Rename idp.concierge.pinniped.dev to authentication.concierge.pinniped.dev.

Signed-off-by: Matt Moyer <moyerm@vmware.com>

apis/concierge/authentication/doc.go.tmpl

@@ -0,0 +1,8 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=authentication.concierge.pinniped.dev
+
+// Package authentication is the internal version of the Pinniped identity provider API.
+package authentication

apis/concierge/authentication/v1alpha1/doc.go.tmpl

@@ -3,10 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/concierge/idp
+// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/concierge/authentication
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=idp.concierge.pinniped.dev
+// +groupName=authentication.concierge.pinniped.dev
-// +groupGoName=IDP
 
 // Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
 package v1alpha1

apis/concierge/authentication/v1alpha1/register.go.tmpl

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "idp.concierge.pinniped.dev"
+const GroupName = "authentication.concierge.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

apis/concierge/idp/doc.go.tmpl

@@ -1,8 +0,0 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=idp.concierge.pinniped.dev
-
-// Package idp is the internal version of the Pinniped identity provider API.
-package idp

cmd/pinniped/cmd/exchange_credential.go

@@ -16,7 +16,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
 
-	idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/idp/v1alpha1"
+	auth1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1"
 	"go.pinniped.dev/internal/client"
 	"go.pinniped.dev/internal/constable"
 	"go.pinniped.dev/internal/here"
@@ -143,7 +143,7 @@ func exchangeCredential(envGetter envGetter, tokenExchanger tokenExchanger, outp
 	idp := corev1.TypedLocalObjectReference{Name: idpName}
 	switch strings.ToLower(idpType) {
 	case "webhook":
-		idp.APIGroup = &idpv1alpha1.SchemeGroupVersion.Group
+		idp.APIGroup = &auth1alpha1.SchemeGroupVersion.Group
 		idp.Kind = "WebhookIdentityProvider"
 	default:
 		return fmt.Errorf(`%w: %q, supported values are "webhook"`, ErrInvalidIDPType, idpType)

cmd/pinniped/cmd/get_kubeconfig.go

@@ -187,7 +187,7 @@ func getDefaultIDP(clientset pinnipedclientset.Interface, namespace string) (str
 	ctx, cancelFunc := context.WithTimeout(context.Background(), time.Second*20)
 	defer cancelFunc()
 
-	webhooks, err := clientset.IDPV1alpha1().WebhookIdentityProviders(namespace).List(ctx, metav1.ListOptions{})
+	webhooks, err := clientset.AuthenticationV1alpha1().WebhookIdentityProviders(namespace).List(ctx, metav1.ListOptions{})
 	if err != nil {
 		return "", "", err
 	}

cmd/pinniped/cmd/get_kubeconfig_test.go

@@ -17,7 +17,7 @@ import (
 	"k8s.io/client-go/rest"
 	coretesting "k8s.io/client-go/testing"
 
-	idpv1alpha "go.pinniped.dev/generated/1.19/apis/concierge/idp/v1alpha1"
+	authv1alpha "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.19/apis/config/v1alpha1"
 	pinnipedclientset "go.pinniped.dev/generated/1.19/client/clientset/versioned"
 	pinnipedfake "go.pinniped.dev/generated/1.19/client/clientset/versioned/fake"
@@ -256,8 +256,8 @@ func TestRun(t *testing.T) {
 				cmd.flags.idpType = ""
 				cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) {
 					return pinnipedfake.NewSimpleClientset(
-						&idpv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-one"}},
+						&authv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-one"}},
-						&idpv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-two"}},
+						&authv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "webhook-two"}},
 					), nil
 				}
 			},
@@ -349,7 +349,7 @@ func TestRun(t *testing.T) {
 
 				cmd.kubeClientCreator = func(_ *rest.Config) (pinnipedclientset.Interface, error) {
 					return pinnipedfake.NewSimpleClientset(
-						&idpv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "discovered-idp"}},
+						&authv1alpha.WebhookIdentityProvider{ObjectMeta: metav1.ObjectMeta{Namespace: "test-namespace", Name: "discovered-idp"}},
 						newCredentialIssuerConfig("pinniped-config", "test-namespace", "https://example.com", "test-ca"),
 					), nil
 				}

deploy/concierge/authentication.concierge.pinniped.dev_webhookidentityproviders.yaml

@@ -6,9 +6,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
-  name: webhookidentityproviders.idp.concierge.pinniped.dev
+  name: webhookidentityproviders.authentication.concierge.pinniped.dev
 spec:
-  group: idp.concierge.pinniped.dev
+  group: authentication.concierge.pinniped.dev
   names:
     categories:
     - all

deploy/concierge/idp.concierge.pinniped.dev_webhookidentityproviders.yaml

@@ -6,9 +6,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
-  name: webhookidentityproviders.idp.concierge.pinniped.dev
+  name: webhookidentityproviders.authentication.concierge.pinniped.dev
 spec:
-  group: idp.concierge.pinniped.dev
+  group: authentication.concierge.pinniped.dev
   names:
     categories:
     - all

deploy/concierge/rbac.yaml

@@ -59,7 +59,7 @@ rules:
   - apiGroups: [ "" ]
     resources: [ pods/exec ]
     verbs: [ create ]
-  - apiGroups: [ config.pinniped.dev, idp.concierge.pinniped.dev ]
+  - apiGroups: [ config.pinniped.dev, authentication.concierge.pinniped.dev ]
     resources: [ "*" ]
     verbs: [ create, get, list, update, watch ]
 ---

deploy/concierge/z0_crd_overlay.yaml

@@ -10,7 +10,7 @@ metadata:
   #@overlay/match missing_ok=True
   labels: #@ labels()
 
-#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"webhookidentityproviders.idp.concierge.pinniped.dev"}}), expects=1
+#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"webhookidentityproviders.authentication.concierge.pinniped.dev"}}), expects=1
 ---
 metadata:
   #@overlay/match missing_ok=True

doc/demo.md

@@ -122,7 +122,7 @@ as the identity provider.
 
     ```bash
     cat <<EOF | kubectl create --namespace pinniped -f -
-    apiVersion: idp.concierge.pinniped.dev/v1alpha1
+    apiVersion: authentication.concierge.pinniped.dev/v1alpha1
     kind: WebhookIdentityProvider
     metadata:
       name: local-user-authenticator

generated/1.17/README.adoc

@@ -5,11 +5,115 @@
 == API Reference
 
 .Packages
+- xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-pinniped-dev-v1alpha1[$$config.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-idp-concierge-pinniped-dev-v1alpha1[$$idp.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
 
 
+[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
+=== authentication.concierge.pinniped.dev/v1alpha1
+
+Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-condition"]
+==== Condition 
+
+Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
+| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-tlsspec"]
+==== TLSSpec 
+
+Configuration for configuring TLS on various identity providers.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityprovider"]
+==== WebhookIdentityProvider 
+
+WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec"]
+==== WebhookIdentityProviderSpec 
+
+Spec for configuring a webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`endpoint`* __string__ | Webhook server endpoint URL.
+| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus"]
+==== WebhookIdentityProviderStatus 
+
+Status of a webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-authentication-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
+|===
+
+
+
 [id="{anchor_prefix}-config-pinniped-dev-v1alpha1"]
 === config.pinniped.dev/v1alpha1
 
@@ -161,110 +265,6 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
 
 
 
-[id="{anchor_prefix}-idp-concierge-pinniped-dev-v1alpha1"]
-=== idp.concierge.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-condition"]
-==== Condition 
-
-Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
-| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
-| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
-| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-tlsspec"]
-==== TLSSpec 
-
-Configuration for configuring TLS on various identity providers.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityprovider"]
-==== WebhookIdentityProvider 
-
-WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
-
-| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
-| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
-|===
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderspec"]
-==== WebhookIdentityProviderSpec 
-
-Spec for configuring a webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`endpoint`* __string__ | Webhook server endpoint URL.
-| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus"]
-==== WebhookIdentityProviderStatus 
-
-Status of a webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
-|===
-
-
-
 [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"]
 === login.concierge.pinniped.dev/v1alpha1
 

generated/1.17/apis/concierge/authentication/doc.go

@@ -0,0 +1,8 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=authentication.concierge.pinniped.dev
+
+// Package authentication is the internal version of the Pinniped identity provider API.
+package authentication

generated/1.17/apis/concierge/authentication/v1alpha1/doc.go

@@ -3,10 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/idp
+// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/authentication
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=idp.concierge.pinniped.dev
+// +groupName=authentication.concierge.pinniped.dev
-// +groupGoName=IDP
 
 // Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
 package v1alpha1

generated/1.17/apis/concierge/authentication/v1alpha1/register.go

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "idp.concierge.pinniped.dev"
+const GroupName = "authentication.concierge.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

generated/1.17/apis/concierge/authentication/zz_generated.deepcopy.go

@@ -5,4 +5,4 @@
 
 // Code generated by deepcopy-gen. DO NOT EDIT.
 
-package idp
+package authentication

generated/1.17/apis/concierge/idp/doc.go

@@ -1,8 +0,0 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=idp.concierge.pinniped.dev
-
-// Package idp is the internal version of the Pinniped identity provider API.
-package idp

generated/1.17/client/clientset/versioned/clientset.go

@@ -8,8 +8,8 @@ package versioned
 import (
 	"fmt"
 
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/config/v1alpha1"
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/login/v1alpha1"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
@@ -18,8 +18,8 @@ import (
 
 type Interface interface {
 	Discovery() discovery.DiscoveryInterface
+	AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
 	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
-	IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
 	LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
 }
 
@@ -27,21 +27,21 @@ type Interface interface {
 // version included in a Clientset.
 type Clientset struct {
 	*discovery.DiscoveryClient
+	authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
 	configV1alpha1         *configv1alpha1.ConfigV1alpha1Client
-	iDPV1alpha1    *idpv1alpha1.IDPV1alpha1Client
 	loginV1alpha1          *loginv1alpha1.LoginV1alpha1Client
 }
 
+// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
+func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
+	return c.authenticationV1alpha1
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return c.configV1alpha1
 }
 
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return c.iDPV1alpha1
-}
-
 // LoginV1alpha1 retrieves the LoginV1alpha1Client
 func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
 	return c.loginV1alpha1
@@ -68,11 +68,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	}
 	var cs Clientset
 	var err error
-	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
+	cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
 	}
-	cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy)
+	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
 	}
@@ -92,8 +92,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 // panics if there is an error in the config.
 func NewForConfigOrDie(c *rest.Config) *Clientset {
 	var cs Clientset
+	cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
 	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
-	cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
 	cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
@@ -103,8 +103,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
 // New creates a new Clientset for the given RESTClient.
 func New(c rest.Interface) *Clientset {
 	var cs Clientset
+	cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
 	cs.configV1alpha1 = configv1alpha1.New(c)
-	cs.iDPV1alpha1 = idpv1alpha1.New(c)
 	cs.loginV1alpha1 = loginv1alpha1.New(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)

generated/1.17/client/clientset/versioned/fake/clientset_generated.go

@@ -7,10 +7,10 @@ package fake
 
 import (
 	clientset "go.pinniped.dev/generated/1.17/client/clientset/versioned"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1"
+	fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1/fake"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/config/v1alpha1"
 	fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/config/v1alpha1/fake"
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1"
-	fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake"
 	loginv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/login/v1alpha1"
 	fakeloginv1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -67,16 +67,16 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
 
 var _ clientset.Interface = &Clientset{}
 
+// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
+func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
+	return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
 }
 
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
-}
-
 // LoginV1alpha1 retrieves the LoginV1alpha1Client
 func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
 	return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake}

generated/1.17/client/clientset/versioned/fake/register.go

@@ -6,7 +6,7 @@
 package fake
 
 import (
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,8 +20,8 @@ var scheme = runtime.NewScheme()
 var codecs = serializer.NewCodecFactory(scheme)
 var parameterCodec = runtime.NewParameterCodec(scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	authenticationv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
-	idpv1alpha1.AddToScheme,
 	loginv1alpha1.AddToScheme,
 }
 

generated/1.17/client/clientset/versioned/scheme/register.go

@@ -6,7 +6,7 @@
 package scheme
 
 import (
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,8 +20,8 @@ var Scheme = runtime.NewScheme()
 var Codecs = serializer.NewCodecFactory(Scheme)
 var ParameterCodec = runtime.NewParameterCodec(Scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	authenticationv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
-	idpv1alpha1.AddToScheme,
 	loginv1alpha1.AddToScheme,
 }
 

generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go

@@ -6,27 +6,27 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	"go.pinniped.dev/generated/1.17/client/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 
-type IDPV1alpha1Interface interface {
+type AuthenticationV1alpha1Interface interface {
 	RESTClient() rest.Interface
 	WebhookIdentityProvidersGetter
 }
 
-// IDPV1alpha1Client is used to interact with features provided by the idp.concierge.pinniped.dev group.
+// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.concierge.pinniped.dev group.
-type IDPV1alpha1Client struct {
+type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface {
+func (c *AuthenticationV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface {
 	return newWebhookIdentityProviders(c, namespace)
 }
 
-// NewForConfig creates a new IDPV1alpha1Client for the given config.
+// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
+func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
 	config := *c
 	if err := setConfigDefaults(&config); err != nil {
 		return nil, err
@@ -35,12 +35,12 @@ func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &IDPV1alpha1Client{client}, nil
+	return &AuthenticationV1alpha1Client{client}, nil
 }
 
-// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and
+// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
 // panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
+func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
 	client, err := NewForConfig(c)
 	if err != nil {
 		panic(err)
@@ -48,9 +48,9 @@ func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
 	return client
 }
 
-// New creates a new IDPV1alpha1Client for the given RESTClient.
+// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *IDPV1alpha1Client {
+func New(c rest.Interface) *AuthenticationV1alpha1Client {
-	return &IDPV1alpha1Client{c}
+	return &AuthenticationV1alpha1Client{c}
 }
 
 func setConfigDefaults(config *rest.Config) error {
@@ -68,7 +68,7 @@ func setConfigDefaults(config *rest.Config) error {
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *IDPV1alpha1Client) RESTClient() rest.Interface {
+func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
 	if c == nil {
 		return nil
 	}

generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go

@@ -6,22 +6,22 @@
 package fake
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )
 
-type FakeIDPV1alpha1 struct {
+type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface {
 	return &FakeWebhookIdentityProviders{c, namespace}
 }
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *FakeIDPV1alpha1) RESTClient() rest.Interface {
+func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
 	var ret *rest.RESTClient
 	return ret
 }

generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookidentityprovider.go

@@ -6,7 +6,7 @@
 package fake
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -17,13 +17,13 @@ import (
 
 // FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface
 type FakeWebhookIdentityProviders struct {
-	Fake *FakeIDPV1alpha1
+	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 
-var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"}
+var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"}
 
-var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"}
+var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"}
 
 // Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any.
 func (c *FakeWebhookIdentityProviders) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {

generated/1.17/client/clientset/versioned/typed/authentication/v1alpha1/webhookidentityprovider.go

@@ -8,7 +8,7 @@ package v1alpha1
 import (
 	"time"
 
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	scheme "go.pinniped.dev/generated/1.17/client/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
@@ -43,7 +43,7 @@ type webhookIdentityProviders struct {
 }
 
 // newWebhookIdentityProviders returns a WebhookIdentityProviders
-func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders {
+func newWebhookIdentityProviders(c *AuthenticationV1alpha1Client, namespace string) *webhookIdentityProviders {
 	return &webhookIdentityProviders{
 		client: c.RESTClient(),
 		ns:     namespace,

generated/1.17/client/informers/externalversions/authentication/interface.go

@@ -3,10 +3,10 @@
 
 // Code generated by informer-gen. DO NOT EDIT.
 
-package idp
+package authentication
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/informers/externalversions/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/client/informers/externalversions/authentication/v1alpha1"
 	internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
 )
 

generated/1.17/client/informers/externalversions/authentication/v1alpha1/webhookidentityprovider.go

@@ -8,10 +8,10 @@ package v1alpha1
 import (
 	time "time"
 
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	versioned "go.pinniped.dev/generated/1.17/client/clientset/versioned"
 	internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/listers/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/client/listers/authentication/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"
@@ -48,16 +48,16 @@ func NewFilteredWebhookIdentityProviderInformer(client versioned.Interface, name
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.IDPV1alpha1().WebhookIdentityProviders(namespace).List(options)
+				return client.AuthenticationV1alpha1().WebhookIdentityProviders(namespace).List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.IDPV1alpha1().WebhookIdentityProviders(namespace).Watch(options)
+				return client.AuthenticationV1alpha1().WebhookIdentityProviders(namespace).Watch(options)
 			},
 		},
-		&idpv1alpha1.WebhookIdentityProvider{},
+		&authenticationv1alpha1.WebhookIdentityProvider{},
 		resyncPeriod,
 		indexers,
 	)
@@ -68,7 +68,7 @@ func (f *webhookIdentityProviderInformer) defaultInformer(client versioned.Inter
 }
 
 func (f *webhookIdentityProviderInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&idpv1alpha1.WebhookIdentityProvider{}, f.defaultInformer)
+	return f.factory.InformerFor(&authenticationv1alpha1.WebhookIdentityProvider{}, f.defaultInformer)
 }
 
 func (f *webhookIdentityProviderInformer) Lister() v1alpha1.WebhookIdentityProviderLister {

generated/1.17/client/informers/externalversions/factory.go

@@ -11,8 +11,8 @@ import (
 	time "time"
 
 	versioned "go.pinniped.dev/generated/1.17/client/clientset/versioned"
+	authentication "go.pinniped.dev/generated/1.17/client/informers/externalversions/authentication"
 	config "go.pinniped.dev/generated/1.17/client/informers/externalversions/config"
-	idp "go.pinniped.dev/generated/1.17/client/informers/externalversions/idp"
 	internalinterfaces "go.pinniped.dev/generated/1.17/client/informers/externalversions/internalinterfaces"
 	login "go.pinniped.dev/generated/1.17/client/informers/externalversions/login"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -161,19 +161,19 @@ type SharedInformerFactory interface {
 	ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
 	WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
 
+	Authentication() authentication.Interface
 	Config() config.Interface
-	IDP() idp.Interface
 	Login() login.Interface
 }
 
+func (f *sharedInformerFactory) Authentication() authentication.Interface {
+	return authentication.New(f, f.namespace, f.tweakListOptions)
+}
+
 func (f *sharedInformerFactory) Config() config.Interface {
 	return config.New(f, f.namespace, f.tweakListOptions)
 }
 
-func (f *sharedInformerFactory) IDP() idp.Interface {
-	return idp.New(f, f.namespace, f.tweakListOptions)
-}
-
 func (f *sharedInformerFactory) Login() login.Interface {
 	return login.New(f, f.namespace, f.tweakListOptions)
 }

generated/1.17/client/informers/externalversions/generic.go

@@ -8,9 +8,9 @@ package externalversions
 import (
 	"fmt"
 
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
+	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/config/v1alpha1"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	cache "k8s.io/client-go/tools/cache"
 )
@@ -41,15 +41,15 @@ func (f *genericInformer) Lister() cache.GenericLister {
 // TODO extend this to unknown resources with a client pool
 func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
 	switch resource {
-	// Group=config.pinniped.dev, Version=v1alpha1
+	// Group=authentication.concierge.pinniped.dev, Version=v1alpha1
-	case v1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"):
+	case v1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().WebhookIdentityProviders().Informer()}, nil
-	case v1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil
 
-		// Group=idp.concierge.pinniped.dev, Version=v1alpha1
+		// Group=config.pinniped.dev, Version=v1alpha1
-	case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"):
+	case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil
+	case configv1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil
 
 		// Group=login.concierge.pinniped.dev, Version=v1alpha1
 	case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"):

generated/1.17/client/listers/authentication/v1alpha1/webhookidentityprovider.go

@@ -6,7 +6,7 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

generated/1.17/client/openapi/zz_generated.openapi.go

@@ -17,12 +17,12 @@ import (
 
 func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
 	return map[string]common.OpenAPIDefinition{
-		"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.Condition":                      schema_apis_concierge_idp_v1alpha1_Condition(ref),
+		"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition":                     schema_apis_concierge_authentication_v1alpha1_Condition(ref),
-		"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.TLSSpec":                        schema_apis_concierge_idp_v1alpha1_TLSSpec(ref),
+		"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec":                       schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref),
-		"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProvider":        schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref),
+		"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProvider":       schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProvider(ref),
-		"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderList":    schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref),
+		"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderList":   schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderList(ref),
-		"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderSpec":    schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref),
+		"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderSpec":   schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderSpec(ref),
-		"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderStatus":  schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref),
+		"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderStatus": schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderStatus(ref),
 		"go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.ClusterCredential":                      schema_apis_concierge_login_v1alpha1_ClusterCredential(ref),
 		"go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequest":                 schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref),
 		"go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestList":             schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref),
@@ -91,7 +91,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -148,7 +148,7 @@ func schema_apis_concierge_idp_v1alpha1_Condition(ref common.ReferenceCallback)
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -168,7 +168,7 @@ func schema_apis_concierge_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) co
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -197,13 +197,13 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref common.Refer
 					"spec": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Spec for configuring the identity provider.",
-							Ref:         ref("go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderSpec"),
+							Ref:         ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderSpec"),
 						},
 					},
 					"status": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Status of the identity provider.",
-							Ref:         ref("go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderStatus"),
+							Ref:         ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderStatus"),
 						},
 					},
 				},
@@ -211,11 +211,11 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref common.Refer
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderSpec", "go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
+			"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderSpec", "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -247,7 +247,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref common.R
 							Items: &spec.SchemaOrArray{
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
-										Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProvider"),
+										Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProvider"),
 									},
 								},
 							},
@@ -258,11 +258,11 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref common.R
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
+			"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -279,7 +279,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.R
 					"tls": {
 						SchemaProps: spec.SchemaProps{
 							Description: "TLS configuration.",
-							Ref:         ref("go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.TLSSpec"),
+							Ref:         ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec"),
 						},
 					},
 				},
@@ -287,11 +287,11 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.R
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.TLSSpec"},
+			"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.TLSSpec"},
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -315,7 +315,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref common
 							Items: &spec.SchemaOrArray{
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
-										Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.Condition"),
+										Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition"),
 									},
 								},
 							},
@@ -325,7 +325,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref common
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.17/apis/concierge/idp/v1alpha1.Condition"},
+			"go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1.Condition"},
 	}
 }
 

generated/1.17/crds/authentication.concierge.pinniped.dev_webhookidentityproviders.yaml

@@ -6,9 +6,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
-  name: webhookidentityproviders.idp.concierge.pinniped.dev
+  name: webhookidentityproviders.authentication.concierge.pinniped.dev
 spec:
-  group: idp.concierge.pinniped.dev
+  group: authentication.concierge.pinniped.dev
   names:
     categories:
     - all

generated/1.18/README.adoc

@@ -5,11 +5,115 @@
 == API Reference
 
 .Packages
+- xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-pinniped-dev-v1alpha1[$$config.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-idp-concierge-pinniped-dev-v1alpha1[$$idp.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
 
 
+[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
+=== authentication.concierge.pinniped.dev/v1alpha1
+
+Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-condition"]
+==== Condition 
+
+Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
+| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-tlsspec"]
+==== TLSSpec 
+
+Configuration for configuring TLS on various identity providers.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityprovider"]
+==== WebhookIdentityProvider 
+
+WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec"]
+==== WebhookIdentityProviderSpec 
+
+Spec for configuring a webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`endpoint`* __string__ | Webhook server endpoint URL.
+| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus"]
+==== WebhookIdentityProviderStatus 
+
+Status of a webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-authentication-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
+|===
+
+
+
 [id="{anchor_prefix}-config-pinniped-dev-v1alpha1"]
 === config.pinniped.dev/v1alpha1
 
@@ -161,110 +265,6 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
 
 
 
-[id="{anchor_prefix}-idp-concierge-pinniped-dev-v1alpha1"]
-=== idp.concierge.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-condition"]
-==== Condition 
-
-Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
-| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
-| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
-| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-tlsspec"]
-==== TLSSpec 
-
-Configuration for configuring TLS on various identity providers.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityprovider"]
-==== WebhookIdentityProvider 
-
-WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
-
-| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
-| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
-|===
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderspec"]
-==== WebhookIdentityProviderSpec 
-
-Spec for configuring a webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`endpoint`* __string__ | Webhook server endpoint URL.
-| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus"]
-==== WebhookIdentityProviderStatus 
-
-Status of a webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
-|===
-
-
-
 [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"]
 === login.concierge.pinniped.dev/v1alpha1
 

generated/1.18/apis/concierge/authentication/doc.go

@@ -0,0 +1,8 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=authentication.concierge.pinniped.dev
+
+// Package authentication is the internal version of the Pinniped identity provider API.
+package authentication

generated/1.18/apis/concierge/authentication/v1alpha1/doc.go

@@ -3,10 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/concierge/idp
+// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/concierge/authentication
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=idp.concierge.pinniped.dev
+// +groupName=authentication.concierge.pinniped.dev
-// +groupGoName=IDP
 
 // Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
 package v1alpha1

generated/1.18/apis/concierge/authentication/v1alpha1/register.go

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "idp.concierge.pinniped.dev"
+const GroupName = "authentication.concierge.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

generated/1.18/apis/concierge/authentication/zz_generated.deepcopy.go

@@ -5,4 +5,4 @@
 
 // Code generated by deepcopy-gen. DO NOT EDIT.
 
-package idp
+package authentication

generated/1.18/apis/concierge/idp/doc.go

@@ -1,8 +0,0 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=idp.concierge.pinniped.dev
-
-// Package idp is the internal version of the Pinniped identity provider API.
-package idp

generated/1.18/client/clientset/versioned/clientset.go

@@ -8,8 +8,8 @@ package versioned
 import (
 	"fmt"
 
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/config/v1alpha1"
-	idpv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/login/v1alpha1"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
@@ -18,8 +18,8 @@ import (
 
 type Interface interface {
 	Discovery() discovery.DiscoveryInterface
+	AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
 	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
-	IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
 	LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
 }
 
@@ -27,21 +27,21 @@ type Interface interface {
 // version included in a Clientset.
 type Clientset struct {
 	*discovery.DiscoveryClient
+	authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
 	configV1alpha1         *configv1alpha1.ConfigV1alpha1Client
-	iDPV1alpha1    *idpv1alpha1.IDPV1alpha1Client
 	loginV1alpha1          *loginv1alpha1.LoginV1alpha1Client
 }
 
+// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
+func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
+	return c.authenticationV1alpha1
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return c.configV1alpha1
 }
 
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return c.iDPV1alpha1
-}
-
 // LoginV1alpha1 retrieves the LoginV1alpha1Client
 func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
 	return c.loginV1alpha1
@@ -68,11 +68,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	}
 	var cs Clientset
 	var err error
-	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
+	cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
 	}
-	cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy)
+	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
 	}
@@ -92,8 +92,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 // panics if there is an error in the config.
 func NewForConfigOrDie(c *rest.Config) *Clientset {
 	var cs Clientset
+	cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
 	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
-	cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
 	cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
@@ -103,8 +103,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
 // New creates a new Clientset for the given RESTClient.
 func New(c rest.Interface) *Clientset {
 	var cs Clientset
+	cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
 	cs.configV1alpha1 = configv1alpha1.New(c)
-	cs.iDPV1alpha1 = idpv1alpha1.New(c)
 	cs.loginV1alpha1 = loginv1alpha1.New(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)

generated/1.18/client/clientset/versioned/fake/clientset_generated.go

@@ -7,10 +7,10 @@ package fake
 
 import (
 	clientset "go.pinniped.dev/generated/1.18/client/clientset/versioned"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1"
+	fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1/fake"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/config/v1alpha1"
 	fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/config/v1alpha1/fake"
-	idpv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1"
-	fakeidpv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake"
 	loginv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/login/v1alpha1"
 	fakeloginv1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -67,16 +67,16 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
 
 var _ clientset.Interface = &Clientset{}
 
+// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
+func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
+	return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
 }
 
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
-}
-
 // LoginV1alpha1 retrieves the LoginV1alpha1Client
 func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
 	return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake}

generated/1.18/client/clientset/versioned/fake/register.go

@@ -6,7 +6,7 @@
 package fake
 
 import (
-	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/apis/config/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,8 +20,8 @@ var scheme = runtime.NewScheme()
 var codecs = serializer.NewCodecFactory(scheme)
 var parameterCodec = runtime.NewParameterCodec(scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	authenticationv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
-	idpv1alpha1.AddToScheme,
 	loginv1alpha1.AddToScheme,
 }
 

generated/1.18/client/clientset/versioned/scheme/register.go

@@ -6,7 +6,7 @@
 package scheme
 
 import (
-	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.18/apis/config/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -20,8 +20,8 @@ var Scheme = runtime.NewScheme()
 var Codecs = serializer.NewCodecFactory(Scheme)
 var ParameterCodec = runtime.NewParameterCodec(Scheme)
 var localSchemeBuilder = runtime.SchemeBuilder{
+	authenticationv1alpha1.AddToScheme,
 	configv1alpha1.AddToScheme,
-	idpv1alpha1.AddToScheme,
 	loginv1alpha1.AddToScheme,
 }
 

generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go

@@ -6,27 +6,27 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	"go.pinniped.dev/generated/1.18/client/clientset/versioned/scheme"
 	rest "k8s.io/client-go/rest"
 )
 
-type IDPV1alpha1Interface interface {
+type AuthenticationV1alpha1Interface interface {
 	RESTClient() rest.Interface
 	WebhookIdentityProvidersGetter
 }
 
-// IDPV1alpha1Client is used to interact with features provided by the idp.concierge.pinniped.dev group.
+// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.concierge.pinniped.dev group.
-type IDPV1alpha1Client struct {
+type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
 
-func (c *IDPV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface {
+func (c *AuthenticationV1alpha1Client) WebhookIdentityProviders(namespace string) WebhookIdentityProviderInterface {
 	return newWebhookIdentityProviders(c, namespace)
 }
 
-// NewForConfig creates a new IDPV1alpha1Client for the given config.
+// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
+func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
 	config := *c
 	if err := setConfigDefaults(&config); err != nil {
 		return nil, err
@@ -35,12 +35,12 @@ func NewForConfig(c *rest.Config) (*IDPV1alpha1Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &IDPV1alpha1Client{client}, nil
+	return &AuthenticationV1alpha1Client{client}, nil
 }
 
-// NewForConfigOrDie creates a new IDPV1alpha1Client for the given config and
+// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
 // panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
+func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
 	client, err := NewForConfig(c)
 	if err != nil {
 		panic(err)
@@ -48,9 +48,9 @@ func NewForConfigOrDie(c *rest.Config) *IDPV1alpha1Client {
 	return client
 }
 
-// New creates a new IDPV1alpha1Client for the given RESTClient.
+// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *IDPV1alpha1Client {
+func New(c rest.Interface) *AuthenticationV1alpha1Client {
-	return &IDPV1alpha1Client{c}
+	return &AuthenticationV1alpha1Client{c}
 }
 
 func setConfigDefaults(config *rest.Config) error {
@@ -68,7 +68,7 @@ func setConfigDefaults(config *rest.Config) error {
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *IDPV1alpha1Client) RESTClient() rest.Interface {
+func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
 	if c == nil {
 		return nil
 	}

generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go

@@ -6,22 +6,22 @@
 package fake
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1"
 	rest "k8s.io/client-go/rest"
 	testing "k8s.io/client-go/testing"
 )
 
-type FakeIDPV1alpha1 struct {
+type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
 
-func (c *FakeIDPV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookIdentityProviders(namespace string) v1alpha1.WebhookIdentityProviderInterface {
 	return &FakeWebhookIdentityProviders{c, namespace}
 }
 
 // RESTClient returns a RESTClient that is used to communicate
 // with API server by this client implementation.
-func (c *FakeIDPV1alpha1) RESTClient() rest.Interface {
+func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
 	var ret *rest.RESTClient
 	return ret
 }

generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookidentityprovider.go

@@ -8,7 +8,7 @@ package fake
 import (
 	"context"
 
-	v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -19,13 +19,13 @@ import (
 
 // FakeWebhookIdentityProviders implements WebhookIdentityProviderInterface
 type FakeWebhookIdentityProviders struct {
-	Fake *FakeIDPV1alpha1
+	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 
-var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "idp.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"}
+var webhookidentityprovidersResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookidentityproviders"}
 
-var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "idp.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"}
+var webhookidentityprovidersKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookIdentityProvider"}
 
 // Get takes name of the webhookIdentityProvider, and returns the corresponding webhookIdentityProvider object, and an error if there is any.
 func (c *FakeWebhookIdentityProviders) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookIdentityProvider, err error) {

generated/1.18/client/clientset/versioned/typed/authentication/v1alpha1/webhookidentityprovider.go

@@ -9,7 +9,7 @@ import (
 	"context"
 	"time"
 
-	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	scheme "go.pinniped.dev/generated/1.18/client/clientset/versioned/scheme"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	types "k8s.io/apimachinery/pkg/types"
@@ -44,7 +44,7 @@ type webhookIdentityProviders struct {
 }
 
 // newWebhookIdentityProviders returns a WebhookIdentityProviders
-func newWebhookIdentityProviders(c *IDPV1alpha1Client, namespace string) *webhookIdentityProviders {
+func newWebhookIdentityProviders(c *AuthenticationV1alpha1Client, namespace string) *webhookIdentityProviders {
 	return &webhookIdentityProviders{
 		client: c.RESTClient(),
 		ns:     namespace,

generated/1.18/client/informers/externalversions/authentication/interface.go

@@ -3,10 +3,10 @@
 
 // Code generated by informer-gen. DO NOT EDIT.
 
-package idp
+package authentication
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.18/client/informers/externalversions/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/client/informers/externalversions/authentication/v1alpha1"
 	internalinterfaces "go.pinniped.dev/generated/1.18/client/informers/externalversions/internalinterfaces"
 )
 

generated/1.18/client/informers/externalversions/authentication/v1alpha1/webhookidentityprovider.go

@@ -9,10 +9,10 @@ import (
 	"context"
 	time "time"
 
-	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	versioned "go.pinniped.dev/generated/1.18/client/clientset/versioned"
 	internalinterfaces "go.pinniped.dev/generated/1.18/client/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.18/client/listers/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/client/listers/authentication/v1alpha1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"
@@ -49,16 +49,16 @@ func NewFilteredWebhookIdentityProviderInformer(client versioned.Interface, name
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.IDPV1alpha1().WebhookIdentityProviders(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookIdentityProviders(namespace).List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.IDPV1alpha1().WebhookIdentityProviders(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookIdentityProviders(namespace).Watch(context.TODO(), options)
 			},
 		},
-		&idpv1alpha1.WebhookIdentityProvider{},
+		&authenticationv1alpha1.WebhookIdentityProvider{},
 		resyncPeriod,
 		indexers,
 	)
@@ -69,7 +69,7 @@ func (f *webhookIdentityProviderInformer) defaultInformer(client versioned.Inter
 }
 
 func (f *webhookIdentityProviderInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&idpv1alpha1.WebhookIdentityProvider{}, f.defaultInformer)
+	return f.factory.InformerFor(&authenticationv1alpha1.WebhookIdentityProvider{}, f.defaultInformer)
 }
 
 func (f *webhookIdentityProviderInformer) Lister() v1alpha1.WebhookIdentityProviderLister {

generated/1.18/client/informers/externalversions/factory.go

@@ -11,8 +11,8 @@ import (
 	time "time"
 
 	versioned "go.pinniped.dev/generated/1.18/client/clientset/versioned"
+	authentication "go.pinniped.dev/generated/1.18/client/informers/externalversions/authentication"
 	config "go.pinniped.dev/generated/1.18/client/informers/externalversions/config"
-	idp "go.pinniped.dev/generated/1.18/client/informers/externalversions/idp"
 	internalinterfaces "go.pinniped.dev/generated/1.18/client/informers/externalversions/internalinterfaces"
 	login "go.pinniped.dev/generated/1.18/client/informers/externalversions/login"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -161,19 +161,19 @@ type SharedInformerFactory interface {
 	ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
 	WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
 
+	Authentication() authentication.Interface
 	Config() config.Interface
-	IDP() idp.Interface
 	Login() login.Interface
 }
 
+func (f *sharedInformerFactory) Authentication() authentication.Interface {
+	return authentication.New(f, f.namespace, f.tweakListOptions)
+}
+
 func (f *sharedInformerFactory) Config() config.Interface {
 	return config.New(f, f.namespace, f.tweakListOptions)
 }
 
-func (f *sharedInformerFactory) IDP() idp.Interface {
-	return idp.New(f, f.namespace, f.tweakListOptions)
-}
-
 func (f *sharedInformerFactory) Login() login.Interface {
 	return login.New(f, f.namespace, f.tweakListOptions)
 }

generated/1.18/client/informers/externalversions/generic.go

@@ -8,9 +8,9 @@ package externalversions
 import (
 	"fmt"
 
-	idpv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1"
-	v1alpha1 "go.pinniped.dev/generated/1.18/apis/config/v1alpha1"
+	configv1alpha1 "go.pinniped.dev/generated/1.18/apis/config/v1alpha1"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 	cache "k8s.io/client-go/tools/cache"
 )
@@ -41,15 +41,15 @@ func (f *genericInformer) Lister() cache.GenericLister {
 // TODO extend this to unknown resources with a client pool
 func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) {
 	switch resource {
-	// Group=config.pinniped.dev, Version=v1alpha1
+	// Group=authentication.concierge.pinniped.dev, Version=v1alpha1
-	case v1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"):
+	case v1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().WebhookIdentityProviders().Informer()}, nil
-	case v1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil
 
-		// Group=idp.concierge.pinniped.dev, Version=v1alpha1
+		// Group=config.pinniped.dev, Version=v1alpha1
-	case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"):
+	case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuerconfigs"):
-		return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuerConfigs().Informer()}, nil
+	case configv1alpha1.SchemeGroupVersion.WithResource("oidcproviderconfigs"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().OIDCProviderConfigs().Informer()}, nil
 
 		// Group=login.concierge.pinniped.dev, Version=v1alpha1
 	case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"):

generated/1.18/client/listers/authentication/v1alpha1/webhookidentityprovider.go

@@ -6,7 +6,7 @@
 package v1alpha1
 
 import (
-	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1"
+	v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/tools/cache"

generated/1.18/client/openapi/zz_generated.openapi.go

@@ -17,12 +17,12 @@ import (
 
 func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
 	return map[string]common.OpenAPIDefinition{
-		"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.Condition":                      schema_apis_concierge_idp_v1alpha1_Condition(ref),
+		"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.Condition":                     schema_apis_concierge_authentication_v1alpha1_Condition(ref),
-		"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.TLSSpec":                        schema_apis_concierge_idp_v1alpha1_TLSSpec(ref),
+		"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.TLSSpec":                       schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref),
-		"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProvider":        schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref),
+		"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProvider":       schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProvider(ref),
-		"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderList":    schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref),
+		"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderList":   schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderList(ref),
-		"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderSpec":    schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref),
+		"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderSpec":   schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderSpec(ref),
-		"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderStatus":  schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref),
+		"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderStatus": schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderStatus(ref),
 		"go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.ClusterCredential":                      schema_apis_concierge_login_v1alpha1_ClusterCredential(ref),
 		"go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequest":                 schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref),
 		"go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestList":             schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref),
@@ -91,7 +91,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -148,7 +148,7 @@ func schema_apis_concierge_idp_v1alpha1_Condition(ref common.ReferenceCallback)
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_TLSSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -168,7 +168,7 @@ func schema_apis_concierge_idp_v1alpha1_TLSSpec(ref common.ReferenceCallback) co
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -197,13 +197,13 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref common.Refer
 					"spec": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Spec for configuring the identity provider.",
-							Ref:         ref("go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderSpec"),
+							Ref:         ref("go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderSpec"),
 						},
 					},
 					"status": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Status of the identity provider.",
-							Ref:         ref("go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderStatus"),
+							Ref:         ref("go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderStatus"),
 						},
 					},
 				},
@@ -211,11 +211,11 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProvider(ref common.Refer
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderSpec", "go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
+			"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderSpec", "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProviderStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderList(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -247,7 +247,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref common.R
 							Items: &spec.SchemaOrArray{
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
-										Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProvider"),
+										Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProvider"),
 									},
 								},
 							},
@@ -258,11 +258,11 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderList(ref common.R
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
+			"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.WebhookIdentityProvider", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -279,7 +279,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.R
 					"tls": {
 						SchemaProps: spec.SchemaProps{
 							Description: "TLS configuration.",
-							Ref:         ref("go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.TLSSpec"),
+							Ref:         ref("go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.TLSSpec"),
 						},
 					},
 				},
@@ -287,11 +287,11 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderSpec(ref common.R
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.TLSSpec"},
+			"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.TLSSpec"},
 	}
 }
 
-func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_apis_concierge_authentication_v1alpha1_WebhookIdentityProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -315,7 +315,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref common
 							Items: &spec.SchemaOrArray{
 								Schema: &spec.Schema{
 									SchemaProps: spec.SchemaProps{
-										Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.Condition"),
+										Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.Condition"),
 									},
 								},
 							},
@@ -325,7 +325,7 @@ func schema_apis_concierge_idp_v1alpha1_WebhookIdentityProviderStatus(ref common
 			},
 		},
 		Dependencies: []string{
-			"go.pinniped.dev/generated/1.18/apis/concierge/idp/v1alpha1.Condition"},
+			"go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1.Condition"},
 	}
 }
 

generated/1.18/crds/authentication.concierge.pinniped.dev_webhookidentityproviders.yaml

@@ -6,9 +6,9 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
-  name: webhookidentityproviders.idp.concierge.pinniped.dev
+  name: webhookidentityproviders.authentication.concierge.pinniped.dev
 spec:
-  group: idp.concierge.pinniped.dev
+  group: authentication.concierge.pinniped.dev
   names:
     categories:
     - all

generated/1.19/README.adoc

@@ -5,11 +5,115 @@
 == API Reference
 
 .Packages
+- xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-config-pinniped-dev-v1alpha1[$$config.pinniped.dev/v1alpha1$$]
-- xref:{anchor_prefix}-idp-concierge-pinniped-dev-v1alpha1[$$idp.concierge.pinniped.dev/v1alpha1$$]
 - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$]
 
 
+[id="{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1"]
+=== authentication.concierge.pinniped.dev/v1alpha1
+
+Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-condition"]
+==== Condition 
+
+Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
+| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-tlsspec"]
+==== TLSSpec 
+
+Configuration for configuring TLS on various identity providers.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityprovider"]
+==== WebhookIdentityProvider 
+
+WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
+
+| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
+| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
+|===
+
+
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderspec"]
+==== WebhookIdentityProviderSpec 
+
+Spec for configuring a webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`endpoint`* __string__ | Webhook server endpoint URL.
+| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
+|===
+
+
+[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityproviderstatus"]
+==== WebhookIdentityProviderStatus 
+
+Status of a webhook identity provider.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-authentication-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
+|===
+
+
+
 [id="{anchor_prefix}-config-pinniped-dev-v1alpha1"]
 === config.pinniped.dev/v1alpha1
 
@@ -161,110 +265,6 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
 
 
 
-[id="{anchor_prefix}-idp-concierge-pinniped-dev-v1alpha1"]
-=== idp.concierge.pinniped.dev/v1alpha1
-
-Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-condition"]
-==== Condition 
-
-Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
-| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
-| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
-| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-tlsspec"]
-==== TLSSpec 
-
-Configuration for configuring TLS on various identity providers.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityprovider"]
-==== WebhookIdentityProvider 
-
-WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
-
-| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
-| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
-|===
-
-
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderspec"]
-==== WebhookIdentityProviderSpec 
-
-Spec for configuring a webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`endpoint`* __string__ | Webhook server endpoint URL.
-| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
-|===
-
-
-[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityproviderstatus"]
-==== WebhookIdentityProviderStatus 
-
-Status of a webhook identity provider.
-
-.Appears In:
-****
-- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
-****
-
-[cols="25a,75a", options="header"]
-|===
-| Field | Description
-| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
-|===
-
-
-
 [id="{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1"]
 === login.concierge.pinniped.dev/v1alpha1
 

generated/1.19/apis/concierge/authentication/doc.go

@@ -0,0 +1,8 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=authentication.concierge.pinniped.dev
+
+// Package authentication is the internal version of the Pinniped identity provider API.
+package authentication

generated/1.19/apis/concierge/authentication/v1alpha1/doc.go

@@ -3,10 +3,9 @@
 
 // +k8s:openapi-gen=true
 // +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.19/apis/concierge/idp
+// +k8s:conversion-gen=go.pinniped.dev/generated/1.19/apis/concierge/authentication
 // +k8s:defaulter-gen=TypeMeta
-// +groupName=idp.concierge.pinniped.dev
+// +groupName=authentication.concierge.pinniped.dev
-// +groupGoName=IDP
 
 // Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
 package v1alpha1

generated/1.19/apis/concierge/authentication/v1alpha1/register.go

@@ -9,7 +9,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-const GroupName = "idp.concierge.pinniped.dev"
+const GroupName = "authentication.concierge.pinniped.dev"
 
 // SchemeGroupVersion is group version used to register these objects.
 var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

generated/1.19/apis/concierge/authentication/zz_generated.deepcopy.go

@@ -5,4 +5,4 @@
 
 // Code generated by deepcopy-gen. DO NOT EDIT.
 
-package idp
+package authentication

generated/1.19/apis/concierge/idp/doc.go

@@ -1,8 +0,0 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:deepcopy-gen=package
-// +groupName=idp.concierge.pinniped.dev
-
-// Package idp is the internal version of the Pinniped identity provider API.
-package idp

generated/1.19/client/clientset/versioned/clientset.go

@@ -8,8 +8,8 @@ package versioned
 import (
 	"fmt"
 
+	authenticationv1alpha1 "go.pinniped.dev/generated/1.19/client/clientset/versioned/typed/authentication/v1alpha1"
 	configv1alpha1 "go.pinniped.dev/generated/1.19/client/clientset/versioned/typed/config/v1alpha1"
-	idpv1alpha1 "go.pinniped.dev/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1"
 	loginv1alpha1 "go.pinniped.dev/generated/1.19/client/clientset/versioned/typed/login/v1alpha1"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
@@ -18,8 +18,8 @@ import (
 
 type Interface interface {
 	Discovery() discovery.DiscoveryInterface
+	AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
 	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
-	IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
 	LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
 }
 
@@ -27,21 +27,21 @@ type Interface interface {
 // version included in a Clientset.
 type Clientset struct {
 	*discovery.DiscoveryClient
+	authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
 	configV1alpha1         *configv1alpha1.ConfigV1alpha1Client
-	iDPV1alpha1    *idpv1alpha1.IDPV1alpha1Client
 	loginV1alpha1          *loginv1alpha1.LoginV1alpha1Client
 }
 
+// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
+func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
+	return c.authenticationV1alpha1
+}
+
 // ConfigV1alpha1 retrieves the ConfigV1alpha1Client
 func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
 	return c.configV1alpha1
 }
 
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return c.iDPV1alpha1
-}
-
 // LoginV1alpha1 retrieves the LoginV1alpha1Client
 func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
 	return c.loginV1alpha1
@@ -68,11 +68,11 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 	}
 	var cs Clientset
 	var err error
-	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
+	cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
 	}
-	cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy)
+	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
 	if err != nil {
 		return nil, err
 	}
@@ -92,8 +92,8 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
 // panics if there is an error in the config.
 func NewForConfigOrDie(c *rest.Config) *Clientset {
 	var cs Clientset
+	cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
 	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
-	cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
 	cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
@@ -103,8 +103,8 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
 // New creates a new Clientset for the given RESTClient.
 func New(c rest.Interface) *Clientset {
 	var cs Clientset
+	cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
 	cs.configV1alpha1 = configv1alpha1.New(c)
-	cs.iDPV1alpha1 = idpv1alpha1.New(c)
 	cs.loginV1alpha1 = loginv1alpha1.New(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)