Add spec.tls
field to UpstreamOIDCProvider API.
This allows for a custom CA bundle to be used when connecting to the upstream issuer. Signed-off-by: Matt Moyer <moyerm@vmware.com>
This commit is contained in:
parent
b17ac6ec0b
commit
e867fb82b9
11
apis/supervisor/idp/v1alpha1/types_tls.go.tmpl
Normal file
11
apis/supervisor/idp/v1alpha1/types_tls.go.tmpl
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Configuration for TLS parameters related to identity provider integration.
|
||||||
|
type TLSSpec struct {
|
||||||
|
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
// +optional
|
||||||
|
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
||||||
|
}
|
@ -75,6 +75,10 @@ type UpstreamOIDCProviderSpec struct {
|
|||||||
// +kubebuilder:validation:Pattern=`^https://`
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
|
|
||||||
|
// TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
|
||||||
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
||||||
// parameters to be used with this OIDC identity provider.
|
// parameters to be used with this OIDC identity provider.
|
||||||
// +optional
|
// +optional
|
||||||
|
@ -98,6 +98,15 @@ spec:
|
|||||||
minLength: 1
|
minLength: 1
|
||||||
pattern: ^https://
|
pattern: ^https://
|
||||||
type: string
|
type: string
|
||||||
|
tls:
|
||||||
|
description: TLS configuration for discovery/JWKS requests to the
|
||||||
|
issuer.
|
||||||
|
properties:
|
||||||
|
certificateAuthorityData:
|
||||||
|
description: X.509 Certificate Authority (base64-encoded PEM bundle).
|
||||||
|
If omitted, a default set of system roots will be trusted.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- client
|
- client
|
||||||
- issuer
|
- issuer
|
||||||
|
18
generated/1.17/README.adoc
generated
18
generated/1.17/README.adoc
generated
@ -373,6 +373,23 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client
|
|||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-tlsspec"]
|
||||||
|
==== TLSSpec
|
||||||
|
|
||||||
|
Configuration for TLS parameters related to identity provider integration.
|
||||||
|
|
||||||
|
.Appears In:
|
||||||
|
****
|
||||||
|
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$]
|
||||||
|
****
|
||||||
|
|
||||||
|
[cols="25a,75a", options="header"]
|
||||||
|
|===
|
||||||
|
| Field | Description
|
||||||
|
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
|===
|
||||||
|
|
||||||
|
|
||||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"]
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"]
|
||||||
==== UpstreamOIDCProvider
|
==== UpstreamOIDCProvider
|
||||||
|
|
||||||
@ -409,6 +426,7 @@ Spec for configuring an OIDC identity provider.
|
|||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
|
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
|
||||||
|
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig[$$OIDCAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
|
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig[$$OIDCAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
|
||||||
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcclaims[$$OIDCClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
|
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcclaims[$$OIDCClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
|
||||||
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcclient[$$OIDCClient$$]__ | OIDCClient contains OIDC client information to be used used with this OIDC identity provider.
|
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-17-apis-supervisor-idp-v1alpha1-oidcclient[$$OIDCClient$$]__ | OIDCClient contains OIDC client information to be used used with this OIDC identity provider.
|
||||||
|
11
generated/1.17/apis/supervisor/idp/v1alpha1/types_tls.go
generated
Normal file
11
generated/1.17/apis/supervisor/idp/v1alpha1/types_tls.go
generated
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Configuration for TLS parameters related to identity provider integration.
|
||||||
|
type TLSSpec struct {
|
||||||
|
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
// +optional
|
||||||
|
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
||||||
|
}
|
@ -75,6 +75,10 @@ type UpstreamOIDCProviderSpec struct {
|
|||||||
// +kubebuilder:validation:Pattern=`^https://`
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
|
|
||||||
|
// TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
|
||||||
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
||||||
// parameters to be used with this OIDC identity provider.
|
// parameters to be used with this OIDC identity provider.
|
||||||
// +optional
|
// +optional
|
||||||
|
@ -81,6 +81,22 @@ func (in *OIDCClient) DeepCopy() *OIDCClient {
|
|||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *TLSSpec) DeepCopyInto(out *TLSSpec) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
|
||||||
|
func (in *TLSSpec) DeepCopy() *TLSSpec {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(TLSSpec)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) {
|
func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@ -145,6 +161,11 @@ func (in *UpstreamOIDCProviderList) DeepCopyObject() runtime.Object {
|
|||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) {
|
func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
if in.TLS != nil {
|
||||||
|
in, out := &in.TLS, &out.TLS
|
||||||
|
*out = new(TLSSpec)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
||||||
out.Claims = in.Claims
|
out.Claims = in.Claims
|
||||||
out.Client = in.Client
|
out.Client = in.Client
|
||||||
|
@ -98,6 +98,15 @@ spec:
|
|||||||
minLength: 1
|
minLength: 1
|
||||||
pattern: ^https://
|
pattern: ^https://
|
||||||
type: string
|
type: string
|
||||||
|
tls:
|
||||||
|
description: TLS configuration for discovery/JWKS requests to the
|
||||||
|
issuer.
|
||||||
|
properties:
|
||||||
|
certificateAuthorityData:
|
||||||
|
description: X.509 Certificate Authority (base64-encoded PEM bundle).
|
||||||
|
If omitted, a default set of system roots will be trusted.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- client
|
- client
|
||||||
- issuer
|
- issuer
|
||||||
|
18
generated/1.18/README.adoc
generated
18
generated/1.18/README.adoc
generated
@ -373,6 +373,23 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client
|
|||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-tlsspec"]
|
||||||
|
==== TLSSpec
|
||||||
|
|
||||||
|
Configuration for TLS parameters related to identity provider integration.
|
||||||
|
|
||||||
|
.Appears In:
|
||||||
|
****
|
||||||
|
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$]
|
||||||
|
****
|
||||||
|
|
||||||
|
[cols="25a,75a", options="header"]
|
||||||
|
|===
|
||||||
|
| Field | Description
|
||||||
|
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
|===
|
||||||
|
|
||||||
|
|
||||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"]
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"]
|
||||||
==== UpstreamOIDCProvider
|
==== UpstreamOIDCProvider
|
||||||
|
|
||||||
@ -409,6 +426,7 @@ Spec for configuring an OIDC identity provider.
|
|||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
|
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
|
||||||
|
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig[$$OIDCAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
|
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig[$$OIDCAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
|
||||||
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcclaims[$$OIDCClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
|
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcclaims[$$OIDCClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
|
||||||
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcclient[$$OIDCClient$$]__ | OIDCClient contains OIDC client information to be used used with this OIDC identity provider.
|
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-supervisor-idp-v1alpha1-oidcclient[$$OIDCClient$$]__ | OIDCClient contains OIDC client information to be used used with this OIDC identity provider.
|
||||||
|
11
generated/1.18/apis/supervisor/idp/v1alpha1/types_tls.go
generated
Normal file
11
generated/1.18/apis/supervisor/idp/v1alpha1/types_tls.go
generated
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Configuration for TLS parameters related to identity provider integration.
|
||||||
|
type TLSSpec struct {
|
||||||
|
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
// +optional
|
||||||
|
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
||||||
|
}
|
@ -75,6 +75,10 @@ type UpstreamOIDCProviderSpec struct {
|
|||||||
// +kubebuilder:validation:Pattern=`^https://`
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
|
|
||||||
|
// TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
|
||||||
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
||||||
// parameters to be used with this OIDC identity provider.
|
// parameters to be used with this OIDC identity provider.
|
||||||
// +optional
|
// +optional
|
||||||
|
@ -81,6 +81,22 @@ func (in *OIDCClient) DeepCopy() *OIDCClient {
|
|||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *TLSSpec) DeepCopyInto(out *TLSSpec) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
|
||||||
|
func (in *TLSSpec) DeepCopy() *TLSSpec {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(TLSSpec)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) {
|
func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@ -145,6 +161,11 @@ func (in *UpstreamOIDCProviderList) DeepCopyObject() runtime.Object {
|
|||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) {
|
func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
if in.TLS != nil {
|
||||||
|
in, out := &in.TLS, &out.TLS
|
||||||
|
*out = new(TLSSpec)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
||||||
out.Claims = in.Claims
|
out.Claims = in.Claims
|
||||||
out.Client = in.Client
|
out.Client = in.Client
|
||||||
|
@ -98,6 +98,15 @@ spec:
|
|||||||
minLength: 1
|
minLength: 1
|
||||||
pattern: ^https://
|
pattern: ^https://
|
||||||
type: string
|
type: string
|
||||||
|
tls:
|
||||||
|
description: TLS configuration for discovery/JWKS requests to the
|
||||||
|
issuer.
|
||||||
|
properties:
|
||||||
|
certificateAuthorityData:
|
||||||
|
description: X.509 Certificate Authority (base64-encoded PEM bundle).
|
||||||
|
If omitted, a default set of system roots will be trusted.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- client
|
- client
|
||||||
- issuer
|
- issuer
|
||||||
|
18
generated/1.19/README.adoc
generated
18
generated/1.19/README.adoc
generated
@ -373,6 +373,23 @@ OIDCClient contains information about an OIDC client (e.g., client ID and client
|
|||||||
|===
|
|===
|
||||||
|
|
||||||
|
|
||||||
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-tlsspec"]
|
||||||
|
==== TLSSpec
|
||||||
|
|
||||||
|
Configuration for TLS parameters related to identity provider integration.
|
||||||
|
|
||||||
|
.Appears In:
|
||||||
|
****
|
||||||
|
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcproviderspec[$$UpstreamOIDCProviderSpec$$]
|
||||||
|
****
|
||||||
|
|
||||||
|
[cols="25a,75a", options="header"]
|
||||||
|
|===
|
||||||
|
| Field | Description
|
||||||
|
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
|===
|
||||||
|
|
||||||
|
|
||||||
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"]
|
[id="{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-upstreamoidcprovider"]
|
||||||
==== UpstreamOIDCProvider
|
==== UpstreamOIDCProvider
|
||||||
|
|
||||||
@ -409,6 +426,7 @@ Spec for configuring an OIDC identity provider.
|
|||||||
|===
|
|===
|
||||||
| Field | Description
|
| Field | Description
|
||||||
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
|
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
|
||||||
|
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig[$$OIDCAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
|
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcauthorizationconfig[$$OIDCAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
|
||||||
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcclaims[$$OIDCClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
|
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcclaims[$$OIDCClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
|
||||||
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcclient[$$OIDCClient$$]__ | OIDCClient contains OIDC client information to be used used with this OIDC identity provider.
|
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-19-apis-supervisor-idp-v1alpha1-oidcclient[$$OIDCClient$$]__ | OIDCClient contains OIDC client information to be used used with this OIDC identity provider.
|
||||||
|
11
generated/1.19/apis/supervisor/idp/v1alpha1/types_tls.go
generated
Normal file
11
generated/1.19/apis/supervisor/idp/v1alpha1/types_tls.go
generated
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package v1alpha1
|
||||||
|
|
||||||
|
// Configuration for TLS parameters related to identity provider integration.
|
||||||
|
type TLSSpec struct {
|
||||||
|
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|
||||||
|
// +optional
|
||||||
|
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
|
||||||
|
}
|
@ -75,6 +75,10 @@ type UpstreamOIDCProviderSpec struct {
|
|||||||
// +kubebuilder:validation:Pattern=`^https://`
|
// +kubebuilder:validation:Pattern=`^https://`
|
||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
|
|
||||||
|
// TLS configuration for discovery/JWKS requests to the issuer.
|
||||||
|
// +optional
|
||||||
|
TLS *TLSSpec `json:"tls,omitempty"`
|
||||||
|
|
||||||
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
// AuthorizationConfig holds information about how to form the OAuth2 authorization request
|
||||||
// parameters to be used with this OIDC identity provider.
|
// parameters to be used with this OIDC identity provider.
|
||||||
// +optional
|
// +optional
|
||||||
|
@ -81,6 +81,22 @@ func (in *OIDCClient) DeepCopy() *OIDCClient {
|
|||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *TLSSpec) DeepCopyInto(out *TLSSpec) {
|
||||||
|
*out = *in
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
|
||||||
|
func (in *TLSSpec) DeepCopy() *TLSSpec {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(TLSSpec)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) {
|
func (in *UpstreamOIDCProvider) DeepCopyInto(out *UpstreamOIDCProvider) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@ -145,6 +161,11 @@ func (in *UpstreamOIDCProviderList) DeepCopyObject() runtime.Object {
|
|||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) {
|
func (in *UpstreamOIDCProviderSpec) DeepCopyInto(out *UpstreamOIDCProviderSpec) {
|
||||||
*out = *in
|
*out = *in
|
||||||
|
if in.TLS != nil {
|
||||||
|
in, out := &in.TLS, &out.TLS
|
||||||
|
*out = new(TLSSpec)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
|
||||||
out.Claims = in.Claims
|
out.Claims = in.Claims
|
||||||
out.Client = in.Client
|
out.Client = in.Client
|
||||||
|
@ -98,6 +98,15 @@ spec:
|
|||||||
minLength: 1
|
minLength: 1
|
||||||
pattern: ^https://
|
pattern: ^https://
|
||||||
type: string
|
type: string
|
||||||
|
tls:
|
||||||
|
description: TLS configuration for discovery/JWKS requests to the
|
||||||
|
issuer.
|
||||||
|
properties:
|
||||||
|
certificateAuthorityData:
|
||||||
|
description: X.509 Certificate Authority (base64-encoded PEM bundle).
|
||||||
|
If omitted, a default set of system roots will be trusted.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
required:
|
required:
|
||||||
- client
|
- client
|
||||||
- issuer
|
- issuer
|
||||||
|
Loading…
Reference in New Issue
Block a user