diff --git a/apis/concierge/identity/doc.go.tmpl b/apis/concierge/identity/doc.go.tmpl new file mode 100644 index 00000000..6d821566 --- /dev/null +++ b/apis/concierge/identity/doc.go.tmpl @@ -0,0 +1,8 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=identity.concierge.pinniped.dev + +// Package identity is the internal version of the Pinniped identity API. +package identity diff --git a/apis/concierge/identity/register.go.tmpl b/apis/concierge/identity/register.go.tmpl new file mode 100644 index 00000000..ad0fe3ab --- /dev/null +++ b/apis/concierge/identity/register.go.tmpl @@ -0,0 +1,38 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + return nil +} diff --git a/apis/concierge/identity/types_userinfo.go.tmpl b/apis/concierge/identity/types_userinfo.go.tmpl new file mode 100644 index 00000000..fdd5b258 --- /dev/null +++ b/apis/concierge/identity/types_userinfo.go.tmpl @@ -0,0 +1,37 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo + // Audiences are audience identifiers chosen by the authenticator. + Audiences []string +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string + // The names of groups this user is a part of. + Groups []string + // Any additional information provided by the authenticator. + Extra map[string]ExtraValue +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/apis/concierge/identity/types_whoami.go.tmpl b/apis/concierge/identity/types_whoami.go.tmpl new file mode 100644 index 00000000..133a9a8e --- /dev/null +++ b/apis/concierge/identity/types_whoami.go.tmpl @@ -0,0 +1,40 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec WhoAmIRequestSpec + Status WhoAmIRequestStatus +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest +} diff --git a/apis/concierge/identity/v1alpha1/conversion.go.tmpl b/apis/concierge/identity/v1alpha1/conversion.go.tmpl new file mode 100644 index 00000000..e7e86b85 --- /dev/null +++ b/apis/concierge/identity/v1alpha1/conversion.go.tmpl @@ -0,0 +1,4 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/apis/concierge/identity/v1alpha1/defaults.go.tmpl b/apis/concierge/identity/v1alpha1/defaults.go.tmpl new file mode 100644 index 00000000..8953e608 --- /dev/null +++ b/apis/concierge/identity/v1alpha1/defaults.go.tmpl @@ -0,0 +1,12 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/apis/concierge/identity/v1alpha1/doc.go.tmpl b/apis/concierge/identity/v1alpha1/doc.go.tmpl new file mode 100644 index 00000000..d5464c0c --- /dev/null +++ b/apis/concierge/identity/v1alpha1/doc.go.tmpl @@ -0,0 +1,11 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/concierge/identity +// +k8s:defaulter-gen=TypeMeta +// +groupName=identity.concierge.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. +package v1alpha1 diff --git a/apis/concierge/identity/v1alpha1/register.go.tmpl b/apis/concierge/identity/v1alpha1/register.go.tmpl new file mode 100644 index 00000000..09ecfad8 --- /dev/null +++ b/apis/concierge/identity/v1alpha1/register.go.tmpl @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/apis/concierge/identity/v1alpha1/types_userinfo.go.tmpl b/apis/concierge/identity/v1alpha1/types_userinfo.go.tmpl new file mode 100644 index 00000000..dc15fd36 --- /dev/null +++ b/apis/concierge/identity/v1alpha1/types_userinfo.go.tmpl @@ -0,0 +1,41 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo `json:"user"` + // Audiences are audience identifiers chosen by the authenticator. + // +optional + Audiences []string `json:"audiences,omitempty"` +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string `json:"username"` + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + UID string `json:"uid,omitempty"` + // The names of groups this user is a part of. + // +optional + Groups []string `json:"groups,omitempty"` + // Any additional information provided by the authenticator. + // +optional + Extra map[string]ExtraValue `json:"extra,omitempty"` +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/apis/concierge/identity/v1alpha1/types_whoami.go.tmpl b/apis/concierge/identity/v1alpha1/types_whoami.go.tmpl new file mode 100644 index 00000000..b9ecadb4 --- /dev/null +++ b/apis/concierge/identity/v1alpha1/types_whoami.go.tmpl @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WhoAmIRequestSpec `json:"spec,omitempty"` + Status WhoAmIRequestStatus `json:"status,omitempty"` +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"` + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest `json:"items"` +} diff --git a/apis/concierge/identity/validation/validation.go.tmpl b/apis/concierge/identity/validation/validation.go.tmpl new file mode 100644 index 00000000..05eb0746 --- /dev/null +++ b/apis/concierge/identity/validation/validation.go.tmpl @@ -0,0 +1,14 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + identityapi "go.pinniped.dev/GENERATED_PKG/apis/concierge/identity" +) + +func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList { + return nil // add validation for spec here if we expand it +} diff --git a/apis/concierge/login/v1alpha1/types_token.go.tmpl b/apis/concierge/login/v1alpha1/types_token.go.tmpl index 66b744f3..53e25645 100644 --- a/apis/concierge/login/v1alpha1/types_token.go.tmpl +++ b/apis/concierge/login/v1alpha1/types_token.go.tmpl @@ -31,6 +31,7 @@ type TokenCredentialRequestStatus struct { // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. // +genclient // +genclient:nonNamespaced +// +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type TokenCredentialRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/cmd/pinniped/cmd/kubeconfig.go b/cmd/pinniped/cmd/kubeconfig.go index 536a2e17..90c72f8f 100644 --- a/cmd/pinniped/cmd/kubeconfig.go +++ b/cmd/pinniped/cmd/kubeconfig.go @@ -108,7 +108,7 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command { f.StringVar(&namespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed") f.StringVar(&flags.concierge.authenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt') (default: autodiscover)") f.StringVar(&flags.concierge.authenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name (default: autodiscover)") - f.StringVar(&flags.concierge.apiGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix") + f.StringVar(&flags.concierge.apiGroupSuffix, "concierge-api-group-suffix", groupsuffix.PinnipedDefaultSuffix, "Concierge API group suffix") f.StringVar(&flags.oidc.issuer, "oidc-issuer", "", "OpenID Connect issuer URL (default: autodiscover)") f.StringVar(&flags.oidc.clientID, "oidc-client-id", "pinniped-cli", "OpenID Connect client ID (default: autodiscover)") diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go index 07cb3560..f9f258b2 100644 --- a/cmd/pinniped/cmd/login_oidc.go +++ b/cmd/pinniped/cmd/login_oidc.go @@ -22,6 +22,7 @@ import ( clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" "k8s.io/klog/v2/klogr" + "go.pinniped.dev/internal/groupsuffix" "go.pinniped.dev/pkg/conciergeclient" "go.pinniped.dev/pkg/oidcclient" "go.pinniped.dev/pkg/oidcclient/filesession" @@ -93,7 +94,7 @@ func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command { cmd.Flags().StringVar(&flags.conciergeAuthenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name") cmd.Flags().StringVar(&flags.conciergeEndpoint, "concierge-endpoint", "", "API base for the Pinniped concierge endpoint") cmd.Flags().StringVar(&flags.conciergeCABundle, "concierge-ca-bundle-data", "", "CA bundle to use when connecting to the concierge") - cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix") + cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", groupsuffix.PinnipedDefaultSuffix, "Concierge API group suffix") mustMarkHidden(cmd, "debug-session-cache") mustMarkRequired(cmd, "issuer") diff --git a/cmd/pinniped/cmd/login_static.go b/cmd/pinniped/cmd/login_static.go index 863afc28..6b391d19 100644 --- a/cmd/pinniped/cmd/login_static.go +++ b/cmd/pinniped/cmd/login_static.go @@ -14,6 +14,7 @@ import ( "github.com/spf13/cobra" clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" + "go.pinniped.dev/internal/groupsuffix" "go.pinniped.dev/pkg/conciergeclient" "go.pinniped.dev/pkg/oidcclient/oidctypes" ) @@ -67,7 +68,7 @@ func staticLoginCommand(deps staticLoginDeps) *cobra.Command { cmd.Flags().StringVar(&flags.conciergeAuthenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name") cmd.Flags().StringVar(&flags.conciergeEndpoint, "concierge-endpoint", "", "API base for the Pinniped concierge endpoint") cmd.Flags().StringVar(&flags.conciergeCABundle, "concierge-ca-bundle-data", "", "CA bundle to use when connecting to the concierge") - cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix") + cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", groupsuffix.PinnipedDefaultSuffix, "Concierge API group suffix") cmd.RunE = func(cmd *cobra.Command, args []string) error { return runStaticLogin(cmd.OutOrStdout(), deps, flags) } mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore") diff --git a/deploy/concierge/deployment.yaml b/deploy/concierge/deployment.yaml index 535cf1f1..58a5098b 100644 --- a/deploy/concierge/deployment.yaml +++ b/deploy/concierge/deployment.yaml @@ -204,3 +204,19 @@ spec: name: #@ defaultResourceNameWithSuffix("api") namespace: #@ namespace() port: 443 +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: #@ pinnipedDevAPIGroupWithPrefix("v1alpha1.identity.concierge") + labels: #@ labels() +spec: + version: v1alpha1 + group: #@ pinnipedDevAPIGroupWithPrefix("identity.concierge") + groupPriorityMinimum: 9900 + versionPriority: 15 + #! caBundle: Do not include this key here. Starts out null, will be updated/owned by the golang code. + service: + name: #@ defaultResourceNameWithSuffix("api") + namespace: #@ namespace() + port: 443 diff --git a/deploy/concierge/rbac.yaml b/deploy/concierge/rbac.yaml index e74ae281..427af70e 100644 --- a/deploy/concierge/rbac.yaml +++ b/deploy/concierge/rbac.yaml @@ -133,18 +133,22 @@ roleRef: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: #@ defaultResourceNameWithSuffix("create-token-credential-requests") + name: #@ defaultResourceNameWithSuffix("pre-authn-apis") labels: #@ labels() rules: - apiGroups: - #@ pinnipedDevAPIGroupWithPrefix("login.concierge") resources: [ tokencredentialrequests ] - verbs: [ create ] + verbs: [ create, list ] + - apiGroups: + - #@ pinnipedDevAPIGroupWithPrefix("identity.concierge") + resources: [ whoamirequests ] + verbs: [ create, list ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: #@ defaultResourceNameWithSuffix("create-token-credential-requests") + name: #@ defaultResourceNameWithSuffix("pre-authn-apis") labels: #@ labels() subjects: - kind: Group @@ -155,7 +159,7 @@ subjects: apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole - name: #@ defaultResourceNameWithSuffix("create-token-credential-requests") + name: #@ defaultResourceNameWithSuffix("pre-authn-apis") apiGroup: rbac.authorization.k8s.io #! Give permissions for subjectaccessreviews, tokenreview that is needed by aggregated api servers diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 78e691e8..d909c9de 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -8,6 +8,8 @@ - xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1[$$config.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-supervisor-pinniped-dev-v1alpha1[$$config.supervisor.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-identity[$$identity.concierge.pinniped.dev/identity$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] @@ -404,6 +406,203 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an +[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] +=== identity.concierge.pinniped.dev/identity + +Package identity is the internal version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`User`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`Audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`Username`* __string__ | The name that uniquely identifies this user among all active users. +| *`UID`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`Groups`* __string array__ | The names of groups this user is a part of. +| *`Extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`ObjectMeta`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | +| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`KubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + +[id="{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1"] +=== identity.concierge.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`user`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`username`* __string__ | The name that uniquely identifies this user among all active users. +| *`uid`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`groups`* __string array__ | The names of groups this user is a part of. +| *`extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`kubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + [id="{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1"] === idp.supervisor.pinniped.dev/v1alpha1 diff --git a/generated/1.17/apis/concierge/identity/doc.go b/generated/1.17/apis/concierge/identity/doc.go new file mode 100644 index 00000000..6d821566 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/doc.go @@ -0,0 +1,8 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=identity.concierge.pinniped.dev + +// Package identity is the internal version of the Pinniped identity API. +package identity diff --git a/generated/1.17/apis/concierge/identity/register.go b/generated/1.17/apis/concierge/identity/register.go new file mode 100644 index 00000000..ad0fe3ab --- /dev/null +++ b/generated/1.17/apis/concierge/identity/register.go @@ -0,0 +1,38 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + return nil +} diff --git a/generated/1.17/apis/concierge/identity/types_userinfo.go b/generated/1.17/apis/concierge/identity/types_userinfo.go new file mode 100644 index 00000000..fdd5b258 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/types_userinfo.go @@ -0,0 +1,37 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo + // Audiences are audience identifiers chosen by the authenticator. + Audiences []string +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string + // The names of groups this user is a part of. + Groups []string + // Any additional information provided by the authenticator. + Extra map[string]ExtraValue +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.17/apis/concierge/identity/types_whoami.go b/generated/1.17/apis/concierge/identity/types_whoami.go new file mode 100644 index 00000000..133a9a8e --- /dev/null +++ b/generated/1.17/apis/concierge/identity/types_whoami.go @@ -0,0 +1,40 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec WhoAmIRequestSpec + Status WhoAmIRequestStatus +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/conversion.go b/generated/1.17/apis/concierge/identity/v1alpha1/conversion.go new file mode 100644 index 00000000..e7e86b85 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/defaults.go b/generated/1.17/apis/concierge/identity/v1alpha1/defaults.go new file mode 100644 index 00000000..8953e608 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/doc.go b/generated/1.17/apis/concierge/identity/v1alpha1/doc.go new file mode 100644 index 00000000..12e348a2 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/identity +// +k8s:defaulter-gen=TypeMeta +// +groupName=identity.concierge.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. +package v1alpha1 diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/register.go b/generated/1.17/apis/concierge/identity/v1alpha1/register.go new file mode 100644 index 00000000..09ecfad8 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/types_userinfo.go b/generated/1.17/apis/concierge/identity/v1alpha1/types_userinfo.go new file mode 100644 index 00000000..dc15fd36 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/types_userinfo.go @@ -0,0 +1,41 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo `json:"user"` + // Audiences are audience identifiers chosen by the authenticator. + // +optional + Audiences []string `json:"audiences,omitempty"` +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string `json:"username"` + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + UID string `json:"uid,omitempty"` + // The names of groups this user is a part of. + // +optional + Groups []string `json:"groups,omitempty"` + // Any additional information provided by the authenticator. + // +optional + Extra map[string]ExtraValue `json:"extra,omitempty"` +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/types_whoami.go b/generated/1.17/apis/concierge/identity/v1alpha1/types_whoami.go new file mode 100644 index 00000000..b9ecadb4 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/types_whoami.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WhoAmIRequestSpec `json:"spec,omitempty"` + Status WhoAmIRequestStatus `json:"status,omitempty"` +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"` + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest `json:"items"` +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.conversion.go b/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..8ff46c97 --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,234 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + identity "go.pinniped.dev/generated/1.17/apis/concierge/identity" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function. +func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s) +} + +func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function. +func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s) +} + +func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function. +func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s) +} + +func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function. +func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s) +} + +func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function. +func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s) +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..a6733d9d --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.defaults.go b/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..b954fa5e --- /dev/null +++ b/generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.17/apis/concierge/identity/validation/validation.go b/generated/1.17/apis/concierge/identity/validation/validation.go new file mode 100644 index 00000000..7cfab00c --- /dev/null +++ b/generated/1.17/apis/concierge/identity/validation/validation.go @@ -0,0 +1,14 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + identityapi "go.pinniped.dev/generated/1.17/apis/concierge/identity" +) + +func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList { + return nil // add validation for spec here if we expand it +} diff --git a/generated/1.17/apis/concierge/identity/zz_generated.deepcopy.go b/generated/1.17/apis/concierge/identity/zz_generated.deepcopy.go new file mode 100644 index 00000000..b80f7b8c --- /dev/null +++ b/generated/1.17/apis/concierge/identity/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package identity + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/apis/concierge/login/v1alpha1/types_token.go b/generated/1.17/apis/concierge/login/v1alpha1/types_token.go index 66b744f3..53e25645 100644 --- a/generated/1.17/apis/concierge/login/v1alpha1/types_token.go +++ b/generated/1.17/apis/concierge/login/v1alpha1/types_token.go @@ -31,6 +31,7 @@ type TokenCredentialRequestStatus struct { // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. // +genclient // +genclient:nonNamespaced +// +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type TokenCredentialRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.17/client/concierge/clientset/versioned/clientset.go b/generated/1.17/client/concierge/clientset/versioned/clientset.go index 529d2dd0..d5fbc377 100644 --- a/generated/1.17/client/concierge/clientset/versioned/clientset.go +++ b/generated/1.17/client/concierge/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface + IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client + identityV1alpha1 *identityv1alpha1.IdentityV1alpha1Client loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return c.configV1alpha1 } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return c.identityV1alpha1 +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return c.loginV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) + cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c) cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c) + cs.identityV1alpha1 = identityv1alpha1.New(c) cs.loginV1alpha1 = loginv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.17/client/concierge/clientset/versioned/fake/clientset_generated.go b/generated/1.17/client/concierge/clientset/versioned/fake/clientset_generated.go index a387a143..1752255e 100644 --- a/generated/1.17/client/concierge/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.17/client/concierge/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake" configv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake" + identityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1" + fakeidentityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake" loginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1" fakeloginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake} } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake} +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} diff --git a/generated/1.17/client/concierge/clientset/versioned/fake/register.go b/generated/1.17/client/concierge/clientset/versioned/fake/register.go index c13d440d..d590f7b5 100644 --- a/generated/1.17/client/concierge/clientset/versioned/fake/register.go +++ b/generated/1.17/client/concierge/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.17/client/concierge/clientset/versioned/scheme/register.go b/generated/1.17/client/concierge/clientset/versioned/scheme/register.go index f3a753aa..5e984daf 100644 --- a/generated/1.17/client/concierge/clientset/versioned/scheme/register.go +++ b/generated/1.17/client/concierge/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go new file mode 100644 index 00000000..471ef9f5 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go new file mode 100644 index 00000000..68c64650 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go new file mode 100644 index 00000000..fe0557e0 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -0,0 +1,27 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIdentityV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface { + return &FakeWhoAmIRequests{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go new file mode 100644 index 00000000..bf64bad7 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go @@ -0,0 +1,31 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + testing "k8s.io/client-go/testing" +) + +// FakeWhoAmIRequests implements WhoAmIRequestInterface +type FakeWhoAmIRequests struct { + Fake *FakeIdentityV1alpha1 +} + +var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"} + +var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *FakeWhoAmIRequests) Create(whoAmIRequest *v1alpha1.WhoAmIRequest) (result *v1alpha1.WhoAmIRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WhoAmIRequest), err +} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..8bea78ec --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WhoAmIRequestExpansion interface{} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go new file mode 100644 index 00000000..17f274df --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -0,0 +1,76 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1" + "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IdentityV1alpha1Interface interface { + RESTClient() rest.Interface + WhoAmIRequestsGetter +} + +// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group. +type IdentityV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface { + return newWhoAmIRequests(c) +} + +// NewForConfig creates a new IdentityV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IdentityV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IdentityV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IdentityV1alpha1Client { + return &IdentityV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IdentityV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go new file mode 100644 index 00000000..7632d169 --- /dev/null +++ b/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go @@ -0,0 +1,46 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1" + rest "k8s.io/client-go/rest" +) + +// WhoAmIRequestsGetter has a method to return a WhoAmIRequestInterface. +// A group's client should implement this interface. +type WhoAmIRequestsGetter interface { + WhoAmIRequests() WhoAmIRequestInterface +} + +// WhoAmIRequestInterface has methods to work with WhoAmIRequest resources. +type WhoAmIRequestInterface interface { + Create(*v1alpha1.WhoAmIRequest) (*v1alpha1.WhoAmIRequest, error) + WhoAmIRequestExpansion +} + +// whoAmIRequests implements WhoAmIRequestInterface +type whoAmIRequests struct { + client rest.Interface +} + +// newWhoAmIRequests returns a WhoAmIRequests +func newWhoAmIRequests(c *IdentityV1alpha1Client) *whoAmIRequests { + return &whoAmIRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *whoAmIRequests) Create(whoAmIRequest *v1alpha1.WhoAmIRequest) (result *v1alpha1.WhoAmIRequest, err error) { + result = &v1alpha1.WhoAmIRequest{} + err = c.client.Post(). + Resource("whoamirequests"). + Body(whoAmIRequest). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go index c34e2977..aa794422 100644 --- a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go +++ b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -7,11 +7,7 @@ package fake import ( v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -24,43 +20,6 @@ var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login. var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} - for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *FakeTokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts)) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { obj, err := c.Fake. @@ -70,49 +29,3 @@ func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.To } return obj.(*v1alpha1.TokenCredentialRequest), err } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *FakeTokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOptions) - - _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) - return err -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *FakeTokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} diff --git a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go index 592f6451..6e8cebee 100644 --- a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go +++ b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -6,13 +6,7 @@ package v1alpha1 import ( - "time" - v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" - scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" rest "k8s.io/client-go/rest" ) @@ -25,14 +19,6 @@ type TokenCredentialRequestsGetter interface { // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. type TokenCredentialRequestInterface interface { Create(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) - Update(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) - UpdateStatus(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) - Delete(name string, options *v1.DeleteOptions) error - DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error - Get(name string, options v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) - List(opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) - Watch(opts v1.ListOptions) (watch.Interface, error) - Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) TokenCredentialRequestExpansion } @@ -48,48 +34,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests } } -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *tokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *tokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TokenCredentialRequestList{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch() -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { result = &v1alpha1.TokenCredentialRequest{} @@ -100,68 +44,3 @@ func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenC Into(result) return } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - Body(tokenCredentialRequest). - Do(). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - -func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - SubResource("status"). - Body(tokenCredentialRequest). - Do(). - Into(result) - return -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *tokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tokencredentialrequests"). - Name(name). - Body(options). - Do(). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - var timeout time.Duration - if listOptions.TimeoutSeconds != nil { - timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tokencredentialrequests"). - VersionedParams(&listOptions, scheme.ParameterCodec). - Timeout(timeout). - Body(options). - Do(). - Error() -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *tokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Patch(pt). - Resource("tokencredentialrequests"). - SubResource(subresources...). - Name(name). - Body(data). - Do(). - Into(result) - return -} diff --git a/generated/1.17/client/concierge/informers/externalversions/factory.go b/generated/1.17/client/concierge/informers/externalversions/factory.go index 467bd4af..d717e7ff 100644 --- a/generated/1.17/client/concierge/informers/externalversions/factory.go +++ b/generated/1.17/client/concierge/informers/externalversions/factory.go @@ -14,7 +14,6 @@ import ( authentication "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/authentication" config "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/config" internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces" - login "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/login" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -163,7 +162,6 @@ type SharedInformerFactory interface { Authentication() authentication.Interface Config() config.Interface - Login() login.Interface } func (f *sharedInformerFactory) Authentication() authentication.Interface { @@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Authentication() authentication.Interface { func (f *sharedInformerFactory) Config() config.Interface { return config.New(f, f.namespace, f.tweakListOptions) } - -func (f *sharedInformerFactory) Login() login.Interface { - return login.New(f, f.namespace, f.tweakListOptions) -} diff --git a/generated/1.17/client/concierge/informers/externalversions/generic.go b/generated/1.17/client/concierge/informers/externalversions/generic.go index 6bf9841d..d48146d4 100644 --- a/generated/1.17/client/concierge/informers/externalversions/generic.go +++ b/generated/1.17/client/concierge/informers/externalversions/generic.go @@ -10,7 +10,6 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1" - loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -51,10 +50,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil - // Group=login.concierge.pinniped.dev, Version=v1alpha1 - case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil - } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/generated/1.17/client/concierge/informers/externalversions/login/interface.go b/generated/1.17/client/concierge/informers/externalversions/login/interface.go deleted file mode 100644 index b6138ce0..00000000 --- a/generated/1.17/client/concierge/informers/externalversions/login/interface.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package login - -import ( - internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go b/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go deleted file mode 100644 index 861b1eec..00000000 --- a/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // TokenCredentialRequests returns a TokenCredentialRequestInformer. - TokenCredentialRequests() TokenCredentialRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// TokenCredentialRequests returns a TokenCredentialRequestInformer. -func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { - return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index a3c41f76..00000000 --- a/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - time "time" - - loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" - versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/listers/login/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestInformer provides access to a shared informer and lister for -// TokenCredentialRequests. -type TokenCredentialRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.TokenCredentialRequestLister -} - -type tokenCredentialRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().List(options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().Watch(options) - }, - }, - &loginv1alpha1.TokenCredentialRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) -} - -func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { - return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go b/generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go deleted file mode 100644 index 3cdb9535..00000000 --- a/generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// TokenCredentialRequestListerExpansion allows custom methods to be added to -// TokenCredentialRequestLister. -type TokenCredentialRequestListerExpansion interface{} diff --git a/generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 5c058de4..00000000 --- a/generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestLister helps list TokenCredentialRequests. -type TokenCredentialRequestLister interface { - // List lists all TokenCredentialRequests in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) - // Get retrieves the TokenCredentialRequest from the index for a given name. - Get(name string) (*v1alpha1.TokenCredentialRequest, error) - TokenCredentialRequestListerExpansion -} - -// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. -type tokenCredentialRequestLister struct { - indexer cache.Indexer -} - -// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. -func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { - return &tokenCredentialRequestLister{indexer: indexer} -} - -// List lists all TokenCredentialRequests in the indexer. -func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) - }) - return ret, err -} - -// Get retrieves the TokenCredentialRequest from the index for a given name. -func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) - } - return obj.(*v1alpha1.TokenCredentialRequest), nil -} diff --git a/generated/1.17/client/concierge/openapi/zz_generated.openapi.go b/generated/1.17/client/concierge/openapi/zz_generated.openapi.go index d1570f13..680350e0 100644 --- a/generated/1.17/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/concierge/openapi/zz_generated.openapi.go @@ -17,6 +17,12 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.KubernetesUserInfo": schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.UserInfo": schema_apis_concierge_identity_v1alpha1_UserInfo(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequest": schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestList": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref), + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref), "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), @@ -76,6 +82,229 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA } } +func schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "user": { + SchemaProps: spec.SchemaProps{ + Description: "User is the UserInfo associated with the current user.", + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.UserInfo"), + }, + }, + "audiences": { + SchemaProps: spec.SchemaProps{ + Description: "Audiences are audience identifiers chosen by the authenticator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"user"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.UserInfo"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_UserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserInfo holds the information about the user needed to implement the user.Info interface.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "The name that uniquely identifies this user among all active users.", + Type: []string{"string"}, + Format: "", + }, + }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.", + Type: []string{"string"}, + Format: "", + }, + }, + "groups": { + SchemaProps: spec.SchemaProps{ + Description: "The names of groups this user is a part of.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "extra": { + SchemaProps: spec.SchemaProps{ + Description: "Any additional information provided by the authenticator.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + }, + Required: []string{"username"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequest submits a request to echo back the current authenticated user.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec", "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequestList is a list of WhoAmIRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Items is a list of WhoAmIRequest", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.WhoAmIRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kubernetesUserInfo": { + SchemaProps: spec.SchemaProps{ + Description: "The current authenticated user, exactly as Kubernetes understands it.", + Ref: ref("go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.KubernetesUserInfo"), + }, + }, + }, + Required: []string{"kubernetesUserInfo"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1.KubernetesUserInfo"}, + } +} + func schema_apis_concierge_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 2be2ab9b..a40e3568 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -8,6 +8,8 @@ - xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1[$$config.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-supervisor-pinniped-dev-v1alpha1[$$config.supervisor.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-identity[$$identity.concierge.pinniped.dev/identity$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] @@ -404,6 +406,203 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an +[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] +=== identity.concierge.pinniped.dev/identity + +Package identity is the internal version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`User`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`Audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`Username`* __string__ | The name that uniquely identifies this user among all active users. +| *`UID`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`Groups`* __string array__ | The names of groups this user is a part of. +| *`Extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`ObjectMeta`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | +| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`KubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + +[id="{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1"] +=== identity.concierge.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`user`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`username`* __string__ | The name that uniquely identifies this user among all active users. +| *`uid`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`groups`* __string array__ | The names of groups this user is a part of. +| *`extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`kubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + [id="{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1"] === idp.supervisor.pinniped.dev/v1alpha1 diff --git a/generated/1.18/apis/concierge/identity/doc.go b/generated/1.18/apis/concierge/identity/doc.go new file mode 100644 index 00000000..6d821566 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/doc.go @@ -0,0 +1,8 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=identity.concierge.pinniped.dev + +// Package identity is the internal version of the Pinniped identity API. +package identity diff --git a/generated/1.18/apis/concierge/identity/register.go b/generated/1.18/apis/concierge/identity/register.go new file mode 100644 index 00000000..ad0fe3ab --- /dev/null +++ b/generated/1.18/apis/concierge/identity/register.go @@ -0,0 +1,38 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + return nil +} diff --git a/generated/1.18/apis/concierge/identity/types_userinfo.go b/generated/1.18/apis/concierge/identity/types_userinfo.go new file mode 100644 index 00000000..fdd5b258 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/types_userinfo.go @@ -0,0 +1,37 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo + // Audiences are audience identifiers chosen by the authenticator. + Audiences []string +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string + // The names of groups this user is a part of. + Groups []string + // Any additional information provided by the authenticator. + Extra map[string]ExtraValue +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.18/apis/concierge/identity/types_whoami.go b/generated/1.18/apis/concierge/identity/types_whoami.go new file mode 100644 index 00000000..133a9a8e --- /dev/null +++ b/generated/1.18/apis/concierge/identity/types_whoami.go @@ -0,0 +1,40 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec WhoAmIRequestSpec + Status WhoAmIRequestStatus +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/conversion.go b/generated/1.18/apis/concierge/identity/v1alpha1/conversion.go new file mode 100644 index 00000000..e7e86b85 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/defaults.go b/generated/1.18/apis/concierge/identity/v1alpha1/defaults.go new file mode 100644 index 00000000..8953e608 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/doc.go b/generated/1.18/apis/concierge/identity/v1alpha1/doc.go new file mode 100644 index 00000000..7b075a7b --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=go.pinniped.dev/generated/1.18/apis/concierge/identity +// +k8s:defaulter-gen=TypeMeta +// +groupName=identity.concierge.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. +package v1alpha1 diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/register.go b/generated/1.18/apis/concierge/identity/v1alpha1/register.go new file mode 100644 index 00000000..09ecfad8 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/types_userinfo.go b/generated/1.18/apis/concierge/identity/v1alpha1/types_userinfo.go new file mode 100644 index 00000000..dc15fd36 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/types_userinfo.go @@ -0,0 +1,41 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo `json:"user"` + // Audiences are audience identifiers chosen by the authenticator. + // +optional + Audiences []string `json:"audiences,omitempty"` +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string `json:"username"` + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + UID string `json:"uid,omitempty"` + // The names of groups this user is a part of. + // +optional + Groups []string `json:"groups,omitempty"` + // Any additional information provided by the authenticator. + // +optional + Extra map[string]ExtraValue `json:"extra,omitempty"` +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/types_whoami.go b/generated/1.18/apis/concierge/identity/v1alpha1/types_whoami.go new file mode 100644 index 00000000..b9ecadb4 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/types_whoami.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WhoAmIRequestSpec `json:"spec,omitempty"` + Status WhoAmIRequestStatus `json:"status,omitempty"` +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"` + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest `json:"items"` +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.conversion.go b/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..7b705826 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,234 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + identity "go.pinniped.dev/generated/1.18/apis/concierge/identity" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function. +func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s) +} + +func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function. +func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s) +} + +func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function. +func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s) +} + +func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function. +func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s) +} + +func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function. +func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s) +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..a6733d9d --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.defaults.go b/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..b954fa5e --- /dev/null +++ b/generated/1.18/apis/concierge/identity/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.18/apis/concierge/identity/validation/validation.go b/generated/1.18/apis/concierge/identity/validation/validation.go new file mode 100644 index 00000000..6b823a68 --- /dev/null +++ b/generated/1.18/apis/concierge/identity/validation/validation.go @@ -0,0 +1,14 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + identityapi "go.pinniped.dev/generated/1.18/apis/concierge/identity" +) + +func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList { + return nil // add validation for spec here if we expand it +} diff --git a/generated/1.18/apis/concierge/identity/zz_generated.deepcopy.go b/generated/1.18/apis/concierge/identity/zz_generated.deepcopy.go new file mode 100644 index 00000000..b80f7b8c --- /dev/null +++ b/generated/1.18/apis/concierge/identity/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package identity + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/apis/concierge/login/v1alpha1/types_token.go b/generated/1.18/apis/concierge/login/v1alpha1/types_token.go index 66b744f3..53e25645 100644 --- a/generated/1.18/apis/concierge/login/v1alpha1/types_token.go +++ b/generated/1.18/apis/concierge/login/v1alpha1/types_token.go @@ -31,6 +31,7 @@ type TokenCredentialRequestStatus struct { // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. // +genclient // +genclient:nonNamespaced +// +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type TokenCredentialRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.18/client/concierge/clientset/versioned/clientset.go b/generated/1.18/client/concierge/clientset/versioned/clientset.go index b4585e5b..20ce843f 100644 --- a/generated/1.18/client/concierge/clientset/versioned/clientset.go +++ b/generated/1.18/client/concierge/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface + IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client + identityV1alpha1 *identityv1alpha1.IdentityV1alpha1Client loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return c.configV1alpha1 } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return c.identityV1alpha1 +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return c.loginV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) + cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c) cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c) + cs.identityV1alpha1 = identityv1alpha1.New(c) cs.loginV1alpha1 = loginv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.18/client/concierge/clientset/versioned/fake/clientset_generated.go b/generated/1.18/client/concierge/clientset/versioned/fake/clientset_generated.go index 460996d9..a448cbf4 100644 --- a/generated/1.18/client/concierge/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.18/client/concierge/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake" configv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake" + identityv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1" + fakeidentityv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake" loginv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1" fakeloginv1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake} } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake} +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} diff --git a/generated/1.18/client/concierge/clientset/versioned/fake/register.go b/generated/1.18/client/concierge/clientset/versioned/fake/register.go index 5b2f0f99..e0487917 100644 --- a/generated/1.18/client/concierge/clientset/versioned/fake/register.go +++ b/generated/1.18/client/concierge/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.18/client/concierge/clientset/versioned/scheme/register.go b/generated/1.18/client/concierge/clientset/versioned/scheme/register.go index 07d878ad..863de6c7 100644 --- a/generated/1.18/client/concierge/clientset/versioned/scheme/register.go +++ b/generated/1.18/client/concierge/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go new file mode 100644 index 00000000..471ef9f5 --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go new file mode 100644 index 00000000..68c64650 --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go new file mode 100644 index 00000000..16bf0245 --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -0,0 +1,27 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIdentityV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface { + return &FakeWhoAmIRequests{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go new file mode 100644 index 00000000..a948ade0 --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go @@ -0,0 +1,34 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + testing "k8s.io/client-go/testing" +) + +// FakeWhoAmIRequests implements WhoAmIRequestInterface +type FakeWhoAmIRequests struct { + Fake *FakeIdentityV1alpha1 +} + +var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"} + +var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *FakeWhoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WhoAmIRequest), err +} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..8bea78ec --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WhoAmIRequestExpansion interface{} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go new file mode 100644 index 00000000..826a49fe --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -0,0 +1,76 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1" + "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IdentityV1alpha1Interface interface { + RESTClient() rest.Interface + WhoAmIRequestsGetter +} + +// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group. +type IdentityV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface { + return newWhoAmIRequests(c) +} + +// NewForConfig creates a new IdentityV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IdentityV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IdentityV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IdentityV1alpha1Client { + return &IdentityV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IdentityV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go new file mode 100644 index 00000000..c6043305 --- /dev/null +++ b/generated/1.18/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go @@ -0,0 +1,51 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1" + scheme "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + rest "k8s.io/client-go/rest" +) + +// WhoAmIRequestsGetter has a method to return a WhoAmIRequestInterface. +// A group's client should implement this interface. +type WhoAmIRequestsGetter interface { + WhoAmIRequests() WhoAmIRequestInterface +} + +// WhoAmIRequestInterface has methods to work with WhoAmIRequest resources. +type WhoAmIRequestInterface interface { + Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (*v1alpha1.WhoAmIRequest, error) + WhoAmIRequestExpansion +} + +// whoAmIRequests implements WhoAmIRequestInterface +type whoAmIRequests struct { + client rest.Interface +} + +// newWhoAmIRequests returns a WhoAmIRequests +func newWhoAmIRequests(c *IdentityV1alpha1Client) *whoAmIRequests { + return &whoAmIRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *whoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + result = &v1alpha1.WhoAmIRequest{} + err = c.client.Post(). + Resource("whoamirequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(whoAmIRequest). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go index 394e1713..73f18d32 100644 --- a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go +++ b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -10,10 +10,7 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -26,43 +23,6 @@ var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login. var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} - for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts)) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { obj, err := c.Fake. @@ -72,49 +32,3 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia } return obj.(*v1alpha1.TokenCredentialRequest), err } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) - return err -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} diff --git a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go index 2ce6a421..56514418 100644 --- a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go +++ b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -7,13 +7,10 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" scheme "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" rest "k8s.io/client-go/rest" ) @@ -26,14 +23,6 @@ type TokenCredentialRequestsGetter interface { // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. type TokenCredentialRequestInterface interface { Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (*v1alpha1.TokenCredentialRequest, error) - Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) TokenCredentialRequestExpansion } @@ -49,48 +38,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests } } -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TokenCredentialRequestList{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { result = &v1alpha1.TokenCredentialRequest{} @@ -102,70 +49,3 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq Into(result) return } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tokencredentialrequests"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tokencredentialrequests"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Patch(pt). - Resource("tokencredentialrequests"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.18/client/concierge/informers/externalversions/factory.go b/generated/1.18/client/concierge/informers/externalversions/factory.go index 71d5c437..c6c36cb7 100644 --- a/generated/1.18/client/concierge/informers/externalversions/factory.go +++ b/generated/1.18/client/concierge/informers/externalversions/factory.go @@ -14,7 +14,6 @@ import ( authentication "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/authentication" config "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/config" internalinterfaces "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/internalinterfaces" - login "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/login" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -163,7 +162,6 @@ type SharedInformerFactory interface { Authentication() authentication.Interface Config() config.Interface - Login() login.Interface } func (f *sharedInformerFactory) Authentication() authentication.Interface { @@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Authentication() authentication.Interface { func (f *sharedInformerFactory) Config() config.Interface { return config.New(f, f.namespace, f.tweakListOptions) } - -func (f *sharedInformerFactory) Login() login.Interface { - return login.New(f, f.namespace, f.tweakListOptions) -} diff --git a/generated/1.18/client/concierge/informers/externalversions/generic.go b/generated/1.18/client/concierge/informers/externalversions/generic.go index aa55d2a6..6bdf7347 100644 --- a/generated/1.18/client/concierge/informers/externalversions/generic.go +++ b/generated/1.18/client/concierge/informers/externalversions/generic.go @@ -10,7 +10,6 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/config/v1alpha1" - loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -51,10 +50,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil - // Group=login.concierge.pinniped.dev, Version=v1alpha1 - case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil - } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/generated/1.18/client/concierge/informers/externalversions/login/interface.go b/generated/1.18/client/concierge/informers/externalversions/login/interface.go deleted file mode 100644 index 9a9e0222..00000000 --- a/generated/1.18/client/concierge/informers/externalversions/login/interface.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package login - -import ( - internalinterfaces "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/interface.go b/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/interface.go deleted file mode 100644 index c9f2e441..00000000 --- a/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/interface.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // TokenCredentialRequests returns a TokenCredentialRequestInformer. - TokenCredentialRequests() TokenCredentialRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// TokenCredentialRequests returns a TokenCredentialRequestInformer. -func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { - return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 9120ac4b..00000000 --- a/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - loginv1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" - versioned "go.pinniped.dev/generated/1.18/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.18/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.18/client/concierge/listers/login/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestInformer provides access to a shared informer and lister for -// TokenCredentialRequests. -type TokenCredentialRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.TokenCredentialRequestLister -} - -type tokenCredentialRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options) - }, - }, - &loginv1alpha1.TokenCredentialRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) -} - -func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { - return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.18/client/concierge/listers/login/v1alpha1/expansion_generated.go b/generated/1.18/client/concierge/listers/login/v1alpha1/expansion_generated.go deleted file mode 100644 index 3cdb9535..00000000 --- a/generated/1.18/client/concierge/listers/login/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// TokenCredentialRequestListerExpansion allows custom methods to be added to -// TokenCredentialRequestLister. -type TokenCredentialRequestListerExpansion interface{} diff --git a/generated/1.18/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.18/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 92edc647..00000000 --- a/generated/1.18/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestLister helps list TokenCredentialRequests. -type TokenCredentialRequestLister interface { - // List lists all TokenCredentialRequests in the indexer. - List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) - // Get retrieves the TokenCredentialRequest from the index for a given name. - Get(name string) (*v1alpha1.TokenCredentialRequest, error) - TokenCredentialRequestListerExpansion -} - -// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. -type tokenCredentialRequestLister struct { - indexer cache.Indexer -} - -// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. -func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { - return &tokenCredentialRequestLister{indexer: indexer} -} - -// List lists all TokenCredentialRequests in the indexer. -func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) - }) - return ret, err -} - -// Get retrieves the TokenCredentialRequest from the index for a given name. -func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) - } - return obj.(*v1alpha1.TokenCredentialRequest), nil -} diff --git a/generated/1.18/client/concierge/openapi/zz_generated.openapi.go b/generated/1.18/client/concierge/openapi/zz_generated.openapi.go index 72c689e1..b9b010fd 100644 --- a/generated/1.18/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/concierge/openapi/zz_generated.openapi.go @@ -17,6 +17,12 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.KubernetesUserInfo": schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.UserInfo": schema_apis_concierge_identity_v1alpha1_UserInfo(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequest": schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestList": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref), + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref), "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), "go.pinniped.dev/generated/1.18/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), @@ -76,6 +82,229 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA } } +func schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "user": { + SchemaProps: spec.SchemaProps{ + Description: "User is the UserInfo associated with the current user.", + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.UserInfo"), + }, + }, + "audiences": { + SchemaProps: spec.SchemaProps{ + Description: "Audiences are audience identifiers chosen by the authenticator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"user"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.UserInfo"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_UserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserInfo holds the information about the user needed to implement the user.Info interface.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "The name that uniquely identifies this user among all active users.", + Type: []string{"string"}, + Format: "", + }, + }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.", + Type: []string{"string"}, + Format: "", + }, + }, + "groups": { + SchemaProps: spec.SchemaProps{ + Description: "The names of groups this user is a part of.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "extra": { + SchemaProps: spec.SchemaProps{ + Description: "Any additional information provided by the authenticator.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + }, + Required: []string{"username"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequest submits a request to echo back the current authenticated user.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec", "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequestList is a list of WhoAmIRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Items is a list of WhoAmIRequest", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.WhoAmIRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kubernetesUserInfo": { + SchemaProps: spec.SchemaProps{ + Description: "The current authenticated user, exactly as Kubernetes understands it.", + Ref: ref("go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.KubernetesUserInfo"), + }, + }, + }, + Required: []string{"kubernetesUserInfo"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.18/apis/concierge/identity/v1alpha1.KubernetesUserInfo"}, + } +} + func schema_apis_concierge_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index c1eae62c..0b74cef3 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -8,6 +8,8 @@ - xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1[$$config.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-supervisor-pinniped-dev-v1alpha1[$$config.supervisor.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-identity[$$identity.concierge.pinniped.dev/identity$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] @@ -404,6 +406,203 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an +[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] +=== identity.concierge.pinniped.dev/identity + +Package identity is the internal version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`User`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`Audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`Username`* __string__ | The name that uniquely identifies this user among all active users. +| *`UID`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`Groups`* __string array__ | The names of groups this user is a part of. +| *`Extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`ObjectMeta`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | +| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`KubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + +[id="{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1"] +=== identity.concierge.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`user`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`username`* __string__ | The name that uniquely identifies this user among all active users. +| *`uid`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`groups`* __string array__ | The names of groups this user is a part of. +| *`extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`kubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + [id="{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1"] === idp.supervisor.pinniped.dev/v1alpha1 diff --git a/generated/1.19/apis/concierge/identity/doc.go b/generated/1.19/apis/concierge/identity/doc.go new file mode 100644 index 00000000..6d821566 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/doc.go @@ -0,0 +1,8 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=identity.concierge.pinniped.dev + +// Package identity is the internal version of the Pinniped identity API. +package identity diff --git a/generated/1.19/apis/concierge/identity/register.go b/generated/1.19/apis/concierge/identity/register.go new file mode 100644 index 00000000..ad0fe3ab --- /dev/null +++ b/generated/1.19/apis/concierge/identity/register.go @@ -0,0 +1,38 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + return nil +} diff --git a/generated/1.19/apis/concierge/identity/types_userinfo.go b/generated/1.19/apis/concierge/identity/types_userinfo.go new file mode 100644 index 00000000..fdd5b258 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/types_userinfo.go @@ -0,0 +1,37 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo + // Audiences are audience identifiers chosen by the authenticator. + Audiences []string +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string + // The names of groups this user is a part of. + Groups []string + // Any additional information provided by the authenticator. + Extra map[string]ExtraValue +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.19/apis/concierge/identity/types_whoami.go b/generated/1.19/apis/concierge/identity/types_whoami.go new file mode 100644 index 00000000..133a9a8e --- /dev/null +++ b/generated/1.19/apis/concierge/identity/types_whoami.go @@ -0,0 +1,40 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec WhoAmIRequestSpec + Status WhoAmIRequestStatus +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/conversion.go b/generated/1.19/apis/concierge/identity/v1alpha1/conversion.go new file mode 100644 index 00000000..e7e86b85 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/defaults.go b/generated/1.19/apis/concierge/identity/v1alpha1/defaults.go new file mode 100644 index 00000000..8953e608 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/doc.go b/generated/1.19/apis/concierge/identity/v1alpha1/doc.go new file mode 100644 index 00000000..246b9db1 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=go.pinniped.dev/generated/1.19/apis/concierge/identity +// +k8s:defaulter-gen=TypeMeta +// +groupName=identity.concierge.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. +package v1alpha1 diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/register.go b/generated/1.19/apis/concierge/identity/v1alpha1/register.go new file mode 100644 index 00000000..09ecfad8 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/types_userinfo.go b/generated/1.19/apis/concierge/identity/v1alpha1/types_userinfo.go new file mode 100644 index 00000000..dc15fd36 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/types_userinfo.go @@ -0,0 +1,41 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo `json:"user"` + // Audiences are audience identifiers chosen by the authenticator. + // +optional + Audiences []string `json:"audiences,omitempty"` +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string `json:"username"` + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + UID string `json:"uid,omitempty"` + // The names of groups this user is a part of. + // +optional + Groups []string `json:"groups,omitempty"` + // Any additional information provided by the authenticator. + // +optional + Extra map[string]ExtraValue `json:"extra,omitempty"` +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/types_whoami.go b/generated/1.19/apis/concierge/identity/v1alpha1/types_whoami.go new file mode 100644 index 00000000..b9ecadb4 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/types_whoami.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WhoAmIRequestSpec `json:"spec,omitempty"` + Status WhoAmIRequestStatus `json:"status,omitempty"` +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"` + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest `json:"items"` +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.conversion.go b/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..43d1c9a3 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,234 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + identity "go.pinniped.dev/generated/1.19/apis/concierge/identity" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function. +func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s) +} + +func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function. +func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s) +} + +func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function. +func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s) +} + +func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function. +func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s) +} + +func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function. +func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s) +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..a6733d9d --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.defaults.go b/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..b954fa5e --- /dev/null +++ b/generated/1.19/apis/concierge/identity/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.19/apis/concierge/identity/validation/validation.go b/generated/1.19/apis/concierge/identity/validation/validation.go new file mode 100644 index 00000000..c860cc96 --- /dev/null +++ b/generated/1.19/apis/concierge/identity/validation/validation.go @@ -0,0 +1,14 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + identityapi "go.pinniped.dev/generated/1.19/apis/concierge/identity" +) + +func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList { + return nil // add validation for spec here if we expand it +} diff --git a/generated/1.19/apis/concierge/identity/zz_generated.deepcopy.go b/generated/1.19/apis/concierge/identity/zz_generated.deepcopy.go new file mode 100644 index 00000000..b80f7b8c --- /dev/null +++ b/generated/1.19/apis/concierge/identity/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package identity + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/apis/concierge/login/v1alpha1/types_token.go b/generated/1.19/apis/concierge/login/v1alpha1/types_token.go index 66b744f3..53e25645 100644 --- a/generated/1.19/apis/concierge/login/v1alpha1/types_token.go +++ b/generated/1.19/apis/concierge/login/v1alpha1/types_token.go @@ -31,6 +31,7 @@ type TokenCredentialRequestStatus struct { // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. // +genclient // +genclient:nonNamespaced +// +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type TokenCredentialRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.19/client/concierge/clientset/versioned/clientset.go b/generated/1.19/client/concierge/clientset/versioned/clientset.go index a6f45c26..5f7bfe9d 100644 --- a/generated/1.19/client/concierge/clientset/versioned/clientset.go +++ b/generated/1.19/client/concierge/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface + IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client + identityV1alpha1 *identityv1alpha1.IdentityV1alpha1Client loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return c.configV1alpha1 } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return c.identityV1alpha1 +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return c.loginV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) + cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c) cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c) + cs.identityV1alpha1 = identityv1alpha1.New(c) cs.loginV1alpha1 = loginv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.19/client/concierge/clientset/versioned/fake/clientset_generated.go b/generated/1.19/client/concierge/clientset/versioned/fake/clientset_generated.go index d3ed8642..0158b754 100644 --- a/generated/1.19/client/concierge/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.19/client/concierge/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake" configv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake" + identityv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1" + fakeidentityv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake" loginv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1" fakeloginv1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake} } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake} +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} diff --git a/generated/1.19/client/concierge/clientset/versioned/fake/register.go b/generated/1.19/client/concierge/clientset/versioned/fake/register.go index 5d8b63af..d249d942 100644 --- a/generated/1.19/client/concierge/clientset/versioned/fake/register.go +++ b/generated/1.19/client/concierge/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.19/client/concierge/clientset/versioned/scheme/register.go b/generated/1.19/client/concierge/clientset/versioned/scheme/register.go index ce459827..81d16a18 100644 --- a/generated/1.19/client/concierge/clientset/versioned/scheme/register.go +++ b/generated/1.19/client/concierge/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go new file mode 100644 index 00000000..471ef9f5 --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go new file mode 100644 index 00000000..68c64650 --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go new file mode 100644 index 00000000..370c0246 --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -0,0 +1,27 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIdentityV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface { + return &FakeWhoAmIRequests{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go new file mode 100644 index 00000000..ea53ebfb --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go @@ -0,0 +1,34 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + testing "k8s.io/client-go/testing" +) + +// FakeWhoAmIRequests implements WhoAmIRequestInterface +type FakeWhoAmIRequests struct { + Fake *FakeIdentityV1alpha1 +} + +var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"} + +var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *FakeWhoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WhoAmIRequest), err +} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..8bea78ec --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WhoAmIRequestExpansion interface{} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go new file mode 100644 index 00000000..e9031f28 --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -0,0 +1,76 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1" + "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IdentityV1alpha1Interface interface { + RESTClient() rest.Interface + WhoAmIRequestsGetter +} + +// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group. +type IdentityV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface { + return newWhoAmIRequests(c) +} + +// NewForConfig creates a new IdentityV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IdentityV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IdentityV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IdentityV1alpha1Client { + return &IdentityV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IdentityV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go new file mode 100644 index 00000000..11c17e6c --- /dev/null +++ b/generated/1.19/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go @@ -0,0 +1,51 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1" + scheme "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + rest "k8s.io/client-go/rest" +) + +// WhoAmIRequestsGetter has a method to return a WhoAmIRequestInterface. +// A group's client should implement this interface. +type WhoAmIRequestsGetter interface { + WhoAmIRequests() WhoAmIRequestInterface +} + +// WhoAmIRequestInterface has methods to work with WhoAmIRequest resources. +type WhoAmIRequestInterface interface { + Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (*v1alpha1.WhoAmIRequest, error) + WhoAmIRequestExpansion +} + +// whoAmIRequests implements WhoAmIRequestInterface +type whoAmIRequests struct { + client rest.Interface +} + +// newWhoAmIRequests returns a WhoAmIRequests +func newWhoAmIRequests(c *IdentityV1alpha1Client) *whoAmIRequests { + return &whoAmIRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *whoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + result = &v1alpha1.WhoAmIRequest{} + err = c.client.Post(). + Resource("whoamirequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(whoAmIRequest). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go index 1079da7f..9b448405 100644 --- a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go +++ b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -10,10 +10,7 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -26,43 +23,6 @@ var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login. var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} - for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts)) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { obj, err := c.Fake. @@ -72,49 +32,3 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia } return obj.(*v1alpha1.TokenCredentialRequest), err } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) - return err -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} diff --git a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go index d9648059..67bbe88c 100644 --- a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go +++ b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -7,13 +7,10 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" scheme "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" rest "k8s.io/client-go/rest" ) @@ -26,14 +23,6 @@ type TokenCredentialRequestsGetter interface { // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. type TokenCredentialRequestInterface interface { Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (*v1alpha1.TokenCredentialRequest, error) - Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) TokenCredentialRequestExpansion } @@ -49,48 +38,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests } } -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TokenCredentialRequestList{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { result = &v1alpha1.TokenCredentialRequest{} @@ -102,70 +49,3 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq Into(result) return } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tokencredentialrequests"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tokencredentialrequests"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Patch(pt). - Resource("tokencredentialrequests"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.19/client/concierge/informers/externalversions/factory.go b/generated/1.19/client/concierge/informers/externalversions/factory.go index 27274008..a912786b 100644 --- a/generated/1.19/client/concierge/informers/externalversions/factory.go +++ b/generated/1.19/client/concierge/informers/externalversions/factory.go @@ -14,7 +14,6 @@ import ( authentication "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/authentication" config "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/config" internalinterfaces "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/internalinterfaces" - login "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/login" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -163,7 +162,6 @@ type SharedInformerFactory interface { Authentication() authentication.Interface Config() config.Interface - Login() login.Interface } func (f *sharedInformerFactory) Authentication() authentication.Interface { @@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Authentication() authentication.Interface { func (f *sharedInformerFactory) Config() config.Interface { return config.New(f, f.namespace, f.tweakListOptions) } - -func (f *sharedInformerFactory) Login() login.Interface { - return login.New(f, f.namespace, f.tweakListOptions) -} diff --git a/generated/1.19/client/concierge/informers/externalversions/generic.go b/generated/1.19/client/concierge/informers/externalversions/generic.go index f6c973af..0f74fe8c 100644 --- a/generated/1.19/client/concierge/informers/externalversions/generic.go +++ b/generated/1.19/client/concierge/informers/externalversions/generic.go @@ -10,7 +10,6 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/config/v1alpha1" - loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -51,10 +50,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil - // Group=login.concierge.pinniped.dev, Version=v1alpha1 - case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil - } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/generated/1.19/client/concierge/informers/externalversions/login/interface.go b/generated/1.19/client/concierge/informers/externalversions/login/interface.go deleted file mode 100644 index 136d2503..00000000 --- a/generated/1.19/client/concierge/informers/externalversions/login/interface.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package login - -import ( - internalinterfaces "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/interface.go b/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/interface.go deleted file mode 100644 index 8bd22bf8..00000000 --- a/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/interface.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // TokenCredentialRequests returns a TokenCredentialRequestInformer. - TokenCredentialRequests() TokenCredentialRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// TokenCredentialRequests returns a TokenCredentialRequestInformer. -func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { - return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 3085ecc7..00000000 --- a/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - loginv1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" - versioned "go.pinniped.dev/generated/1.19/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.19/client/concierge/listers/login/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestInformer provides access to a shared informer and lister for -// TokenCredentialRequests. -type TokenCredentialRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.TokenCredentialRequestLister -} - -type tokenCredentialRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options) - }, - }, - &loginv1alpha1.TokenCredentialRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) -} - -func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { - return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.19/client/concierge/listers/login/v1alpha1/expansion_generated.go b/generated/1.19/client/concierge/listers/login/v1alpha1/expansion_generated.go deleted file mode 100644 index 3cdb9535..00000000 --- a/generated/1.19/client/concierge/listers/login/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// TokenCredentialRequestListerExpansion allows custom methods to be added to -// TokenCredentialRequestLister. -type TokenCredentialRequestListerExpansion interface{} diff --git a/generated/1.19/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.19/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 40cc3bc1..00000000 --- a/generated/1.19/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestLister helps list TokenCredentialRequests. -// All objects returned here must be treated as read-only. -type TokenCredentialRequestLister interface { - // List lists all TokenCredentialRequests in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) - // Get retrieves the TokenCredentialRequest from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.TokenCredentialRequest, error) - TokenCredentialRequestListerExpansion -} - -// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. -type tokenCredentialRequestLister struct { - indexer cache.Indexer -} - -// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. -func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { - return &tokenCredentialRequestLister{indexer: indexer} -} - -// List lists all TokenCredentialRequests in the indexer. -func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) - }) - return ret, err -} - -// Get retrieves the TokenCredentialRequest from the index for a given name. -func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) - } - return obj.(*v1alpha1.TokenCredentialRequest), nil -} diff --git a/generated/1.19/client/concierge/openapi/zz_generated.openapi.go b/generated/1.19/client/concierge/openapi/zz_generated.openapi.go index 8d143deb..2bb1e1d1 100644 --- a/generated/1.19/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/concierge/openapi/zz_generated.openapi.go @@ -17,6 +17,12 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.KubernetesUserInfo": schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.UserInfo": schema_apis_concierge_identity_v1alpha1_UserInfo(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequest": schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestList": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref), + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref), "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), "go.pinniped.dev/generated/1.19/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), @@ -77,6 +83,229 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA } } +func schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "user": { + SchemaProps: spec.SchemaProps{ + Description: "User is the UserInfo associated with the current user.", + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.UserInfo"), + }, + }, + "audiences": { + SchemaProps: spec.SchemaProps{ + Description: "Audiences are audience identifiers chosen by the authenticator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"user"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.UserInfo"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_UserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserInfo holds the information about the user needed to implement the user.Info interface.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "The name that uniquely identifies this user among all active users.", + Type: []string{"string"}, + Format: "", + }, + }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.", + Type: []string{"string"}, + Format: "", + }, + }, + "groups": { + SchemaProps: spec.SchemaProps{ + Description: "The names of groups this user is a part of.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "extra": { + SchemaProps: spec.SchemaProps{ + Description: "Any additional information provided by the authenticator.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + }, + Required: []string{"username"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequest submits a request to echo back the current authenticated user.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec", "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequestList is a list of WhoAmIRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Items is a list of WhoAmIRequest", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.WhoAmIRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kubernetesUserInfo": { + SchemaProps: spec.SchemaProps{ + Description: "The current authenticated user, exactly as Kubernetes understands it.", + Ref: ref("go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.KubernetesUserInfo"), + }, + }, + }, + Required: []string{"kubernetesUserInfo"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.19/apis/concierge/identity/v1alpha1.KubernetesUserInfo"}, + } +} + func schema_apis_concierge_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.20/README.adoc b/generated/1.20/README.adoc index b516494c..76a678f4 100644 --- a/generated/1.20/README.adoc +++ b/generated/1.20/README.adoc @@ -8,6 +8,8 @@ - xref:{anchor_prefix}-authentication-concierge-pinniped-dev-v1alpha1[$$authentication.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-concierge-pinniped-dev-v1alpha1[$$config.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-config-supervisor-pinniped-dev-v1alpha1[$$config.supervisor.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-identity[$$identity.concierge.pinniped.dev/identity$$] +- xref:{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1[$$identity.concierge.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1[$$idp.supervisor.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-login-concierge-pinniped-dev-v1alpha1[$$login.concierge.pinniped.dev/v1alpha1$$] @@ -404,6 +406,203 @@ FederationDomainTLSSpec is a struct that describes the TLS configuration for an +[id="{anchor_prefix}-identity-concierge-pinniped-dev-identity"] +=== identity.concierge.pinniped.dev/identity + +Package identity is the internal version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`User`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`Audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`Username`* __string__ | The name that uniquely identifies this user among all active users. +| *`UID`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`Groups`* __string array__ | The names of groups this user is a part of. +| *`Extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`ObjectMeta`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | +| *`Spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`Status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`KubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + +[id="{anchor_prefix}-identity-concierge-pinniped-dev-v1alpha1"] +=== identity.concierge.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-extravalue"] +==== ExtraValue + +ExtraValue masks the value so protobuf can generate + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$] +**** + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-kubernetesuserinfo"] +==== KubernetesUserInfo + +KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`user`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-userinfo[$$UserInfo$$]__ | User is the UserInfo associated with the current user. +| *`audiences`* __string array__ | Audiences are audience identifiers chosen by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-userinfo"] +==== UserInfo + +UserInfo holds the information about the user needed to implement the user.Info interface. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`username`* __string__ | The name that uniquely identifies this user among all active users. +| *`uid`* __string__ | A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs. +| *`groups`* __string array__ | The names of groups this user is a part of. +| *`extra`* __object (keys:string, values:string array)__ | Any additional information provided by the authenticator. +|=== + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequest"] +==== WhoAmIRequest + +WhoAmIRequest submits a request to echo back the current authenticated user. + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequestlist[$$WhoAmIRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.2/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequestspec[$$WhoAmIRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequeststatus[$$WhoAmIRequestStatus$$]__ | +|=== + + + + + + +[id="{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequeststatus"] +==== WhoAmIRequestStatus + + + +.Appears In: +**** +- xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-whoamirequest[$$WhoAmIRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`kubernetesUserInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-20-apis-concierge-identity-v1alpha1-kubernetesuserinfo[$$KubernetesUserInfo$$]__ | The current authenticated user, exactly as Kubernetes understands it. +|=== + + + [id="{anchor_prefix}-idp-supervisor-pinniped-dev-v1alpha1"] === idp.supervisor.pinniped.dev/v1alpha1 diff --git a/generated/1.20/apis/concierge/identity/doc.go b/generated/1.20/apis/concierge/identity/doc.go new file mode 100644 index 00000000..6d821566 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/doc.go @@ -0,0 +1,8 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=identity.concierge.pinniped.dev + +// Package identity is the internal version of the Pinniped identity API. +package identity diff --git a/generated/1.20/apis/concierge/identity/register.go b/generated/1.20/apis/concierge/identity/register.go new file mode 100644 index 00000000..ad0fe3ab --- /dev/null +++ b/generated/1.20/apis/concierge/identity/register.go @@ -0,0 +1,38 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + return nil +} diff --git a/generated/1.20/apis/concierge/identity/types_userinfo.go b/generated/1.20/apis/concierge/identity/types_userinfo.go new file mode 100644 index 00000000..fdd5b258 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/types_userinfo.go @@ -0,0 +1,37 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo + // Audiences are audience identifiers chosen by the authenticator. + Audiences []string +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string + // The names of groups this user is a part of. + Groups []string + // Any additional information provided by the authenticator. + Extra map[string]ExtraValue +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.20/apis/concierge/identity/types_whoami.go b/generated/1.20/apis/concierge/identity/types_whoami.go new file mode 100644 index 00000000..133a9a8e --- /dev/null +++ b/generated/1.20/apis/concierge/identity/types_whoami.go @@ -0,0 +1,40 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec WhoAmIRequestSpec + Status WhoAmIRequestStatus +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/conversion.go b/generated/1.20/apis/concierge/identity/v1alpha1/conversion.go new file mode 100644 index 00000000..e7e86b85 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/defaults.go b/generated/1.20/apis/concierge/identity/v1alpha1/defaults.go new file mode 100644 index 00000000..8953e608 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/doc.go b/generated/1.20/apis/concierge/identity/v1alpha1/doc.go new file mode 100644 index 00000000..6325569a --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=go.pinniped.dev/generated/1.20/apis/concierge/identity +// +k8s:defaulter-gen=TypeMeta +// +groupName=identity.concierge.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. +package v1alpha1 diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/register.go b/generated/1.20/apis/concierge/identity/v1alpha1/register.go new file mode 100644 index 00000000..09ecfad8 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/types_userinfo.go b/generated/1.20/apis/concierge/identity/v1alpha1/types_userinfo.go new file mode 100644 index 00000000..dc15fd36 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/types_userinfo.go @@ -0,0 +1,41 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo `json:"user"` + // Audiences are audience identifiers chosen by the authenticator. + // +optional + Audiences []string `json:"audiences,omitempty"` +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string `json:"username"` + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + UID string `json:"uid,omitempty"` + // The names of groups this user is a part of. + // +optional + Groups []string `json:"groups,omitempty"` + // Any additional information provided by the authenticator. + // +optional + Extra map[string]ExtraValue `json:"extra,omitempty"` +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/types_whoami.go b/generated/1.20/apis/concierge/identity/v1alpha1/types_whoami.go new file mode 100644 index 00000000..b9ecadb4 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/types_whoami.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WhoAmIRequestSpec `json:"spec,omitempty"` + Status WhoAmIRequestStatus `json:"status,omitempty"` +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"` + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest `json:"items"` +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.conversion.go b/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..e5dad82d --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,234 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + identity "go.pinniped.dev/generated/1.20/apis/concierge/identity" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function. +func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s) +} + +func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function. +func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s) +} + +func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function. +func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s) +} + +func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function. +func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s) +} + +func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function. +func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s) +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go b/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..a6733d9d --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.defaults.go b/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..b954fa5e --- /dev/null +++ b/generated/1.20/apis/concierge/identity/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.20/apis/concierge/identity/validation/validation.go b/generated/1.20/apis/concierge/identity/validation/validation.go new file mode 100644 index 00000000..ce9671e0 --- /dev/null +++ b/generated/1.20/apis/concierge/identity/validation/validation.go @@ -0,0 +1,14 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + identityapi "go.pinniped.dev/generated/1.20/apis/concierge/identity" +) + +func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList { + return nil // add validation for spec here if we expand it +} diff --git a/generated/1.20/apis/concierge/identity/zz_generated.deepcopy.go b/generated/1.20/apis/concierge/identity/zz_generated.deepcopy.go new file mode 100644 index 00000000..b80f7b8c --- /dev/null +++ b/generated/1.20/apis/concierge/identity/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package identity + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.20/apis/concierge/login/v1alpha1/types_token.go b/generated/1.20/apis/concierge/login/v1alpha1/types_token.go index 66b744f3..53e25645 100644 --- a/generated/1.20/apis/concierge/login/v1alpha1/types_token.go +++ b/generated/1.20/apis/concierge/login/v1alpha1/types_token.go @@ -31,6 +31,7 @@ type TokenCredentialRequestStatus struct { // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. // +genclient // +genclient:nonNamespaced +// +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type TokenCredentialRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/1.20/client/concierge/clientset/versioned/clientset.go b/generated/1.20/client/concierge/clientset/versioned/clientset.go index c2480df3..cd07daa3 100644 --- a/generated/1.20/client/concierge/clientset/versioned/clientset.go +++ b/generated/1.20/client/concierge/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface + IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client + identityV1alpha1 *identityv1alpha1.IdentityV1alpha1Client loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return c.configV1alpha1 } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return c.identityV1alpha1 +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return c.loginV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) + cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c) cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c) + cs.identityV1alpha1 = identityv1alpha1.New(c) cs.loginV1alpha1 = loginv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.20/client/concierge/clientset/versioned/fake/clientset_generated.go b/generated/1.20/client/concierge/clientset/versioned/fake/clientset_generated.go index 3be571ee..c1dd5d72 100644 --- a/generated/1.20/client/concierge/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.20/client/concierge/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake" configv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/config/v1alpha1" fakeconfigv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/config/v1alpha1/fake" + identityv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1" + fakeidentityv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake" loginv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1" fakeloginv1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake} } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake} +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} diff --git a/generated/1.20/client/concierge/clientset/versioned/fake/register.go b/generated/1.20/client/concierge/clientset/versioned/fake/register.go index 1b657cc2..e5cf24bd 100644 --- a/generated/1.20/client/concierge/clientset/versioned/fake/register.go +++ b/generated/1.20/client/concierge/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.20/client/concierge/clientset/versioned/scheme/register.go b/generated/1.20/client/concierge/clientset/versioned/scheme/register.go index 26cac734..3e2f61dd 100644 --- a/generated/1.20/client/concierge/clientset/versioned/scheme/register.go +++ b/generated/1.20/client/concierge/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( authenticationv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go new file mode 100644 index 00000000..471ef9f5 --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go new file mode 100644 index 00000000..68c64650 --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go new file mode 100644 index 00000000..bacb41ae --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -0,0 +1,27 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIdentityV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface { + return &FakeWhoAmIRequests{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go new file mode 100644 index 00000000..feaf4daf --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go @@ -0,0 +1,34 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + testing "k8s.io/client-go/testing" +) + +// FakeWhoAmIRequests implements WhoAmIRequestInterface +type FakeWhoAmIRequests struct { + Fake *FakeIdentityV1alpha1 +} + +var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"} + +var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *FakeWhoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WhoAmIRequest), err +} diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..8bea78ec --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WhoAmIRequestExpansion interface{} diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go new file mode 100644 index 00000000..b323d720 --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -0,0 +1,76 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1" + "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IdentityV1alpha1Interface interface { + RESTClient() rest.Interface + WhoAmIRequestsGetter +} + +// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group. +type IdentityV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface { + return newWhoAmIRequests(c) +} + +// NewForConfig creates a new IdentityV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IdentityV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IdentityV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IdentityV1alpha1Client { + return &IdentityV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IdentityV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go new file mode 100644 index 00000000..97adee72 --- /dev/null +++ b/generated/1.20/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go @@ -0,0 +1,51 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1" + scheme "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + rest "k8s.io/client-go/rest" +) + +// WhoAmIRequestsGetter has a method to return a WhoAmIRequestInterface. +// A group's client should implement this interface. +type WhoAmIRequestsGetter interface { + WhoAmIRequests() WhoAmIRequestInterface +} + +// WhoAmIRequestInterface has methods to work with WhoAmIRequest resources. +type WhoAmIRequestInterface interface { + Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (*v1alpha1.WhoAmIRequest, error) + WhoAmIRequestExpansion +} + +// whoAmIRequests implements WhoAmIRequestInterface +type whoAmIRequests struct { + client rest.Interface +} + +// newWhoAmIRequests returns a WhoAmIRequests +func newWhoAmIRequests(c *IdentityV1alpha1Client) *whoAmIRequests { + return &whoAmIRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *whoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + result = &v1alpha1.WhoAmIRequest{} + err = c.client.Post(). + Resource("whoamirequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(whoAmIRequest). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go index 25463dde..f9333fda 100644 --- a/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go +++ b/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -10,10 +10,7 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -26,43 +23,6 @@ var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login. var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} - for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts)) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { obj, err := c.Fake. @@ -72,49 +32,3 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia } return obj.(*v1alpha1.TokenCredentialRequest), err } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) - return err -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} diff --git a/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go index cd45d817..cf5ba4ac 100644 --- a/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go +++ b/generated/1.20/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -7,13 +7,10 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" scheme "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" rest "k8s.io/client-go/rest" ) @@ -26,14 +23,6 @@ type TokenCredentialRequestsGetter interface { // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. type TokenCredentialRequestInterface interface { Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (*v1alpha1.TokenCredentialRequest, error) - Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) TokenCredentialRequestExpansion } @@ -49,48 +38,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests } } -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TokenCredentialRequestList{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { result = &v1alpha1.TokenCredentialRequest{} @@ -102,70 +49,3 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq Into(result) return } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tokencredentialrequests"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tokencredentialrequests"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Patch(pt). - Resource("tokencredentialrequests"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/1.20/client/concierge/informers/externalversions/factory.go b/generated/1.20/client/concierge/informers/externalversions/factory.go index 12de59cc..ff430da3 100644 --- a/generated/1.20/client/concierge/informers/externalversions/factory.go +++ b/generated/1.20/client/concierge/informers/externalversions/factory.go @@ -14,7 +14,6 @@ import ( authentication "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/authentication" config "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/config" internalinterfaces "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/internalinterfaces" - login "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/login" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -163,7 +162,6 @@ type SharedInformerFactory interface { Authentication() authentication.Interface Config() config.Interface - Login() login.Interface } func (f *sharedInformerFactory) Authentication() authentication.Interface { @@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Authentication() authentication.Interface { func (f *sharedInformerFactory) Config() config.Interface { return config.New(f, f.namespace, f.tweakListOptions) } - -func (f *sharedInformerFactory) Login() login.Interface { - return login.New(f, f.namespace, f.tweakListOptions) -} diff --git a/generated/1.20/client/concierge/informers/externalversions/generic.go b/generated/1.20/client/concierge/informers/externalversions/generic.go index fd265978..50349ec8 100644 --- a/generated/1.20/client/concierge/informers/externalversions/generic.go +++ b/generated/1.20/client/concierge/informers/externalversions/generic.go @@ -10,7 +10,6 @@ import ( v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/config/v1alpha1" - loginv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -51,10 +50,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil - // Group=login.concierge.pinniped.dev, Version=v1alpha1 - case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil - } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/generated/1.20/client/concierge/informers/externalversions/login/interface.go b/generated/1.20/client/concierge/informers/externalversions/login/interface.go deleted file mode 100644 index ccac03f5..00000000 --- a/generated/1.20/client/concierge/informers/externalversions/login/interface.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package login - -import ( - internalinterfaces "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1/interface.go b/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1/interface.go deleted file mode 100644 index f7d445f9..00000000 --- a/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1/interface.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // TokenCredentialRequests returns a TokenCredentialRequestInformer. - TokenCredentialRequests() TokenCredentialRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// TokenCredentialRequests returns a TokenCredentialRequestInformer. -func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { - return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 46fddbd6..00000000 --- a/generated/1.20/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - loginv1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" - versioned "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/1.20/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/1.20/client/concierge/listers/login/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestInformer provides access to a shared informer and lister for -// TokenCredentialRequests. -type TokenCredentialRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.TokenCredentialRequestLister -} - -type tokenCredentialRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options) - }, - }, - &loginv1alpha1.TokenCredentialRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) -} - -func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { - return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) -} diff --git a/generated/1.20/client/concierge/listers/login/v1alpha1/expansion_generated.go b/generated/1.20/client/concierge/listers/login/v1alpha1/expansion_generated.go deleted file mode 100644 index 3cdb9535..00000000 --- a/generated/1.20/client/concierge/listers/login/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// TokenCredentialRequestListerExpansion allows custom methods to be added to -// TokenCredentialRequestLister. -type TokenCredentialRequestListerExpansion interface{} diff --git a/generated/1.20/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.20/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index cda6e08b..00000000 --- a/generated/1.20/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestLister helps list TokenCredentialRequests. -// All objects returned here must be treated as read-only. -type TokenCredentialRequestLister interface { - // List lists all TokenCredentialRequests in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) - // Get retrieves the TokenCredentialRequest from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.TokenCredentialRequest, error) - TokenCredentialRequestListerExpansion -} - -// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. -type tokenCredentialRequestLister struct { - indexer cache.Indexer -} - -// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. -func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { - return &tokenCredentialRequestLister{indexer: indexer} -} - -// List lists all TokenCredentialRequests in the indexer. -func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) - }) - return ret, err -} - -// Get retrieves the TokenCredentialRequest from the index for a given name. -func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) - } - return obj.(*v1alpha1.TokenCredentialRequest), nil -} diff --git a/generated/1.20/client/concierge/openapi/zz_generated.openapi.go b/generated/1.20/client/concierge/openapi/zz_generated.openapi.go index c418140f..df4eff83 100644 --- a/generated/1.20/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/1.20/client/concierge/openapi/zz_generated.openapi.go @@ -17,6 +17,12 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.KubernetesUserInfo": schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref), + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.UserInfo": schema_apis_concierge_identity_v1alpha1_UserInfo(ref), + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequest": schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref), + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestList": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref), + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref), + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref), "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), "go.pinniped.dev/generated/1.20/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), @@ -77,6 +83,240 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA } } +func schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "user": { + SchemaProps: spec.SchemaProps{ + Description: "User is the UserInfo associated with the current user.", + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.UserInfo"), + }, + }, + "audiences": { + SchemaProps: spec.SchemaProps{ + Description: "Audiences are audience identifiers chosen by the authenticator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"user"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.UserInfo"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_UserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserInfo holds the information about the user needed to implement the user.Info interface.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "The name that uniquely identifies this user among all active users.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.", + Type: []string{"string"}, + Format: "", + }, + }, + "groups": { + SchemaProps: spec.SchemaProps{ + Description: "The names of groups this user is a part of.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "extra": { + SchemaProps: spec.SchemaProps{ + Description: "Any additional information provided by the authenticator.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + }, + Required: []string{"username"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequest submits a request to echo back the current authenticated user.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec", "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequestList is a list of WhoAmIRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Items is a list of WhoAmIRequest", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.WhoAmIRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kubernetesUserInfo": { + SchemaProps: spec.SchemaProps{ + Description: "The current authenticated user, exactly as Kubernetes understands it.", + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.KubernetesUserInfo"), + }, + }, + }, + Required: []string{"kubernetesUserInfo"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/1.20/apis/concierge/identity/v1alpha1.KubernetesUserInfo"}, + } +} + func schema_apis_concierge_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/latest/apis/concierge/identity/doc.go b/generated/latest/apis/concierge/identity/doc.go new file mode 100644 index 00000000..6d821566 --- /dev/null +++ b/generated/latest/apis/concierge/identity/doc.go @@ -0,0 +1,8 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=identity.concierge.pinniped.dev + +// Package identity is the internal version of the Pinniped identity API. +package identity diff --git a/generated/latest/apis/concierge/identity/register.go b/generated/latest/apis/concierge/identity/register.go new file mode 100644 index 00000000..ad0fe3ab --- /dev/null +++ b/generated/latest/apis/concierge/identity/register.go @@ -0,0 +1,38 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + return nil +} diff --git a/generated/latest/apis/concierge/identity/types_userinfo.go b/generated/latest/apis/concierge/identity/types_userinfo.go new file mode 100644 index 00000000..fdd5b258 --- /dev/null +++ b/generated/latest/apis/concierge/identity/types_userinfo.go @@ -0,0 +1,37 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo + // Audiences are audience identifiers chosen by the authenticator. + Audiences []string +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + UID string + // The names of groups this user is a part of. + Groups []string + // Any additional information provided by the authenticator. + Extra map[string]ExtraValue +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/latest/apis/concierge/identity/types_whoami.go b/generated/latest/apis/concierge/identity/types_whoami.go new file mode 100644 index 00000000..133a9a8e --- /dev/null +++ b/generated/latest/apis/concierge/identity/types_whoami.go @@ -0,0 +1,40 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package identity + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec WhoAmIRequestSpec + Status WhoAmIRequestStatus +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/conversion.go b/generated/latest/apis/concierge/identity/v1alpha1/conversion.go new file mode 100644 index 00000000..e7e86b85 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/latest/apis/concierge/identity/v1alpha1/defaults.go b/generated/latest/apis/concierge/identity/v1alpha1/defaults.go new file mode 100644 index 00000000..8953e608 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/doc.go b/generated/latest/apis/concierge/identity/v1alpha1/doc.go new file mode 100644 index 00000000..074b8d00 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=go.pinniped.dev/generated/latest/apis/concierge/identity +// +k8s:defaulter-gen=TypeMeta +// +groupName=identity.concierge.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped identity API. +package v1alpha1 diff --git a/generated/latest/apis/concierge/identity/v1alpha1/register.go b/generated/latest/apis/concierge/identity/v1alpha1/register.go new file mode 100644 index 00000000..09ecfad8 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "identity.concierge.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &WhoAmIRequest{}, + &WhoAmIRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/types_userinfo.go b/generated/latest/apis/concierge/identity/v1alpha1/types_userinfo.go new file mode 100644 index 00000000..dc15fd36 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/types_userinfo.go @@ -0,0 +1,41 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "fmt" + +// KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. +// Copied from the Kubernetes token review API. +type KubernetesUserInfo struct { + // User is the UserInfo associated with the current user. + User UserInfo `json:"user"` + // Audiences are audience identifiers chosen by the authenticator. + // +optional + Audiences []string `json:"audiences,omitempty"` +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +type UserInfo struct { + // The name that uniquely identifies this user among all active users. + Username string `json:"username"` + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + UID string `json:"uid,omitempty"` + // The names of groups this user is a part of. + // +optional + Groups []string `json:"groups,omitempty"` + // Any additional information provided by the authenticator. + // +optional + Extra map[string]ExtraValue `json:"extra,omitempty"` +} + +// ExtraValue masks the value so protobuf can generate +type ExtraValue []string + +func (t ExtraValue) String() string { + return fmt.Sprintf("%v", []string(t)) +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/types_whoami.go b/generated/latest/apis/concierge/identity/v1alpha1/types_whoami.go new file mode 100644 index 00000000..b9ecadb4 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/types_whoami.go @@ -0,0 +1,43 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// WhoAmIRequest submits a request to echo back the current authenticated user. +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WhoAmIRequestSpec `json:"spec,omitempty"` + Status WhoAmIRequestStatus `json:"status,omitempty"` +} + +type WhoAmIRequestSpec struct { + // empty for now but we may add some config here in the future + // any such config must be safe in the context of an unauthenticated user +} + +type WhoAmIRequestStatus struct { + // The current authenticated user, exactly as Kubernetes understands it. + KubernetesUserInfo KubernetesUserInfo `json:"kubernetesUserInfo"` + + // We may add concierge specific information here in the future. +} + +// WhoAmIRequestList is a list of WhoAmIRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type WhoAmIRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + // Items is a list of WhoAmIRequest + Items []WhoAmIRequest `json:"items"` +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.conversion.go b/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000..f6c79068 --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,234 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + identity "go.pinniped.dev/generated/latest/apis/concierge/identity" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function. +func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s) +} + +func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil { + return err + } + out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences)) + return nil +} + +// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function. +func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error { + return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s) +} + +func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function. +func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error { + return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s) +} + +func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + out.Username = in.Username + out.UID = in.UID + out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups)) + out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra)) + return nil +} + +// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function. +func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error { + return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s) +} + +func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function. +func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return nil +} + +// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s) +} + +func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil { + return err + } + return nil +} + +// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function. +func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error { + return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s) +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go b/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000..a6733d9d --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.defaults.go b/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000..b954fa5e --- /dev/null +++ b/generated/latest/apis/concierge/identity/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/latest/apis/concierge/identity/validation/validation.go b/generated/latest/apis/concierge/identity/validation/validation.go new file mode 100644 index 00000000..f62b358b --- /dev/null +++ b/generated/latest/apis/concierge/identity/validation/validation.go @@ -0,0 +1,14 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + identityapi "go.pinniped.dev/generated/latest/apis/concierge/identity" +) + +func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList { + return nil // add validation for spec here if we expand it +} diff --git a/generated/latest/apis/concierge/identity/zz_generated.deepcopy.go b/generated/latest/apis/concierge/identity/zz_generated.deepcopy.go new file mode 100644 index 00000000..b80f7b8c --- /dev/null +++ b/generated/latest/apis/concierge/identity/zz_generated.deepcopy.go @@ -0,0 +1,184 @@ +// +build !ignore_autogenerated + +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package identity + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in ExtraValue) DeepCopyInto(out *ExtraValue) { + { + in := &in + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + return + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraValue. +func (in ExtraValue) DeepCopy() ExtraValue { + if in == nil { + return nil + } + out := new(ExtraValue) + in.DeepCopyInto(out) + return *out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesUserInfo) DeepCopyInto(out *KubernetesUserInfo) { + *out = *in + in.User.DeepCopyInto(&out.User) + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesUserInfo. +func (in *KubernetesUserInfo) DeepCopy() *KubernetesUserInfo { + if in == nil { + return nil + } + out := new(KubernetesUserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UserInfo) DeepCopyInto(out *UserInfo) { + *out = *in + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extra != nil { + in, out := &in.Extra, &out.Extra + *out = make(map[string]ExtraValue, len(*in)) + for key, val := range *in { + var outVal []string + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = make(ExtraValue, len(*in)) + copy(*out, *in) + } + (*out)[key] = outVal + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserInfo. +func (in *UserInfo) DeepCopy() *UserInfo { + if in == nil { + return nil + } + out := new(UserInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequest) DeepCopyInto(out *WhoAmIRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequest. +func (in *WhoAmIRequest) DeepCopy() *WhoAmIRequest { + if in == nil { + return nil + } + out := new(WhoAmIRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestList) DeepCopyInto(out *WhoAmIRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]WhoAmIRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestList. +func (in *WhoAmIRequestList) DeepCopy() *WhoAmIRequestList { + if in == nil { + return nil + } + out := new(WhoAmIRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *WhoAmIRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestSpec) DeepCopyInto(out *WhoAmIRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestSpec. +func (in *WhoAmIRequestSpec) DeepCopy() *WhoAmIRequestSpec { + if in == nil { + return nil + } + out := new(WhoAmIRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WhoAmIRequestStatus) DeepCopyInto(out *WhoAmIRequestStatus) { + *out = *in + in.KubernetesUserInfo.DeepCopyInto(&out.KubernetesUserInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WhoAmIRequestStatus. +func (in *WhoAmIRequestStatus) DeepCopy() *WhoAmIRequestStatus { + if in == nil { + return nil + } + out := new(WhoAmIRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/latest/apis/concierge/login/v1alpha1/types_token.go b/generated/latest/apis/concierge/login/v1alpha1/types_token.go index 66b744f3..53e25645 100644 --- a/generated/latest/apis/concierge/login/v1alpha1/types_token.go +++ b/generated/latest/apis/concierge/login/v1alpha1/types_token.go @@ -31,6 +31,7 @@ type TokenCredentialRequestStatus struct { // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. // +genclient // +genclient:nonNamespaced +// +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type TokenCredentialRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/generated/latest/client/concierge/clientset/versioned/clientset.go b/generated/latest/client/concierge/clientset/versioned/clientset.go index c4e4df24..7e8480eb 100644 --- a/generated/latest/client/concierge/clientset/versioned/clientset.go +++ b/generated/latest/client/concierge/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( authenticationv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface + IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client configV1alpha1 *configv1alpha1.ConfigV1alpha1Client + identityV1alpha1 *identityv1alpha1.IdentityV1alpha1Client loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return c.configV1alpha1 } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return c.identityV1alpha1 +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return c.loginV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c) cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c) + cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c) cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) cs.configV1alpha1 = configv1alpha1.New(c) + cs.identityV1alpha1 = identityv1alpha1.New(c) cs.loginV1alpha1 = loginv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/latest/client/concierge/clientset/versioned/fake/clientset_generated.go b/generated/latest/client/concierge/clientset/versioned/fake/clientset_generated.go index 959eb008..7bf61933 100644 --- a/generated/latest/client/concierge/clientset/versioned/fake/clientset_generated.go +++ b/generated/latest/client/concierge/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakeauthenticationv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake" configv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/config/v1alpha1" fakeconfigv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/config/v1alpha1/fake" + identityv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1" + fakeidentityv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake" loginv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1" fakeloginv1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface { return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake} } +// IdentityV1alpha1 retrieves the IdentityV1alpha1Client +func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface { + return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake} +} + // LoginV1alpha1 retrieves the LoginV1alpha1Client func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} diff --git a/generated/latest/client/concierge/clientset/versioned/fake/register.go b/generated/latest/client/concierge/clientset/versioned/fake/register.go index 0511cdc9..0356cd9e 100644 --- a/generated/latest/client/concierge/clientset/versioned/fake/register.go +++ b/generated/latest/client/concierge/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( authenticationv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/latest/client/concierge/clientset/versioned/scheme/register.go b/generated/latest/client/concierge/clientset/versioned/scheme/register.go index b54b0dca..c793f040 100644 --- a/generated/latest/client/concierge/clientset/versioned/scheme/register.go +++ b/generated/latest/client/concierge/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( authenticationv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" + identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ authenticationv1alpha1.AddToScheme, configv1alpha1.AddToScheme, + identityv1alpha1.AddToScheme, loginv1alpha1.AddToScheme, } diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go new file mode 100644 index 00000000..471ef9f5 --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go new file mode 100644 index 00000000..68c64650 --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go new file mode 100644 index 00000000..235501d5 --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -0,0 +1,27 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeIdentityV1alpha1 struct { + *testing.Fake +} + +func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface { + return &FakeWhoAmIRequests{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go new file mode 100644 index 00000000..70e99bc0 --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go @@ -0,0 +1,34 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + schema "k8s.io/apimachinery/pkg/runtime/schema" + testing "k8s.io/client-go/testing" +) + +// FakeWhoAmIRequests implements WhoAmIRequestInterface +type FakeWhoAmIRequests struct { + Fake *FakeIdentityV1alpha1 +} + +var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"} + +var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *FakeWhoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.WhoAmIRequest), err +} diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go new file mode 100644 index 00000000..8bea78ec --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type WhoAmIRequestExpansion interface{} diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go new file mode 100644 index 00000000..2df6b395 --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -0,0 +1,76 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" + "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type IdentityV1alpha1Interface interface { + RESTClient() rest.Interface + WhoAmIRequestsGetter +} + +// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group. +type IdentityV1alpha1Client struct { + restClient rest.Interface +} + +func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface { + return newWhoAmIRequests(c) +} + +// NewForConfig creates a new IdentityV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &IdentityV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new IdentityV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *IdentityV1alpha1Client { + return &IdentityV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *IdentityV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go new file mode 100644 index 00000000..ce1c6f29 --- /dev/null +++ b/generated/latest/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go @@ -0,0 +1,51 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" + scheme "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + rest "k8s.io/client-go/rest" +) + +// WhoAmIRequestsGetter has a method to return a WhoAmIRequestInterface. +// A group's client should implement this interface. +type WhoAmIRequestsGetter interface { + WhoAmIRequests() WhoAmIRequestInterface +} + +// WhoAmIRequestInterface has methods to work with WhoAmIRequest resources. +type WhoAmIRequestInterface interface { + Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (*v1alpha1.WhoAmIRequest, error) + WhoAmIRequestExpansion +} + +// whoAmIRequests implements WhoAmIRequestInterface +type whoAmIRequests struct { + client rest.Interface +} + +// newWhoAmIRequests returns a WhoAmIRequests +func newWhoAmIRequests(c *IdentityV1alpha1Client) *whoAmIRequests { + return &whoAmIRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a whoAmIRequest and creates it. Returns the server's representation of the whoAmIRequest, and an error, if there is any. +func (c *whoAmIRequests) Create(ctx context.Context, whoAmIRequest *v1alpha1.WhoAmIRequest, opts v1.CreateOptions) (result *v1alpha1.WhoAmIRequest, err error) { + result = &v1alpha1.WhoAmIRequest{} + err = c.client.Post(). + Resource("whoamirequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(whoAmIRequest). + Do(ctx). + Into(result) + return +} diff --git a/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go index 0ba9ab90..ada573f1 100644 --- a/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go +++ b/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -10,10 +10,7 @@ import ( v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" ) @@ -26,43 +23,6 @@ var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login. var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{}) - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} - for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts)) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { obj, err := c.Fake. @@ -72,49 +32,3 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia } return obj.(*v1alpha1.TokenCredentialRequest), err } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) { - obj, err := c.Fake. - Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts) - - _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) - return err -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) - if obj == nil { - return nil, err - } - return obj.(*v1alpha1.TokenCredentialRequest), err -} diff --git a/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go index 0e583b53..dabd2c54 100644 --- a/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go +++ b/generated/latest/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -7,13 +7,10 @@ package v1alpha1 import ( "context" - "time" v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" scheme "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" rest "k8s.io/client-go/rest" ) @@ -26,14 +23,6 @@ type TokenCredentialRequestsGetter interface { // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. type TokenCredentialRequestInterface interface { Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (*v1alpha1.TokenCredentialRequest, error) - Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) - List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) TokenCredentialRequestExpansion } @@ -49,48 +38,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests } } -// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. -func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(ctx). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. -func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - result = &v1alpha1.TokenCredentialRequestList{} - err = c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Do(ctx). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. -func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - var timeout time.Duration - if opts.TimeoutSeconds != nil { - timeout = time.Duration(*opts.TimeoutSeconds) * time.Second - } - opts.Watch = true - return c.client.Get(). - Resource("tokencredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Timeout(timeout). - Watch(ctx) -} - // Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { result = &v1alpha1.TokenCredentialRequest{} @@ -102,70 +49,3 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq Into(result) return } - -// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. -func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// UpdateStatus was generated because the type contains a Status member. -// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). -func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Put(). - Resource("tokencredentialrequests"). - Name(tokenCredentialRequest.Name). - SubResource("status"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(tokenCredentialRequest). - Do(ctx). - Into(result) - return -} - -// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. -func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - return c.client.Delete(). - Resource("tokencredentialrequests"). - Name(name). - Body(&opts). - Do(ctx). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - var timeout time.Duration - if listOpts.TimeoutSeconds != nil { - timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second - } - return c.client.Delete(). - Resource("tokencredentialrequests"). - VersionedParams(&listOpts, scheme.ParameterCodec). - Timeout(timeout). - Body(&opts). - Do(ctx). - Error() -} - -// Patch applies the patch and returns the patched tokenCredentialRequest. -func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { - result = &v1alpha1.TokenCredentialRequest{} - err = c.client.Patch(pt). - Resource("tokencredentialrequests"). - Name(name). - SubResource(subresources...). - VersionedParams(&opts, scheme.ParameterCodec). - Body(data). - Do(ctx). - Into(result) - return -} diff --git a/generated/latest/client/concierge/informers/externalversions/factory.go b/generated/latest/client/concierge/informers/externalversions/factory.go index 7f503edf..10f39982 100644 --- a/generated/latest/client/concierge/informers/externalversions/factory.go +++ b/generated/latest/client/concierge/informers/externalversions/factory.go @@ -14,7 +14,6 @@ import ( authentication "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/authentication" config "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/config" internalinterfaces "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/internalinterfaces" - login "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/login" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -163,7 +162,6 @@ type SharedInformerFactory interface { Authentication() authentication.Interface Config() config.Interface - Login() login.Interface } func (f *sharedInformerFactory) Authentication() authentication.Interface { @@ -173,7 +171,3 @@ func (f *sharedInformerFactory) Authentication() authentication.Interface { func (f *sharedInformerFactory) Config() config.Interface { return config.New(f, f.namespace, f.tweakListOptions) } - -func (f *sharedInformerFactory) Login() login.Interface { - return login.New(f, f.namespace, f.tweakListOptions) -} diff --git a/generated/latest/client/concierge/informers/externalversions/generic.go b/generated/latest/client/concierge/informers/externalversions/generic.go index 2a01c5e8..6ebd6ad6 100644 --- a/generated/latest/client/concierge/informers/externalversions/generic.go +++ b/generated/latest/client/concierge/informers/externalversions/generic.go @@ -10,7 +10,6 @@ import ( v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1" configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" - loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -51,10 +50,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case configv1alpha1.SchemeGroupVersion.WithResource("credentialissuers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CredentialIssuers().Informer()}, nil - // Group=login.concierge.pinniped.dev, Version=v1alpha1 - case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil - } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/generated/latest/client/concierge/informers/externalversions/login/interface.go b/generated/latest/client/concierge/informers/externalversions/login/interface.go deleted file mode 100644 index c6962b2a..00000000 --- a/generated/latest/client/concierge/informers/externalversions/login/interface.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package login - -import ( - internalinterfaces "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/login/v1alpha1" -) - -// Interface provides access to each of this group's versions. -type Interface interface { - // V1alpha1 provides access to shared informers for resources in V1alpha1. - V1alpha1() v1alpha1.Interface -} - -type group struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// V1alpha1 returns a new v1alpha1.Interface. -func (g *group) V1alpha1() v1alpha1.Interface { - return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) -} diff --git a/generated/latest/client/concierge/informers/externalversions/login/v1alpha1/interface.go b/generated/latest/client/concierge/informers/externalversions/login/v1alpha1/interface.go deleted file mode 100644 index 0db88850..00000000 --- a/generated/latest/client/concierge/informers/externalversions/login/v1alpha1/interface.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - internalinterfaces "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/internalinterfaces" -) - -// Interface provides access to all the informers in this group version. -type Interface interface { - // TokenCredentialRequests returns a TokenCredentialRequestInformer. - TokenCredentialRequests() TokenCredentialRequestInformer -} - -type version struct { - factory internalinterfaces.SharedInformerFactory - namespace string - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// New returns a new Interface. -func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { - return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} -} - -// TokenCredentialRequests returns a TokenCredentialRequestInformer. -func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { - return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} diff --git a/generated/latest/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/latest/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 1a36dde4..00000000 --- a/generated/latest/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - time "time" - - loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" - versioned "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned" - internalinterfaces "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions/internalinterfaces" - v1alpha1 "go.pinniped.dev/generated/latest/client/concierge/listers/login/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestInformer provides access to a shared informer and lister for -// TokenCredentialRequests. -type TokenCredentialRequestInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1alpha1.TokenCredentialRequestLister -} - -type tokenCredentialRequestInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options) - }, - }, - &loginv1alpha1.TokenCredentialRequest{}, - resyncPeriod, - indexers, - ) -} - -func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) -} - -func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { - return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) -} diff --git a/generated/latest/client/concierge/listers/login/v1alpha1/expansion_generated.go b/generated/latest/client/concierge/listers/login/v1alpha1/expansion_generated.go deleted file mode 100644 index 3cdb9535..00000000 --- a/generated/latest/client/concierge/listers/login/v1alpha1/expansion_generated.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -// TokenCredentialRequestListerExpansion allows custom methods to be added to -// TokenCredentialRequestLister. -type TokenCredentialRequestListerExpansion interface{} diff --git a/generated/latest/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go b/generated/latest/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go deleted file mode 100644 index 2ccb9f8b..00000000 --- a/generated/latest/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" -) - -// TokenCredentialRequestLister helps list TokenCredentialRequests. -// All objects returned here must be treated as read-only. -type TokenCredentialRequestLister interface { - // List lists all TokenCredentialRequests in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) - // Get retrieves the TokenCredentialRequest from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1alpha1.TokenCredentialRequest, error) - TokenCredentialRequestListerExpansion -} - -// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. -type tokenCredentialRequestLister struct { - indexer cache.Indexer -} - -// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. -func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { - return &tokenCredentialRequestLister{indexer: indexer} -} - -// List lists all TokenCredentialRequests in the indexer. -func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) - }) - return ret, err -} - -// Get retrieves the TokenCredentialRequest from the index for a given name. -func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { - obj, exists, err := s.indexer.GetByKey(name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) - } - return obj.(*v1alpha1.TokenCredentialRequest), nil -} diff --git a/generated/latest/client/concierge/openapi/zz_generated.openapi.go b/generated/latest/client/concierge/openapi/zz_generated.openapi.go index 216f4e95..3ef76117 100644 --- a/generated/latest/client/concierge/openapi/zz_generated.openapi.go +++ b/generated/latest/client/concierge/openapi/zz_generated.openapi.go @@ -17,6 +17,12 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.KubernetesUserInfo": schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref), + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.UserInfo": schema_apis_concierge_identity_v1alpha1_UserInfo(ref), + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequest": schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref), + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestList": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref), + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref), + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus": schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref), "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1.ClusterCredential": schema_apis_concierge_login_v1alpha1_ClusterCredential(ref), "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1.TokenCredentialRequest": schema_apis_concierge_login_v1alpha1_TokenCredentialRequest(ref), "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1.TokenCredentialRequestList": schema_apis_concierge_login_v1alpha1_TokenCredentialRequestList(ref), @@ -77,6 +83,240 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA } } +func schema_apis_concierge_identity_v1alpha1_KubernetesUserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubernetesUserInfo represents the current authenticated user, exactly as Kubernetes understands it. Copied from the Kubernetes token review API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "user": { + SchemaProps: spec.SchemaProps{ + Description: "User is the UserInfo associated with the current user.", + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.UserInfo"), + }, + }, + "audiences": { + SchemaProps: spec.SchemaProps{ + Description: "Audiences are audience identifiers chosen by the authenticator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"user"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.UserInfo"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_UserInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserInfo holds the information about the user needed to implement the user.Info interface.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "username": { + SchemaProps: spec.SchemaProps{ + Description: "The name that uniquely identifies this user among all active users.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.", + Type: []string{"string"}, + Format: "", + }, + }, + "groups": { + SchemaProps: spec.SchemaProps{ + Description: "The names of groups this user is a part of.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "extra": { + SchemaProps: spec.SchemaProps{ + Description: "Any additional information provided by the authenticator.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + }, + Required: []string{"username"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequest submits a request to echo back the current authenticated user.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestSpec", "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WhoAmIRequestList is a list of WhoAmIRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Items is a list of WhoAmIRequest", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.WhoAmIRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, + } +} + +func schema_apis_concierge_identity_v1alpha1_WhoAmIRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kubernetesUserInfo": { + SchemaProps: spec.SchemaProps{ + Description: "The current authenticated user, exactly as Kubernetes understands it.", + Default: map[string]interface{}{}, + Ref: ref("go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.KubernetesUserInfo"), + }, + }, + }, + Required: []string{"kubernetesUserInfo"}, + }, + }, + Dependencies: []string{ + "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1.KubernetesUserInfo"}, + } +} + func schema_apis_concierge_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/hack/lib/update-codegen.sh b/hack/lib/update-codegen.sh index f9697dc3..94353561 100755 --- a/hack/lib/update-codegen.sh +++ b/hack/lib/update-codegen.sh @@ -112,7 +112,7 @@ echo "generating API-related code for our public API groups..." deepcopy \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "supervisor/config:v1alpha1 supervisor/idp:v1alpha1 concierge/config:v1alpha1 concierge/authentication:v1alpha1 concierge/login:v1alpha1" \ + "supervisor/config:v1alpha1 supervisor/idp:v1alpha1 concierge/config:v1alpha1 concierge/authentication:v1alpha1 concierge/login:v1alpha1 concierge/identity:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-api > |" ) @@ -124,7 +124,7 @@ echo "generating API-related code for our internal API groups..." "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/client/concierge" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "concierge/login:v1alpha1" \ + "concierge/login:v1alpha1 concierge/identity:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-int-api > |" ) @@ -140,7 +140,7 @@ echo "generating client code for our public API groups..." client,lister,informer \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/client/concierge" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "concierge/config:v1alpha1 concierge/authentication:v1alpha1 concierge/login:v1alpha1" \ + "concierge/config:v1alpha1 concierge/authentication:v1alpha1 concierge/login:v1alpha1 concierge/identity:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-client > |" ) (cd client && diff --git a/internal/concierge/apiserver/apiserver.go b/internal/concierge/apiserver/apiserver.go index 51017066..e5fc8da9 100644 --- a/internal/concierge/apiserver/apiserver.go +++ b/internal/concierge/apiserver/apiserver.go @@ -10,12 +10,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apiserver/pkg/registry/rest" genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/client-go/pkg/version" "go.pinniped.dev/internal/plog" "go.pinniped.dev/internal/registry/credentialrequest" + "go.pinniped.dev/internal/registry/whoamirequest" ) type Config struct { @@ -29,7 +31,8 @@ type ExtraConfig struct { StartControllersPostStartHook func(ctx context.Context) Scheme *runtime.Scheme NegotiatedSerializer runtime.NegotiatedSerializer - GroupVersion schema.GroupVersion + LoginConciergeGroupVersion schema.GroupVersion + IdentityConciergeGroupVersion schema.GroupVersion } type PinnipedServer struct { @@ -70,17 +73,35 @@ func (c completedConfig) New() (*PinnipedServer, error) { GenericAPIServer: genericServer, } - gvr := c.ExtraConfig.GroupVersion.WithResource("tokencredentialrequests") - storage := credentialrequest.NewREST(c.ExtraConfig.Authenticator, c.ExtraConfig.Issuer, gvr.GroupResource()) - if err := s.GenericAPIServer.InstallAPIGroup(&genericapiserver.APIGroupInfo{ - PrioritizedVersions: []schema.GroupVersion{gvr.GroupVersion()}, - VersionedResourcesStorageMap: map[string]map[string]rest.Storage{gvr.Version: {gvr.Resource: storage}}, - OptionsExternalVersion: &schema.GroupVersion{Version: "v1"}, - Scheme: c.ExtraConfig.Scheme, - ParameterCodec: metav1.ParameterCodec, - NegotiatedSerializer: c.ExtraConfig.NegotiatedSerializer, - }); err != nil { - return nil, fmt.Errorf("could not install API group %s: %w", gvr.String(), err) + var errs []error //nolint: prealloc + for _, f := range []func() (schema.GroupVersionResource, rest.Storage){ + func() (schema.GroupVersionResource, rest.Storage) { + tokenCredReqGVR := c.ExtraConfig.LoginConciergeGroupVersion.WithResource("tokencredentialrequests") + tokenCredStorage := credentialrequest.NewREST(c.ExtraConfig.Authenticator, c.ExtraConfig.Issuer, tokenCredReqGVR.GroupResource()) + return tokenCredReqGVR, tokenCredStorage + }, + func() (schema.GroupVersionResource, rest.Storage) { + whoAmIReqGVR := c.ExtraConfig.IdentityConciergeGroupVersion.WithResource("whoamirequests") + whoAmIStorage := whoamirequest.NewREST(whoAmIReqGVR.GroupResource()) + return whoAmIReqGVR, whoAmIStorage + }, + } { + gvr, storage := f() + errs = append(errs, + s.GenericAPIServer.InstallAPIGroup( + &genericapiserver.APIGroupInfo{ + PrioritizedVersions: []schema.GroupVersion{gvr.GroupVersion()}, + VersionedResourcesStorageMap: map[string]map[string]rest.Storage{gvr.Version: {gvr.Resource: storage}}, + OptionsExternalVersion: &schema.GroupVersion{Version: "v1"}, + Scheme: c.ExtraConfig.Scheme, + ParameterCodec: metav1.ParameterCodec, + NegotiatedSerializer: c.ExtraConfig.NegotiatedSerializer, + }, + ), + ) + } + if err := errors.NewAggregate(errs); err != nil { + return nil, fmt.Errorf("could not install API groups: %w", err) } s.GenericAPIServer.AddPostStartHookOrDie("start-controllers", diff --git a/internal/concierge/server/server.go b/internal/concierge/server/server.go index 3975d853..77769fca 100644 --- a/internal/concierge/server/server.go +++ b/internal/concierge/server/server.go @@ -19,6 +19,8 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" + identityapi "go.pinniped.dev/generated/latest/apis/concierge/identity" + identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" loginapi "go.pinniped.dev/generated/latest/apis/concierge/login" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" "go.pinniped.dev/internal/certauthority/dynamiccertauthority" @@ -174,23 +176,15 @@ func getAggregatedAPIServerConfig( startControllersPostStartHook func(context.Context), apiGroupSuffix string, ) (*apiserver.Config, error) { - loginConciergeAPIGroup, ok := groupsuffix.Replace(loginv1alpha1.GroupName, apiGroupSuffix) - if !ok { - return nil, fmt.Errorf("cannot make api group from %s/%s", loginv1alpha1.GroupName, apiGroupSuffix) - } - - scheme := getAggregatedAPIServerScheme(loginConciergeAPIGroup, apiGroupSuffix) + scheme, loginConciergeGroupVersion, identityConciergeGroupVersion := getAggregatedAPIServerScheme(apiGroupSuffix) codecs := serializer.NewCodecFactory(scheme) - defaultEtcdPathPrefix := fmt.Sprintf("/registry/%s", loginConciergeAPIGroup) - groupVersion := schema.GroupVersion{ - Group: loginConciergeAPIGroup, - Version: loginv1alpha1.SchemeGroupVersion.Version, - } + // this is unused for now but it is a safe value that we could use in the future + defaultEtcdPathPrefix := fmt.Sprintf("/pinniped-concierge-registry/%s", apiGroupSuffix) recommendedOptions := genericoptions.NewRecommendedOptions( defaultEtcdPathPrefix, - codecs.LegacyCodec(groupVersion), + codecs.LegacyCodec(loginConciergeGroupVersion, identityConciergeGroupVersion), ) recommendedOptions.Etcd = nil // turn off etcd storage because we don't need it yet recommendedOptions.SecureServing.ServerCert.GeneratedCert = dynamicCertProvider @@ -218,57 +212,45 @@ func getAggregatedAPIServerConfig( StartControllersPostStartHook: startControllersPostStartHook, Scheme: scheme, NegotiatedSerializer: codecs, - GroupVersion: groupVersion, + LoginConciergeGroupVersion: loginConciergeGroupVersion, + IdentityConciergeGroupVersion: identityConciergeGroupVersion, }, } return apiServerConfig, nil } -func getAggregatedAPIServerScheme(loginConciergeAPIGroup, apiGroupSuffix string) *runtime.Scheme { +func getAggregatedAPIServerScheme(apiGroupSuffix string) (_ *runtime.Scheme, login, identity schema.GroupVersion) { // standard set up of the server side scheme scheme := runtime.NewScheme() // add the options to empty v1 metav1.AddToGroupVersion(scheme, metav1.Unversioned) - // nothing fancy is required if using the standard group - if loginConciergeAPIGroup == loginv1alpha1.GroupName { - utilruntime.Must(loginv1alpha1.AddToScheme(scheme)) - utilruntime.Must(loginapi.AddToScheme(scheme)) - return scheme + // nothing fancy is required if using the standard group suffix + if apiGroupSuffix == groupsuffix.PinnipedDefaultSuffix { + schemeBuilder := runtime.NewSchemeBuilder( + loginv1alpha1.AddToScheme, + loginapi.AddToScheme, + identityv1alpha1.AddToScheme, + identityapi.AddToScheme, + ) + utilruntime.Must(schemeBuilder.AddToScheme(scheme)) + return scheme, loginv1alpha1.SchemeGroupVersion, identityv1alpha1.SchemeGroupVersion } - // we need a temporary place to register our types to avoid double registering them - tmpScheme := runtime.NewScheme() - utilruntime.Must(loginv1alpha1.AddToScheme(tmpScheme)) - utilruntime.Must(loginapi.AddToScheme(tmpScheme)) + loginConciergeGroupData, identityConciergeGroupData := groupsuffix.ConciergeAggregatedGroups(apiGroupSuffix) - for gvk := range tmpScheme.AllKnownTypes() { - if gvk.GroupVersion() == metav1.Unversioned { - continue // metav1.AddToGroupVersion registers types outside of our aggregated API group that we need to ignore - } + addToSchemeAtNewGroup(scheme, loginv1alpha1.GroupName, loginConciergeGroupData.Group, loginv1alpha1.AddToScheme, loginapi.AddToScheme) + addToSchemeAtNewGroup(scheme, identityv1alpha1.GroupName, identityConciergeGroupData.Group, identityv1alpha1.AddToScheme, identityapi.AddToScheme) - if gvk.Group != loginv1alpha1.GroupName { - panic("tmp scheme has types not in the aggregated API group: " + gvk.Group) // programmer error - } - - obj, err := tmpScheme.New(gvk) - if err != nil { - panic(err) // programmer error, scheme internal code is broken - } - newGVK := schema.GroupVersionKind{ - Group: loginConciergeAPIGroup, - Version: gvk.Version, - Kind: gvk.Kind, - } - - // register the existing type but with the new group in the correct scheme - scheme.AddKnownTypeWithName(newGVK, obj) - } - - // manually register conversions and defaulting into the correct scheme since we cannot directly call loginv1alpha1.AddToScheme - utilruntime.Must(loginv1alpha1.RegisterConversions(scheme)) - utilruntime.Must(loginv1alpha1.RegisterDefaults(scheme)) + // manually register conversions and defaulting into the correct scheme since we cannot directly call AddToScheme + schemeBuilder := runtime.NewSchemeBuilder( + loginv1alpha1.RegisterConversions, + loginv1alpha1.RegisterDefaults, + identityv1alpha1.RegisterConversions, + identityv1alpha1.RegisterDefaults, + ) + utilruntime.Must(schemeBuilder.AddToScheme(scheme)) // we do not want to return errors from the scheme and instead would prefer to defer // to the REST storage layer for consistency. The simplest way to do this is to force @@ -309,5 +291,35 @@ func getAggregatedAPIServerScheme(loginConciergeAPIGroup, apiGroupSuffix string) credentialRequest.Spec.Authenticator.APIGroup = &restoredGroup }) - return scheme + return scheme, schema.GroupVersion(loginConciergeGroupData), schema.GroupVersion(identityConciergeGroupData) +} + +func addToSchemeAtNewGroup(scheme *runtime.Scheme, oldGroup, newGroup string, funcs ...func(*runtime.Scheme) error) { + // we need a temporary place to register our types to avoid double registering them + tmpScheme := runtime.NewScheme() + schemeBuilder := runtime.NewSchemeBuilder(funcs...) + utilruntime.Must(schemeBuilder.AddToScheme(tmpScheme)) + + for gvk := range tmpScheme.AllKnownTypes() { + if gvk.GroupVersion() == metav1.Unversioned { + continue // metav1.AddToGroupVersion registers types outside of our aggregated API group that we need to ignore + } + + if gvk.Group != oldGroup { + panic(fmt.Errorf("tmp scheme has type not in the old aggregated API group %s: %s", oldGroup, gvk)) // programmer error + } + + obj, err := tmpScheme.New(gvk) + if err != nil { + panic(err) // programmer error, scheme internal code is broken + } + newGVK := schema.GroupVersionKind{ + Group: newGroup, + Version: gvk.Version, + Kind: gvk.Kind, + } + + // register the existing type but with the new group in the correct scheme + scheme.AddKnownTypeWithName(newGVK, obj) + } } diff --git a/internal/concierge/server/server_test.go b/internal/concierge/server/server_test.go index 3bc27181..4eab0245 100644 --- a/internal/concierge/server/server_test.go +++ b/internal/concierge/server/server_test.go @@ -18,9 +18,10 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + identityapi "go.pinniped.dev/generated/latest/apis/concierge/identity" + identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" loginapi "go.pinniped.dev/generated/latest/apis/concierge/login" loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" - "go.pinniped.dev/internal/groupsuffix" ) const knownGoodUsage = ` @@ -100,24 +101,40 @@ func TestCommand(t *testing.T) { func Test_getAggregatedAPIServerScheme(t *testing.T) { // the standard group - regularGV := schema.GroupVersion{ + regularLoginGV := schema.GroupVersion{ Group: "login.concierge.pinniped.dev", Version: "v1alpha1", } - regularGVInternal := schema.GroupVersion{ + regularLoginGVInternal := schema.GroupVersion{ Group: "login.concierge.pinniped.dev", Version: runtime.APIVersionInternal, } + regularIdentityGV := schema.GroupVersion{ + Group: "identity.concierge.pinniped.dev", + Version: "v1alpha1", + } + regularIdentityGVInternal := schema.GroupVersion{ + Group: "identity.concierge.pinniped.dev", + Version: runtime.APIVersionInternal, + } // the canonical other group - otherGV := schema.GroupVersion{ + otherLoginGV := schema.GroupVersion{ Group: "login.concierge.walrus.tld", Version: "v1alpha1", } - otherGVInternal := schema.GroupVersion{ + otherLoginGVInternal := schema.GroupVersion{ Group: "login.concierge.walrus.tld", Version: runtime.APIVersionInternal, } + otherIdentityGV := schema.GroupVersion{ + Group: "identity.concierge.walrus.tld", + Version: "v1alpha1", + } + otherIdentityGVInternal := schema.GroupVersion{ + Group: "identity.concierge.walrus.tld", + Version: runtime.APIVersionInternal, + } // kube's core internal internalGV := schema.GroupVersion{ @@ -126,9 +143,11 @@ func Test_getAggregatedAPIServerScheme(t *testing.T) { } tests := []struct { - name string - apiGroupSuffix string - want map[schema.GroupVersionKind]reflect.Type + name string + apiGroupSuffix string + want map[schema.GroupVersionKind]reflect.Type + wantLoginGroupVersion schema.GroupVersion + wantIdentityGroupVersion schema.GroupVersion }{ { name: "regular api group", @@ -136,22 +155,39 @@ func Test_getAggregatedAPIServerScheme(t *testing.T) { want: map[schema.GroupVersionKind]reflect.Type{ // all the types that are in the aggregated API group - regularGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(), - regularGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(), + regularLoginGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(), + regularLoginGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(), - regularGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(), - regularGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(), + regularLoginGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(), + regularLoginGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(), - regularGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), - regularGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), - regularGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(), - regularGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(), - regularGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(), - regularGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(), - regularGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), - regularGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), + regularIdentityGV.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequest{}).Elem(), + regularIdentityGV.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequestList{}).Elem(), - regularGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(), + regularIdentityGVInternal.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityapi.WhoAmIRequest{}).Elem(), + regularIdentityGVInternal.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityapi.WhoAmIRequestList{}).Elem(), + + regularLoginGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), + regularLoginGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), + regularLoginGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(), + regularLoginGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(), + regularLoginGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(), + regularLoginGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(), + regularLoginGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), + regularLoginGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), + + regularIdentityGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), + regularIdentityGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), + regularIdentityGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(), + regularIdentityGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(), + regularIdentityGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(), + regularIdentityGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(), + regularIdentityGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), + regularIdentityGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), + + regularLoginGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(), + + regularIdentityGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(), // the types below this line do not really matter to us because they are in the core group @@ -171,6 +207,8 @@ func Test_getAggregatedAPIServerScheme(t *testing.T) { metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), }, + wantLoginGroupVersion: regularLoginGV, + wantIdentityGroupVersion: regularIdentityGV, }, { name: "other api group", @@ -178,22 +216,39 @@ func Test_getAggregatedAPIServerScheme(t *testing.T) { want: map[schema.GroupVersionKind]reflect.Type{ // all the types that are in the aggregated API group - otherGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(), - otherGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(), + otherLoginGV.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequest{}).Elem(), + otherLoginGV.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginv1alpha1.TokenCredentialRequestList{}).Elem(), - otherGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(), - otherGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(), + otherLoginGVInternal.WithKind("TokenCredentialRequest"): reflect.TypeOf(&loginapi.TokenCredentialRequest{}).Elem(), + otherLoginGVInternal.WithKind("TokenCredentialRequestList"): reflect.TypeOf(&loginapi.TokenCredentialRequestList{}).Elem(), - otherGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), - otherGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), - otherGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(), - otherGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(), - otherGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(), - otherGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(), - otherGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), - otherGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), + otherIdentityGV.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequest{}).Elem(), + otherIdentityGV.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityv1alpha1.WhoAmIRequestList{}).Elem(), - otherGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(), + otherIdentityGVInternal.WithKind("WhoAmIRequest"): reflect.TypeOf(&identityapi.WhoAmIRequest{}).Elem(), + otherIdentityGVInternal.WithKind("WhoAmIRequestList"): reflect.TypeOf(&identityapi.WhoAmIRequestList{}).Elem(), + + otherLoginGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), + otherLoginGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), + otherLoginGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(), + otherLoginGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(), + otherLoginGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(), + otherLoginGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(), + otherLoginGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), + otherLoginGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), + + otherIdentityGV.WithKind("CreateOptions"): reflect.TypeOf(&metav1.CreateOptions{}).Elem(), + otherIdentityGV.WithKind("DeleteOptions"): reflect.TypeOf(&metav1.DeleteOptions{}).Elem(), + otherIdentityGV.WithKind("ExportOptions"): reflect.TypeOf(&metav1.ExportOptions{}).Elem(), + otherIdentityGV.WithKind("GetOptions"): reflect.TypeOf(&metav1.GetOptions{}).Elem(), + otherIdentityGV.WithKind("ListOptions"): reflect.TypeOf(&metav1.ListOptions{}).Elem(), + otherIdentityGV.WithKind("PatchOptions"): reflect.TypeOf(&metav1.PatchOptions{}).Elem(), + otherIdentityGV.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), + otherIdentityGV.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), + + otherLoginGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(), + + otherIdentityGVInternal.WithKind("WatchEvent"): reflect.TypeOf(&metav1.InternalEvent{}).Elem(), // the types below this line do not really matter to us because they are in the core group @@ -213,16 +268,17 @@ func Test_getAggregatedAPIServerScheme(t *testing.T) { metav1.Unversioned.WithKind("UpdateOptions"): reflect.TypeOf(&metav1.UpdateOptions{}).Elem(), metav1.Unversioned.WithKind("WatchEvent"): reflect.TypeOf(&metav1.WatchEvent{}).Elem(), }, + wantLoginGroupVersion: otherLoginGV, + wantIdentityGroupVersion: otherIdentityGV, }, } for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { - loginConciergeAPIGroup, ok := groupsuffix.Replace("login.concierge.pinniped.dev", tt.apiGroupSuffix) - require.True(t, ok) - - scheme := getAggregatedAPIServerScheme(loginConciergeAPIGroup, tt.apiGroupSuffix) + scheme, loginGV, identityGV := getAggregatedAPIServerScheme(tt.apiGroupSuffix) require.Equal(t, tt.want, scheme.AllKnownTypes()) + require.Equal(t, tt.wantLoginGroupVersion, loginGV) + require.Equal(t, tt.wantIdentityGroupVersion, identityGV) // make a credential request like a client would send authenticationConciergeAPIGroup := "authentication.concierge." + tt.apiGroupSuffix diff --git a/internal/config/concierge/config.go b/internal/config/concierge/config.go index 1cfa11b6..88d8fe06 100644 --- a/internal/config/concierge/config.go +++ b/internal/config/concierge/config.go @@ -79,7 +79,7 @@ func maybeSetAPIDefaults(apiConfig *APIConfigSpec) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { if *apiGroupSuffix == nil { - *apiGroupSuffix = stringPtr("pinniped.dev") + *apiGroupSuffix = stringPtr(groupsuffix.PinnipedDefaultSuffix) } } diff --git a/internal/config/supervisor/config.go b/internal/config/supervisor/config.go index f6dabb04..24668f54 100644 --- a/internal/config/supervisor/config.go +++ b/internal/config/supervisor/config.go @@ -54,7 +54,7 @@ func FromPath(path string) (*Config, error) { func maybeSetAPIGroupSuffixDefault(apiGroupSuffix **string) { if *apiGroupSuffix == nil { - *apiGroupSuffix = stringPtr("pinniped.dev") + *apiGroupSuffix = stringPtr(groupsuffix.PinnipedDefaultSuffix) } } diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index ee6fa140..902ed43b 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -15,7 +15,6 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/klog/v2/klogr" - loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" pinnipedclientset "go.pinniped.dev/generated/latest/client/concierge/clientset/versioned" pinnipedinformers "go.pinniped.dev/generated/latest/client/concierge/informers/externalversions" "go.pinniped.dev/internal/apiserviceref" @@ -85,18 +84,14 @@ type Config struct { // Prepare the controllers and their informers and return a function that will start them when called. //nolint:funlen // Eh, fair, it is a really long function...but it is wiring the world...so... func PrepareControllers(c *Config) (func(ctx context.Context), error) { - groupName, ok := groupsuffix.Replace(loginv1alpha1.GroupName, c.APIGroupSuffix) - if !ok { - return nil, fmt.Errorf("cannot make api group from %s/%s", loginv1alpha1.GroupName, c.APIGroupSuffix) - } - apiServiceName := loginv1alpha1.SchemeGroupVersion.Version + "." + groupName + loginConciergeGroupData, identityConciergeGroupData := groupsuffix.ConciergeAggregatedGroups(c.APIGroupSuffix) dref, _, err := deploymentref.New(c.ServerInstallationInfo) if err != nil { return nil, fmt.Errorf("cannot create deployment ref: %w", err) } - apiServiceRef, err := apiserviceref.New(apiServiceName) + apiServiceRef, err := apiserviceref.New(loginConciergeGroupData.APIServiceName()) if err != nil { return nil, fmt.Errorf("cannot create API service ref: %w", err) } @@ -163,7 +158,18 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) { apicerts.NewAPIServiceUpdaterController( c.ServerInstallationInfo.Namespace, c.NamesConfig.ServingCertificateSecret, - apiServiceName, + loginConciergeGroupData.APIServiceName(), + client.Aggregation, + informers.installationNamespaceK8s.Core().V1().Secrets(), + controllerlib.WithInformer, + ), + singletonWorker, + ). + WithController( + apicerts.NewAPIServiceUpdaterController( + c.ServerInstallationInfo.Namespace, + c.NamesConfig.ServingCertificateSecret, + identityConciergeGroupData.APIServiceName(), client.Aggregation, informers.installationNamespaceK8s.Core().V1().Secrets(), controllerlib.WithInformer, diff --git a/internal/groupsuffix/groupdata.go b/internal/groupsuffix/groupdata.go new file mode 100644 index 00000000..bac7ee4c --- /dev/null +++ b/internal/groupsuffix/groupdata.go @@ -0,0 +1,34 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package groupsuffix + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + + identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" + loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" +) + +type GroupData schema.GroupVersion + +func (d GroupData) APIServiceName() string { + return d.Version + "." + d.Group +} + +func ConciergeAggregatedGroups(apiGroupSuffix string) (login, identity GroupData) { + loginConciergeAPIGroup, ok1 := Replace(loginv1alpha1.GroupName, apiGroupSuffix) + identityConciergeAPIGroup, ok2 := Replace(identityv1alpha1.GroupName, apiGroupSuffix) + + if valid := ok1 && ok2; !valid { + panic("static group input is invalid") + } + + return GroupData{ + Group: loginConciergeAPIGroup, + Version: loginv1alpha1.SchemeGroupVersion.Version, + }, GroupData{ + Group: identityConciergeAPIGroup, + Version: identityv1alpha1.SchemeGroupVersion.Version, + } +} diff --git a/internal/groupsuffix/groupsuffix.go b/internal/groupsuffix/groupsuffix.go index 55bbff3b..c05c3d7a 100644 --- a/internal/groupsuffix/groupsuffix.go +++ b/internal/groupsuffix/groupsuffix.go @@ -20,13 +20,13 @@ import ( ) const ( - pinnipedDefaultSuffix = "pinniped.dev" + PinnipedDefaultSuffix = "pinniped.dev" pinnipedDefaultSuffixWithDot = ".pinniped.dev" ) func New(apiGroupSuffix string) kubeclient.Middleware { // return a no-op middleware by default - if len(apiGroupSuffix) == 0 || apiGroupSuffix == pinnipedDefaultSuffix { + if len(apiGroupSuffix) == 0 || apiGroupSuffix == PinnipedDefaultSuffix { return nil } @@ -161,7 +161,7 @@ func Replace(baseAPIGroup, apiGroupSuffix string) (string, bool) { if !strings.HasSuffix(baseAPIGroup, pinnipedDefaultSuffixWithDot) { return "", false } - return strings.TrimSuffix(baseAPIGroup, pinnipedDefaultSuffix) + apiGroupSuffix, true + return strings.TrimSuffix(baseAPIGroup, PinnipedDefaultSuffix) + apiGroupSuffix, true } // Unreplace is like performing an undo of Replace(). @@ -169,7 +169,7 @@ func Unreplace(baseAPIGroup, apiGroupSuffix string) (string, bool) { if !strings.HasSuffix(baseAPIGroup, "."+apiGroupSuffix) { return "", false } - return strings.TrimSuffix(baseAPIGroup, apiGroupSuffix) + pinnipedDefaultSuffix, true + return strings.TrimSuffix(baseAPIGroup, apiGroupSuffix) + PinnipedDefaultSuffix, true } // Validate validates the provided apiGroupSuffix is usable as an API group suffix. Specifically, it diff --git a/internal/kubeclient/kubeclient_test.go b/internal/kubeclient/kubeclient_test.go index 273942b6..07288238 100644 --- a/internal/kubeclient/kubeclient_test.go +++ b/internal/kubeclient/kubeclient_test.go @@ -21,8 +21,8 @@ import ( "k8s.io/client-go/transport" apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" - loginv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/login/v1alpha1" - configv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1" + conciergeconfigv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1" + supervisorconfigv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/config/v1alpha1" "go.pinniped.dev/internal/testutil/fakekubeapi" ) @@ -46,16 +46,15 @@ var ( }, } - tokenCredentialRequestGVK = loginv1alpha1.SchemeGroupVersion.WithKind("TokenCredentialRequest") - goodTokenCredentialRequest = &loginv1alpha1.TokenCredentialRequest{ + credentialIssuerGVK = conciergeconfigv1alpha1.SchemeGroupVersion.WithKind("CredentialIssuer") + goodCredentialIssuer = &conciergeconfigv1alpha1.CredentialIssuer{ ObjectMeta: metav1.ObjectMeta{ - Name: "good-token-credential-request", - Namespace: "good-namespace", + Name: "good-credential-issuer", }, } - federationDomainGVK = configv1alpha1.SchemeGroupVersion.WithKind("FederationDomain") - goodFederationDomain = &configv1alpha1.FederationDomain{ + federationDomainGVK = supervisorconfigv1alpha1.SchemeGroupVersion.WithKind("FederationDomain") + goodFederationDomain = &supervisorconfigv1alpha1.FederationDomain{ ObjectMeta: metav1.ObjectMeta{ Name: "good-federation-domain", Namespace: "good-namespace", @@ -258,60 +257,60 @@ func TestKubeclient(t *testing.T) { reallyRunTest: func(t *testing.T, c *Client) { // create tokenCredentialRequest, err := c.PinnipedConcierge. - LoginV1alpha1(). - TokenCredentialRequests(). - Create(context.Background(), goodTokenCredentialRequest, metav1.CreateOptions{}) + ConfigV1alpha1(). + CredentialIssuers(). + Create(context.Background(), goodCredentialIssuer, metav1.CreateOptions{}) require.NoError(t, err) - require.Equal(t, goodTokenCredentialRequest, tokenCredentialRequest) + require.Equal(t, goodCredentialIssuer, tokenCredentialRequest) // read tokenCredentialRequest, err = c.PinnipedConcierge. - LoginV1alpha1(). - TokenCredentialRequests(). + ConfigV1alpha1(). + CredentialIssuers(). Get(context.Background(), tokenCredentialRequest.Name, metav1.GetOptions{}) require.NoError(t, err) - require.Equal(t, with(goodTokenCredentialRequest, annotations(), labels()), tokenCredentialRequest) + require.Equal(t, with(goodCredentialIssuer, annotations(), labels()), tokenCredentialRequest) // update - goodTokenCredentialRequestWithAnnotationsAndLabelsAndClusterName := with(goodTokenCredentialRequest, annotations(), labels(), clusterName()).(*loginv1alpha1.TokenCredentialRequest) + goodCredentialIssuerWithAnnotationsAndLabelsAndClusterName := with(goodCredentialIssuer, annotations(), labels(), clusterName()).(*conciergeconfigv1alpha1.CredentialIssuer) tokenCredentialRequest, err = c.PinnipedConcierge. - LoginV1alpha1(). - TokenCredentialRequests(). - Update(context.Background(), goodTokenCredentialRequestWithAnnotationsAndLabelsAndClusterName, metav1.UpdateOptions{}) + ConfigV1alpha1(). + CredentialIssuers(). + Update(context.Background(), goodCredentialIssuerWithAnnotationsAndLabelsAndClusterName, metav1.UpdateOptions{}) require.NoError(t, err) - require.Equal(t, goodTokenCredentialRequestWithAnnotationsAndLabelsAndClusterName, tokenCredentialRequest) + require.Equal(t, goodCredentialIssuerWithAnnotationsAndLabelsAndClusterName, tokenCredentialRequest) // delete err = c.PinnipedConcierge. - LoginV1alpha1(). - TokenCredentialRequests(). + ConfigV1alpha1(). + CredentialIssuers(). Delete(context.Background(), tokenCredentialRequest.Name, metav1.DeleteOptions{}) require.NoError(t, err) }, wantMiddlewareReqs: [][]Object{ { - with(goodTokenCredentialRequest, gvk(tokenCredentialRequestGVK)), - with(&metav1.PartialObjectMetadata{}, gvk(tokenCredentialRequestGVK)), - with(goodTokenCredentialRequest, annotations(), labels(), clusterName(), gvk(tokenCredentialRequestGVK)), - with(&metav1.PartialObjectMetadata{}, gvk(tokenCredentialRequestGVK)), + with(goodCredentialIssuer, gvk(credentialIssuerGVK)), + with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), + with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), }, { - with(goodTokenCredentialRequest, annotations(), gvk(tokenCredentialRequestGVK)), - with(&metav1.PartialObjectMetadata{}, gvk(tokenCredentialRequestGVK)), - with(goodTokenCredentialRequest, annotations(), labels(), clusterName(), gvk(tokenCredentialRequestGVK)), - with(&metav1.PartialObjectMetadata{}, gvk(tokenCredentialRequestGVK)), + with(goodCredentialIssuer, annotations(), gvk(credentialIssuerGVK)), + with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), + with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), }, }, wantMiddlewareResps: [][]Object{ { - with(goodTokenCredentialRequest, annotations(), labels(), gvk(tokenCredentialRequestGVK)), - with(goodTokenCredentialRequest, annotations(), labels(), gvk(tokenCredentialRequestGVK)), - with(goodTokenCredentialRequest, annotations(), labels(), clusterName(), gvk(tokenCredentialRequestGVK)), + with(goodCredentialIssuer, annotations(), labels(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), }, { - with(goodTokenCredentialRequest, emptyAnnotations(), labels(), gvk(tokenCredentialRequestGVK)), - with(goodTokenCredentialRequest, annotations(), labels(), gvk(tokenCredentialRequestGVK)), - with(goodTokenCredentialRequest, annotations(), labels(), clusterName(), gvk(tokenCredentialRequestGVK)), + with(goodCredentialIssuer, emptyAnnotations(), labels(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), }, }, }, @@ -338,7 +337,7 @@ func TestKubeclient(t *testing.T) { require.Equal(t, with(goodFederationDomain, annotations(), labels()), federationDomain) // update - goodFederationDomainWithAnnotationsAndLabelsAndClusterName := with(goodFederationDomain, annotations(), labels(), clusterName()).(*configv1alpha1.FederationDomain) + goodFederationDomainWithAnnotationsAndLabelsAndClusterName := with(goodFederationDomain, annotations(), labels(), clusterName()).(*supervisorconfigv1alpha1.FederationDomain) federationDomain, err = c.PinnipedSupervisor. ConfigV1alpha1(). FederationDomains(federationDomain.Namespace). diff --git a/internal/registry/credentialrequest/rest.go b/internal/registry/credentialrequest/rest.go index 4f8cc289..a8906676 100644 --- a/internal/registry/credentialrequest/rest.go +++ b/internal/registry/credentialrequest/rest.go @@ -17,6 +17,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apiserver/pkg/authentication/user" + genericapirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" "k8s.io/utils/trace" @@ -157,6 +158,11 @@ func validateRequest(ctx context.Context, obj runtime.Object, createValidation r } } + if namespace := genericapirequest.NamespaceValue(ctx); len(namespace) != 0 { + traceValidationFailure(t, "namespace is not allowed") + return nil, apierrors.NewBadRequest(fmt.Sprintf("namespace is not allowed on TokenCredentialRequest: %v", namespace)) + } + // let dynamic admission webhooks have a chance to validate (but not mutate) as well // TODO Since we are an aggregated API, we should investigate to see if the kube API server is already invoking admission hooks for us. // Even if it is, its okay to call it again here. However, if the kube API server is already calling the webhooks and passing diff --git a/internal/registry/credentialrequest/rest_test.go b/internal/registry/credentialrequest/rest_test.go index 80e40a1b..8542b99e 100644 --- a/internal/registry/credentialrequest/rest_test.go +++ b/internal/registry/credentialrequest/rest_test.go @@ -284,6 +284,17 @@ func TestCreate(t *testing.T) { `.pinniped.dev "request name" is invalid: dryRun: Unsupported value: []string{"some dry run flag"}`) requireOneLogStatement(r, logger, `"failure" failureType:request validation,msg:dryRun not supported`) }) + + it("CreateFailsWhenNamespaceIsNotEmpty", func() { + response, err := NewREST(nil, nil, schema.GroupResource{}).Create( + genericapirequest.WithNamespace(genericapirequest.NewContext(), "some-ns"), + validCredentialRequest(), + rest.ValidateAllObjectFunc, + &metav1.CreateOptions{}) + + requireAPIError(t, response, err, apierrors.IsBadRequest, `namespace is not allowed on TokenCredentialRequest: some-ns`) + requireOneLogStatement(r, logger, `"failure" failureType:request validation,msg:namespace is not allowed`) + }) }, spec.Sequential()) } diff --git a/internal/registry/whoamirequest/rest.go b/internal/registry/whoamirequest/rest.go new file mode 100644 index 00000000..d7a54e3e --- /dev/null +++ b/internal/registry/whoamirequest/rest.go @@ -0,0 +1,131 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package whoamirequest + +import ( + "context" + "fmt" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/apiserver/pkg/authentication/authenticator" + genericapirequest "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/apiserver/pkg/registry/rest" + + identityapi "go.pinniped.dev/generated/latest/apis/concierge/identity" + identityapivalidation "go.pinniped.dev/generated/latest/apis/concierge/identity/validation" +) + +func NewREST(resource schema.GroupResource) *REST { + return &REST{ + tableConvertor: rest.NewDefaultTableConvertor(resource), + } +} + +type REST struct { + tableConvertor rest.TableConvertor +} + +// Assert that our *REST implements all the optional interfaces that we expect it to implement. +var _ interface { + rest.Creater + rest.NamespaceScopedStrategy + rest.Scoper + rest.Storage + rest.CategoriesProvider + rest.Lister +} = (*REST)(nil) + +func (*REST) New() runtime.Object { + return &identityapi.WhoAmIRequest{} +} + +func (*REST) NewList() runtime.Object { + return &identityapi.WhoAmIRequestList{} +} + +func (*REST) List(_ context.Context, _ *metainternalversion.ListOptions) (runtime.Object, error) { + return &identityapi.WhoAmIRequestList{ + ListMeta: metav1.ListMeta{ + ResourceVersion: "0", // this resource version means "from the API server cache" + }, + Items: []identityapi.WhoAmIRequest{}, // avoid sending nil items list + }, nil +} + +func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { + return r.tableConvertor.ConvertToTable(ctx, obj, tableOptions) +} + +func (*REST) NamespaceScoped() bool { + return false +} + +func (*REST) Categories() []string { + return []string{"pinniped"} +} + +func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { + whoAmIRequest, ok := obj.(*identityapi.WhoAmIRequest) + if !ok { + return nil, apierrors.NewBadRequest(fmt.Sprintf("not a WhoAmIRequest: %#v", obj)) + } + + if errs := identityapivalidation.ValidateWhoAmIRequest(whoAmIRequest); len(errs) > 0 { + return nil, apierrors.NewInvalid(identityapi.Kind(whoAmIRequest.Kind), whoAmIRequest.Name, errs) + } + + // just a sanity check, not sure how to honor a dry run on a virtual API + if options != nil { + if len(options.DryRun) != 0 { + errs := field.ErrorList{field.NotSupported(field.NewPath("dryRun"), options.DryRun, nil)} + return nil, apierrors.NewInvalid(identityapi.Kind(whoAmIRequest.Kind), whoAmIRequest.Name, errs) + } + } + + if namespace := genericapirequest.NamespaceValue(ctx); len(namespace) != 0 { + return nil, apierrors.NewBadRequest(fmt.Sprintf("namespace is not allowed on WhoAmIRequest: %v", namespace)) + } + + if createValidation != nil { + if err := createValidation(ctx, obj.DeepCopyObject()); err != nil { + return nil, err + } + } + + userInfo, ok := genericapirequest.UserFrom(ctx) + if !ok { + return nil, apierrors.NewInternalError(fmt.Errorf("no user info on request")) + } + + auds, _ := authenticator.AudiencesFrom(ctx) + + out := &identityapi.WhoAmIRequest{ + Status: identityapi.WhoAmIRequestStatus{ + KubernetesUserInfo: identityapi.KubernetesUserInfo{ + User: identityapi.UserInfo{ + Username: userInfo.GetName(), + UID: userInfo.GetUID(), + Groups: userInfo.GetGroups(), + }, + Audiences: auds, + }, + }, + } + for k, v := range userInfo.GetExtra() { + if out.Status.KubernetesUserInfo.User.Extra == nil { + out.Status.KubernetesUserInfo.User.Extra = map[string]identityapi.ExtraValue{} + } + + // this assumes no one is putting secret data in the extra field + // I think this is a safe assumption since it would leak into audit logs + out.Status.KubernetesUserInfo.User.Extra[k] = v + } + + return out, nil +} diff --git a/internal/registry/whoamirequest/rest_test.go b/internal/registry/whoamirequest/rest_test.go new file mode 100644 index 00000000..28b65041 --- /dev/null +++ b/internal/registry/whoamirequest/rest_test.go @@ -0,0 +1,211 @@ +// Copyright 2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package whoamirequest + +import ( + "context" + "errors" + "testing" + + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apiserver/pkg/authentication/authenticator" + "k8s.io/apiserver/pkg/authentication/user" + genericapirequest "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/apiserver/pkg/registry/rest" + + identityapi "go.pinniped.dev/generated/latest/apis/concierge/identity" +) + +func TestNew(t *testing.T) { + r := NewREST(schema.GroupResource{Group: "bears", Resource: "panda"}) + require.NotNil(t, r) + require.False(t, r.NamespaceScoped()) + require.Equal(t, []string{"pinniped"}, r.Categories()) + require.IsType(t, &identityapi.WhoAmIRequest{}, r.New()) + require.IsType(t, &identityapi.WhoAmIRequestList{}, r.NewList()) + + ctx := context.Background() + + // check the simple invariants of our no-op list + list, err := r.List(ctx, nil) + require.NoError(t, err) + require.NotNil(t, list) + require.IsType(t, &identityapi.WhoAmIRequestList{}, list) + require.Equal(t, "0", list.(*identityapi.WhoAmIRequestList).ResourceVersion) + require.NotNil(t, list.(*identityapi.WhoAmIRequestList).Items) + require.Len(t, list.(*identityapi.WhoAmIRequestList).Items, 0) + + // make sure we can turn lists into tables if needed + table, err := r.ConvertToTable(ctx, list, nil) + require.NoError(t, err) + require.NotNil(t, table) + require.Equal(t, "0", table.ResourceVersion) + require.Nil(t, table.Rows) + + // exercise group resource - force error by passing a runtime.Object that does not have an embedded object meta + _, err = r.ConvertToTable(ctx, &metav1.APIGroup{}, nil) + require.Error(t, err, "the resource panda.bears does not support being converted to a Table") +} + +func TestCreate(t *testing.T) { + type args struct { + ctx context.Context + obj runtime.Object + createValidation rest.ValidateObjectFunc + options *metav1.CreateOptions + } + tests := []struct { + name string + args args + want runtime.Object + wantErr string + }{ + { + name: "wrong type", + args: args{ + ctx: genericapirequest.NewContext(), + obj: &metav1.Status{}, + createValidation: nil, + options: nil, + }, + want: nil, + wantErr: `not a WhoAmIRequest: &v1.Status{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ListMeta:v1.ListMeta{SelfLink:"", ResourceVersion:"", Continue:"", RemainingItemCount:(*int64)(nil)}, Status:"", Message:"", Reason:"", Details:(*v1.StatusDetails)(nil), Code:0}`, + }, + { + name: "bad options", + args: args{ + ctx: genericapirequest.NewContext(), + obj: &identityapi.WhoAmIRequest{ + TypeMeta: metav1.TypeMeta{ + Kind: "SomeKind", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "some-name", + }, + }, + createValidation: nil, + options: &metav1.CreateOptions{DryRun: []string{"stuff"}}, + }, + want: nil, + wantErr: `SomeKind.identity.concierge.pinniped.dev "some-name" is invalid: dryRun: Unsupported value: []string{"stuff"}`, + }, + { + name: "bad namespace", + args: args{ + ctx: genericapirequest.WithNamespace(genericapirequest.NewContext(), "some-ns"), + obj: &identityapi.WhoAmIRequest{}, + createValidation: nil, + options: nil, + }, + want: nil, + wantErr: `namespace is not allowed on WhoAmIRequest: some-ns`, + }, + { + // if we add fields to spec, we need additional tests to: + // - make sure admission cannot mutate it + // - the input spec fields are validated correctly + name: "create validation failure", + args: args{ + ctx: genericapirequest.NewContext(), + obj: &identityapi.WhoAmIRequest{}, + createValidation: func(ctx context.Context, obj runtime.Object) error { + return errors.New("some-error-here") + }, + options: nil, + }, + want: nil, + wantErr: `some-error-here`, + }, + { + name: "no user info", + args: args{ + ctx: genericapirequest.NewContext(), + obj: &identityapi.WhoAmIRequest{}, + createValidation: nil, + options: nil, + }, + want: nil, + wantErr: `Internal error occurred: no user info on request`, + }, + { + name: "with user info, no auds", + args: args{ + ctx: genericapirequest.WithUser(genericapirequest.NewContext(), &user.DefaultInfo{ + Name: "bond", + UID: "007", + Groups: []string{"agents", "ops"}, + Extra: map[string][]string{ + "fan-of": {"pandas", "twizzlers"}, + "needs": {"sleep"}, + }, + }), + obj: &identityapi.WhoAmIRequest{}, + createValidation: nil, + options: nil, + }, + want: &identityapi.WhoAmIRequest{ + Status: identityapi.WhoAmIRequestStatus{ + KubernetesUserInfo: identityapi.KubernetesUserInfo{ + User: identityapi.UserInfo{ + Username: "bond", + UID: "007", + Groups: []string{"agents", "ops"}, + Extra: map[string]identityapi.ExtraValue{ + "fan-of": {"pandas", "twizzlers"}, + "needs": {"sleep"}, + }, + }, + Audiences: nil, + }, + }, + }, + wantErr: ``, + }, + { + name: "with user info and auds", + args: args{ + ctx: authenticator.WithAudiences( + genericapirequest.WithUser(genericapirequest.NewContext(), &user.DefaultInfo{ + Name: "panda", + }), + authenticator.Audiences{"gitlab", "aws"}, + ), + obj: &identityapi.WhoAmIRequest{}, + createValidation: nil, + options: nil, + }, + want: &identityapi.WhoAmIRequest{ + Status: identityapi.WhoAmIRequestStatus{ + KubernetesUserInfo: identityapi.KubernetesUserInfo{ + User: identityapi.UserInfo{ + Username: "panda", + }, + Audiences: []string{"gitlab", "aws"}, + }, + }, + }, + wantErr: ``, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + r := &REST{} + got, err := r.Create(tt.args.ctx, tt.args.obj, tt.args.createValidation, tt.args.options) + require.Equal(t, tt.wantErr, errString(err)) + require.Equal(t, tt.want, got) + }) + } +} + +func errString(err error) string { + if err == nil { + return "" + } + + return err.Error() +} diff --git a/pkg/conciergeclient/conciergeclient.go b/pkg/conciergeclient/conciergeclient.go index 87198ddf..0e5fa6f7 100644 --- a/pkg/conciergeclient/conciergeclient.go +++ b/pkg/conciergeclient/conciergeclient.go @@ -118,7 +118,7 @@ func WithAPIGroupSuffix(apiGroupSuffix string) Option { // New validates the specified options and returns a newly initialized *Client. func New(opts ...Option) (*Client, error) { - c := Client{apiGroupSuffix: "pinniped.dev"} + c := Client{apiGroupSuffix: groupsuffix.PinnipedDefaultSuffix} for _, opt := range opts { if err := opt(&c); err != nil { return nil, err diff --git a/test/integration/category_test.go b/test/integration/category_test.go index a6957567..e8edc7bd 100644 --- a/test/integration/category_test.go +++ b/test/integration/category_test.go @@ -45,6 +45,8 @@ func TestGetPinnipedCategory(t *testing.T) { require.Contains(t, stdErr.String(), `"kind":"Table"`) require.Contains(t, stdErr.String(), `"resourceVersion":"0"`) + require.Contains(t, stdErr.String(), `/v1alpha1/tokencredentialrequests`) + require.Contains(t, stdErr.String(), `/v1alpha1/whoamirequests`) }) t.Run("list, no special params", func(t *testing.T) { @@ -78,7 +80,7 @@ func TestGetPinnipedCategory(t *testing.T) { require.Contains(t, stdErr.String(), `"resourceVersion":"0"`) }) - t.Run("raw request to see body", func(t *testing.T) { + t.Run("raw request to see body, token cred", func(t *testing.T) { var stdOut, stdErr bytes.Buffer //nolint: gosec // input is part of test env @@ -93,4 +95,20 @@ func TestGetPinnipedCategory(t *testing.T) { require.Contains(t, stdOut.String(), `{"kind":"TokenCredentialRequestList","apiVersion":"login.concierge`+ dotSuffix+`/v1alpha1","metadata":{"resourceVersion":"0"},"items":[]}`) }) + + t.Run("raw request to see body, whoami", func(t *testing.T) { + var stdOut, stdErr bytes.Buffer + + //nolint: gosec // input is part of test env + cmd := exec.Command("kubectl", "get", "--raw", "/apis/identity.concierge"+dotSuffix+"/v1alpha1/whoamirequests") + cmd.Stdout = &stdOut + cmd.Stderr = &stdErr + err := cmd.Run() + require.NoError(t, err, stdErr.String(), stdOut.String()) + require.Empty(t, stdErr.String()) + + require.NotContains(t, stdOut.String(), "MethodNotAllowed") + require.Contains(t, stdOut.String(), `{"kind":"WhoAmIRequestList","apiVersion":"identity.concierge`+ + dotSuffix+`/v1alpha1","metadata":{"resourceVersion":"0"},"items":[]}`) + }) } diff --git a/test/integration/e2e_test.go b/test/integration/e2e_test.go index e0b2cc75..6ffdf0b9 100644 --- a/test/integration/e2e_test.go +++ b/test/integration/e2e_test.go @@ -303,4 +303,37 @@ func TestE2EFullIntegration(t *testing.T) { expectedGroups = append(expectedGroups, g) } require.Equal(t, expectedGroups, idTokenClaims[oidc.DownstreamGroupsClaim]) + + // confirm we are the right user according to Kube + expectedYAMLGroups := func() string { + var b strings.Builder + for _, g := range env.SupervisorTestUpstream.ExpectedGroups { + b.WriteString("\n") + b.WriteString(` - `) + b.WriteString(g) + } + return b.String() + }() + kubectlCmd3 := exec.CommandContext(ctx, "kubectl", "create", "-f", "-", "-o", "yaml", "--kubeconfig", kubeconfigPath) + kubectlCmd3.Env = append(os.Environ(), env.ProxyEnv()...) + kubectlCmd3.Stdin = strings.NewReader(` +apiVersion: identity.concierge.` + env.APIGroupSuffix + `/v1alpha1 +kind: WhoAmIRequest +`) + kubectlOutput3, err := kubectlCmd3.CombinedOutput() + require.NoError(t, err) + require.Equal(t, + `apiVersion: identity.concierge.`+env.APIGroupSuffix+`/v1alpha1 +kind: WhoAmIRequest +metadata: + creationTimestamp: null +spec: {} +status: + kubernetesUserInfo: + user: + groups:`+expectedYAMLGroups+` + - system:authenticated + username: `+env.SupervisorTestUpstream.Username+` +`, + string(kubectlOutput3)) } diff --git a/test/integration/kube_api_discovery_test.go b/test/integration/kube_api_discovery_test.go index c7783b81..b7a652a2 100644 --- a/test/integration/kube_api_discovery_test.go +++ b/test/integration/kube_api_discovery_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/discovery" "go.pinniped.dev/test/library" @@ -44,6 +45,7 @@ func TestGetAPIResourceList(t *testing.T) { } } loginConciergeGV := makeGV("login", "concierge") + identityConciergeGV := makeGV("identity", "concierge") authenticationConciergeGV := makeGV("authentication", "concierge") configConciergeGV := makeGV("config", "concierge") idpSupervisorGV := makeGV("idp", "supervisor") @@ -79,6 +81,32 @@ func TestGetAPIResourceList(t *testing.T) { }, }, }, + { + group: metav1.APIGroup{ + Name: identityConciergeGV.Group, + Versions: []metav1.GroupVersionForDiscovery{ + { + GroupVersion: identityConciergeGV.String(), + Version: identityConciergeGV.Version, + }, + }, + PreferredVersion: metav1.GroupVersionForDiscovery{ + GroupVersion: identityConciergeGV.String(), + Version: identityConciergeGV.Version, + }, + }, + resourceByVersion: map[string][]metav1.APIResource{ + identityConciergeGV.String(): { + { + Name: "whoamirequests", + Kind: "WhoAmIRequest", + Verbs: []string{"create", "list"}, + Namespaced: false, + Categories: []string{"pinniped"}, + }, + }, + }, + }, { group: metav1.APIGroup{ Name: configSupervisorGV.Group, @@ -280,6 +308,8 @@ func TestGetAPIResourceList(t *testing.T) { t.Run("every API has a status subresource", func(t *testing.T) { t.Parallel() + aggregatedAPIs := sets.NewString("tokencredentialrequests", "whoamirequests") + var regular, status []string for _, r := range resources { @@ -288,8 +318,8 @@ func TestGetAPIResourceList(t *testing.T) { } for _, a := range r.APIResources { - if a.Name == "tokencredentialrequests" { - continue // our special aggregated API with its own magical properties + if aggregatedAPIs.Has(a.Name) { + continue // skip our special aggregated APIs with their own magical properties } if strings.HasSuffix(a.Name, "/status") { diff --git a/test/integration/whoami_test.go b/test/integration/whoami_test.go new file mode 100644 index 00000000..de478f52 --- /dev/null +++ b/test/integration/whoami_test.go @@ -0,0 +1,453 @@ +// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +package integration + +import ( + "context" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "testing" + "time" + + "github.com/stretchr/testify/require" + authenticationv1 "k8s.io/api/authentication/v1" + certificatesv1 "k8s.io/api/certificates/v1" + certificatesv1beta1 "k8s.io/api/certificates/v1beta1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/rest" + "k8s.io/client-go/util/cert" + "k8s.io/client-go/util/certificate/csr" + "k8s.io/client-go/util/keyutil" + + identityv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/identity/v1alpha1" + "go.pinniped.dev/test/library" +) + +func TestWhoAmI_Kubeadm(t *testing.T) { + // use the cluster signing key being available as a proxy for this being a kubeadm cluster + // we should add more robust logic around skipping clusters based on vendor + _ = library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + whoAmI, err := library.NewConciergeClientset(t).IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + // this user info is based off of the bootstrap cert user created by kubeadm + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "kubernetes-admin", + Groups: []string{ + "system:masters", + "system:authenticated", + }, + }, + }, + }, + }, + whoAmI, + ) +} + +func TestWhoAmI_ServiceAccount_Legacy(t *testing.T) { + _ = library.IntegrationEnv(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + kubeClient := library.NewKubernetesClientset(t).CoreV1() + + ns, err := kubeClient.Namespaces().Create(ctx, &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-whoami-", + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + defer func() { + if t.Failed() { + return + } + err := kubeClient.Namespaces().Delete(ctx, ns.Name, metav1.DeleteOptions{}) + require.NoError(t, err) + }() + + sa, err := kubeClient.ServiceAccounts(ns.Name).Create(ctx, &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-whoami-", + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + secret, err := kubeClient.Secrets(ns.Name).Create(ctx, &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-whoami-", + Annotations: map[string]string{ + corev1.ServiceAccountNameKey: sa.Name, + }, + }, + Type: corev1.SecretTypeServiceAccountToken, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + library.RequireEventuallyWithoutError(t, func() (bool, error) { + secret, err = kubeClient.Secrets(ns.Name).Get(ctx, secret.Name, metav1.GetOptions{}) + if err != nil { + return false, err + } + return len(secret.Data[corev1.ServiceAccountTokenKey]) > 0, nil + }, 30*time.Second, time.Second) + + saConfig := library.NewAnonymousClientRestConfig(t) + saConfig.BearerToken = string(secret.Data[corev1.ServiceAccountTokenKey]) + + whoAmI, err := library.NewKubeclient(t, saConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + // legacy service account tokens do not have any extra info + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "system:serviceaccount:" + ns.Name + ":" + sa.Name, + UID: "", // aggregation drops UID: https://github.com/kubernetes/kubernetes/issues/93699 + Groups: []string{ + "system:serviceaccounts", + "system:serviceaccounts:" + ns.Name, + "system:authenticated", + }, + }, + }, + }, + }, + whoAmI, + ) +} + +func TestWhoAmI_ServiceAccount_TokenRequest(t *testing.T) { + _ = library.IntegrationEnv(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + kubeClient := library.NewKubernetesClientset(t).CoreV1() + + ns, err := kubeClient.Namespaces().Create(ctx, &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-whoami-", + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + defer func() { + if t.Failed() { + return + } + err := kubeClient.Namespaces().Delete(ctx, ns.Name, metav1.DeleteOptions{}) + require.NoError(t, err) + }() + + sa, err := kubeClient.ServiceAccounts(ns.Name).Create(ctx, &corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-whoami-", + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + _, tokenRequestProbeErr := kubeClient.ServiceAccounts(ns.Name).CreateToken(ctx, sa.Name, &authenticationv1.TokenRequest{}, metav1.CreateOptions{}) + if errors.IsNotFound(tokenRequestProbeErr) && tokenRequestProbeErr.Error() == "the server could not find the requested resource" { + return // stop test early since the token request API is not enabled on this cluster - other errors are caught below + } + + pod, err := kubeClient.Pods(ns.Name).Create(ctx, &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "test-whoami-", + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "ignored-but-required", + Image: "does-not-matter", + }, + }, + ServiceAccountName: sa.Name, + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + tokenRequestBadAudience, err := kubeClient.ServiceAccounts(ns.Name).CreateToken(ctx, sa.Name, &authenticationv1.TokenRequest{ + Spec: authenticationv1.TokenRequestSpec{ + Audiences: []string{"should-fail-because-wrong-audience"}, // anything that is not an API server audience + BoundObjectRef: &authenticationv1.BoundObjectReference{ + Kind: "Pod", + APIVersion: "", + Name: pod.Name, + UID: pod.UID, + }, + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + saBadAudConfig := library.NewAnonymousClientRestConfig(t) + saBadAudConfig.BearerToken = tokenRequestBadAudience.Status.Token + + _, badAudErr := library.NewKubeclient(t, saBadAudConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.True(t, errors.IsUnauthorized(badAudErr), library.Sdump(badAudErr)) + + tokenRequest, err := kubeClient.ServiceAccounts(ns.Name).CreateToken(ctx, sa.Name, &authenticationv1.TokenRequest{ + Spec: authenticationv1.TokenRequestSpec{ + Audiences: []string{}, + BoundObjectRef: &authenticationv1.BoundObjectReference{ + Kind: "Pod", + APIVersion: "", + Name: pod.Name, + UID: pod.UID, + }, + }, + }, metav1.CreateOptions{}) + require.NoError(t, err) + + saTokenReqConfig := library.NewAnonymousClientRestConfig(t) + saTokenReqConfig.BearerToken = tokenRequest.Status.Token + + whoAmITokenReq, err := library.NewKubeclient(t, saTokenReqConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + // new service account tokens include the pod info in the extra fields + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "system:serviceaccount:" + ns.Name + ":" + sa.Name, + UID: "", // aggregation drops UID: https://github.com/kubernetes/kubernetes/issues/93699 + Groups: []string{ + "system:serviceaccounts", + "system:serviceaccounts:" + ns.Name, + "system:authenticated", + }, + Extra: map[string]identityv1alpha1.ExtraValue{ + "authentication.kubernetes.io/pod-name": {pod.Name}, + "authentication.kubernetes.io/pod-uid": {string(pod.UID)}, + }, + }, + }, + }, + }, + whoAmITokenReq, + ) +} + +func TestWhoAmI_CSR(t *testing.T) { + // use the cluster signing key being available as a proxy for this not being an EKS cluster + // we should add more robust logic around skipping clusters based on vendor + _ = library.IntegrationEnv(t).WithCapability(library.ClusterSigningKeyIsAvailable) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + kubeClient := library.NewKubernetesClientset(t) + + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + require.NoError(t, err) + + der, err := x509.MarshalECPrivateKey(privateKey) + require.NoError(t, err) + + keyPEM := pem.EncodeToMemory(&pem.Block{Type: keyutil.ECPrivateKeyBlockType, Bytes: der}) + + csrPEM, err := cert.MakeCSR(privateKey, &pkix.Name{ + CommonName: "panda-man", + Organization: []string{"living-the-dream", "need-more-sleep"}, + }, nil, nil) + require.NoError(t, err) + + csrName, csrUID, err := csr.RequestCertificate( + kubeClient, + csrPEM, + "", + certificatesv1.KubeAPIServerClientSignerName, + []certificatesv1.KeyUsage{certificatesv1.UsageClientAuth}, + privateKey, + ) + require.NoError(t, err) + + defer func() { + if t.Failed() { + return + } + err := kubeClient.CertificatesV1beta1().CertificateSigningRequests().Delete(ctx, csrName, metav1.DeleteOptions{}) + require.NoError(t, err) + }() + + // this is a blind update with no resource version checks, which is only safe during tests + // use the beta CSR API to support older clusters + _, err = kubeClient.CertificatesV1beta1().CertificateSigningRequests().UpdateApproval(ctx, &certificatesv1beta1.CertificateSigningRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: csrName, + }, + Status: certificatesv1beta1.CertificateSigningRequestStatus{ + Conditions: []certificatesv1beta1.CertificateSigningRequestCondition{ + { + Type: certificatesv1beta1.CertificateApproved, + Status: corev1.ConditionTrue, + Reason: "WhoAmICSRTest", + }, + }, + }, + }, metav1.UpdateOptions{}) + require.NoError(t, err) + + crtPEM, err := csr.WaitForCertificate(ctx, kubeClient, csrName, csrUID) + require.NoError(t, err) + + csrConfig := library.NewAnonymousClientRestConfig(t) + csrConfig.CertData = crtPEM + csrConfig.KeyData = keyPEM + + whoAmI, err := library.NewKubeclient(t, csrConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "panda-man", + Groups: []string{ + "need-more-sleep", + "living-the-dream", + "system:authenticated", + }, + }, + }, + }, + }, + whoAmI, + ) +} + +func TestWhoAmI_Anonymous(t *testing.T) { + _ = library.IntegrationEnv(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + anonymousConfig := library.NewAnonymousClientRestConfig(t) + + whoAmI, err := library.NewKubeclient(t, anonymousConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + // this also asserts that all users, even unauthenticated ones, can call this API when anonymous is enabled + // this test will need to be skipped when we start running the integration tests against AKS clusters + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "system:anonymous", + Groups: []string{ + "system:unauthenticated", + }, + }, + }, + }, + }, + whoAmI, + ) +} + +func TestWhoAmI_ImpersonateDirectly(t *testing.T) { + _ = library.IntegrationEnv(t) + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + impersonationConfig := library.NewClientConfig(t) + impersonationConfig.Impersonate = rest.ImpersonationConfig{ + UserName: "solaire", + // need to impersonate system:authenticated directly to support older clusters otherwise we will get RBAC errors below + Groups: []string{"astora", "lordran", "system:authenticated"}, + Extra: map[string][]string{ + "covenant": {"warrior-of-sunlight"}, + "loves": {"sun", "co-op"}, + }, + } + + whoAmI, err := library.NewKubeclient(t, impersonationConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "solaire", + UID: "", // no way to impersonate UID: https://github.com/kubernetes/kubernetes/issues/93699 + Groups: []string{ + "astora", + "lordran", + "system:authenticated", // impersonation will add this implicitly but only in newer clusters + }, + Extra: map[string]identityv1alpha1.ExtraValue{ + "covenant": {"warrior-of-sunlight"}, + "loves": {"sun", "co-op"}, + }, + }, + }, + }, + }, + whoAmI, + ) + + impersonationAnonymousConfig := library.NewClientConfig(t) + impersonationAnonymousConfig.Impersonate.UserName = "system:anonymous" + // need to impersonate system:unauthenticated directly to support older clusters otherwise we will get RBAC errors below + impersonationAnonymousConfig.Impersonate.Groups = []string{"system:unauthenticated"} + + whoAmIAnonymous, err := library.NewKubeclient(t, impersonationAnonymousConfig).PinnipedConcierge.IdentityV1alpha1().WhoAmIRequests(). + Create(ctx, &identityv1alpha1.WhoAmIRequest{}, metav1.CreateOptions{}) + require.NoError(t, err) + + require.Equal(t, + &identityv1alpha1.WhoAmIRequest{ + Status: identityv1alpha1.WhoAmIRequestStatus{ + KubernetesUserInfo: identityv1alpha1.KubernetesUserInfo{ + User: identityv1alpha1.UserInfo{ + Username: "system:anonymous", + Groups: []string{ + "system:unauthenticated", // impersonation will add this implicitly but only in newer clusters + }, + }, + }, + }, + }, + whoAmIAnonymous, + ) +} + +func TestWhoAmI_ImpersonateViaProxy(t *testing.T) { + _ = library.IntegrationEnv(t) + + // TODO: add this test after the impersonation proxy is done + // this should test all forms of auth understood by the proxy (certs, SA token, token cred req, anonymous, etc) + // remember that impersonation does not support UID: https://github.com/kubernetes/kubernetes/issues/93699 +} diff --git a/test/library/client.go b/test/library/client.go index 6d7facb6..8e90c424 100644 --- a/test/library/client.go +++ b/test/library/client.go @@ -72,25 +72,25 @@ func NewClientsetWithCertAndKey(t *testing.T, clientCertificateData, clientKeyDa func NewKubernetesClientset(t *testing.T) kubernetes.Interface { t.Helper() - return newKubeclient(t, NewClientConfig(t)).Kubernetes + return NewKubeclient(t, NewClientConfig(t)).Kubernetes } func NewSupervisorClientset(t *testing.T) supervisorclientset.Interface { t.Helper() - return newKubeclient(t, NewClientConfig(t)).PinnipedSupervisor + return NewKubeclient(t, NewClientConfig(t)).PinnipedSupervisor } func NewConciergeClientset(t *testing.T) conciergeclientset.Interface { t.Helper() - return newKubeclient(t, NewClientConfig(t)).PinnipedConcierge + return NewKubeclient(t, NewClientConfig(t)).PinnipedConcierge } func NewAnonymousConciergeClientset(t *testing.T) conciergeclientset.Interface { t.Helper() - return newKubeclient(t, newAnonymousClientRestConfig(t)).PinnipedConcierge + return NewKubeclient(t, NewAnonymousClientRestConfig(t)).PinnipedConcierge } func NewAggregatedClientset(t *testing.T) aggregatorclient.Interface { @@ -118,7 +118,7 @@ func newClientsetWithConfig(t *testing.T, config *rest.Config) kubernetes.Interf } // Returns a rest.Config without any user authentication info. -func newAnonymousClientRestConfig(t *testing.T) *rest.Config { +func NewAnonymousClientRestConfig(t *testing.T) *rest.Config { t.Helper() return rest.AnonymousClientConfig(NewClientConfig(t)) @@ -128,13 +128,13 @@ func newAnonymousClientRestConfig(t *testing.T) *rest.Config { func newAnonymousClientRestConfigWithCertAndKeyAdded(t *testing.T, clientCertificateData, clientKeyData string) *rest.Config { t.Helper() - config := newAnonymousClientRestConfig(t) + config := NewAnonymousClientRestConfig(t) config.CertData = []byte(clientCertificateData) config.KeyData = []byte(clientKeyData) return config } -func newKubeclient(t *testing.T, config *rest.Config) *kubeclient.Client { +func NewKubeclient(t *testing.T, config *rest.Config) *kubeclient.Client { t.Helper() env := IntegrationEnv(t) client, err := kubeclient.New(