Rename the IdentityProvider field to Authenticator in TokenCredentialRequest.

Signed-off-by: Matt Moyer <moyerm@vmware.com>

apis/concierge/login/types_token.go.tmpl

@@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference
 }
 
 type TokenCredentialRequestStatus struct {

apis/concierge/login/v1alpha1/types_token.go.tmpl

@@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string `json:"token,omitempty"`
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
 }
 
 // TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

generated/1.17/README.adoc

@@ -328,7 +328,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
 |===
 | Field | Description
 | *`token`* __string__ | Bearer token supplied with the credential request.
-| *`identityProvider`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an identity provider which can fulfill this credential request.
+| *`authenticator`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an authenticator which can validate this credential request.
 |===
 
 

generated/1.17/apis/concierge/login/types_token.go

@@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference
 }
 
 type TokenCredentialRequestStatus struct {

generated/1.17/apis/concierge/login/v1alpha1/types_token.go

@@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string `json:"token,omitempty"`
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
 }
 
 // TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

generated/1.17/apis/concierge/login/v1alpha1/zz_generated.conversion.go

@@ -157,7 +157,7 @@ func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequest
 
 func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
 	out.Token = in.Token
-	out.IdentityProvider = in.IdentityProvider
+	out.Authenticator = in.Authenticator
 	return nil
 }
 
@@ -168,7 +168,7 @@ func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequest
 
 func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
 	out.Token = in.Token
-	out.IdentityProvider = in.IdentityProvider
+	out.Authenticator = in.Authenticator
 	return nil
 }
 

generated/1.17/apis/concierge/login/v1alpha1/zz_generated.deepcopy.go

@@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
 	*out = *in
-	in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
+	in.Authenticator.DeepCopyInto(&out.Authenticator)
 	return
 }
 

generated/1.17/apis/concierge/login/zz_generated.deepcopy.go

@@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
 	*out = *in
-	in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
+	in.Authenticator.DeepCopyInto(&out.Authenticator)
 	return
 }
 

generated/1.17/client/openapi/zz_generated.openapi.go

@@ -476,14 +476,14 @@ func schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref common.
 							Format:      "",
 						},
 					},
-					"identityProvider": {
+					"authenticator": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Reference to an identity provider which can fulfill this credential request.",
+							Description: "Reference to an authenticator which can validate this credential request.",
 							Ref:         ref("k8s.io/api/core/v1.TypedLocalObjectReference"),
 						},
 					},
 				},
-				Required: []string{"identityProvider"},
+				Required: []string{"authenticator"},
 			},
 		},
 		Dependencies: []string{

generated/1.18/README.adoc

@@ -328,7 +328,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
 |===
 | Field | Description
 | *`token`* __string__ | Bearer token supplied with the credential request.
-| *`identityProvider`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an identity provider which can fulfill this credential request.
+| *`authenticator`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an authenticator which can validate this credential request.
 |===
 
 

generated/1.18/apis/concierge/login/types_token.go

@@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference
 }
 
 type TokenCredentialRequestStatus struct {

generated/1.18/apis/concierge/login/v1alpha1/types_token.go

@@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string `json:"token,omitempty"`
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
 }
 
 // TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

generated/1.18/apis/concierge/login/v1alpha1/zz_generated.conversion.go

@@ -157,7 +157,7 @@ func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequest
 
 func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
 	out.Token = in.Token
-	out.IdentityProvider = in.IdentityProvider
+	out.Authenticator = in.Authenticator
 	return nil
 }
 
@@ -168,7 +168,7 @@ func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequest
 
 func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
 	out.Token = in.Token
-	out.IdentityProvider = in.IdentityProvider
+	out.Authenticator = in.Authenticator
 	return nil
 }
 

generated/1.18/apis/concierge/login/v1alpha1/zz_generated.deepcopy.go

@@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
 	*out = *in
-	in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
+	in.Authenticator.DeepCopyInto(&out.Authenticator)
 	return
 }
 

generated/1.18/apis/concierge/login/zz_generated.deepcopy.go

@@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
 	*out = *in
-	in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
+	in.Authenticator.DeepCopyInto(&out.Authenticator)
 	return
 }
 

generated/1.18/client/openapi/zz_generated.openapi.go

@@ -476,14 +476,14 @@ func schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref common.
 							Format:      "",
 						},
 					},
-					"identityProvider": {
+					"authenticator": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Reference to an identity provider which can fulfill this credential request.",
+							Description: "Reference to an authenticator which can validate this credential request.",
 							Ref:         ref("k8s.io/api/core/v1.TypedLocalObjectReference"),
 						},
 					},
 				},
-				Required: []string{"identityProvider"},
+				Required: []string{"authenticator"},
 			},
 		},
 		Dependencies: []string{

generated/1.19/README.adoc

@@ -328,7 +328,7 @@ TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, exp
 |===
 | Field | Description
 | *`token`* __string__ | Bearer token supplied with the credential request.
-| *`identityProvider`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an identity provider which can fulfill this credential request.
+| *`authenticator`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an authenticator which can validate this credential request.
 |===
 
 

generated/1.19/apis/concierge/login/types_token.go

@@ -12,8 +12,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference
 }
 
 type TokenCredentialRequestStatus struct {

generated/1.19/apis/concierge/login/v1alpha1/types_token.go

@@ -13,8 +13,8 @@ type TokenCredentialRequestSpec struct {
 	// Bearer token supplied with the credential request.
 	Token string `json:"token,omitempty"`
 
-	// Reference to an identity provider which can fulfill this credential request.
-	IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
+	// Reference to an authenticator which can validate this credential request.
+	Authenticator corev1.TypedLocalObjectReference `json:"authenticator"`
 }
 
 // TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.

generated/1.19/apis/concierge/login/v1alpha1/zz_generated.conversion.go

@@ -157,7 +157,7 @@ func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequest
 
 func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
 	out.Token = in.Token
-	out.IdentityProvider = in.IdentityProvider
+	out.Authenticator = in.Authenticator
 	return nil
 }
 
@@ -168,7 +168,7 @@ func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequest
 
 func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
 	out.Token = in.Token
-	out.IdentityProvider = in.IdentityProvider
+	out.Authenticator = in.Authenticator
 	return nil
 }
 

generated/1.19/apis/concierge/login/v1alpha1/zz_generated.deepcopy.go

@@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
 	*out = *in
-	in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
+	in.Authenticator.DeepCopyInto(&out.Authenticator)
 	return
 }
 

generated/1.19/apis/concierge/login/zz_generated.deepcopy.go

@@ -92,7 +92,7 @@ func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) {
 	*out = *in
-	in.IdentityProvider.DeepCopyInto(&out.IdentityProvider)
+	in.Authenticator.DeepCopyInto(&out.Authenticator)
 	return
 }
 

generated/1.19/client/openapi/zz_generated.openapi.go

@@ -477,14 +477,14 @@ func schema_apis_concierge_login_v1alpha1_TokenCredentialRequestSpec(ref common.
 							Format:      "",
 						},
 					},
-					"identityProvider": {
+					"authenticator": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Reference to an identity provider which can fulfill this credential request.",
+							Description: "Reference to an authenticator which can validate this credential request.",
 							Ref:         ref("k8s.io/api/core/v1.TypedLocalObjectReference"),
 						},
 					},
 				},
-				Required: []string{"identityProvider"},
+				Required: []string{"authenticator"},
 			},
 		},
 		Dependencies: []string{

internal/client/client.go

@@ -34,8 +34,8 @@ func ExchangeToken(ctx context.Context, namespace string, idp corev1.TypedLocalO
 			Namespace: namespace,
 		},
 		Spec: v1alpha1.TokenCredentialRequestSpec{
-			Token:            token,
-			IdentityProvider: idp,
+			Token:         token,
+			Authenticator: idp,
 		},
 	}, metav1.CreateOptions{})
 	if err != nil {

internal/client/client_test.go

@@ -105,7 +105,7 @@ func TestExchangeToken(t *testing.T) {
 				  },
 				  "spec": {
 					"token": "test-token",
-					"identityProvider": {
+					"authenticator": {
 						"apiGroup": "authentication.concierge.pinniped.dev",
 						"kind": "WebhookAuthenticator",
 						"name": "test-webhook"

internal/controller/identityprovider/idpcache/cache.go

@@ -84,11 +84,11 @@ func (c *Cache) AuthenticateTokenCredentialRequest(ctx context.Context, req *log
 	// Map the incoming request to a cache key.
 	key := Key{
 		Namespace: req.Namespace,
-		Name:      req.Spec.IdentityProvider.Name,
-		Kind:      req.Spec.IdentityProvider.Kind,
+		Name:      req.Spec.Authenticator.Name,
+		Kind:      req.Spec.Authenticator.Kind,
 	}
-	if req.Spec.IdentityProvider.APIGroup != nil {
-		key.APIGroup = *req.Spec.IdentityProvider.APIGroup
+	if req.Spec.Authenticator.APIGroup != nil {
+		key.APIGroup = *req.Spec.Authenticator.APIGroup
 	}
 
 	val := c.Get(key)

internal/controller/identityprovider/idpcache/cache_test.go

@@ -75,7 +75,7 @@ func TestAuthenticateTokenCredentialRequest(t *testing.T) {
 			Namespace: "test-namespace",
 		},
 		Spec: loginapi.TokenCredentialRequestSpec{
-			IdentityProvider: corev1.TypedLocalObjectReference{
+			Authenticator: corev1.TypedLocalObjectReference{
 				APIGroup: &authv1alpha.SchemeGroupVersion.Group,
 				Kind:     "WebhookAuthenticator",
 				Name:     "test-name",
@@ -85,10 +85,10 @@ func TestAuthenticateTokenCredentialRequest(t *testing.T) {
 		Status: loginapi.TokenCredentialRequestStatus{},
 	}
 	validRequestKey := Key{
-		APIGroup:  *validRequest.Spec.IdentityProvider.APIGroup,
-		Kind:      validRequest.Spec.IdentityProvider.Kind,
+		APIGroup:  *validRequest.Spec.Authenticator.APIGroup,
+		Kind:      validRequest.Spec.Authenticator.Kind,
 		Namespace: validRequest.Namespace,
-		Name:      validRequest.Spec.IdentityProvider.Name,
+		Name:      validRequest.Spec.Authenticator.Name,
 	}
 
 	mockCache := func(t *testing.T, res *authenticator.Response, authenticated bool, err error) *Cache {

test/integration/concierge_credentialrequest_test.go

@@ -154,8 +154,8 @@ func makeRequest(ctx context.Context, t *testing.T, spec loginv1alpha1.TokenCred
 
 func validCredentialRequestSpecWithRealToken(t *testing.T, idp corev1.TypedLocalObjectReference) loginv1alpha1.TokenCredentialRequestSpec {
 	return loginv1alpha1.TokenCredentialRequestSpec{
-		Token:            library.IntegrationEnv(t).TestUser.Token,
-		IdentityProvider: idp,
+		Token:         library.IntegrationEnv(t).TestUser.Token,
+		Authenticator: idp,
 	}
 }