||||
| *`uid`* __UID__ | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
|
||||
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
|
||||
| *`resourceVersion`* __string__ | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
| *`generation`* __integer__ | A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
|
||||
| *`creationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#time-v1-meta[$$Time$$]__ | CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#time-v1-meta[$$Time$$]__ | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionGracePeriodSeconds`* __integer__ | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
|
||||
| *`labels`* __object (keys:string, values:string)__ | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
|
||||
| *`annotations`* __object (keys:string, values:string)__ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
|
||||
| *`ownerReferences`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#ownerreference-v1-meta[$$OwnerReference$$] array__ | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
|
||||
| *`finalizers`* __string array__ | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
|
||||
| *`clusterName`* __string__ | The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
|
||||
| *`managedFields`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#managedfieldsentry-v1-meta[$$ManagedFieldsEntry$$] array__ | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
|
||||
| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
|===
|
||||
|
||||
|
||||
@ -244,7 +266,7 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -254,15 +276,15 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GenerateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`RevokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -272,8 +294,8 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GeneratedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`TotalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -288,7 +310,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
|
||||
==== OIDCClientSecretRequest
|
||||
|
||||
|
||||
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -310,7 +332,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -320,15 +342,15 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ |
|
||||
| *`revokeOldSecrets`* __boolean__ |
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -338,8 +360,8 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ |
|
||||
| *`totalClientSecrets`* __integer__ |
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -868,7 +890,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -967,7 +989,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1540,7 +1562,7 @@ TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchang
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-login-v1alpha1-tokencredentialrequestspec"]
|
||||
==== TokenCredentialRequestSpec
|
||||
|
||||
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1558,7 +1580,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-login-v1alpha1-tokencredentialrequeststatus"]
|
||||
==== TokenCredentialRequestStatus
|
||||
|
||||
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
|
@ -1,40 +0,0 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package identity
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec WhoAmIRequestSpec
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
Items []WhoAmIRequest
|
||||
}
|
42
generated/1.20/apis/concierge/identity/types_whoamirequest.go
generated
Normal file
42
generated/1.20/apis/concierge/identity/types_whoamirequest.go
generated
Normal file
@ -0,0 +1,42 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package identity
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec WhoAmIRequestSpec
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -1,43 +0,0 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
45
generated/1.20/apis/concierge/identity/v1alpha1/types_whoamirequest.go
generated
Normal file
45
generated/1.20/apis/concierge/identity/v1alpha1/types_whoamirequest.go
generated
Normal file
@ -0,0 +1,45 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
||||
|
||||
// Token is a bearer token used by the client for request authentication.
|
||||
Token string
|
||||
|
||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
||||
ClientCertificateData string
|
||||
|
||||
// PEM-encoded private key for the above certificate.
|
||||
ClientKeyData string
|
||||
}
|
22
generated/1.20/apis/concierge/login/types_clustercredential.go
generated
Normal file
22
generated/1.20/apis/concierge/login/types_clustercredential.go
generated
Normal file
@ -0,0 +1,22 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
||||
|
||||
// Token is a bearer token used by the client for request authentication.
|
||||
Token string
|
||||
|
||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
||||
ClientCertificateData string
|
||||
|
||||
// PEM-encoded private key for the above certificate.
|
||||
ClientKeyData string
|
||||
}
|
47
generated/1.20/apis/concierge/login/types_token.go
generated
47
generated/1.20/apis/concierge/login/types_token.go
generated
@ -1,47 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec TokenCredentialRequestSpec
|
||||
Status TokenCredentialRequestStatus
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
Items []TokenCredentialRequest
|
||||
}
|
49
generated/1.20/apis/concierge/login/types_tokencredentialrequest.go
generated
Normal file
49
generated/1.20/apis/concierge/login/types_tokencredentialrequest.go
generated
Normal file
@ -0,0 +1,49 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec TokenCredentialRequestSpec
|
||||
Status TokenCredentialRequestStatus
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
52
generated/1.20/apis/concierge/login/v1alpha1/types_tokencredentialrequest.go
generated
Normal file
52
generated/1.20/apis/concierge/login/v1alpha1/types_tokencredentialrequest.go
generated
Normal file
@ -0,0 +1,52 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
14628
generated/1.20/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
14628
generated/1.20/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
2
generated/1.20/client/go.mod
generated
2
generated/1.20/client/go.mod
generated
@ -4,9 +4,11 @@ module go.pinniped.dev/generated/1.20/client
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/go-openapi/spec v0.19.3
|
||||
go.pinniped.dev/generated/1.20/apis v0.0.0
|
||||
k8s.io/apimachinery v0.20.15
|
||||
k8s.io/client-go v0.20.15
|
||||
k8s.io/kube-openapi v0.0.0-20211110013926-83f114cd0513
|
||||
)
|
||||
|
||||
replace go.pinniped.dev/generated/1.20/apis => ../apis
|
||||
|
8
generated/1.20/client/go.sum
generated
8
generated/1.20/client/go.sum
generated
@ -33,7 +33,9 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
||||
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
@ -48,6 +50,7 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
|
||||
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
|
||||
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633 h1:H2pdYOb3KQ1/YsqVWoWNLQO+fusocsw354rqGTZtAgw=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
@ -65,11 +68,15 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7
|
||||
github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
|
||||
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
|
||||
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
|
||||
github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
|
||||
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
|
||||
github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
|
||||
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||
github.com/go-openapi/spec v0.19.3 h1:0XRyw8kguri6Yw4SxhsQA/atC88yqrk0+G4YhI2wabc=
|
||||
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
|
||||
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
|
||||
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
@ -145,6 +152,7 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
|
||||
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e h1:hB2xlXdHp/pmPZq0y3QnmWAArdw9PqbmotexnWx/FU8=
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
|
2623
generated/1.20/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
2623
generated/1.20/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
64
generated/1.21/README.adoc
generated
64
generated/1.21/README.adoc
generated
@ -232,10 +232,32 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
| *`name`* __string__ | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
|
||||
| *`generateName`* __string__ | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
|
||||
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
|
||||
| *`namespace`* __string__ | Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
|
||||
| *`selfLink`* __string__ | SelfLink is a URL representing this object. Populated by the system. Read-only.
|
||||
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
|
||||
| *`uid`* __UID__ | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
|
||||
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
|
||||
| *`resourceVersion`* __string__ | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
| *`generation`* __integer__ | A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
|
||||
| *`creationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#time-v1-meta[$$Time$$]__ | CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#time-v1-meta[$$Time$$]__ | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionGracePeriodSeconds`* __integer__ | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
|
||||
| *`labels`* __object (keys:string, values:string)__ | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
|
||||
| *`annotations`* __object (keys:string, values:string)__ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
|
||||
| *`ownerReferences`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#ownerreference-v1-meta[$$OwnerReference$$] array__ | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
|
||||
| *`finalizers`* __string array__ | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
|
||||
| *`clusterName`* __string__ | The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
|
||||
| *`managedFields`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#managedfieldsentry-v1-meta[$$ManagedFieldsEntry$$] array__ | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
|
||||
| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
|===
|
||||
|
||||
|
||||
@ -244,7 +266,7 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -254,15 +276,15 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GenerateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`RevokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -272,8 +294,8 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GeneratedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`TotalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -288,7 +310,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
|
||||
==== OIDCClientSecretRequest
|
||||
|
||||
|
||||
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -310,7 +332,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -320,15 +342,15 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ |
|
||||
| *`revokeOldSecrets`* __boolean__ |
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -338,8 +360,8 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ |
|
||||
| *`totalClientSecrets`* __integer__ |
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -868,7 +890,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-identity-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -967,7 +989,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-identity-v1alpha1-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1540,7 +1562,7 @@ TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchang
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-login-v1alpha1-tokencredentialrequestspec"]
|
||||
==== TokenCredentialRequestSpec
|
||||
|
||||
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1558,7 +1580,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-21-apis-concierge-login-v1alpha1-tokencredentialrequeststatus"]
|
||||
==== TokenCredentialRequestStatus
|
||||
|
||||
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
|
@ -1,40 +0,0 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package identity
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec WhoAmIRequestSpec
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
Items []WhoAmIRequest
|
||||
}
|
42
generated/1.21/apis/concierge/identity/types_whoamirequest.go
generated
Normal file
42
generated/1.21/apis/concierge/identity/types_whoamirequest.go
generated
Normal file
@ -0,0 +1,42 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package identity
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec WhoAmIRequestSpec
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -1,43 +0,0 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
45
generated/1.21/apis/concierge/identity/v1alpha1/types_whoamirequest.go
generated
Normal file
45
generated/1.21/apis/concierge/identity/v1alpha1/types_whoamirequest.go
generated
Normal file
@ -0,0 +1,45 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
||||
|
||||
// Token is a bearer token used by the client for request authentication.
|
||||
Token string
|
||||
|
||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
||||
ClientCertificateData string
|
||||
|
||||
// PEM-encoded private key for the above certificate.
|
||||
ClientKeyData string
|
||||
}
|
22
generated/1.21/apis/concierge/login/types_clustercredential.go
generated
Normal file
22
generated/1.21/apis/concierge/login/types_clustercredential.go
generated
Normal file
@ -0,0 +1,22 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
||||
|
||||
// Token is a bearer token used by the client for request authentication.
|
||||
Token string
|
||||
|
||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
||||
ClientCertificateData string
|
||||
|
||||
// PEM-encoded private key for the above certificate.
|
||||
ClientKeyData string
|
||||
}
|
47
generated/1.21/apis/concierge/login/types_token.go
generated
47
generated/1.21/apis/concierge/login/types_token.go
generated
@ -1,47 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec TokenCredentialRequestSpec
|
||||
Status TokenCredentialRequestStatus
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
Items []TokenCredentialRequest
|
||||
}
|
49
generated/1.21/apis/concierge/login/types_tokencredentialrequest.go
generated
Normal file
49
generated/1.21/apis/concierge/login/types_tokencredentialrequest.go
generated
Normal file
@ -0,0 +1,49 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec TokenCredentialRequestSpec
|
||||
Status TokenCredentialRequestStatus
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
52
generated/1.21/apis/concierge/login/v1alpha1/types_tokencredentialrequest.go
generated
Normal file
52
generated/1.21/apis/concierge/login/v1alpha1/types_tokencredentialrequest.go
generated
Normal file
@ -0,0 +1,52 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
14663
generated/1.21/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
14663
generated/1.21/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
2
generated/1.21/client/go.mod
generated
2
generated/1.21/client/go.mod
generated
@ -4,9 +4,11 @@ module go.pinniped.dev/generated/1.21/client
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/go-openapi/spec v0.19.3
|
||||
go.pinniped.dev/generated/1.21/apis v0.0.0
|
||||
k8s.io/apimachinery v0.21.14
|
||||
k8s.io/client-go v0.21.14
|
||||
k8s.io/kube-openapi v0.0.0-20211110012726-3cc51fd1e909
|
||||
)
|
||||
|
||||
replace go.pinniped.dev/generated/1.21/apis => ../apis
|
||||
|
8
generated/1.21/client/go.sum
generated
8
generated/1.21/client/go.sum
generated
@ -31,7 +31,9 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
||||
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
@ -45,6 +47,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633 h1:H2pdYOb3KQ1/YsqVWoWNLQO+fusocsw354rqGTZtAgw=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
@ -60,11 +63,15 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7
|
||||
github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
|
||||
github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
|
||||
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
|
||||
github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
|
||||
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
|
||||
github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
|
||||
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||
github.com/go-openapi/spec v0.19.3 h1:0XRyw8kguri6Yw4SxhsQA/atC88yqrk0+G4YhI2wabc=
|
||||
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
|
||||
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
|
||||
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
@ -134,6 +141,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e h1:hB2xlXdHp/pmPZq0y3QnmWAArdw9PqbmotexnWx/FU8=
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
|
||||
|
2638
generated/1.21/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
2638
generated/1.21/client/supervisor/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
64
generated/1.22/README.adoc
generated
64
generated/1.22/README.adoc
generated
@ -232,10 +232,32 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
||||
|
||||
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
| *`name`* __string__ | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
|
||||
| *`generateName`* __string__ | GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
|
||||
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
|
||||
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
|
||||
| *`namespace`* __string__ | Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
|
||||
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
|
||||
| *`selfLink`* __string__ | SelfLink is a URL representing this object. Populated by the system. Read-only.
|
||||
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
|
||||
| *`uid`* __UID__ | UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
|
||||
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
|
||||
| *`resourceVersion`* __string__ | An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
|
||||
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
|
||||
| *`generation`* __integer__ | A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
|
||||
| *`creationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#time-v1-meta[$$Time$$]__ | CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.
|
||||
Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#time-v1-meta[$$Time$$]__ | DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.
|
||||
Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
| *`deletionGracePeriodSeconds`* __integer__ | Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
|
||||
| *`labels`* __object (keys:string, values:string)__ | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
|
||||
| *`annotations`* __object (keys:string, values:string)__ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
|
||||
| *`ownerReferences`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#ownerreference-v1-meta[$$OwnerReference$$] array__ | List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
|
||||
| *`finalizers`* __string array__ | Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
|
||||
| *`clusterName`* __string__ | The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
|
||||
| *`managedFields`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#managedfieldsentry-v1-meta[$$ManagedFieldsEntry$$] array__ | ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
|
||||
| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestspec[$$OIDCClientSecretRequestSpec$$]__ |
|
||||
| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequeststatus[$$OIDCClientSecretRequestStatus$$]__ |
|
||||
|===
|
||||
|
||||
|
||||
@ -244,7 +266,7 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -254,15 +276,15 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GenerateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`RevokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -272,8 +294,8 @@ OIDCClientSecretRequest can be used to update the client secrets associated with
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if you lose it.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
| *`GeneratedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`TotalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -288,7 +310,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequest"]
|
||||
==== OIDCClientSecretRequest
|
||||
|
||||
|
||||
OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -310,7 +332,7 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequestspec"]
|
||||
==== OIDCClientSecretRequestSpec
|
||||
|
||||
|
||||
Spec of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -320,15 +342,15 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generateNewSecret`* __boolean__ |
|
||||
| *`revokeOldSecrets`* __boolean__ |
|
||||
| *`generateNewSecret`* __boolean__ | Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
| *`revokeOldSecrets`* __boolean__ | Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-supervisor-clientsecret-v1alpha1-oidcclientsecretrequeststatus"]
|
||||
==== OIDCClientSecretRequestStatus
|
||||
|
||||
|
||||
Status of the OIDCClientSecretRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -338,8 +360,8 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
|
||||
[cols="25a,75a", options="header"]
|
||||
|===
|
||||
| Field | Description
|
||||
| *`generatedSecret`* __string__ |
|
||||
| *`totalClientSecrets`* __integer__ |
|
||||
| *`generatedSecret`* __string__ | The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
| *`totalClientSecrets`* __integer__ | The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
|===
|
||||
|
||||
|
||||
@ -868,7 +890,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-identity-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -967,7 +989,7 @@ WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-identity-v1alpha1-whoamirequeststatus"]
|
||||
==== WhoAmIRequestStatus
|
||||
|
||||
|
||||
Status is set by the server in the response to a WhoAmIRequest.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1540,7 +1562,7 @@ TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchang
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-login-v1alpha1-tokencredentialrequestspec"]
|
||||
==== TokenCredentialRequestSpec
|
||||
|
||||
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
@ -1558,7 +1580,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
|
||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-22-apis-concierge-login-v1alpha1-tokencredentialrequeststatus"]
|
||||
==== TokenCredentialRequestStatus
|
||||
|
||||
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
|
||||
.Appears In:
|
||||
****
|
||||
|
@ -1,40 +0,0 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package identity
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec WhoAmIRequestSpec
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
Items []WhoAmIRequest
|
||||
}
|
42
generated/1.22/apis/concierge/identity/types_whoamirequest.go
generated
Normal file
42
generated/1.22/apis/concierge/identity/types_whoamirequest.go
generated
Normal file
@ -0,0 +1,42 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package identity
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec WhoAmIRequestSpec
|
||||
Status WhoAmIRequestStatus
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest
|
||||
}
|
@ -1,43 +0,0 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
45
generated/1.22/apis/concierge/identity/v1alpha1/types_whoamirequest.go
generated
Normal file
45
generated/1.22/apis/concierge/identity/v1alpha1/types_whoamirequest.go
generated
Normal file
@ -0,0 +1,45 @@
|
||||
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// WhoAmIRequest submits a request to echo back the current authenticated user.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec WhoAmIRequestSpec `json:"spec,omitempty"`
|
||||
Status WhoAmIRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// Spec is always empty for a WhoAmIRequest.
|
||||
type WhoAmIRequestSpec struct {
|
||||
// empty for now but we may add some config here in the future
|
||||
// any such config must be safe in the context of an unauthenticated user
|
||||
}
|
||||
|
||||
// Status is set by the server in the response to a WhoAmIRequest.
|
||||
type WhoAmIRequestStatus struct {
|
||||
// The current authenticated user, exactly as Kubernetes understands it.
|
||||
KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"`
|
||||
|
||||
// We may add concierge specific information here in the future.
|
||||
}
|
||||
|
||||
// WhoAmIRequestList is a list of WhoAmIRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type WhoAmIRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of WhoAmIRequest.
|
||||
Items []WhoAmIRequest `json:"items"`
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
||||
|
||||
// Token is a bearer token used by the client for request authentication.
|
||||
Token string
|
||||
|
||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
||||
ClientCertificateData string
|
||||
|
||||
// PEM-encoded private key for the above certificate.
|
||||
ClientKeyData string
|
||||
}
|
22
generated/1.22/apis/concierge/login/types_clustercredential.go
generated
Normal file
22
generated/1.22/apis/concierge/login/types_clustercredential.go
generated
Normal file
@ -0,0 +1,22 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
|
||||
// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
|
||||
type ClusterCredential struct {
|
||||
// ExpirationTimestamp indicates a time when the provided credentials expire.
|
||||
ExpirationTimestamp metav1.Time
|
||||
|
||||
// Token is a bearer token used by the client for request authentication.
|
||||
Token string
|
||||
|
||||
// PEM-encoded client TLS certificates (including intermediates, if any).
|
||||
ClientCertificateData string
|
||||
|
||||
// PEM-encoded private key for the above certificate.
|
||||
ClientKeyData string
|
||||
}
|
47
generated/1.22/apis/concierge/login/types_token.go
generated
47
generated/1.22/apis/concierge/login/types_token.go
generated
@ -1,47 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A ClusterCredential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec TokenCredentialRequestSpec
|
||||
Status TokenCredentialRequestStatus
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest
|
||||
Items []TokenCredentialRequest
|
||||
}
|
49
generated/1.22/apis/concierge/login/types_tokencredentialrequest.go
generated
Normal file
49
generated/1.22/apis/concierge/login/types_tokencredentialrequest.go
generated
Normal file
@ -0,0 +1,49 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package login
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta
|
||||
|
||||
Spec TokenCredentialRequestSpec
|
||||
Status TokenCredentialRequestStatus
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
52
generated/1.22/apis/concierge/login/v1alpha1/types_tokencredentialrequest.go
generated
Normal file
52
generated/1.22/apis/concierge/login/v1alpha1/types_tokencredentialrequest.go
generated
Normal file
@ -0,0 +1,52 @@
|
||||
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// Specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
|
||||
type TokenCredentialRequestSpec struct {
|
||||
// Bearer token supplied with the credential request.
|
||||
Token string `json:"token,omitempty"`
|
||||
|
||||
// Reference to an authenticator which can validate this credential request.
|
||||
Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
|
||||
}
|
||||
|
||||
// Status of a TokenCredentialRequest, returned on responses to the Pinniped API.
|
||||
type TokenCredentialRequestStatus struct {
|
||||
// A Credential will be returned for a successful credential request.
|
||||
// +optional
|
||||
Credential *ClusterCredential `json:"credential,omitempty"`
|
||||
|
||||
// An error message will be returned for an unsuccessful credential request.
|
||||
// +optional
|
||||
Message *string `json:"message,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
|
||||
// +genclient
|
||||
// +genclient:nonNamespaced
|
||||
// +genclient:onlyVerbs=create
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec TokenCredentialRequestSpec `json:"spec,omitempty"`
|
||||
Status TokenCredentialRequestStatus `json:"status,omitempty"`
|
||||
}
|
||||
|
||||
// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type TokenCredentialRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of TokenCredentialRequest.
|
||||
Items []TokenCredentialRequest `json:"items"`
|
||||
}
|
@ -3,44 +3,48 @@
|
||||
|
||||
package clientsecret
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
|
||||
// field.
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
|
||||
// be recovered if you lose it.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the
|
||||
// metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an
|
||||
// OIDCClient.
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
metav1.TypeMeta
|
||||
metav1.ObjectMeta // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
Spec OIDCClientSecretRequestSpec
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus
|
||||
}
|
||||
|
||||
// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta
|
||||
metav1.ListMeta
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest
|
||||
}
|
||||
|
@ -3,18 +3,11 @@
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// OIDCClientSecretRequest can be used to update the client secrets associated with an OIDCClient.
|
||||
// +genclient
|
||||
// +genclient:onlyVerbs=create
|
||||
// +kubebuilder:subresource:status
|
||||
@ -23,14 +16,38 @@ type OIDCClientSecretRequest struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
|
||||
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
Spec OIDCClientSecretRequestSpec `json:"spec"`
|
||||
|
||||
// +optional
|
||||
Status OIDCClientSecretRequestStatus `json:"status"`
|
||||
}
|
||||
|
||||
// Spec of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestSpec struct {
|
||||
// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
GenerateNewSecret bool `json:"generateNewSecret"`
|
||||
|
||||
// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
// +optional
|
||||
RevokeOldSecrets bool `json:"revokeOldSecrets"`
|
||||
}
|
||||
|
||||
// Status of the OIDCClientSecretRequest.
|
||||
type OIDCClientSecretRequestStatus struct {
|
||||
// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot be recovered if lost.
|
||||
GeneratedSecret string `json:"generatedSecret,omitempty"`
|
||||
|
||||
// The total number of client secrets associated with the OIDCClient referenced by the metadata.name field.
|
||||
TotalClientSecrets int `json:"totalClientSecrets"`
|
||||
}
|
||||
|
||||
// OIDCClientSecretRequestList is a list of OIDCClientSecretRequest objects.
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
type OIDCClientSecretRequestList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata,omitempty"`
|
||||
|
||||
// Items is a list of OIDCClientSecretRequest.
|
||||
Items []OIDCClientSecretRequest `json:"items"`
|
||||
}
|
||||
|
14700
generated/1.22/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
14700
generated/1.22/client/concierge/openapi/zz_generated.openapi.go
generated
Normal file
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user