Update '.drone.yml'

show interstitial web page to allow user to choose IDP when multiple IDPs are configured and authorize endpoint query param to choose IDP is not used

.dockerignore

@@ -21,3 +21,6 @@
 
 # MacOS Desktop Services Store
 .DS_Store
+
+# Hugo temp file
+.hugo_build.lock

.drone.yml

@@ -0,0 +1,19 @@
+kind: pipeline
+type: kubernetes
+name: Container
+
+steps:
+- name: build & publish
+  image: spritsail/docker-build
+  context: .
+  settings:
+    repo: bv11-cr01.bessems.eu/library/pinniped-server
+    registry: bv11-cr01.bessems.eu
+    tags: latest
+    build_args:
+      - BUILDPLATFORM=linux/amd64
+    mtu: 1450
+    username:
+      from_secret: harbor_username
+    password:
+      from_secret: harbor_password

.gitignore

@@ -19,3 +19,6 @@
 
 # MacOS Desktop Services Store
 .DS_Store
+
+# Hugo temp file
+.hugo_build.lock

Dockerfile

@@ -3,20 +3,29 @@
 # Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM golang:1.20.7 as build-env
+# Prepare to cross-compile by always running the build stage in the build platform, not the target platform.
+FROM --platform=linux/amd64 golang:1.21.3 as build-env
 
 WORKDIR /work
-COPY . .
+
 ARG GOPROXY
 
-# Build the executable binary (CGO_ENABLED=0 means static linking)
-# Pass in GOCACHE (build cache) and GOMODCACHE (module cache) so they
-# can be re-used between image builds.
+ARG KUBE_GIT_VERSION
+ENV KUBE_GIT_VERSION=$KUBE_GIT_VERSION
+
+# These will be set by buildkit automatically, e.g. TARGETOS set to "linux" and TARGETARCH set to "amd64" or "arm64".
+# Useful for building multi-arch container images.
+ARG TARGETOS
+ARG TARGETARCH
+
+# Build the statically linked (CGO_ENABLED=0) binary.
+# Mount source, build cache, and module cache for performance reasons.
+# See https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
 RUN \
+  --mount=target=. \
   --mount=type=cache,target=/cache/gocache \
   --mount=type=cache,target=/cache/gomodcache \
-  mkdir out && \
-  export GOCACHE=/cache/gocache GOMODCACHE=/cache/gomodcache CGO_ENABLED=0 GOOS=linux GOARCH=amd64 && \
+  export GOCACHE=/cache/gocache GOMODCACHE=/cache/gomodcache CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH && \
   go build -v -trimpath -ldflags "$(hack/get-ldflags.sh) -w -s" -o /usr/local/bin/pinniped-concierge-kube-cert-agent ./cmd/pinniped-concierge-kube-cert-agent/... && \
   go build -v -trimpath -ldflags "$(hack/get-ldflags.sh) -w -s" -o /usr/local/bin/pinniped-server ./cmd/pinniped-server/... && \
   ln -s /usr/local/bin/pinniped-server /usr/local/bin/pinniped-concierge && \
@@ -24,6 +33,9 @@ RUN \
   ln -s /usr/local/bin/pinniped-server /usr/local/bin/local-user-authenticator
 
 # Use a distroless runtime image with CA certificates, timezone data, and not much else.
+# Note that we are not using --platform here, so it will choose the base image for the target platform, not the build platform.
+# By using "distroless/static" instead of "distroless/static-debianXX" we can float on the latest stable version of debian.
+# See https://github.com/GoogleContainerTools/distroless#base-operating-system
 FROM gcr.io/distroless/static:nonroot@sha256:2a9e2b4fa771d31fe3346a873be845bfc2159695b9f90ca08e950497006ccc2e
 
 # Copy the server binary from the build-env stage.

apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go.tmpl

@@ -1,4 +1,4 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package v1alpha1
@@ -12,7 +12,7 @@ type JWTAuthenticatorStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 }
 
 // Spec for configuring a JWT authenticator.

apis/concierge/authentication/v1alpha1/types_meta.go.tmpl

@@ -1,75 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// ConditionStatus is effectively an enum type for Condition.Status.
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
-// version we can switch to using the upstream type.
-// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-type Condition struct {
-	// type of condition in CamelCase or in foo.example.com/CamelCase.
-	// ---
-	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-	// useful (see .node.status.conditions), the ability to deconflict is important.
-	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
-	// +kubebuilder:validation:MaxLength=316
-	Type string `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// observedGeneration represents the .metadata.generation that the condition was set based upon.
-	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-	// with respect to the current state of the instance.
-	// +optional
-	// +kubebuilder:validation:Minimum=0
-	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-
-	// lastTransitionTime is the last time the condition transitioned from one status to another.
-	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Type=string
-	// +kubebuilder:validation:Format=date-time
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
-	// Producers of specific condition types may define expected values and meanings for this field,
-	// and whether the values are considered a guaranteed API.
-	// The value should be a CamelCase string.
-	// This field may not be empty.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
-	Reason string `json:"reason"`
-
-	// message is a human readable message indicating details about the transition.
-	// This may be an empty string.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=32768
-	Message string `json:"message"`
-}

apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go.tmpl

@@ -1,4 +1,4 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package v1alpha1
@@ -12,7 +12,7 @@ type WebhookAuthenticatorStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 }
 
 // Spec for configuring a webhook authenticator.

apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl

@@ -1,4 +1,4 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package v1alpha1
@@ -8,14 +8,17 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
-type FederationDomainStatusCondition string
+type FederationDomainPhase string
 
 const (
-	SuccessFederationDomainStatusCondition                         = FederationDomainStatusCondition("Success")
-	DuplicateFederationDomainStatusCondition                       = FederationDomainStatusCondition("Duplicate")
-	SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret")
-	InvalidFederationDomainStatusCondition                         = FederationDomainStatusCondition("Invalid")
+	// FederationDomainPhasePending is the default phase for newly-created FederationDomain resources.
+	FederationDomainPhasePending FederationDomainPhase = "Pending"
+
+	// FederationDomainPhaseReady is the phase for an FederationDomain resource in a healthy state.
+	FederationDomainPhaseReady FederationDomainPhase = "Ready"
+
+	// FederationDomainPhaseError is the phase for an FederationDomain in an unhealthy state.
+	FederationDomainPhaseError FederationDomainPhase = "Error"
 )
 
 // FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.
@@ -42,6 +45,157 @@ type FederationDomainTLSSpec struct {
 	SecretName string `json:"secretName,omitempty"`
 }
 
+// FederationDomainTransformsConstant defines a constant variable and its value which will be made available to
+// the transform expressions. This is a union type, and Type is the discriminator field.
+type FederationDomainTransformsConstant struct {
+	// Name determines the name of the constant. It must be a valid identifier name.
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z][_a-zA-Z0-9]*$`
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=64
+	Name string `json:"name"`
+
+	// Type determines the type of the constant, and indicates which other field should be non-empty.
+	// +kubebuilder:validation:Enum=string;stringList
+	Type string `json:"type"`
+
+	// StringValue should hold the value when Type is "string", and is otherwise ignored.
+	// +optional
+	StringValue string `json:"stringValue,omitempty"`
+
+	// StringListValue should hold the value when Type is "stringList", and is otherwise ignored.
+	// +optional
+	StringListValue []string `json:"stringListValue,omitempty"`
+}
+
+// FederationDomainTransformsExpression defines a transform expression.
+type FederationDomainTransformsExpression struct {
+	// Type determines the type of the expression. It must be one of the supported types.
+	// +kubebuilder:validation:Enum=policy/v1;username/v1;groups/v1
+	Type string `json:"type"`
+
+	// Expression is a CEL expression that will be evaluated based on the Type during an authentication.
+	// +kubebuilder:validation:MinLength=1
+	Expression string `json:"expression"`
+
+	// Message is only used when Type is policy/v1. It defines an error message to be used when the policy rejects
+	// an authentication attempt. When empty, a default message will be used.
+	// +optional
+	Message string `json:"message,omitempty"`
+}
+
+// FederationDomainTransformsExample defines a transform example.
+type FederationDomainTransformsExample struct {
+	// Username is the input username.
+	// +kubebuilder:validation:MinLength=1
+	Username string `json:"username"`
+
+	// Groups is the input list of group names.
+	// +optional
+	Groups []string `json:"groups,omitempty"`
+
+	// Expects is the expected output of the entire sequence of transforms when they are run against the
+	// input Username and Groups.
+	Expects FederationDomainTransformsExampleExpects `json:"expects"`
+}
+
+// FederationDomainTransformsExampleExpects defines the expected result for a transforms example.
+type FederationDomainTransformsExampleExpects struct {
+	// Username is the expected username after the transformations have been applied.
+	// +optional
+	Username string `json:"username,omitempty"`
+
+	// Groups is the expected list of group names after the transformations have been applied.
+	// +optional
+	Groups []string `json:"groups,omitempty"`
+
+	// Rejected is a boolean that indicates whether authentication is expected to be rejected by a policy expression
+	// after the transformations have been applied. True means that it is expected that the authentication would be
+	// rejected. The default value of false means that it is expected that the authentication would not be rejected
+	// by any policy expression.
+	// +optional
+	Rejected bool `json:"rejected,omitempty"`
+
+	// Message is the expected error message of the transforms. When Rejected is true, then Message is the expected
+	// message for the policy which rejected the authentication attempt. When Rejected is true and Message is blank,
+	// then Message will be treated as the default error message for authentication attempts which are rejected by a
+	// policy. When Rejected is false, then Message is the expected error message for some other non-policy
+	// transformation error, such as a runtime error. When Rejected is false, there is no default expected Message.
+	// +optional
+	Message string `json:"message,omitempty"`
+}
+
+// FederationDomainTransforms defines identity transformations for an identity provider's usage on a FederationDomain.
+type FederationDomainTransforms struct {
+	// Constants defines constant variables and their values which will be made available to the transform expressions.
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	Constants []FederationDomainTransformsConstant `json:"constants,omitempty"`
+
+	// Expressions are an optional list of transforms and policies to be executed in the order given during every
+	// authentication attempt, including during every session refresh.
+	// Each is a CEL expression. It may use the basic CEL language as defined in
+	// https://github.com/google/cel-spec/blob/master/doc/langdef.md plus the CEL string extensions defined in
+	// https://github.com/google/cel-go/tree/master/ext#strings.
+	//
+	// The username and groups extracted from the identity provider, and the constants defined in this CR, are
+	// available as variables in all expressions. The username is provided via a variable called `username` and
+	// the list of group names is provided via a variable called `groups` (which may be an empty list).
+	// Each user-provided constants is provided via a variable named `strConst.varName` for string constants
+	// and `strListConst.varName` for string list constants.
+	//
+	// The only allowed types for expressions are currently policy/v1, username/v1, and groups/v1.
+	// Each policy/v1 must return a boolean, and when it returns false, no more expressions from the list are evaluated
+	// and the authentication attempt is rejected.
+	// Transformations of type policy/v1 do not return usernames or group names, and therefore cannot change the
+	// username or group names.
+	// Each username/v1 transform must return the new username (a string), which can be the same as the old username.
+	// Transformations of type username/v1 do not return group names, and therefore cannot change the group names.
+	// Each groups/v1 transform must return the new groups list (list of strings), which can be the same as the old
+	// groups list.
+	// Transformations of type groups/v1 do not return usernames, and therefore cannot change the usernames.
+	// After each expression, the new (potentially changed) username or groups get passed to the following expression.
+	//
+	// Any compilation or static type-checking failure of any expression will cause an error status on the FederationDomain.
+	// During an authentication attempt, any unexpected runtime evaluation errors (e.g. division by zero) cause the
+	// authentication attempt to fail. When all expressions evaluate successfully, then the (potentially changed) username
+	// and group names have been decided for that authentication attempt.
+	//
+	// +optional
+	Expressions []FederationDomainTransformsExpression `json:"expressions,omitempty"`
+
+	// Examples can optionally be used to ensure that the sequence of transformation expressions are working as
+	// expected. Examples define sample input identities which are then run through the expression list, and the
+	// results are compared to the expected results. If any example in this list fails, then this
+	// identity provider will not be available for use within this FederationDomain, and the error(s) will be
+	// added to the FederationDomain status. This can be used to help guard against programming mistakes in the
+	// expressions, and also act as living documentation for other administrators to better understand the expressions.
+	// +optional
+	Examples []FederationDomainTransformsExample `json:"examples,omitempty"`
+}
+
+// FederationDomainIdentityProvider describes how an identity provider is made available in this FederationDomain.
+type FederationDomainIdentityProvider struct {
+	// DisplayName is the name of this identity provider as it will appear to clients. This name ends up in the
+	// kubeconfig of end users, so changing the name of an identity provider that is in use by end users will be a
+	// disruptive change for those users.
+	// +kubebuilder:validation:MinLength=1
+	DisplayName string `json:"displayName"`
+
+	// ObjectRef is a reference to a Pinniped identity provider resource. A valid reference is required.
+	// If the reference cannot be resolved then the identity provider will not be made available.
+	// Must refer to a resource of one of the Pinniped identity provider types, e.g. OIDCIdentityProvider,
+	// LDAPIdentityProvider, ActiveDirectoryIdentityProvider.
+	ObjectRef corev1.TypedLocalObjectReference `json:"objectRef"`
+
+	// Transforms is an optional way to specify transformations to be applied during user authentication and
+	// session refresh.
+	// +optional
+	Transforms FederationDomainTransforms `json:"transforms,omitempty"`
+}
+
 // FederationDomainSpec is a struct that describes an OIDC Provider.
 type FederationDomainSpec struct {
 	// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
@@ -55,9 +209,35 @@ type FederationDomainSpec struct {
 	// +kubebuilder:validation:MinLength=1
 	Issuer string `json:"issuer"`
 
-	// TLS configures how this FederationDomain is served over Transport Layer Security (TLS).
+	// TLS specifies a secret which will contain Transport Layer Security (TLS) configuration for the FederationDomain.
 	// +optional
 	TLS *FederationDomainTLSSpec `json:"tls,omitempty"`
+
+	// IdentityProviders is the list of identity providers available for use by this FederationDomain.
+	//
+	// An identity provider CR (e.g. OIDCIdentityProvider or LDAPIdentityProvider) describes how to connect to a server,
+	// how to talk in a specific protocol for authentication, and how to use the schema of that server/protocol to
+	// extract a normalized user identity. Normalized user identities include a username and a list of group names.
+	// In contrast, IdentityProviders describes how to use that normalized identity in those Kubernetes clusters which
+	// belong to this FederationDomain. Each entry in IdentityProviders can be configured with arbitrary transformations
+	// on that normalized identity. For example, a transformation can add a prefix to all usernames to help avoid
+	// accidental conflicts when multiple identity providers have different users with the same username (e.g.
+	// "idp1:ryan" versus "idp2:ryan"). Each entry in IdentityProviders can also implement arbitrary authentication
+	// rejection policies. Even though a user was able to authenticate with the identity provider, a policy can disallow
+	// the authentication to the Kubernetes clusters that belong to this FederationDomain. For example, a policy could
+	// disallow the authentication unless the user belongs to a specific group in the identity provider.
+	//
+	// For backwards compatibility with versions of Pinniped which predate support for multiple identity providers,
+	// an empty IdentityProviders list will cause the FederationDomain to use all available identity providers which
+	// exist in the same namespace, but also to reject all authentication requests when there is more than one identity
+	// provider currently defined. In this backwards compatibility mode, the name of the identity provider resource
+	// (e.g. the Name of an OIDCIdentityProvider resource) will be used as the name of the identity provider in this
+	// FederationDomain. This mode is provided to make upgrading from older versions easier. However, instead of
+	// relying on this backwards compatibility mode, please consider this mode to be deprecated and please instead
+	// explicitly list the identity provider using this IdentityProviders field.
+	//
+	// +optional
+	IdentityProviders []FederationDomainIdentityProvider `json:"identityProviders,omitempty"`
 }
 
 // FederationDomainSecrets holds information about this OIDC Provider's secrets.
@@ -86,20 +266,17 @@ type FederationDomainSecrets struct {
 
 // FederationDomainStatus is a struct that describes the actual state of an OIDC Provider.
 type FederationDomainStatus struct {
-	// Status holds an enum that describes the state of this OIDC Provider. Note that this Status can
-	// represent success or failure.
-	// +optional
-	Status FederationDomainStatusCondition `json:"status,omitempty"`
+	// Phase summarizes the overall status of the FederationDomain.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase FederationDomainPhase `json:"phase,omitempty"`
 
-	// Message provides human-readable details about the Status.
-	// +optional
-	Message string `json:"message,omitempty"`
-
-	// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
-	// around some undesirable behavior with respect to the empty metav1.Time value (see
-	// https://github.com/kubernetes/kubernetes/issues/86811).
-	// +optional
-	LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+	// Conditions represent the observations of an FederationDomain's current state.
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 
 	// Secrets contains information about this OIDC Provider's secrets.
 	// +optional
@@ -111,7 +288,7 @@ type FederationDomainStatus struct {
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
-// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
 // +kubebuilder:subresource:status
 type FederationDomain struct {

apis/supervisor/config/v1alpha1/types_meta.go.tmpl

@@ -1,75 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// ConditionStatus is effectively an enum type for Condition.Status.
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
-// version we can switch to using the upstream type.
-// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-type Condition struct {
-	// type of condition in CamelCase or in foo.example.com/CamelCase.
-	// ---
-	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-	// useful (see .node.status.conditions), the ability to deconflict is important.
-	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
-	// +kubebuilder:validation:MaxLength=316
-	Type string `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// observedGeneration represents the .metadata.generation that the condition was set based upon.
-	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-	// with respect to the current state of the instance.
-	// +optional
-	// +kubebuilder:validation:Minimum=0
-	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-
-	// lastTransitionTime is the last time the condition transitioned from one status to another.
-	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Type=string
-	// +kubebuilder:validation:Format=date-time
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
-	// Producers of specific condition types may define expected values and meanings for this field,
-	// and whether the values are considered a guaranteed API.
-	// The value should be a CamelCase string.
-	// This field may not be empty.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
-	Reason string `json:"reason"`
-
-	// message is a human readable message indicating details about the transition.
-	// This may be an empty string.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=32768
-	Message string `json:"message"`
-}

apis/supervisor/config/v1alpha1/types_oidcclient.go.tmpl

@@ -1,4 +1,4 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package v1alpha1
@@ -8,14 +8,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 type OIDCClientPhase string
 
 const (
-	// PhasePending is the default phase for newly-created OIDCClient resources.
-	PhasePending OIDCClientPhase = "Pending"
+	// OIDCClientPhasePending is the default phase for newly-created OIDCClient resources.
+	OIDCClientPhasePending OIDCClientPhase = "Pending"
 
-	// PhaseReady is the phase for an OIDCClient resource in a healthy state.
-	PhaseReady OIDCClientPhase = "Ready"
+	// OIDCClientPhaseReady is the phase for an OIDCClient resource in a healthy state.
+	OIDCClientPhaseReady OIDCClientPhase = "Ready"
 
-	// PhaseError is the phase for an OIDCClient in an unhealthy state.
-	PhaseError OIDCClientPhase = "Error"
+	// OIDCClientPhaseError is the phase for an OIDCClient in an unhealthy state.
+	OIDCClientPhaseError OIDCClientPhase = "Error"
 )
 
 // +kubebuilder:validation:Pattern=`^https://.+|^http://(127\.0\.0\.1|\[::1\])(:\d+)?/`
@@ -85,7 +85,7 @@ type OIDCClientStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 
 	// totalClientSecrets is the current number of client secrets that are detected for this OIDCClient.
 	// +optional

apis/supervisor/idp/v1alpha1/types_activedirectoryidentityprovider.go.tmpl

@@ -32,7 +32,7 @@ type ActiveDirectoryIdentityProviderStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 }
 
 type ActiveDirectoryIdentityProviderBind struct {

apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go.tmpl

@@ -32,7 +32,7 @@ type LDAPIdentityProviderStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 }
 
 type LDAPIdentityProviderBind struct {

apis/supervisor/idp/v1alpha1/types_meta.go.tmpl

@@ -1,75 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// ConditionStatus is effectively an enum type for Condition.Status.
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
-// version we can switch to using the upstream type.
-// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-type Condition struct {
-	// type of condition in CamelCase or in foo.example.com/CamelCase.
-	// ---
-	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-	// useful (see .node.status.conditions), the ability to deconflict is important.
-	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
-	// +kubebuilder:validation:MaxLength=316
-	Type string `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// observedGeneration represents the .metadata.generation that the condition was set based upon.
-	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-	// with respect to the current state of the instance.
-	// +optional
-	// +kubebuilder:validation:Minimum=0
-	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-
-	// lastTransitionTime is the last time the condition transitioned from one status to another.
-	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Type=string
-	// +kubebuilder:validation:Format=date-time
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
-	// Producers of specific condition types may define expected values and meanings for this field,
-	// and whether the values are considered a guaranteed API.
-	// The value should be a CamelCase string.
-	// This field may not be empty.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
-	Reason string `json:"reason"`
-
-	// message is a human readable message indicating details about the transition.
-	// This may be an empty string.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=32768
-	Message string `json:"message"`
-}

apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go.tmpl

@@ -32,7 +32,7 @@ type OIDCIdentityProviderStatus struct {
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
 }
 
 // OIDCAuthorizationConfig provides information about how to form the OAuth2 authorization

cmd/pinniped/cmd/flag_types_test.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -15,7 +15,6 @@ import (
 
 	configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
 	"go.pinniped.dev/internal/certauthority"
-	"go.pinniped.dev/internal/testutil"
 )
 
 func TestConciergeModeFlag(t *testing.T) {
@@ -52,7 +51,7 @@ func TestConciergeModeFlag(t *testing.T) {
 func TestCABundleFlag(t *testing.T) {
 	testCA, err := certauthority.New("Test CA", 1*time.Hour)
 	require.NoError(t, err)
-	tmpdir := testutil.TempDir(t)
+	tmpdir := t.TempDir()
 	emptyFilePath := filepath.Join(tmpdir, "empty")
 	require.NoError(t, os.WriteFile(emptyFilePath, []byte{}, 0600))
 

cmd/pinniped/cmd/kubeconfig.go

@@ -96,6 +96,7 @@ type getKubeconfigParams struct {
 	credentialCachePath       string
 	credentialCachePathSet    bool
 	installHint               string
+	pinnipedCliPath           string
 }
 
 type discoveryResponseScopesSupported struct {
@@ -151,14 +152,16 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
 	f.StringVarP(&flags.outputPath, "output", "o", "", "Output file path (default: stdout)")
 	f.StringVar(&flags.generatedNameSuffix, "generated-name-suffix", "-pinniped", "Suffix to append to generated cluster, context, user kubeconfig entries")
 	f.StringVar(&flags.credentialCachePath, "credential-cache", "", "Path to cluster-specific credentials cache")
+	f.StringVar(&flags.pinnipedCliPath, "pinniped-cli-path", "", "Full path or executable name for the Pinniped CLI binary to be embedded in the resulting kubeconfig output (e.g. 'pinniped') (default: full path of the binary used to execute this command)")
 	f.StringVar(&flags.installHint, "install-hint", "The pinniped CLI does not appear to be installed.  See https://get.pinniped.dev/cli for more details", "This text is shown to the user when the pinniped CLI is not installed.")
-	mustMarkHidden(cmd, "oidc-debug-session-cache")
 
-	// --oidc-skip-listen is mainly needed for testing. We'll leave it hidden until we have a non-testing use case.
-	mustMarkHidden(cmd, "oidc-skip-listen")
+	mustMarkHidden(cmd,
+		"oidc-debug-session-cache",
+		"oidc-skip-listen", // --oidc-skip-listen is mainly needed for testing. We'll leave it hidden until we have a non-testing use case.
+		"concierge-namespace",
+	)
 
 	mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
-	mustMarkHidden(cmd, "concierge-namespace")
 
 	cmd.RunE = func(cmd *cobra.Command, args []string) error {
 		if flags.outputPath != "" {
@@ -268,7 +271,12 @@ func newExecConfig(deps kubeconfigDeps, flags getKubeconfigParams) (*clientcmdap
 
 	execConfig.InstallHint = flags.installHint
 	var err error
-	execConfig.Command, err = deps.getPathToSelf()
+	execConfig.Command, err = func() (string, error) {
+		if flags.pinnipedCliPath != "" {
+			return flags.pinnipedCliPath, nil
+		}
+		return deps.getPathToSelf()
+	}()
 	if err != nil {
 		return nil, fmt.Errorf("could not determine the Pinniped executable path: %w", err)
 	}

cmd/pinniped/cmd/kubeconfig_test.go

@@ -32,7 +32,7 @@ import (
 func TestGetKubeconfig(t *testing.T) {
 	testOIDCCA, err := certauthority.New("Test CA", 1*time.Hour)
 	require.NoError(t, err)
-	tmpdir := testutil.TempDir(t)
+	tmpdir := t.TempDir()
 	testOIDCCABundlePath := filepath.Join(tmpdir, "testca.pem")
 	require.NoError(t, os.WriteFile(testOIDCCABundlePath, testOIDCCA.Bundle(), 0600))
 
@@ -147,6 +147,7 @@ func TestGetKubeconfig(t *testing.T) {
 				      --oidc-session-cache string                Path to OpenID Connect session cache file
 				      --oidc-skip-browser                        During OpenID Connect login, skip opening the browser (just print the URL)
 				  -o, --output string                            Output file path (default: stdout)
+				      --pinniped-cli-path string                 Full path or executable name for the Pinniped CLI binary to be embedded in the resulting kubeconfig output (e.g. 'pinniped') (default: full path of the binary used to execute this command)
 				      --skip-validation                          Skip final validation of the kubeconfig (default: false)
 				      --static-token string                      Instead of doing an OIDC-based login, specify a static token
 				      --static-token-env string                  Instead of doing an OIDC-based login, read a static token from the environment
@@ -1583,7 +1584,6 @@ func TestGetKubeconfig(t *testing.T) {
 			},
 		},
 		{
-
 			name: "autodetect nothing, set a bunch of options",
 			args: func(issuerCABundle string, issuerURL string) []string {
 				f := testutil.WriteStringToTempFile(t, "testca-*.pem", issuerCABundle)
@@ -1607,6 +1607,7 @@ func TestGetKubeconfig(t *testing.T) {
 					"--skip-validation",
 					"--generated-name-suffix", "-sso",
 					"--credential-cache", "/path/to/cache/dir/credentials.yaml",
+					"--pinniped-cli-path", "/some/path/to/command-exe",
 				}
 			},
 			conciergeObjects: func(issuerCABundle string, issuerURL string) []runtime.Object {
@@ -1658,7 +1659,7 @@ func TestGetKubeconfig(t *testing.T) {
 						  - --session-cache=/path/to/cache/dir/sessions.yaml
 						  - --debug-session-cache
 						  - --request-audience=test-audience
-						  command: '.../path/to/pinniped'
+						  command: /some/path/to/command-exe
 						  env: []
 						  installHint: The pinniped CLI does not appear to be installed.  See https://get.pinniped.dev/cli
 						    for more details

cmd/pinniped/cmd/login_oidc.go

@@ -164,7 +164,7 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
 	// Initialize the login handler.
 	opts := []oidcclient.Option{
 		oidcclient.WithContext(cmd.Context()),
-		oidcclient.WithLogger(plog.Logr()), //nolint:staticcheck  // old code with lots of log statements
+		oidcclient.WithLogger(plog.Logr()), //nolint:staticcheck // old code with lots of log statements
 		oidcclient.WithScopes(flags.scopes),
 		oidcclient.WithSessionCache(sessionCache),
 	}

cmd/pinniped/cmd/login_oidc_test.go

@@ -23,7 +23,6 @@ import (
 	"go.pinniped.dev/internal/certauthority"
 	"go.pinniped.dev/internal/here"
 	"go.pinniped.dev/internal/plog"
-	"go.pinniped.dev/internal/testutil"
 	"go.pinniped.dev/pkg/conciergeclient"
 	"go.pinniped.dev/pkg/oidcclient"
 	"go.pinniped.dev/pkg/oidcclient/oidctypes"
@@ -34,7 +33,7 @@ func TestLoginOIDCCommand(t *testing.T) {
 
 	testCA, err := certauthority.New("Test CA", 1*time.Hour)
 	require.NoError(t, err)
-	tmpdir := testutil.TempDir(t)
+	tmpdir := t.TempDir()
 	testCABundlePath := filepath.Join(tmpdir, "testca.pem")
 	require.NoError(t, os.WriteFile(testCABundlePath, testCA.Bundle(), 0600))
 
@@ -513,7 +512,7 @@ func TestLoginOIDCCommand(t *testing.T) {
 				"--concierge-endpoint", "https://127.0.0.1:1234/",
 				"--concierge-ca-bundle-data", base64.StdEncoding.EncodeToString(testCA.Bundle()),
 				"--concierge-api-group-suffix", "some.suffix.com",
-				"--credential-cache", testutil.TempDir(t) + "/credentials.yaml", // must specify --credential-cache or else the cache file on disk causes test pollution
+				"--credential-cache", t.TempDir() + "/credentials.yaml", // must specify --credential-cache or else the cache file on disk causes test pollution
 				"--upstream-identity-provider-name", "some-upstream-name",
 				"--upstream-identity-provider-type", "ldap",
 			},

cmd/pinniped/cmd/login_static_test.go

@@ -21,7 +21,6 @@ import (
 	"go.pinniped.dev/internal/certauthority"
 	"go.pinniped.dev/internal/here"
 	"go.pinniped.dev/internal/plog"
-	"go.pinniped.dev/internal/testutil"
 	"go.pinniped.dev/pkg/conciergeclient"
 )
 
@@ -30,7 +29,7 @@ func TestLoginStaticCommand(t *testing.T) {
 
 	testCA, err := certauthority.New("Test CA", 1*time.Hour)
 	require.NoError(t, err)
-	tmpdir := testutil.TempDir(t)
+	tmpdir := t.TempDir()
 	testCABundlePath := filepath.Join(tmpdir, "testca.pem")
 	require.NoError(t, os.WriteFile(testCABundlePath, testCA.Bundle(), 0600))
 

cmd/pinniped/cmd/version.go

@@ -1,13 +1,16 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
 
 import (
+	"encoding/json"
 	"fmt"
 
 	"github.com/spf13/cobra"
-	"k8s.io/component-base/version"
+	"sigs.k8s.io/yaml"
+
+	"go.pinniped.dev/internal/pversion"
 )
 
 //nolint:gochecknoinits
@@ -15,14 +18,44 @@ func init() {
 	rootCmd.AddCommand(newVersionCommand())
 }
 
+//nolint:gochecknoglobals
+var (
+	output = new(string)
+	// getBuildInfo can be overwritten by tests.
+	getBuildInfo = pversion.Get
+)
+
 func newVersionCommand() *cobra.Command {
-	return &cobra.Command{
-		RunE: func(cmd *cobra.Command, _ []string) error {
-			fmt.Fprintf(cmd.OutOrStdout(), "%#v\n", version.Get())
-			return nil
-		},
+	c := &cobra.Command{
+		RunE:  runner,
 		Args:  cobra.NoArgs, // do not accept positional arguments for this command
 		Use:   "version",
 		Short: "Print the version of this Pinniped CLI",
 	}
+	c.Flags().StringVarP(output, "output", "o", "", "one of 'yaml' or 'json'")
+	return c
+}
+
+func runner(cmd *cobra.Command, _ []string) error {
+	buildVersion := getBuildInfo()
+
+	switch {
+	case output == nil || *output == "":
+		_, _ = fmt.Fprintf(cmd.OutOrStdout(), "%s\n", buildVersion.GitVersion)
+	case *output == "json":
+		bytes, err := json.MarshalIndent(buildVersion, "", "  ")
+		if err != nil {
+			return err
+		}
+		_, _ = fmt.Fprintf(cmd.OutOrStdout(), "%s\n", bytes)
+	case *output == "yaml":
+		bytes, err := yaml.Marshal(buildVersion)
+		if err != nil {
+			return err
+		}
+		_, _ = fmt.Fprint(cmd.OutOrStdout(), string(bytes))
+	default:
+		return fmt.Errorf("'%s' is not a valid option for output", *output)
+	}
+	return nil
 }

cmd/pinniped/cmd/version_test.go

@@ -1,4 +1,4 @@
-// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -9,8 +9,10 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	apimachineryversion "k8s.io/apimachinery/pkg/version"
 
 	"go.pinniped.dev/internal/here"
+	"go.pinniped.dev/internal/pversion"
 )
 
 var (
@@ -19,8 +21,8 @@ var (
 		  version \[flags\]
 
 		Flags:
-		  -h, --help   help for version
-
+		  -h, --help            help for version
+		  -o, --output string   one of 'yaml' or 'json'
 		`)
 
 	knownGoodHelpRegexpForVersion = here.Doc(`
@@ -30,24 +32,55 @@ var (
 		  version \[flags\]
 
 		Flags:
-		  -h, --help   help for version
+		  -h, --help            help for version
+		  -o, --output string   one of 'yaml' or 'json'
 		`)
 
-	emptyVersionRegexp = `version.Info{Major:"", Minor:"", GitVersion:".*", GitCommit:".*", GitTreeState:"", BuildDate:".*", GoVersion:".*", Compiler:".*", Platform:".*/.*"}`
+	jsonRegexp = here.Doc(`{
+  "major": "\d*",
+  "minor": "\d*",
+  "gitVersion": "i am a version for json output",
+  "gitCommit": ".*",
+  "gitTreeState": ".*",
+  "buildDate": ".*",
+  "goVersion": ".*",
+  "compiler": ".*",
+  "platform": ".*/.*"
+}`)
+
+	yamlRegexp = here.Doc(`buildDate: ".*"
+compiler: .*
+gitCommit: .*
+gitTreeState: .*
+gitVersion: i am a version for yaml output
+goVersion: .*
+major: "\d*"
+minor: "\d*"
+platform: .*/.*
+`)
 )
 
 func TestNewVersionCmd(t *testing.T) {
+	t.Cleanup(func() {
+		getBuildInfo = pversion.Get
+	})
+
 	tests := []struct {
 		name             string
 		args             []string
+		vars             string
+		getBuildInfo     func() apimachineryversion.Info
 		wantError        bool
 		wantStdoutRegexp string
 		wantStderrRegexp string
 	}{
 		{
-			name:             "no flags",
-			args:             []string{},
-			wantStdoutRegexp: emptyVersionRegexp + "\n",
+			name: "no flags",
+			args: []string{},
+			getBuildInfo: func() apimachineryversion.Info {
+				return apimachineryversion.Info{GitVersion: "v55.66.44"}
+			},
+			wantStdoutRegexp: "v55.66.44\n",
 		},
 		{
 			name:             "help flag passed",
@@ -61,10 +94,44 @@ func TestNewVersionCmd(t *testing.T) {
 			wantStderrRegexp: `Error: unknown command "tuna" for "version"`,
 			wantStdoutRegexp: knownGoodUsageRegexpForVersion,
 		},
+		{
+			name: "json output",
+			args: []string{"--output", "json"},
+			getBuildInfo: func() apimachineryversion.Info {
+				return apimachineryversion.Info{
+					GitVersion: "i am a version for json output",
+					Platform:   "a/b",
+				}
+			},
+			wantStdoutRegexp: jsonRegexp,
+		},
+		{
+			name: "yaml output",
+			args: []string{"--output", "yaml"},
+			getBuildInfo: func() apimachineryversion.Info {
+				return apimachineryversion.Info{
+					GitVersion: "i am a version for yaml output",
+					Platform:   "c/d",
+				}
+			},
+			wantStdoutRegexp: yamlRegexp,
+		},
+		{
+			name:             "incorrect output",
+			args:             []string{"--output", "foo"},
+			wantError:        true,
+			wantStderrRegexp: `Error: 'foo' is not a valid option for output`,
+			wantStdoutRegexp: knownGoodUsageRegexpForVersion,
+		},
 	}
+
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
+			if tt.getBuildInfo != nil {
+				getBuildInfo = tt.getBuildInfo
+			}
+
 			cmd := newVersionCommand()
 			require.NotNil(t, cmd)
 

deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: jwtauthenticators.authentication.concierge.pinniped.dev
 spec:
   group: authentication.concierge.pinniped.dev
@@ -97,9 +96,15 @@ spec:
                 description: Represents the observations of the authenticator's current
                   state.
                 items:
-                  description: Condition status of a resource (mirrored from the metav1.Condition
-                    type added in Kubernetes 1.19). In a future API version we can
-                    switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -168,9 +173,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: webhookauthenticators.authentication.concierge.pinniped.dev
 spec:
   group: authentication.concierge.pinniped.dev
@@ -70,9 +69,15 @@ spec:
                 description: Represents the observations of the authenticator's current
                   state.
                 items:
-                  description: Condition status of a resource (mirrored from the metav1.Condition
-                    type added in Kubernetes 1.19). In a future API version we can
-                    switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -141,9 +146,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: credentialissuers.config.concierge.pinniped.dev
 spec:
   group: config.concierge.pinniped.dev
@@ -256,9 +255,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/concierge/deployment.yaml

@@ -1,4 +1,4 @@
-#! Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:data", "data")
@@ -134,8 +134,6 @@ spec:
         #! More recently added the more unique deploymentPodLabel() so Services can select these Pods more specifically
         #! without accidentally selecting any other Deployment's Pods, especially the kube cert agent Deployment's Pods.
         _: #@ template.replace(deploymentPodLabel())
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ""
     spec:
       securityContext:
         runAsUser: #@ data.values.run_as_user
@@ -247,9 +245,14 @@ spec:
           effect: NoSchedule
         - key: node-role.kubernetes.io/control-plane #! The new name for these nodes as of Kubernetes 1.24.
           effect: NoSchedule
-      #! "system-cluster-critical" cannot be used outside the kube-system namespace until Kubernetes >= 1.17,
-      #! so we skip setting this for now (see https://github.com/kubernetes/kubernetes/issues/60596).
-      #!priorityClassName: system-cluster-critical
+        - key: kubernetes.io/arch
+          effect: NoSchedule
+          operator: Equal
+          value: amd64 #! Allow running on amd64 nodes.
+        - key: kubernetes.io/arch
+          effect: NoSchedule
+          operator: Equal
+          value: arm64 #! Also allow running on arm64 nodes.
       #! This will help make sure our multiple pods run on different nodes, making
       #! our deployment "more" "HA".
       affinity:

deploy/local-user-authenticator/deployment.yaml

@@ -1,4 +1,4 @@
-#! Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:data", "data")
@@ -76,6 +76,15 @@ spec:
             #! `--validate=false` flag. Note that installing via `kapp` does not complain about this validation error.
             seccompProfile:
               type: "RuntimeDefault"
+      tolerations:
+        - key: kubernetes.io/arch
+          effect: NoSchedule
+          operator: Equal
+          value: amd64 #! Allow running on amd64 nodes.
+        - key: kubernetes.io/arch
+          effect: NoSchedule
+          operator: Equal
+          value: arm64 #! Also allow running on arm64 nodes.
 ---
 apiVersion: v1
 kind: Service

deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: federationdomains.config.supervisor.pinniped.dev
 spec:
   group: config.supervisor.pinniped.dev
@@ -21,7 +20,7 @@ spec:
     - jsonPath: .spec.issuer
       name: Issuer
       type: string
-    - jsonPath: .status.status
+    - jsonPath: .status.phase
       name: Status
       type: string
     - jsonPath: .metadata.creationTimestamp
@@ -47,6 +46,264 @@ spec:
           spec:
             description: Spec of the OIDC provider.
             properties:
+              identityProviders:
+                description: "IdentityProviders is the list of identity providers
+                  available for use by this FederationDomain. \n An identity provider
+                  CR (e.g. OIDCIdentityProvider or LDAPIdentityProvider) describes
+                  how to connect to a server, how to talk in a specific protocol for
+                  authentication, and how to use the schema of that server/protocol
+                  to extract a normalized user identity. Normalized user identities
+                  include a username and a list of group names. In contrast, IdentityProviders
+                  describes how to use that normalized identity in those Kubernetes
+                  clusters which belong to this FederationDomain. Each entry in IdentityProviders
+                  can be configured with arbitrary transformations on that normalized
+                  identity. For example, a transformation can add a prefix to all
+                  usernames to help avoid accidental conflicts when multiple identity
+                  providers have different users with the same username (e.g. \"idp1:ryan\"
+                  versus \"idp2:ryan\"). Each entry in IdentityProviders can also
+                  implement arbitrary authentication rejection policies. Even though
+                  a user was able to authenticate with the identity provider, a policy
+                  can disallow the authentication to the Kubernetes clusters that
+                  belong to this FederationDomain. For example, a policy could disallow
+                  the authentication unless the user belongs to a specific group in
+                  the identity provider. \n For backwards compatibility with versions
+                  of Pinniped which predate support for multiple identity providers,
+                  an empty IdentityProviders list will cause the FederationDomain
+                  to use all available identity providers which exist in the same
+                  namespace, but also to reject all authentication requests when there
+                  is more than one identity provider currently defined. In this backwards
+                  compatibility mode, the name of the identity provider resource (e.g.
+                  the Name of an OIDCIdentityProvider resource) will be used as the
+                  name of the identity provider in this FederationDomain. This mode
+                  is provided to make upgrading from older versions easier. However,
+                  instead of relying on this backwards compatibility mode, please
+                  consider this mode to be deprecated and please instead explicitly
+                  list the identity provider using this IdentityProviders field."
+                items:
+                  description: FederationDomainIdentityProvider describes how an identity
+                    provider is made available in this FederationDomain.
+                  properties:
+                    displayName:
+                      description: DisplayName is the name of this identity provider
+                        as it will appear to clients. This name ends up in the kubeconfig
+                        of end users, so changing the name of an identity provider
+                        that is in use by end users will be a disruptive change for
+                        those users.
+                      minLength: 1
+                      type: string
+                    objectRef:
+                      description: ObjectRef is a reference to a Pinniped identity
+                        provider resource. A valid reference is required. If the reference
+                        cannot be resolved then the identity provider will not be
+                        made available. Must refer to a resource of one of the Pinniped
+                        identity provider types, e.g. OIDCIdentityProvider, LDAPIdentityProvider,
+                        ActiveDirectoryIdentityProvider.
+                      properties:
+                        apiGroup:
+                          description: APIGroup is the group for the resource being
+                            referenced. If APIGroup is not specified, the specified
+                            Kind must be in the core API group. For any other third-party
+                            types, APIGroup is required.
+                          type: string
+                        kind:
+                          description: Kind is the type of resource being referenced
+                          type: string
+                        name:
+                          description: Name is the name of resource being referenced
+                          type: string
+                      required:
+                      - kind
+                      - name
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    transforms:
+                      description: Transforms is an optional way to specify transformations
+                        to be applied during user authentication and session refresh.
+                      properties:
+                        constants:
+                          description: Constants defines constant variables and their
+                            values which will be made available to the transform expressions.
+                          items:
+                            description: FederationDomainTransformsConstant defines
+                              a constant variable and its value which will be made
+                              available to the transform expressions. This is a union
+                              type, and Type is the discriminator field.
+                            properties:
+                              name:
+                                description: Name determines the name of the constant.
+                                  It must be a valid identifier name.
+                                maxLength: 64
+                                minLength: 1
+                                pattern: ^[a-zA-Z][_a-zA-Z0-9]*$
+                                type: string
+                              stringListValue:
+                                description: StringListValue should hold the value
+                                  when Type is "stringList", and is otherwise ignored.
+                                items:
+                                  type: string
+                                type: array
+                              stringValue:
+                                description: StringValue should hold the value when
+                                  Type is "string", and is otherwise ignored.
+                                type: string
+                              type:
+                                description: Type determines the type of the constant,
+                                  and indicates which other field should be non-empty.
+                                enum:
+                                - string
+                                - stringList
+                                type: string
+                            required:
+                            - name
+                            - type
+                            type: object
+                          type: array
+                          x-kubernetes-list-map-keys:
+                          - name
+                          x-kubernetes-list-type: map
+                        examples:
+                          description: Examples can optionally be used to ensure that
+                            the sequence of transformation expressions are working
+                            as expected. Examples define sample input identities which
+                            are then run through the expression list, and the results
+                            are compared to the expected results. If any example in
+                            this list fails, then this identity provider will not
+                            be available for use within this FederationDomain, and
+                            the error(s) will be added to the FederationDomain status.
+                            This can be used to help guard against programming mistakes
+                            in the expressions, and also act as living documentation
+                            for other administrators to better understand the expressions.
+                          items:
+                            description: FederationDomainTransformsExample defines
+                              a transform example.
+                            properties:
+                              expects:
+                                description: Expects is the expected output of the
+                                  entire sequence of transforms when they are run
+                                  against the input Username and Groups.
+                                properties:
+                                  groups:
+                                    description: Groups is the expected list of group
+                                      names after the transformations have been applied.
+                                    items:
+                                      type: string
+                                    type: array
+                                  message:
+                                    description: Message is the expected error message
+                                      of the transforms. When Rejected is true, then
+                                      Message is the expected message for the policy
+                                      which rejected the authentication attempt. When
+                                      Rejected is true and Message is blank, then
+                                      Message will be treated as the default error
+                                      message for authentication attempts which are
+                                      rejected by a policy. When Rejected is false,
+                                      then Message is the expected error message for
+                                      some other non-policy transformation error,
+                                      such as a runtime error. When Rejected is false,
+                                      there is no default expected Message.
+                                    type: string
+                                  rejected:
+                                    description: Rejected is a boolean that indicates
+                                      whether authentication is expected to be rejected
+                                      by a policy expression after the transformations
+                                      have been applied. True means that it is expected
+                                      that the authentication would be rejected. The
+                                      default value of false means that it is expected
+                                      that the authentication would not be rejected
+                                      by any policy expression.
+                                    type: boolean
+                                  username:
+                                    description: Username is the expected username
+                                      after the transformations have been applied.
+                                    type: string
+                                type: object
+                              groups:
+                                description: Groups is the input list of group names.
+                                items:
+                                  type: string
+                                type: array
+                              username:
+                                description: Username is the input username.
+                                minLength: 1
+                                type: string
+                            required:
+                            - expects
+                            - username
+                            type: object
+                          type: array
+                        expressions:
+                          description: "Expressions are an optional list of transforms
+                            and policies to be executed in the order given during
+                            every authentication attempt, including during every session
+                            refresh. Each is a CEL expression. It may use the basic
+                            CEL language as defined in https://github.com/google/cel-spec/blob/master/doc/langdef.md
+                            plus the CEL string extensions defined in https://github.com/google/cel-go/tree/master/ext#strings.
+                            \n The username and groups extracted from the identity
+                            provider, and the constants defined in this CR, are available
+                            as variables in all expressions. The username is provided
+                            via a variable called `username` and the list of group
+                            names is provided via a variable called `groups` (which
+                            may be an empty list). Each user-provided constants is
+                            provided via a variable named `strConst.varName` for string
+                            constants and `strListConst.varName` for string list constants.
+                            \n The only allowed types for expressions are currently
+                            policy/v1, username/v1, and groups/v1. Each policy/v1
+                            must return a boolean, and when it returns false, no more
+                            expressions from the list are evaluated and the authentication
+                            attempt is rejected. Transformations of type policy/v1
+                            do not return usernames or group names, and therefore
+                            cannot change the username or group names. Each username/v1
+                            transform must return the new username (a string), which
+                            can be the same as the old username. Transformations of
+                            type username/v1 do not return group names, and therefore
+                            cannot change the group names. Each groups/v1 transform
+                            must return the new groups list (list of strings), which
+                            can be the same as the old groups list. Transformations
+                            of type groups/v1 do not return usernames, and therefore
+                            cannot change the usernames. After each expression, the
+                            new (potentially changed) username or groups get passed
+                            to the following expression. \n Any compilation or static
+                            type-checking failure of any expression will cause an
+                            error status on the FederationDomain. During an authentication
+                            attempt, any unexpected runtime evaluation errors (e.g.
+                            division by zero) cause the authentication attempt to
+                            fail. When all expressions evaluate successfully, then
+                            the (potentially changed) username and group names have
+                            been decided for that authentication attempt."
+                          items:
+                            description: FederationDomainTransformsExpression defines
+                              a transform expression.
+                            properties:
+                              expression:
+                                description: Expression is a CEL expression that will
+                                  be evaluated based on the Type during an authentication.
+                                minLength: 1
+                                type: string
+                              message:
+                                description: Message is only used when Type is policy/v1.
+                                  It defines an error message to be used when the
+                                  policy rejects an authentication attempt. When empty,
+                                  a default message will be used.
+                                type: string
+                              type:
+                                description: Type determines the type of the expression.
+                                  It must be one of the supported types.
+                                enum:
+                                - policy/v1
+                                - username/v1
+                                - groups/v1
+                                type: string
+                            required:
+                            - expression
+                            - type
+                            type: object
+                          type: array
+                      type: object
+                  required:
+                  - displayName
+                  - objectRef
+                  type: object
+                type: array
               issuer:
                 description: "Issuer is the OIDC Provider's issuer, per the OIDC Discovery
                   Metadata document, as well as the identifier that it will use for
@@ -59,8 +316,8 @@ spec:
                 minLength: 1
                 type: string
               tls:
-                description: TLS configures how this FederationDomain is served over
-                  Transport Layer Security (TLS).
+                description: TLS specifies a secret which will contain Transport Layer
+                  Security (TLS) configuration for the FederationDomain.
                 properties:
                   secretName:
                     description: "SecretName is an optional name of a Secret in the
@@ -91,14 +348,86 @@ spec:
           status:
             description: Status of the OIDC provider.
             properties:
-              lastUpdateTime:
-                description: LastUpdateTime holds the time at which the Status was
-                  last updated. It is a pointer to get around some undesirable behavior
-                  with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811).
-                format: date-time
-                type: string
-              message:
-                description: Message provides human-readable details about the Status.
+              conditions:
+                description: Conditions represent the observations of an FederationDomain's
+                  current state.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the FederationDomain.
+                enum:
+                - Pending
+                - Ready
+                - Error
                 type: string
               secrets:
                 description: Secrets contains information about this OIDC Provider's
@@ -115,6 +444,7 @@ spec:
                           TODO: Add other useful fields. apiVersion, kind, uid?'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   stateEncryptionKey:
                     description: StateSigningKey holds the name of the corev1.Secret
                       in which this OIDC Provider's key for encrypting state parameters
@@ -125,6 +455,7 @@ spec:
                           TODO: Add other useful fields. apiVersion, kind, uid?'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   stateSigningKey:
                     description: StateSigningKey holds the name of the corev1.Secret
                       in which this OIDC Provider's key for signing state parameters
@@ -135,6 +466,7 @@ spec:
                           TODO: Add other useful fields. apiVersion, kind, uid?'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                   tokenSigningKey:
                     description: TokenSigningKey holds the name of the corev1.Secret
                       in which this OIDC Provider's key for signing tokens is stored.
@@ -144,16 +476,8 @@ spec:
                           TODO: Add other useful fields. apiVersion, kind, uid?'
                         type: string
                     type: object
+                    x-kubernetes-map-type: atomic
                 type: object
-              status:
-                description: Status holds an enum that describes the state of this
-                  OIDC Provider. Note that this Status can represent success or failure.
-                enum:
-                - Success
-                - Duplicate
-                - Invalid
-                - SameIssuerHostMustUseSameSecret
-                type: string
             type: object
         required:
         - spec
@@ -162,9 +486,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/supervisor/config.supervisor.pinniped.dev_oidcclients.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: oidcclients.config.supervisor.pinniped.dev
 spec:
   group: config.supervisor.pinniped.dev
@@ -129,9 +128,15 @@ spec:
                 description: conditions represent the observations of an OIDCClient's
                   current state.
                 items:
-                  description: Condition status of a resource (mirrored from the metav1.Condition
-                    type added in Kubernetes 1.19). In a future API version we can
-                    switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -213,9 +218,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/supervisor/deployment.yaml

@@ -1,4 +1,4 @@
-#! Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
+#! Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:data", "data")
@@ -190,6 +190,15 @@ spec:
         - name: socket
           emptyDir: {}
         #@ end
+      tolerations:
+        - key: kubernetes.io/arch
+          effect: NoSchedule
+          operator: Equal
+          value: amd64 #! Allow running on amd64 nodes.
+        - key: kubernetes.io/arch
+          effect: NoSchedule
+          operator: Equal
+          value: arm64 #! Also allow running on arm64 nodes.
       #! This will help make sure our multiple pods run on different nodes, making
       #! our deployment "more" "HA".
       affinity:

deploy/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: activedirectoryidentityproviders.idp.supervisor.pinniped.dev
 spec:
   group: idp.supervisor.pinniped.dev
@@ -232,9 +231,15 @@ spec:
                 description: Represents the observations of an identity provider's
                   current state.
                 items:
-                  description: Condition status of a resource (mirrored from the metav1.Condition
-                    type added in Kubernetes 1.19). In a future API version we can
-                    switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -311,9 +316,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: ldapidentityproviders.idp.supervisor.pinniped.dev
 spec:
   group: idp.supervisor.pinniped.dev
@@ -229,9 +228,15 @@ spec:
                 description: Represents the observations of an identity provider's
                   current state.
                 items:
-                  description: Condition status of a resource (mirrored from the metav1.Condition
-                    type added in Kubernetes 1.19). In a future API version we can
-                    switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -308,9 +313,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml

@@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.8.0
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.13.0
   name: oidcidentityproviders.idp.supervisor.pinniped.dev
 spec:
   group: idp.supervisor.pinniped.dev
@@ -259,9 +258,15 @@ spec:
                 description: Represents the observations of an identity provider's
                   current state.
                 items:
-                  description: Condition status of a resource (mirrored from the metav1.Condition
-                    type added in Kubernetes 1.19). In a future API version we can
-                    switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource. --- This struct is intended for direct
+                    use as an array at the field path .status.conditions.  For example,
+                    \n type FooStatus struct{ // Represents the observations of a
+                    foo's current state. // Known .status.conditions.type are: \"Available\",
+                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
+                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
+                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
+                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
                       description: lastTransitionTime is the last time the condition
@@ -338,9 +343,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

generated/1.17/apis/concierge/authentication/v1alpha1/types_jwtauthenticator.go

@@ -1,85 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// Status of a JWT authenticator.
-type JWTAuthenticatorStatus struct {
-	// Represents the observations of the authenticator's current state.
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
-}
-
-// Spec for configuring a JWT authenticator.
-type JWTAuthenticatorSpec struct {
-	// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
-	// also used to validate the "iss" JWT claim.
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^https://`
-	Issuer string `json:"issuer"`
-
-	// Audience is the required value of the "aud" JWT claim.
-	// +kubebuilder:validation:MinLength=1
-	Audience string `json:"audience"`
-
-	// Claims allows customization of the claims that will be mapped to user identity
-	// for Kubernetes access.
-	// +optional
-	Claims JWTTokenClaims `json:"claims"`
-
-	// TLS configuration for communicating with the OIDC provider.
-	// +optional
-	TLS *TLSSpec `json:"tls,omitempty"`
-}
-
-// JWTTokenClaims allows customization of the claims that will be mapped to user identity
-// for Kubernetes access.
-type JWTTokenClaims struct {
-	// Groups is the name of the claim which should be read to extract the user's
-	// group membership from the JWT token. When not specified, it will default to "groups".
-	// +optional
-	Groups string `json:"groups"`
-
-	// Username is the name of the claim which should be read to extract the
-	// username from the JWT token. When not specified, it will default to "username".
-	// +optional
-	Username string `json:"username"`
-}
-
-// JWTAuthenticator describes the configuration of a JWT authenticator.
-//
-// Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid
-// signature, existence of claims, etc.) and extract the username and groups from the token.
-//
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
-// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
-// +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience`
-// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
-// +kubebuilder:subresource:status
-type JWTAuthenticator struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec for configuring the authenticator.
-	Spec JWTAuthenticatorSpec `json:"spec"`
-
-	// Status of the authenticator.
-	Status JWTAuthenticatorStatus `json:"status,omitempty"`
-}
-
-// List of JWTAuthenticator objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type JWTAuthenticatorList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-
-	Items []JWTAuthenticator `json:"items"`
-}

generated/1.17/apis/concierge/authentication/v1alpha1/types_meta.go

@@ -1,75 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// ConditionStatus is effectively an enum type for Condition.Status.
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
-// version we can switch to using the upstream type.
-// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-type Condition struct {
-	// type of condition in CamelCase or in foo.example.com/CamelCase.
-	// ---
-	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-	// useful (see .node.status.conditions), the ability to deconflict is important.
-	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
-	// +kubebuilder:validation:MaxLength=316
-	Type string `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// observedGeneration represents the .metadata.generation that the condition was set based upon.
-	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-	// with respect to the current state of the instance.
-	// +optional
-	// +kubebuilder:validation:Minimum=0
-	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-
-	// lastTransitionTime is the last time the condition transitioned from one status to another.
-	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Type=string
-	// +kubebuilder:validation:Format=date-time
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
-	// Producers of specific condition types may define expected values and meanings for this field,
-	// and whether the values are considered a guaranteed API.
-	// The value should be a CamelCase string.
-	// This field may not be empty.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
-	Reason string `json:"reason"`
-
-	// message is a human readable message indicating details about the transition.
-	// This may be an empty string.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=32768
-	Message string `json:"message"`
-}

generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.conversion.go

@@ -1,235 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	unsafe "unsafe"
-
-	identity "go.pinniped.dev/generated/1.17/apis/concierge/identity"
-	conversion "k8s.io/apimachinery/pkg/conversion"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-func init() {
-	localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
-	if err := s.AddGeneratedConversionFunc((*KubernetesUserInfo)(nil), (*identity.KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(a.(*KubernetesUserInfo), b.(*identity.KubernetesUserInfo), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*identity.KubernetesUserInfo)(nil), (*KubernetesUserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(a.(*identity.KubernetesUserInfo), b.(*KubernetesUserInfo), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*UserInfo)(nil), (*identity.UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_UserInfo_To_identity_UserInfo(a.(*UserInfo), b.(*identity.UserInfo), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*identity.UserInfo)(nil), (*UserInfo)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_identity_UserInfo_To_v1alpha1_UserInfo(a.(*identity.UserInfo), b.(*UserInfo), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*WhoAmIRequest)(nil), (*identity.WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(a.(*WhoAmIRequest), b.(*identity.WhoAmIRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequest)(nil), (*WhoAmIRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(a.(*identity.WhoAmIRequest), b.(*WhoAmIRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*WhoAmIRequestList)(nil), (*identity.WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(a.(*WhoAmIRequestList), b.(*identity.WhoAmIRequestList), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestList)(nil), (*WhoAmIRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(a.(*identity.WhoAmIRequestList), b.(*WhoAmIRequestList), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*WhoAmIRequestSpec)(nil), (*identity.WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(a.(*WhoAmIRequestSpec), b.(*identity.WhoAmIRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestSpec)(nil), (*WhoAmIRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(a.(*identity.WhoAmIRequestSpec), b.(*WhoAmIRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*WhoAmIRequestStatus)(nil), (*identity.WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(a.(*WhoAmIRequestStatus), b.(*identity.WhoAmIRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*identity.WhoAmIRequestStatus)(nil), (*WhoAmIRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(a.(*identity.WhoAmIRequestStatus), b.(*WhoAmIRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error {
-	if err := Convert_v1alpha1_UserInfo_To_identity_UserInfo(&in.User, &out.User, s); err != nil {
-		return err
-	}
-	out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
-	return nil
-}
-
-// Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo is an autogenerated conversion function.
-func Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in *KubernetesUserInfo, out *identity.KubernetesUserInfo, s conversion.Scope) error {
-	return autoConvert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(in, out, s)
-}
-
-func autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error {
-	if err := Convert_identity_UserInfo_To_v1alpha1_UserInfo(&in.User, &out.User, s); err != nil {
-		return err
-	}
-	out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
-	return nil
-}
-
-// Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo is an autogenerated conversion function.
-func Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in *identity.KubernetesUserInfo, out *KubernetesUserInfo, s conversion.Scope) error {
-	return autoConvert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(in, out, s)
-}
-
-func autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error {
-	out.Username = in.Username
-	out.UID = in.UID
-	out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups))
-	out.Extra = *(*map[string]identity.ExtraValue)(unsafe.Pointer(&in.Extra))
-	return nil
-}
-
-// Convert_v1alpha1_UserInfo_To_identity_UserInfo is an autogenerated conversion function.
-func Convert_v1alpha1_UserInfo_To_identity_UserInfo(in *UserInfo, out *identity.UserInfo, s conversion.Scope) error {
-	return autoConvert_v1alpha1_UserInfo_To_identity_UserInfo(in, out, s)
-}
-
-func autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error {
-	out.Username = in.Username
-	out.UID = in.UID
-	out.Groups = *(*[]string)(unsafe.Pointer(&in.Groups))
-	out.Extra = *(*map[string]ExtraValue)(unsafe.Pointer(&in.Extra))
-	return nil
-}
-
-// Convert_identity_UserInfo_To_v1alpha1_UserInfo is an autogenerated conversion function.
-func Convert_identity_UserInfo_To_v1alpha1_UserInfo(in *identity.UserInfo, out *UserInfo, s conversion.Scope) error {
-	return autoConvert_identity_UserInfo_To_v1alpha1_UserInfo(in, out, s)
-}
-
-func autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest is an autogenerated conversion function.
-func Convert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in *WhoAmIRequest, out *identity.WhoAmIRequest, s conversion.Scope) error {
-	return autoConvert_v1alpha1_WhoAmIRequest_To_identity_WhoAmIRequest(in, out, s)
-}
-
-func autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest is an autogenerated conversion function.
-func Convert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in *identity.WhoAmIRequest, out *WhoAmIRequest, s conversion.Scope) error {
-	return autoConvert_identity_WhoAmIRequest_To_v1alpha1_WhoAmIRequest(in, out, s)
-}
-
-func autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = *(*[]identity.WhoAmIRequest)(unsafe.Pointer(&in.Items))
-	return nil
-}
-
-// Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList is an autogenerated conversion function.
-func Convert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in *WhoAmIRequestList, out *identity.WhoAmIRequestList, s conversion.Scope) error {
-	return autoConvert_v1alpha1_WhoAmIRequestList_To_identity_WhoAmIRequestList(in, out, s)
-}
-
-func autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = *(*[]WhoAmIRequest)(unsafe.Pointer(&in.Items))
-	return nil
-}
-
-// Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList is an autogenerated conversion function.
-func Convert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in *identity.WhoAmIRequestList, out *WhoAmIRequestList, s conversion.Scope) error {
-	return autoConvert_identity_WhoAmIRequestList_To_v1alpha1_WhoAmIRequestList(in, out, s)
-}
-
-func autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error {
-	return nil
-}
-
-// Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec is an autogenerated conversion function.
-func Convert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in *WhoAmIRequestSpec, out *identity.WhoAmIRequestSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha1_WhoAmIRequestSpec_To_identity_WhoAmIRequestSpec(in, out, s)
-}
-
-func autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error {
-	return nil
-}
-
-// Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec is an autogenerated conversion function.
-func Convert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in *identity.WhoAmIRequestSpec, out *WhoAmIRequestSpec, s conversion.Scope) error {
-	return autoConvert_identity_WhoAmIRequestSpec_To_v1alpha1_WhoAmIRequestSpec(in, out, s)
-}
-
-func autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error {
-	if err := Convert_v1alpha1_KubernetesUserInfo_To_identity_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus is an autogenerated conversion function.
-func Convert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in *WhoAmIRequestStatus, out *identity.WhoAmIRequestStatus, s conversion.Scope) error {
-	return autoConvert_v1alpha1_WhoAmIRequestStatus_To_identity_WhoAmIRequestStatus(in, out, s)
-}
-
-func autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error {
-	if err := Convert_identity_KubernetesUserInfo_To_v1alpha1_KubernetesUserInfo(&in.KubernetesUserInfo, &out.KubernetesUserInfo, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus is an autogenerated conversion function.
-func Convert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in *identity.WhoAmIRequestStatus, out *WhoAmIRequestStatus, s conversion.Scope) error {
-	return autoConvert_identity_WhoAmIRequestStatus_To_v1alpha1_WhoAmIRequestStatus(in, out, s)
-}

generated/1.17/apis/concierge/identity/validation/validation.go

@@ -1,14 +0,0 @@
-// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package validation
-
-import (
-	"k8s.io/apimachinery/pkg/util/validation/field"
-
-	identityapi "go.pinniped.dev/generated/1.17/apis/concierge/identity"
-)
-
-func ValidateWhoAmIRequest(whoAmIRequest *identityapi.WhoAmIRequest) field.ErrorList {
-	return nil // add validation for spec here if we expand it
-}

generated/1.17/apis/concierge/login/v1alpha1/doc.go

@@ -1,11 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/concierge/login
-// +k8s:defaulter-gen=TypeMeta
-// +groupName=login.concierge.pinniped.dev
-
-// Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
-package v1alpha1

generated/1.17/apis/concierge/login/v1alpha1/zz_generated.conversion.go

@@ -1,201 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	unsafe "unsafe"
-
-	login "go.pinniped.dev/generated/1.17/apis/concierge/login"
-	conversion "k8s.io/apimachinery/pkg/conversion"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-func init() {
-	localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
-	if err := s.AddGeneratedConversionFunc((*ClusterCredential)(nil), (*login.ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(a.(*ClusterCredential), b.(*login.ClusterCredential), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*login.ClusterCredential)(nil), (*ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(a.(*login.ClusterCredential), b.(*ClusterCredential), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*TokenCredentialRequest)(nil), (*login.TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(a.(*TokenCredentialRequest), b.(*login.TokenCredentialRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequest)(nil), (*TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(a.(*login.TokenCredentialRequest), b.(*TokenCredentialRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestList)(nil), (*login.TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(a.(*TokenCredentialRequestList), b.(*login.TokenCredentialRequestList), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestList)(nil), (*TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(a.(*login.TokenCredentialRequestList), b.(*TokenCredentialRequestList), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestSpec)(nil), (*login.TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(a.(*TokenCredentialRequestSpec), b.(*login.TokenCredentialRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestSpec)(nil), (*TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(a.(*login.TokenCredentialRequestSpec), b.(*TokenCredentialRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestStatus)(nil), (*login.TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(a.(*TokenCredentialRequestStatus), b.(*login.TokenCredentialRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestStatus)(nil), (*TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(a.(*login.TokenCredentialRequestStatus), b.(*TokenCredentialRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error {
-	out.ExpirationTimestamp = in.ExpirationTimestamp
-	out.Token = in.Token
-	out.ClientCertificateData = in.ClientCertificateData
-	out.ClientKeyData = in.ClientKeyData
-	return nil
-}
-
-// Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential is an autogenerated conversion function.
-func Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error {
-	return autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in, out, s)
-}
-
-func autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error {
-	out.ExpirationTimestamp = in.ExpirationTimestamp
-	out.Token = in.Token
-	out.ClientCertificateData = in.ClientCertificateData
-	out.ClientKeyData = in.ClientKeyData
-	return nil
-}
-
-// Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential is an autogenerated conversion function.
-func Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error {
-	return autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in, out, s)
-}
-
-func autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest is an autogenerated conversion function.
-func Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error {
-	return autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in, out, s)
-}
-
-func autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest is an autogenerated conversion function.
-func Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error {
-	return autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in, out, s)
-}
-
-func autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = *(*[]login.TokenCredentialRequest)(unsafe.Pointer(&in.Items))
-	return nil
-}
-
-// Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList is an autogenerated conversion function.
-func Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error {
-	return autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in, out, s)
-}
-
-func autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = *(*[]TokenCredentialRequest)(unsafe.Pointer(&in.Items))
-	return nil
-}
-
-// Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList is an autogenerated conversion function.
-func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error {
-	return autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in, out, s)
-}
-
-func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
-	out.Token = in.Token
-	out.Authenticator = in.Authenticator
-	return nil
-}
-
-// Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec is an autogenerated conversion function.
-func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in, out, s)
-}
-
-func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
-	out.Token = in.Token
-	out.Authenticator = in.Authenticator
-	return nil
-}
-
-// Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec is an autogenerated conversion function.
-func Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error {
-	return autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in, out, s)
-}
-
-func autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error {
-	out.Credential = (*login.ClusterCredential)(unsafe.Pointer(in.Credential))
-	out.Message = (*string)(unsafe.Pointer(in.Message))
-	return nil
-}
-
-// Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus is an autogenerated conversion function.
-func Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error {
-	return autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in, out, s)
-}
-
-func autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error {
-	out.Credential = (*ClusterCredential)(unsafe.Pointer(in.Credential))
-	out.Message = (*string)(unsafe.Pointer(in.Message))
-	return nil
-}
-
-// Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus is an autogenerated conversion function.
-func Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error {
-	return autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in, out, s)
-}

generated/1.17/apis/go.mod

@@ -1,9 +0,0 @@
-// This go.mod file is generated by ./hack/codegen.sh.
-module go.pinniped.dev/generated/1.17/apis
-
-go 1.13
-
-require (
-	k8s.io/api v0.17.17
-	k8s.io/apimachinery v0.17.17
-)

generated/1.17/apis/go.sum

@@ -1,105 +0,0 @@
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-k8s.io/api v0.17.17 h1:S+Yv5pdfvy9OG1t148zMFk3/l/VYpF1N4j5Y/q8IMdg=
-k8s.io/api v0.17.17/go.mod h1:kk4nQM0EVx+BEY7o8CN5YL99CWmWEQ2a4NCak58yB6E=
-k8s.io/apimachinery v0.17.17 h1:HMpFl9yqNI5G2+2WllKOe2XYLkCyaWzfXvk7SosyVko=
-k8s.io/apimachinery v0.17.17/go.mod h1:T54ZSpncArE25c5r2PbUPsLeTpkPWY/ivafigSX6+xk=
-k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29/go.mod h1:F+5wygcW0wmRTnM3cOgIqGivxkwSWIWT5YdsDbeAOaU=
-sigs.k8s.io/structured-merge-diff/v2 v2.0.1/go.mod h1:Wb7vfKAodbKgf6tn1Kl0VvGj7mRH6DGaRcixXEJXTsE=
-sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

generated/1.17/apis/supervisor/clientsecret/v1alpha1/doc.go

@@ -1,11 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret
-// +k8s:defaulter-gen=TypeMeta
-// +groupName=clientsecret.supervisor.pinniped.dev
-
-// Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
-package v1alpha1

generated/1.17/apis/supervisor/clientsecret/v1alpha1/zz_generated.conversion.go

@@ -1,165 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	unsafe "unsafe"
-
-	clientsecret "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret"
-	conversion "k8s.io/apimachinery/pkg/conversion"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-func init() {
-	localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequest)(nil), (*clientsecret.OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(a.(*OIDCClientSecretRequest), b.(*clientsecret.OIDCClientSecretRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequest)(nil), (*OIDCClientSecretRequest)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(a.(*clientsecret.OIDCClientSecretRequest), b.(*OIDCClientSecretRequest), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestList)(nil), (*clientsecret.OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(a.(*OIDCClientSecretRequestList), b.(*clientsecret.OIDCClientSecretRequestList), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestList)(nil), (*OIDCClientSecretRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(a.(*clientsecret.OIDCClientSecretRequestList), b.(*OIDCClientSecretRequestList), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestSpec)(nil), (*clientsecret.OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(a.(*OIDCClientSecretRequestSpec), b.(*clientsecret.OIDCClientSecretRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestSpec)(nil), (*OIDCClientSecretRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(a.(*clientsecret.OIDCClientSecretRequestSpec), b.(*OIDCClientSecretRequestSpec), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*OIDCClientSecretRequestStatus)(nil), (*clientsecret.OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(a.(*OIDCClientSecretRequestStatus), b.(*clientsecret.OIDCClientSecretRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	if err := s.AddGeneratedConversionFunc((*clientsecret.OIDCClientSecretRequestStatus)(nil), (*OIDCClientSecretRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
-		return Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(a.(*clientsecret.OIDCClientSecretRequestStatus), b.(*OIDCClientSecretRequestStatus), scope)
-	}); err != nil {
-		return err
-	}
-	return nil
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in *OIDCClientSecretRequest, out *clientsecret.OIDCClientSecretRequest, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequest_To_clientsecret_OIDCClientSecretRequest(in, out, s)
-}
-
-func autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
-	out.ObjectMeta = in.ObjectMeta
-	if err := Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(&in.Spec, &out.Spec, s); err != nil {
-		return err
-	}
-	if err := Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(&in.Status, &out.Status, s); err != nil {
-		return err
-	}
-	return nil
-}
-
-// Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest is an autogenerated conversion function.
-func Convert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in *clientsecret.OIDCClientSecretRequest, out *OIDCClientSecretRequest, s conversion.Scope) error {
-	return autoConvert_clientsecret_OIDCClientSecretRequest_To_v1alpha1_OIDCClientSecretRequest(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = *(*[]clientsecret.OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in *OIDCClientSecretRequestList, out *clientsecret.OIDCClientSecretRequestList, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestList_To_clientsecret_OIDCClientSecretRequestList(in, out, s)
-}
-
-func autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
-	out.ListMeta = in.ListMeta
-	out.Items = *(*[]OIDCClientSecretRequest)(unsafe.Pointer(&in.Items))
-	return nil
-}
-
-// Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList is an autogenerated conversion function.
-func Convert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in *clientsecret.OIDCClientSecretRequestList, out *OIDCClientSecretRequestList, s conversion.Scope) error {
-	return autoConvert_clientsecret_OIDCClientSecretRequestList_To_v1alpha1_OIDCClientSecretRequestList(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	out.GenerateNewSecret = in.GenerateNewSecret
-	out.RevokeOldSecrets = in.RevokeOldSecrets
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in *OIDCClientSecretRequestSpec, out *clientsecret.OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestSpec_To_clientsecret_OIDCClientSecretRequestSpec(in, out, s)
-}
-
-func autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	out.GenerateNewSecret = in.GenerateNewSecret
-	out.RevokeOldSecrets = in.RevokeOldSecrets
-	return nil
-}
-
-// Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec is an autogenerated conversion function.
-func Convert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in *clientsecret.OIDCClientSecretRequestSpec, out *OIDCClientSecretRequestSpec, s conversion.Scope) error {
-	return autoConvert_clientsecret_OIDCClientSecretRequestSpec_To_v1alpha1_OIDCClientSecretRequestSpec(in, out, s)
-}
-
-func autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	out.GeneratedSecret = in.GeneratedSecret
-	out.TotalClientSecrets = in.TotalClientSecrets
-	return nil
-}
-
-// Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus is an autogenerated conversion function.
-func Convert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in *OIDCClientSecretRequestStatus, out *clientsecret.OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	return autoConvert_v1alpha1_OIDCClientSecretRequestStatus_To_clientsecret_OIDCClientSecretRequestStatus(in, out, s)
-}
-
-func autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	out.GeneratedSecret = in.GeneratedSecret
-	out.TotalClientSecrets = in.TotalClientSecrets
-	return nil
-}
-
-// Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus is an autogenerated conversion function.
-func Convert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in *clientsecret.OIDCClientSecretRequestStatus, out *OIDCClientSecretRequestStatus, s conversion.Scope) error {
-	return autoConvert_clientsecret_OIDCClientSecretRequestStatus_To_v1alpha1_OIDCClientSecretRequestStatus(in, out, s)
-}

generated/1.17/apis/supervisor/config/v1alpha1/doc.go

@@ -1,11 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=go.pinniped.dev/generated/1.17/apis/supervisor/config
-// +k8s:defaulter-gen=TypeMeta
-// +groupName=config.supervisor.pinniped.dev
-
-// Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor configuration API.
-package v1alpha1

generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go

@@ -1,135 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +kubebuilder:validation:Enum=Success;Duplicate;Invalid;SameIssuerHostMustUseSameSecret
-type FederationDomainStatusCondition string
-
-const (
-	SuccessFederationDomainStatusCondition                         = FederationDomainStatusCondition("Success")
-	DuplicateFederationDomainStatusCondition                       = FederationDomainStatusCondition("Duplicate")
-	SameIssuerHostMustUseSameSecretFederationDomainStatusCondition = FederationDomainStatusCondition("SameIssuerHostMustUseSameSecret")
-	InvalidFederationDomainStatusCondition                         = FederationDomainStatusCondition("Invalid")
-)
-
-// FederationDomainTLSSpec is a struct that describes the TLS configuration for an OIDC Provider.
-type FederationDomainTLSSpec struct {
-	// SecretName is an optional name of a Secret in the same namespace, of type `kubernetes.io/tls`, which contains
-	// the TLS serving certificate for the HTTPS endpoints served by this FederationDomain. When provided, the TLS Secret
-	// named here must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use
-	// for TLS.
-	//
-	// Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) supported by all major browsers.
-	//
-	// SecretName is required if you would like to use different TLS certificates for issuers of different hostnames.
-	// SNI requests do not include port numbers, so all issuers with the same DNS hostname must use the same
-	// SecretName value even if they have different port numbers.
-	//
-	// SecretName is not required when you would like to use only the HTTP endpoints (e.g. when the HTTP listener is
-	// configured to listen on loopback interfaces or UNIX domain sockets for traffic from a service mesh sidecar).
-	// It is also not required when you would like all requests to this OIDC Provider's HTTPS endpoints to
-	// use the default TLS certificate, which is configured elsewhere.
-	//
-	// When your Issuer URL's host is an IP address, then this field is ignored. SNI does not work for IP addresses.
-	//
-	// +optional
-	SecretName string `json:"secretName,omitempty"`
-}
-
-// FederationDomainSpec is a struct that describes an OIDC Provider.
-type FederationDomainSpec struct {
-	// Issuer is the OIDC Provider's issuer, per the OIDC Discovery Metadata document, as well as the
-	// identifier that it will use for the iss claim in issued JWTs. This field will also be used as
-	// the base URL for any endpoints used by the OIDC Provider (e.g., if your issuer is
-	// https://example.com/foo, then your authorization endpoint will look like
-	// https://example.com/foo/some/path/to/auth/endpoint).
-	//
-	// See
-	// https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.3 for more information.
-	// +kubebuilder:validation:MinLength=1
-	Issuer string `json:"issuer"`
-
-	// TLS configures how this FederationDomain is served over Transport Layer Security (TLS).
-	// +optional
-	TLS *FederationDomainTLSSpec `json:"tls,omitempty"`
-}
-
-// FederationDomainSecrets holds information about this OIDC Provider's secrets.
-type FederationDomainSecrets struct {
-	// JWKS holds the name of the corev1.Secret in which this OIDC Provider's signing/verification keys are
-	// stored. If it is empty, then the signing/verification keys are either unknown or they don't
-	// exist.
-	// +optional
-	JWKS corev1.LocalObjectReference `json:"jwks,omitempty"`
-
-	// TokenSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
-	// signing tokens is stored.
-	// +optional
-	TokenSigningKey corev1.LocalObjectReference `json:"tokenSigningKey,omitempty"`
-
-	// StateSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
-	// signing state parameters is stored.
-	// +optional
-	StateSigningKey corev1.LocalObjectReference `json:"stateSigningKey,omitempty"`
-
-	// StateSigningKey holds the name of the corev1.Secret in which this OIDC Provider's key for
-	// encrypting state parameters is stored.
-	// +optional
-	StateEncryptionKey corev1.LocalObjectReference `json:"stateEncryptionKey,omitempty"`
-}
-
-// FederationDomainStatus is a struct that describes the actual state of an OIDC Provider.
-type FederationDomainStatus struct {
-	// Status holds an enum that describes the state of this OIDC Provider. Note that this Status can
-	// represent success or failure.
-	// +optional
-	Status FederationDomainStatusCondition `json:"status,omitempty"`
-
-	// Message provides human-readable details about the Status.
-	// +optional
-	Message string `json:"message,omitempty"`
-
-	// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
-	// around some undesirable behavior with respect to the empty metav1.Time value (see
-	// https://github.com/kubernetes/kubernetes/issues/86811).
-	// +optional
-	LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
-
-	// Secrets contains information about this OIDC Provider's secrets.
-	// +optional
-	Secrets FederationDomainSecrets `json:"secrets,omitempty"`
-}
-
-// FederationDomain describes the configuration of an OIDC provider.
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped
-// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
-// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
-// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
-// +kubebuilder:subresource:status
-type FederationDomain struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec of the OIDC provider.
-	Spec FederationDomainSpec `json:"spec"`
-
-	// Status of the OIDC provider.
-	Status FederationDomainStatus `json:"status,omitempty"`
-}
-
-// List of FederationDomain objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type FederationDomainList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-
-	Items []FederationDomain `json:"items"`
-}

generated/1.17/apis/supervisor/config/v1alpha1/types_meta.go

@@ -1,75 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// ConditionStatus is effectively an enum type for Condition.Status.
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
-// version we can switch to using the upstream type.
-// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-type Condition struct {
-	// type of condition in CamelCase or in foo.example.com/CamelCase.
-	// ---
-	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-	// useful (see .node.status.conditions), the ability to deconflict is important.
-	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
-	// +kubebuilder:validation:MaxLength=316
-	Type string `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// observedGeneration represents the .metadata.generation that the condition was set based upon.
-	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-	// with respect to the current state of the instance.
-	// +optional
-	// +kubebuilder:validation:Minimum=0
-	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-
-	// lastTransitionTime is the last time the condition transitioned from one status to another.
-	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Type=string
-	// +kubebuilder:validation:Format=date-time
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
-	// Producers of specific condition types may define expected values and meanings for this field,
-	// and whether the values are considered a guaranteed API.
-	// The value should be a CamelCase string.
-	// This field may not be empty.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
-	Reason string `json:"reason"`
-
-	// message is a human readable message indicating details about the transition.
-	// This may be an empty string.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=32768
-	Message string `json:"message"`
-}

generated/1.17/apis/supervisor/config/v1alpha1/types_oidcclient.go

@@ -1,122 +0,0 @@
-// Copyright 2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-type OIDCClientPhase string
-
-const (
-	// PhasePending is the default phase for newly-created OIDCClient resources.
-	PhasePending OIDCClientPhase = "Pending"
-
-	// PhaseReady is the phase for an OIDCClient resource in a healthy state.
-	PhaseReady OIDCClientPhase = "Ready"
-
-	// PhaseError is the phase for an OIDCClient in an unhealthy state.
-	PhaseError OIDCClientPhase = "Error"
-)
-
-// +kubebuilder:validation:Pattern=`^https://.+|^http://(127\.0\.0\.1|\[::1\])(:\d+)?/`
-type RedirectURI string
-
-// +kubebuilder:validation:Enum="authorization_code";"refresh_token";"urn:ietf:params:oauth:grant-type:token-exchange"
-type GrantType string
-
-// +kubebuilder:validation:Enum="openid";"offline_access";"username";"groups";"pinniped:request-audience"
-type Scope string
-
-// OIDCClientSpec is a struct that describes an OIDCClient.
-type OIDCClientSpec struct {
-	// allowedRedirectURIs is a list of the allowed redirect_uri param values that should be accepted during OIDC flows with this
-	// client. Any other uris will be rejected.
-	// Must be a URI with the https scheme, unless the hostname is 127.0.0.1 or ::1 which may use the http scheme.
-	// Port numbers are not required for 127.0.0.1 or ::1 and are ignored when checking for a matching redirect_uri.
-	// +listType=set
-	// +kubebuilder:validation:MinItems=1
-	AllowedRedirectURIs []RedirectURI `json:"allowedRedirectURIs"`
-
-	// allowedGrantTypes is a list of the allowed grant_type param values that should be accepted during OIDC flows with this
-	// client.
-	//
-	// Must only contain the following values:
-	// - authorization_code: allows the client to perform the authorization code grant flow, i.e. allows the webapp to
-	//   authenticate users. This grant must always be listed.
-	// - refresh_token: allows the client to perform refresh grants for the user to extend the user's session.
-	//   This grant must be listed if allowedScopes lists offline_access.
-	// - urn:ietf:params:oauth:grant-type:token-exchange: allows the client to perform RFC8693 token exchange,
-	//   which is a step in the process to be able to get a cluster credential for the user.
-	//   This grant must be listed if allowedScopes lists pinniped:request-audience.
-	// +listType=set
-	// +kubebuilder:validation:MinItems=1
-	AllowedGrantTypes []GrantType `json:"allowedGrantTypes"`
-
-	// allowedScopes is a list of the allowed scopes param values that should be accepted during OIDC flows with this client.
-	//
-	// Must only contain the following values:
-	// - openid: The client is allowed to request ID tokens. ID tokens only include the required claims by default (iss, sub, aud, exp, iat).
-	//   This scope must always be listed.
-	// - offline_access: The client is allowed to request an initial refresh token during the authorization code grant flow.
-	//   This scope must be listed if allowedGrantTypes lists refresh_token.
-	// - pinniped:request-audience: The client is allowed to request a new audience value during a RFC8693 token exchange,
-	//   which is a step in the process to be able to get a cluster credential for the user.
-	//   openid, username and groups scopes must be listed when this scope is present.
-	//   This scope must be listed if allowedGrantTypes lists urn:ietf:params:oauth:grant-type:token-exchange.
-	// - username: The client is allowed to request that ID tokens contain the user's username.
-	//   Without the username scope being requested and allowed, the ID token will not contain the user's username.
-	// - groups: The client is allowed to request that ID tokens contain the user's group membership,
-	//   if their group membership is discoverable by the Supervisor.
-	//   Without the groups scope being requested and allowed, the ID token will not contain groups.
-	// +listType=set
-	// +kubebuilder:validation:MinItems=1
-	AllowedScopes []Scope `json:"allowedScopes"`
-}
-
-// OIDCClientStatus is a struct that describes the actual state of an OIDCClient.
-type OIDCClientStatus struct {
-	// phase summarizes the overall status of the OIDCClient.
-	// +kubebuilder:default=Pending
-	// +kubebuilder:validation:Enum=Pending;Ready;Error
-	Phase OIDCClientPhase `json:"phase,omitempty"`
-
-	// conditions represent the observations of an OIDCClient's current state.
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
-
-	// totalClientSecrets is the current number of client secrets that are detected for this OIDCClient.
-	// +optional
-	TotalClientSecrets int32 `json:"totalClientSecrets"` // do not omitempty to allow it to show in the printer column even when it is 0
-}
-
-// OIDCClient describes the configuration of an OIDC client.
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped
-// +kubebuilder:printcolumn:name="Privileged Scopes",type=string,JSONPath=`.spec.allowedScopes[?(@ == "pinniped:request-audience")]`
-// +kubebuilder:printcolumn:name="Client Secrets",type=integer,JSONPath=`.status.totalClientSecrets`
-// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
-// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
-// +kubebuilder:subresource:status
-type OIDCClient struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec of the OIDC client.
-	Spec OIDCClientSpec `json:"spec"`
-
-	// Status of the OIDC client.
-	Status OIDCClientStatus `json:"status,omitempty"`
-}
-
-// List of OIDCClient objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type OIDCClientList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-
-	Items []OIDCClient `json:"items"`
-}

generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go

@@ -1,284 +0,0 @@
-//go:build !ignore_autogenerated
-// +build !ignore_autogenerated
-
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Condition) DeepCopyInto(out *Condition) {
-	*out = *in
-	in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
-func (in *Condition) DeepCopy() *Condition {
-	if in == nil {
-		return nil
-	}
-	out := new(Condition)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FederationDomain) DeepCopyInto(out *FederationDomain) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomain.
-func (in *FederationDomain) DeepCopy() *FederationDomain {
-	if in == nil {
-		return nil
-	}
-	out := new(FederationDomain)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *FederationDomain) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FederationDomainList) DeepCopyInto(out *FederationDomainList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]FederationDomain, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainList.
-func (in *FederationDomainList) DeepCopy() *FederationDomainList {
-	if in == nil {
-		return nil
-	}
-	out := new(FederationDomainList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *FederationDomainList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FederationDomainSecrets) DeepCopyInto(out *FederationDomainSecrets) {
-	*out = *in
-	out.JWKS = in.JWKS
-	out.TokenSigningKey = in.TokenSigningKey
-	out.StateSigningKey = in.StateSigningKey
-	out.StateEncryptionKey = in.StateEncryptionKey
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSecrets.
-func (in *FederationDomainSecrets) DeepCopy() *FederationDomainSecrets {
-	if in == nil {
-		return nil
-	}
-	out := new(FederationDomainSecrets)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FederationDomainSpec) DeepCopyInto(out *FederationDomainSpec) {
-	*out = *in
-	if in.TLS != nil {
-		in, out := &in.TLS, &out.TLS
-		*out = new(FederationDomainTLSSpec)
-		**out = **in
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainSpec.
-func (in *FederationDomainSpec) DeepCopy() *FederationDomainSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(FederationDomainSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FederationDomainStatus) DeepCopyInto(out *FederationDomainStatus) {
-	*out = *in
-	if in.LastUpdateTime != nil {
-		in, out := &in.LastUpdateTime, &out.LastUpdateTime
-		*out = (*in).DeepCopy()
-	}
-	out.Secrets = in.Secrets
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainStatus.
-func (in *FederationDomainStatus) DeepCopy() *FederationDomainStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(FederationDomainStatus)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *FederationDomainTLSSpec) DeepCopyInto(out *FederationDomainTLSSpec) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederationDomainTLSSpec.
-func (in *FederationDomainTLSSpec) DeepCopy() *FederationDomainTLSSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(FederationDomainTLSSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClient) DeepCopyInto(out *OIDCClient) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
-	in.Spec.DeepCopyInto(&out.Spec)
-	in.Status.DeepCopyInto(&out.Status)
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
-func (in *OIDCClient) DeepCopy() *OIDCClient {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClient)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *OIDCClient) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientList) DeepCopyInto(out *OIDCClientList) {
-	*out = *in
-	out.TypeMeta = in.TypeMeta
-	in.ListMeta.DeepCopyInto(&out.ListMeta)
-	if in.Items != nil {
-		in, out := &in.Items, &out.Items
-		*out = make([]OIDCClient, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientList.
-func (in *OIDCClientList) DeepCopy() *OIDCClientList {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientList)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *OIDCClientList) DeepCopyObject() runtime.Object {
-	if c := in.DeepCopy(); c != nil {
-		return c
-	}
-	return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientSpec) DeepCopyInto(out *OIDCClientSpec) {
-	*out = *in
-	if in.AllowedRedirectURIs != nil {
-		in, out := &in.AllowedRedirectURIs, &out.AllowedRedirectURIs
-		*out = make([]RedirectURI, len(*in))
-		copy(*out, *in)
-	}
-	if in.AllowedGrantTypes != nil {
-		in, out := &in.AllowedGrantTypes, &out.AllowedGrantTypes
-		*out = make([]GrantType, len(*in))
-		copy(*out, *in)
-	}
-	if in.AllowedScopes != nil {
-		in, out := &in.AllowedScopes, &out.AllowedScopes
-		*out = make([]Scope, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientSpec.
-func (in *OIDCClientSpec) DeepCopy() *OIDCClientSpec {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientSpec)
-	in.DeepCopyInto(out)
-	return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) {
-	*out = *in
-	if in.Conditions != nil {
-		in, out := &in.Conditions, &out.Conditions
-		*out = make([]Condition, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus.
-func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus {
-	if in == nil {
-		return nil
-	}
-	out := new(OIDCClientStatus)
-	in.DeepCopyInto(out)
-	return out
-}

generated/1.17/apis/supervisor/idp/v1alpha1/types_ldapidentityprovider.go

@@ -1,207 +0,0 @@
-// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type LDAPIdentityProviderPhase string
-
-const (
-	// LDAPPhasePending is the default phase for newly-created LDAPIdentityProvider resources.
-	LDAPPhasePending LDAPIdentityProviderPhase = "Pending"
-
-	// LDAPPhaseReady is the phase for an LDAPIdentityProvider resource in a healthy state.
-	LDAPPhaseReady LDAPIdentityProviderPhase = "Ready"
-
-	// LDAPPhaseError is the phase for an LDAPIdentityProvider in an unhealthy state.
-	LDAPPhaseError LDAPIdentityProviderPhase = "Error"
-)
-
-// Status of an LDAP identity provider.
-type LDAPIdentityProviderStatus struct {
-	// Phase summarizes the overall status of the LDAPIdentityProvider.
-	// +kubebuilder:default=Pending
-	// +kubebuilder:validation:Enum=Pending;Ready;Error
-	Phase LDAPIdentityProviderPhase `json:"phase,omitempty"`
-
-	// Represents the observations of an identity provider's current state.
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
-}
-
-type LDAPIdentityProviderBind struct {
-	// SecretName contains the name of a namespace-local Secret object that provides the username and
-	// password for an LDAP bind user. This account will be used to perform LDAP searches. The Secret should be
-	// of type "kubernetes.io/basic-auth" which includes "username" and "password" keys. The username value
-	// should be the full dn (distinguished name) of your bind account, e.g. "cn=bind-account,ou=users,dc=example,dc=com".
-	// The password must be non-empty.
-	// +kubebuilder:validation:MinLength=1
-	SecretName string `json:"secretName"`
-}
-
-type LDAPIdentityProviderUserSearchAttributes struct {
-	// Username specifies the name of the attribute in the LDAP entry whose value shall become the username
-	// of the user after a successful authentication. This would typically be the same attribute name used in
-	// the user search filter, although it can be different. E.g. "mail" or "uid" or "userPrincipalName".
-	// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
-	// server in the user's entry. Distinguished names can be used by specifying lower-case "dn". When this field
-	// is set to "dn" then the LDAPIdentityProviderUserSearch's Filter field cannot be blank, since the default
-	// value of "dn={}" would not work.
-	// +kubebuilder:validation:MinLength=1
-	Username string `json:"username,omitempty"`
-
-	// UID specifies the name of the attribute in the LDAP entry which whose value shall be used to uniquely
-	// identify the user within this LDAP provider after a successful authentication. E.g. "uidNumber" or "objectGUID".
-	// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
-	// server in the user's entry. Distinguished names can be used by specifying lower-case "dn".
-	// +kubebuilder:validation:MinLength=1
-	UID string `json:"uid,omitempty"`
-}
-
-type LDAPIdentityProviderGroupSearchAttributes struct {
-	// GroupName specifies the name of the attribute in the LDAP entries whose value shall become a group name
-	// in the user's list of groups after a successful authentication.
-	// The value of this field is case-sensitive and must match the case of the attribute name returned by the LDAP
-	// server in the user's entry. E.g. "cn" for common name. Distinguished names can be used by specifying lower-case "dn".
-	// Optional. When not specified, the default will act as if the GroupName were specified as "dn" (distinguished name).
-	// +optional
-	GroupName string `json:"groupName,omitempty"`
-}
-
-type LDAPIdentityProviderUserSearch struct {
-	// Base is the dn (distinguished name) that should be used as the search base when searching for users.
-	// E.g. "ou=users,dc=example,dc=com".
-	// +kubebuilder:validation:MinLength=1
-	Base string `json:"base,omitempty"`
-
-	// Filter is the LDAP search filter which should be applied when searching for users. The pattern "{}" must occur
-	// in the filter at least once and will be dynamically replaced by the username for which the search is being run.
-	// E.g. "mail={}" or "&(objectClass=person)(uid={})". For more information about LDAP filters, see
-	// https://ldap.com/ldap-filters.
-	// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
-	// Optional. When not specified, the default will act as if the Filter were specified as the value from
-	// Attributes.Username appended by "={}". When the Attributes.Username is set to "dn" then the Filter must be
-	// explicitly specified, since the default value of "dn={}" would not work.
-	// +optional
-	Filter string `json:"filter,omitempty"`
-
-	// Attributes specifies how the user's information should be read from the LDAP entry which was found as
-	// the result of the user search.
-	// +optional
-	Attributes LDAPIdentityProviderUserSearchAttributes `json:"attributes,omitempty"`
-}
-
-type LDAPIdentityProviderGroupSearch struct {
-	// Base is the dn (distinguished name) that should be used as the search base when searching for groups. E.g.
-	// "ou=groups,dc=example,dc=com". When not specified, no group search will be performed and
-	// authenticated users will not belong to any groups from the LDAP provider. Also, when not specified,
-	// the values of Filter, UserAttributeForFilter, Attributes, and SkipGroupRefresh are ignored.
-	// +optional
-	Base string `json:"base,omitempty"`
-
-	// Filter is the LDAP search filter which should be applied when searching for groups for a user.
-	// The pattern "{}" must occur in the filter at least once and will be dynamically replaced by the
-	// value of an attribute of the user entry found as a result of the user search. Which attribute's
-	// value is used to replace the placeholder(s) depends on the value of UserAttributeForFilter.
-	// For more information about LDAP filters, see https://ldap.com/ldap-filters.
-	// Note that the dn (distinguished name) is not an attribute of an entry, so "dn={}" cannot be used.
-	// Optional. When not specified, the default will act as if the Filter were specified as "member={}".
-	// +optional
-	Filter string `json:"filter,omitempty"`
-
-	// UserAttributeForFilter specifies which attribute's value from the user entry found as a result of
-	// the user search will be used to replace the "{}" placeholder(s) in the group search Filter.
-	// For example, specifying "uid" as the UserAttributeForFilter while specifying
-	// "&(objectClass=posixGroup)(memberUid={})" as the Filter would search for groups by replacing
-	// the "{}" placeholder in the Filter with the value of the user's "uid" attribute.
-	// Optional. When not specified, the default will act as if "dn" were specified. For example, leaving
-	// UserAttributeForFilter unspecified while specifying "&(objectClass=groupOfNames)(member={})" as the Filter
-	// would search for groups by replacing the "{}" placeholder(s) with the dn (distinguished name) of the user.
-	// +optional
-	UserAttributeForFilter string `json:"userAttributeForFilter,omitempty"`
-
-	// Attributes specifies how the group's information should be read from each LDAP entry which was found as
-	// the result of the group search.
-	// +optional
-	Attributes LDAPIdentityProviderGroupSearchAttributes `json:"attributes,omitempty"`
-
-	// The user's group membership is refreshed as they interact with the supervisor
-	// to obtain new credentials (as their old credentials expire).  This allows group
-	// membership changes to be quickly reflected into Kubernetes clusters.  Since
-	// group membership is often used to bind authorization policies, it is important
-	// to keep the groups observed in Kubernetes clusters in-sync with the identity
-	// provider.
-	//
-	// In some environments, frequent group membership queries may result in a
-	// significant performance impact on the identity provider and/or the supervisor.
-	// The best approach to handle performance impacts is to tweak the group query
-	// to be more performant, for example by disabling nested group search or by
-	// using a more targeted group search base.
-	//
-	// If the group search query cannot be made performant and you are willing to
-	// have group memberships remain static for approximately a day, then set
-	// skipGroupRefresh to true.  This is an insecure configuration as authorization
-	// policies that are bound to group membership will not notice if a user has
-	// been removed from a particular group until their next login.
-	//
-	// This is an experimental feature that may be removed or significantly altered
-	// in the future.  Consumers of this configuration should carefully read all
-	// release notes before upgrading to ensure that the meaning of this field has
-	// not changed.
-	SkipGroupRefresh bool `json:"skipGroupRefresh,omitempty"`
-}
-
-// Spec for configuring an LDAP identity provider.
-type LDAPIdentityProviderSpec struct {
-	// Host is the hostname of this LDAP identity provider, i.e., where to connect. For example: ldap.example.com:636.
-	// +kubebuilder:validation:MinLength=1
-	Host string `json:"host"`
-
-	// TLS contains the connection settings for how to establish the connection to the Host.
-	TLS *TLSSpec `json:"tls,omitempty"`
-
-	// Bind contains the configuration for how to provide access credentials during an initial bind to the LDAP server
-	// to be allowed to perform searches and binds to validate a user's credentials during a user's authentication attempt.
-	Bind LDAPIdentityProviderBind `json:"bind,omitempty"`
-
-	// UserSearch contains the configuration for searching for a user by name in the LDAP provider.
-	UserSearch LDAPIdentityProviderUserSearch `json:"userSearch,omitempty"`
-
-	// GroupSearch contains the configuration for searching for a user's group membership in the LDAP provider.
-	GroupSearch LDAPIdentityProviderGroupSearch `json:"groupSearch,omitempty"`
-}
-
-// LDAPIdentityProvider describes the configuration of an upstream Lightweight Directory Access
-// Protocol (LDAP) identity provider.
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
-// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.spec.host`
-// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
-// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
-// +kubebuilder:subresource:status
-type LDAPIdentityProvider struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec for configuring the identity provider.
-	Spec LDAPIdentityProviderSpec `json:"spec"`
-
-	// Status of the identity provider.
-	Status LDAPIdentityProviderStatus `json:"status,omitempty"`
-}
-
-// List of LDAPIdentityProvider objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type LDAPIdentityProviderList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-
-	Items []LDAPIdentityProvider `json:"items"`
-}

generated/1.17/apis/supervisor/idp/v1alpha1/types_meta.go

@@ -1,75 +0,0 @@
-// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// ConditionStatus is effectively an enum type for Condition.Status.
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
-// version we can switch to using the upstream type.
-// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
-type Condition struct {
-	// type of condition in CamelCase or in foo.example.com/CamelCase.
-	// ---
-	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
-	// useful (see .node.status.conditions), the ability to deconflict is important.
-	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
-	// +kubebuilder:validation:MaxLength=316
-	Type string `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Enum=True;False;Unknown
-	Status ConditionStatus `json:"status"`
-
-	// observedGeneration represents the .metadata.generation that the condition was set based upon.
-	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-	// with respect to the current state of the instance.
-	// +optional
-	// +kubebuilder:validation:Minimum=0
-	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
-
-	// lastTransitionTime is the last time the condition transitioned from one status to another.
-	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Type=string
-	// +kubebuilder:validation:Format=date-time
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
-	// Producers of specific condition types may define expected values and meanings for this field,
-	// and whether the values are considered a guaranteed API.
-	// The value should be a CamelCase string.
-	// This field may not be empty.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=1024
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
-	Reason string `json:"reason"`
-
-	// message is a human readable message indicating details about the transition.
-	// This may be an empty string.
-	// +required
-	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:MaxLength=32768
-	Message string `json:"message"`
-}

generated/1.17/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go

@@ -1,217 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type OIDCIdentityProviderPhase string
-
-const (
-	// PhasePending is the default phase for newly-created OIDCIdentityProvider resources.
-	PhasePending OIDCIdentityProviderPhase = "Pending"
-
-	// PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state.
-	PhaseReady OIDCIdentityProviderPhase = "Ready"
-
-	// PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state.
-	PhaseError OIDCIdentityProviderPhase = "Error"
-)
-
-// OIDCIdentityProviderStatus is the status of an OIDC identity provider.
-type OIDCIdentityProviderStatus struct {
-	// Phase summarizes the overall status of the OIDCIdentityProvider.
-	// +kubebuilder:default=Pending
-	// +kubebuilder:validation:Enum=Pending;Ready;Error
-	Phase OIDCIdentityProviderPhase `json:"phase,omitempty"`
-
-	// Represents the observations of an identity provider's current state.
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=type
-	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
-}
-
-// OIDCAuthorizationConfig provides information about how to form the OAuth2 authorization
-// request parameters.
-type OIDCAuthorizationConfig struct {
-	// additionalScopes are the additional scopes that will be requested from your OIDC provider in the authorization
-	// request during an OIDC Authorization Code Flow and in the token request during a Resource Owner Password Credentials
-	// Grant. Note that the "openid" scope will always be requested regardless of the value in this setting, since it is
-	// always required according to the OIDC spec. By default, when this field is not set, the Supervisor will request
-	// the following scopes: "openid", "offline_access", "email", and "profile". See
-	// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims for a description of the "profile" and "email"
-	// scopes. See https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess for a description of the
-	// "offline_access" scope. This default value may change in future versions of Pinniped as the standard evolves,
-	// or as common patterns used by providers who implement the standard in the ecosystem evolve.
-	// By setting this list to anything other than an empty list, you are overriding the
-	// default value, so you may wish to include some of "offline_access", "email", and "profile" in your override list.
-	// If you do not want any of these scopes to be requested, you may set this list to contain only "openid".
-	// Some OIDC providers may also require a scope to get access to the user's group membership, in which case you
-	// may wish to include it in this list. Sometimes the scope to request the user's group membership is called
-	// "groups", but unfortunately this is not specified in the OIDC standard.
-	// Generally speaking, you should include any scopes required to cause the appropriate claims to be the returned by
-	// your OIDC provider in the ID token or userinfo endpoint results for those claims which you would like to use in
-	// the oidcClaims settings to determine the usernames and group memberships of your Kubernetes users. See
-	// your OIDC provider's documentation for more information about what scopes are available to request claims.
-	// Additionally, the Pinniped Supervisor requires that your OIDC provider returns refresh tokens to the Supervisor
-	// from these authorization flows. For most OIDC providers, the scope required to receive refresh tokens will be
-	// "offline_access". See the documentation of your OIDC provider's authorization and token endpoints for its
-	// requirements for what to include in the request in order to receive a refresh token in the response, if anything.
-	// Note that it may be safe to send "offline_access" even to providers which do not require it, since the provider
-	// may ignore scopes that it does not understand or require (see
-	// https://datatracker.ietf.org/doc/html/rfc6749#section-3.3). In the unusual case that you must avoid sending the
-	// "offline_access" scope, then you must override the default value of this setting. This is required if your OIDC
-	// provider will reject the request when it includes "offline_access" (e.g. GitLab's OIDC provider).
-	// +optional
-	AdditionalScopes []string `json:"additionalScopes,omitempty"`
-
-	// additionalAuthorizeParameters are extra query parameters that should be included in the authorize request to your
-	// OIDC provider in the authorization request during an OIDC Authorization Code Flow. By default, no extra
-	// parameters are sent. The standard parameters that will be sent are "response_type", "scope", "client_id",
-	// "state", "nonce", "code_challenge", "code_challenge_method", and "redirect_uri". These parameters cannot be
-	// included in this setting. Additionally, the "hd" parameter cannot be included in this setting at this time.
-	// The "hd" parameter is used by Google's OIDC provider to provide a hint as to which "hosted domain" the user
-	// should use during login. However, Pinniped does not yet support validating the hosted domain in the resulting
-	// ID token, so it is not yet safe to use this feature of Google's OIDC provider with Pinniped.
-	// This setting does not influence the parameters sent to the token endpoint in the Resource Owner Password
-	// Credentials Grant. The Pinniped Supervisor requires that your OIDC provider returns refresh tokens to the
-	// Supervisor from the authorization flows. Some OIDC providers may require a certain value for the "prompt"
-	// parameter in order to properly request refresh tokens. See the documentation of your OIDC provider's
-	// authorization endpoint for its requirements for what to include in the request in order to receive a refresh
-	// token in the response, if anything. If your provider requires the prompt parameter to request a refresh token,
-	// then include it here. Also note that most providers also require a certain scope to be requested in order to
-	// receive refresh tokens. See the additionalScopes setting for more information about using scopes to request
-	// refresh tokens.
-	// +optional
-	// +patchMergeKey=name
-	// +patchStrategy=merge
-	// +listType=map
-	// +listMapKey=name
-	AdditionalAuthorizeParameters []Parameter `json:"additionalAuthorizeParameters,omitempty"`
-
-	// allowPasswordGrant, when true, will allow the use of OAuth 2.0's Resource Owner Password Credentials Grant
-	// (see https://datatracker.ietf.org/doc/html/rfc6749#section-4.3) to authenticate to the OIDC provider using a
-	// username and password without a web browser, in addition to the usual browser-based OIDC Authorization Code Flow.
-	// The Resource Owner Password Credentials Grant is not officially part of the OIDC specification, so it may not be
-	// supported by your OIDC provider. If your OIDC provider supports returning ID tokens from a Resource Owner Password
-	// Credentials Grant token request, then you can choose to set this field to true. This will allow end users to choose
-	// to present their username and password to the kubectl CLI (using the Pinniped plugin) to authenticate to the
-	// cluster, without using a web browser to log in as is customary in OIDC Authorization Code Flow. This may be
-	// convenient for users, especially for identities from your OIDC provider which are not intended to represent a human
-	// actor, such as service accounts performing actions in a CI/CD environment. Even if your OIDC provider supports it,
-	// you may wish to disable this behavior by setting this field to false when you prefer to only allow users of this
-	// OIDCIdentityProvider to log in via the browser-based OIDC Authorization Code Flow. Using the Resource Owner Password
-	// Credentials Grant means that the Pinniped CLI and Pinniped Supervisor will directly handle your end users' passwords
-	// (similar to LDAPIdentityProvider), and you will not be able to require multi-factor authentication or use the other
-	// web-based login features of your OIDC provider during Resource Owner Password Credentials Grant logins.
-	// allowPasswordGrant defaults to false.
-	// +optional
-	AllowPasswordGrant bool `json:"allowPasswordGrant,omitempty"`
-}
-
-// Parameter is a key/value pair which represents a parameter in an HTTP request.
-type Parameter struct {
-	// The name of the parameter. Required.
-	// +kubebuilder:validation:MinLength=1
-	Name string `json:"name"`
-
-	// The value of the parameter.
-	// +optional
-	Value string `json:"value,omitempty"`
-}
-
-// OIDCClaims provides a mapping from upstream claims into identities.
-type OIDCClaims struct {
-	// Groups provides the name of the ID token claim or userinfo endpoint response claim that will be used to ascertain
-	// the groups to which an identity belongs. By default, the identities will not include any group memberships when
-	// this setting is not configured.
-	// +optional
-	Groups string `json:"groups"`
-
-	// Username provides the name of the ID token claim or userinfo endpoint response claim that will be used to
-	// ascertain an identity's username. When not set, the username will be an automatically constructed unique string
-	// which will include the issuer URL of your OIDC provider along with the value of the "sub" (subject) claim from
-	// the ID token.
-	// +optional
-	Username string `json:"username"`
-
-	// AdditionalClaimMappings allows for additional arbitrary upstream claim values to be mapped into the
-	// "additionalClaims" claim of the ID tokens generated by the Supervisor. This should be specified as a map of
-	// new claim names as the keys, and upstream claim names as the values. These new claim names will be nested
-	// under the top-level "additionalClaims" claim in ID tokens generated by the Supervisor when this
-	// OIDCIdentityProvider was used for user authentication. These claims will be made available to all clients.
-	// This feature is not required to use the Supervisor to provide authentication for Kubernetes clusters, but can be
-	// used when using the Supervisor for other authentication purposes. When this map is empty or the upstream claims
-	// are not available, the "additionalClaims" claim will be excluded from the ID tokens generated by the Supervisor.
-	// +optional
-	AdditionalClaimMappings map[string]string `json:"additionalClaimMappings,omitempty"`
-}
-
-// OIDCClient contains information about an OIDC client (e.g., client ID and client
-// secret).
-type OIDCClient struct {
-	// SecretName contains the name of a namespace-local Secret object that provides the clientID and
-	// clientSecret for an OIDC client. If only the SecretName is specified in an OIDCClient
-	// struct, then it is expected that the Secret is of type "secrets.pinniped.dev/oidc-client" with keys
-	// "clientID" and "clientSecret".
-	SecretName string `json:"secretName"`
-}
-
-// OIDCIdentityProviderSpec is the spec for configuring an OIDC identity provider.
-type OIDCIdentityProviderSpec struct {
-	// Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch
-	// /.well-known/openid-configuration.
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:validation:Pattern=`^https://`
-	Issuer string `json:"issuer"`
-
-	// TLS configuration for discovery/JWKS requests to the issuer.
-	// +optional
-	TLS *TLSSpec `json:"tls,omitempty"`
-
-	// AuthorizationConfig holds information about how to form the OAuth2 authorization request
-	// parameters to be used with this OIDC identity provider.
-	// +optional
-	AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"`
-
-	// Claims provides the names of token claims that will be used when inspecting an identity from
-	// this OIDC identity provider.
-	// +optional
-	Claims OIDCClaims `json:"claims"`
-
-	// OIDCClient contains OIDC client information to be used used with this OIDC identity
-	// provider.
-	Client OIDCClient `json:"client"`
-}
-
-// OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider.
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-// +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps
-// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
-// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase`
-// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
-// +kubebuilder:subresource:status
-type OIDCIdentityProvider struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec for configuring the identity provider.
-	Spec OIDCIdentityProviderSpec `json:"spec"`
-
-	// Status of the identity provider.
-	Status OIDCIdentityProviderStatus `json:"status,omitempty"`
-}
-
-// OIDCIdentityProviderList lists OIDCIdentityProvider objects.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type OIDCIdentityProviderList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-
-	Items []OIDCIdentityProvider `json:"items"`
-}

generated/1.17/client/concierge/clientset/versioned/clientset.go

@@ -1,126 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package versioned
-
-import (
-	"fmt"
-
-	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1"
-	identityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1"
-	loginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1"
-	discovery "k8s.io/client-go/discovery"
-	rest "k8s.io/client-go/rest"
-	flowcontrol "k8s.io/client-go/util/flowcontrol"
-)
-
-type Interface interface {
-	Discovery() discovery.DiscoveryInterface
-	AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface
-	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
-	IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface
-	LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface
-}
-
-// Clientset contains the clients for groups. Each group has exactly one
-// version included in a Clientset.
-type Clientset struct {
-	*discovery.DiscoveryClient
-	authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client
-	configV1alpha1         *configv1alpha1.ConfigV1alpha1Client
-	identityV1alpha1       *identityv1alpha1.IdentityV1alpha1Client
-	loginV1alpha1          *loginv1alpha1.LoginV1alpha1Client
-}
-
-// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
-func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
-	return c.authenticationV1alpha1
-}
-
-// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
-func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
-	return c.configV1alpha1
-}
-
-// IdentityV1alpha1 retrieves the IdentityV1alpha1Client
-func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface {
-	return c.identityV1alpha1
-}
-
-// LoginV1alpha1 retrieves the LoginV1alpha1Client
-func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
-	return c.loginV1alpha1
-}
-
-// Discovery retrieves the DiscoveryClient
-func (c *Clientset) Discovery() discovery.DiscoveryInterface {
-	if c == nil {
-		return nil
-	}
-	return c.DiscoveryClient
-}
-
-// NewForConfig creates a new Clientset for the given config.
-// If config's RateLimiter is not set and QPS and Burst are acceptable,
-// NewForConfig will generate a rate-limiter in configShallowCopy.
-func NewForConfig(c *rest.Config) (*Clientset, error) {
-	configShallowCopy := *c
-	if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
-		if configShallowCopy.Burst <= 0 {
-			return nil, fmt.Errorf("Burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
-		}
-		configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
-	}
-	var cs Clientset
-	var err error
-	cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	cs.identityV1alpha1, err = identityv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-
-	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	return &cs, nil
-}
-
-// NewForConfigOrDie creates a new Clientset for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *Clientset {
-	var cs Clientset
-	cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c)
-	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
-	cs.identityV1alpha1 = identityv1alpha1.NewForConfigOrDie(c)
-	cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c)
-
-	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
-	return &cs
-}
-
-// New creates a new Clientset for the given RESTClient.
-func New(c rest.Interface) *Clientset {
-	var cs Clientset
-	cs.authenticationV1alpha1 = authenticationv1alpha1.New(c)
-	cs.configV1alpha1 = configv1alpha1.New(c)
-	cs.identityV1alpha1 = identityv1alpha1.New(c)
-	cs.loginV1alpha1 = loginv1alpha1.New(c)
-
-	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
-	return &cs
-}

generated/1.17/client/concierge/clientset/versioned/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// This package has the automatically generated clientset.
-package versioned

generated/1.17/client/concierge/clientset/versioned/fake/clientset_generated.go

@@ -1,90 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	clientset "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
-	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1"
-	fakeauthenticationv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1"
-	fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake"
-	identityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1"
-	fakeidentityv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake"
-	loginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1"
-	fakeloginv1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/discovery"
-	fakediscovery "k8s.io/client-go/discovery/fake"
-	"k8s.io/client-go/testing"
-)
-
-// NewSimpleClientset returns a clientset that will respond with the provided objects.
-// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
-// without applying any validations and/or defaults. It shouldn't be considered a replacement
-// for a real clientset and is mostly useful in simple unit tests.
-func NewSimpleClientset(objects ...runtime.Object) *Clientset {
-	o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
-	for _, obj := range objects {
-		if err := o.Add(obj); err != nil {
-			panic(err)
-		}
-	}
-
-	cs := &Clientset{tracker: o}
-	cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
-	cs.AddReactor("*", "*", testing.ObjectReaction(o))
-	cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
-		gvr := action.GetResource()
-		ns := action.GetNamespace()
-		watch, err := o.Watch(gvr, ns)
-		if err != nil {
-			return false, nil, err
-		}
-		return true, watch, nil
-	})
-
-	return cs
-}
-
-// Clientset implements clientset.Interface. Meant to be embedded into a
-// struct to get a default implementation. This makes faking out just the method
-// you want to test easier.
-type Clientset struct {
-	testing.Fake
-	discovery *fakediscovery.FakeDiscovery
-	tracker   testing.ObjectTracker
-}
-
-func (c *Clientset) Discovery() discovery.DiscoveryInterface {
-	return c.discovery
-}
-
-func (c *Clientset) Tracker() testing.ObjectTracker {
-	return c.tracker
-}
-
-var _ clientset.Interface = &Clientset{}
-
-// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client
-func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface {
-	return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake}
-}
-
-// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
-func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
-	return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
-}
-
-// IdentityV1alpha1 retrieves the IdentityV1alpha1Client
-func (c *Clientset) IdentityV1alpha1() identityv1alpha1.IdentityV1alpha1Interface {
-	return &fakeidentityv1alpha1.FakeIdentityV1alpha1{Fake: &c.Fake}
-}
-
-// LoginV1alpha1 retrieves the LoginV1alpha1Client
-func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface {
-	return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake}
-}

generated/1.17/client/concierge/clientset/versioned/fake/register.go

@@ -1,49 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
-	identityv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
-	loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-var scheme = runtime.NewScheme()
-var codecs = serializer.NewCodecFactory(scheme)
-var parameterCodec = runtime.NewParameterCodec(scheme)
-var localSchemeBuilder = runtime.SchemeBuilder{
-	authenticationv1alpha1.AddToScheme,
-	configv1alpha1.AddToScheme,
-	identityv1alpha1.AddToScheme,
-	loginv1alpha1.AddToScheme,
-}
-
-// AddToScheme adds all types of this clientset into the given scheme. This allows composition
-// of clientsets, like in:
-//
-//	import (
-//	  "k8s.io/client-go/kubernetes"
-//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//	)
-//
-//	kclientset, _ := kubernetes.NewForConfig(c)
-//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
-//
-// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
-// correctly.
-var AddToScheme = localSchemeBuilder.AddToScheme
-
-func init() {
-	v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
-	utilruntime.Must(AddToScheme(scheme))
-}

generated/1.17/client/concierge/clientset/versioned/scheme/register.go

@@ -1,49 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package scheme
-
-import (
-	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
-	identityv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
-	loginv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-var Scheme = runtime.NewScheme()
-var Codecs = serializer.NewCodecFactory(Scheme)
-var ParameterCodec = runtime.NewParameterCodec(Scheme)
-var localSchemeBuilder = runtime.SchemeBuilder{
-	authenticationv1alpha1.AddToScheme,
-	configv1alpha1.AddToScheme,
-	identityv1alpha1.AddToScheme,
-	loginv1alpha1.AddToScheme,
-}
-
-// AddToScheme adds all types of this clientset into the given scheme. This allows composition
-// of clientsets, like in:
-//
-//	import (
-//	  "k8s.io/client-go/kubernetes"
-//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//	)
-//
-//	kclientset, _ := kubernetes.NewForConfig(c)
-//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
-//
-// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
-// correctly.
-var AddToScheme = localSchemeBuilder.AddToScheme
-
-func init() {
-	v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
-	utilruntime.Must(AddToScheme(Scheme))
-}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go

@@ -1,81 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type AuthenticationV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	JWTAuthenticatorsGetter
-	WebhookAuthenticatorsGetter
-}
-
-// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.concierge.pinniped.dev group.
-type AuthenticationV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
-	return newJWTAuthenticators(c)
-}
-
-func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
-	return newWebhookAuthenticators(c)
-}
-
-// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return &AuthenticationV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new AuthenticationV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *AuthenticationV1alpha1Client {
-	return &AuthenticationV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go

@@ -1,31 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeAuthenticationV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
-	return &FakeJWTAuthenticators{c}
-}
-
-func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
-	return &FakeWebhookAuthenticators{c}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go

@@ -1,118 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeJWTAuthenticators implements JWTAuthenticatorInterface
-type FakeJWTAuthenticators struct {
-	Fake *FakeAuthenticationV1alpha1
-}
-
-var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
-
-var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "JWTAuthenticator"}
-
-// Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
-func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.JWTAuthenticator), err
-}
-
-// List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
-func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
-	if obj == nil {
-		return nil, err
-	}
-
-	label, _, _ := testing.ExtractFromListOptions(opts)
-	if label == nil {
-		label = labels.Everything()
-	}
-	list := &v1alpha1.JWTAuthenticatorList{ListMeta: obj.(*v1alpha1.JWTAuthenticatorList).ListMeta}
-	for _, item := range obj.(*v1alpha1.JWTAuthenticatorList).Items {
-		if label.Matches(labels.Set(item.Labels)) {
-			list.Items = append(list.Items, item)
-		}
-	}
-	return list, err
-}
-
-// Watch returns a watch.Interface that watches the requested jWTAuthenticators.
-func (c *FakeJWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	return c.Fake.
-		InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
-}
-
-// Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
-func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.JWTAuthenticator), err
-}
-
-// Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
-func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.JWTAuthenticator), err
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.JWTAuthenticator), err
-}
-
-// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
-func (c *FakeJWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
-	_, err := c.Fake.
-		Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
-	return err
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOptions)
-
-	_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
-	return err
-}
-
-// Patch applies the patch and returns the patched jWTAuthenticator.
-func (c *FakeJWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.JWTAuthenticator), err
-}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go

@@ -1,118 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
-type FakeWebhookAuthenticators struct {
-	Fake *FakeAuthenticationV1alpha1
-}
-
-var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
-
-var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WebhookAuthenticator"}
-
-// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
-func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.WebhookAuthenticator), err
-}
-
-// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
-func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
-	if obj == nil {
-		return nil, err
-	}
-
-	label, _, _ := testing.ExtractFromListOptions(opts)
-	if label == nil {
-		label = labels.Everything()
-	}
-	list := &v1alpha1.WebhookAuthenticatorList{ListMeta: obj.(*v1alpha1.WebhookAuthenticatorList).ListMeta}
-	for _, item := range obj.(*v1alpha1.WebhookAuthenticatorList).Items {
-		if label.Matches(labels.Set(item.Labels)) {
-			list.Items = append(list.Items, item)
-		}
-	}
-	return list, err
-}
-
-// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
-func (c *FakeWebhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	return c.Fake.
-		InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
-}
-
-// Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
-func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.WebhookAuthenticator), err
-}
-
-// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
-func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.WebhookAuthenticator), err
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.WebhookAuthenticator), err
-}
-
-// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
-func (c *FakeWebhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
-	_, err := c.Fake.
-		Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
-	return err
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOptions)
-
-	_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
-	return err
-}
-
-// Patch applies the patch and returns the patched webhookAuthenticator.
-func (c *FakeWebhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.WebhookAuthenticator), err
-}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go

@@ -1,167 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"time"
-
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	rest "k8s.io/client-go/rest"
-)
-
-// JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
-// A group's client should implement this interface.
-type JWTAuthenticatorsGetter interface {
-	JWTAuthenticators() JWTAuthenticatorInterface
-}
-
-// JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
-type JWTAuthenticatorInterface interface {
-	Create(*v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error)
-	Update(*v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error)
-	UpdateStatus(*v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error)
-	Delete(name string, options *v1.DeleteOptions) error
-	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
-	Get(name string, options v1.GetOptions) (*v1alpha1.JWTAuthenticator, error)
-	List(opts v1.ListOptions) (*v1alpha1.JWTAuthenticatorList, error)
-	Watch(opts v1.ListOptions) (watch.Interface, error)
-	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error)
-	JWTAuthenticatorExpansion
-}
-
-// jWTAuthenticators implements JWTAuthenticatorInterface
-type jWTAuthenticators struct {
-	client rest.Interface
-}
-
-// newJWTAuthenticators returns a JWTAuthenticators
-func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
-	return &jWTAuthenticators{
-		client: c.RESTClient(),
-	}
-}
-
-// Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
-func (c *jWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
-	result = &v1alpha1.JWTAuthenticator{}
-	err = c.client.Get().
-		Resource("jwtauthenticators").
-		Name(name).
-		VersionedParams(&options, scheme.ParameterCodec).
-		Do().
-		Into(result)
-	return
-}
-
-// List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
-func (c *jWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	result = &v1alpha1.JWTAuthenticatorList{}
-	err = c.client.Get().
-		Resource("jwtauthenticators").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Do().
-		Into(result)
-	return
-}
-
-// Watch returns a watch.Interface that watches the requested jWTAuthenticators.
-func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	opts.Watch = true
-	return c.client.Get().
-		Resource("jwtauthenticators").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Watch()
-}
-
-// Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
-func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
-	result = &v1alpha1.JWTAuthenticator{}
-	err = c.client.Post().
-		Resource("jwtauthenticators").
-		Body(jWTAuthenticator).
-		Do().
-		Into(result)
-	return
-}
-
-// Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
-func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
-	result = &v1alpha1.JWTAuthenticator{}
-	err = c.client.Put().
-		Resource("jwtauthenticators").
-		Name(jWTAuthenticator.Name).
-		Body(jWTAuthenticator).
-		Do().
-		Into(result)
-	return
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
-	result = &v1alpha1.JWTAuthenticator{}
-	err = c.client.Put().
-		Resource("jwtauthenticators").
-		Name(jWTAuthenticator.Name).
-		SubResource("status").
-		Body(jWTAuthenticator).
-		Do().
-		Into(result)
-	return
-}
-
-// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
-func (c *jWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
-	return c.client.Delete().
-		Resource("jwtauthenticators").
-		Name(name).
-		Body(options).
-		Do().
-		Error()
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	var timeout time.Duration
-	if listOptions.TimeoutSeconds != nil {
-		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
-	}
-	return c.client.Delete().
-		Resource("jwtauthenticators").
-		VersionedParams(&listOptions, scheme.ParameterCodec).
-		Timeout(timeout).
-		Body(options).
-		Do().
-		Error()
-}
-
-// Patch applies the patch and returns the patched jWTAuthenticator.
-func (c *jWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
-	result = &v1alpha1.JWTAuthenticator{}
-	err = c.client.Patch(pt).
-		Resource("jwtauthenticators").
-		SubResource(subresources...).
-		Name(name).
-		Body(data).
-		Do().
-		Into(result)
-	return
-}

generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go

@@ -1,167 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"time"
-
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	rest "k8s.io/client-go/rest"
-)
-
-// WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
-// A group's client should implement this interface.
-type WebhookAuthenticatorsGetter interface {
-	WebhookAuthenticators() WebhookAuthenticatorInterface
-}
-
-// WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
-type WebhookAuthenticatorInterface interface {
-	Create(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
-	Update(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
-	UpdateStatus(*v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error)
-	Delete(name string, options *v1.DeleteOptions) error
-	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
-	Get(name string, options v1.GetOptions) (*v1alpha1.WebhookAuthenticator, error)
-	List(opts v1.ListOptions) (*v1alpha1.WebhookAuthenticatorList, error)
-	Watch(opts v1.ListOptions) (watch.Interface, error)
-	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error)
-	WebhookAuthenticatorExpansion
-}
-
-// webhookAuthenticators implements WebhookAuthenticatorInterface
-type webhookAuthenticators struct {
-	client rest.Interface
-}
-
-// newWebhookAuthenticators returns a WebhookAuthenticators
-func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
-	return &webhookAuthenticators{
-		client: c.RESTClient(),
-	}
-}
-
-// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
-func (c *webhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
-	result = &v1alpha1.WebhookAuthenticator{}
-	err = c.client.Get().
-		Resource("webhookauthenticators").
-		Name(name).
-		VersionedParams(&options, scheme.ParameterCodec).
-		Do().
-		Into(result)
-	return
-}
-
-// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
-func (c *webhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	result = &v1alpha1.WebhookAuthenticatorList{}
-	err = c.client.Get().
-		Resource("webhookauthenticators").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Do().
-		Into(result)
-	return
-}
-
-// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
-func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	opts.Watch = true
-	return c.client.Get().
-		Resource("webhookauthenticators").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Watch()
-}
-
-// Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
-func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
-	result = &v1alpha1.WebhookAuthenticator{}
-	err = c.client.Post().
-		Resource("webhookauthenticators").
-		Body(webhookAuthenticator).
-		Do().
-		Into(result)
-	return
-}
-
-// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
-func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
-	result = &v1alpha1.WebhookAuthenticator{}
-	err = c.client.Put().
-		Resource("webhookauthenticators").
-		Name(webhookAuthenticator.Name).
-		Body(webhookAuthenticator).
-		Do().
-		Into(result)
-	return
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
-	result = &v1alpha1.WebhookAuthenticator{}
-	err = c.client.Put().
-		Resource("webhookauthenticators").
-		Name(webhookAuthenticator.Name).
-		SubResource("status").
-		Body(webhookAuthenticator).
-		Do().
-		Into(result)
-	return
-}
-
-// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
-func (c *webhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
-	return c.client.Delete().
-		Resource("webhookauthenticators").
-		Name(name).
-		Body(options).
-		Do().
-		Error()
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	var timeout time.Duration
-	if listOptions.TimeoutSeconds != nil {
-		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
-	}
-	return c.client.Delete().
-		Resource("webhookauthenticators").
-		VersionedParams(&listOptions, scheme.ParameterCodec).
-		Timeout(timeout).
-		Body(options).
-		Do().
-		Error()
-}
-
-// Patch applies the patch and returns the patched webhookAuthenticator.
-func (c *webhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
-	result = &v1alpha1.WebhookAuthenticator{}
-	err = c.client.Patch(pt).
-		Resource("webhookauthenticators").
-		SubResource(subresources...).
-		Name(name).
-		Body(data).
-		Do().
-		Into(result)
-	return
-}

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go

@@ -1,167 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	"time"
-
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
-	scheme "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	rest "k8s.io/client-go/rest"
-)
-
-// CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
-// A group's client should implement this interface.
-type CredentialIssuersGetter interface {
-	CredentialIssuers() CredentialIssuerInterface
-}
-
-// CredentialIssuerInterface has methods to work with CredentialIssuer resources.
-type CredentialIssuerInterface interface {
-	Create(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error)
-	Update(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error)
-	UpdateStatus(*v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error)
-	Delete(name string, options *v1.DeleteOptions) error
-	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
-	Get(name string, options v1.GetOptions) (*v1alpha1.CredentialIssuer, error)
-	List(opts v1.ListOptions) (*v1alpha1.CredentialIssuerList, error)
-	Watch(opts v1.ListOptions) (watch.Interface, error)
-	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error)
-	CredentialIssuerExpansion
-}
-
-// credentialIssuers implements CredentialIssuerInterface
-type credentialIssuers struct {
-	client rest.Interface
-}
-
-// newCredentialIssuers returns a CredentialIssuers
-func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
-	return &credentialIssuers{
-		client: c.RESTClient(),
-	}
-}
-
-// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
-func (c *credentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
-	result = &v1alpha1.CredentialIssuer{}
-	err = c.client.Get().
-		Resource("credentialissuers").
-		Name(name).
-		VersionedParams(&options, scheme.ParameterCodec).
-		Do().
-		Into(result)
-	return
-}
-
-// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
-func (c *credentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	result = &v1alpha1.CredentialIssuerList{}
-	err = c.client.Get().
-		Resource("credentialissuers").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Do().
-		Into(result)
-	return
-}
-
-// Watch returns a watch.Interface that watches the requested credentialIssuers.
-func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	var timeout time.Duration
-	if opts.TimeoutSeconds != nil {
-		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
-	}
-	opts.Watch = true
-	return c.client.Get().
-		Resource("credentialissuers").
-		VersionedParams(&opts, scheme.ParameterCodec).
-		Timeout(timeout).
-		Watch()
-}
-
-// Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
-func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
-	result = &v1alpha1.CredentialIssuer{}
-	err = c.client.Post().
-		Resource("credentialissuers").
-		Body(credentialIssuer).
-		Do().
-		Into(result)
-	return
-}
-
-// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
-func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
-	result = &v1alpha1.CredentialIssuer{}
-	err = c.client.Put().
-		Resource("credentialissuers").
-		Name(credentialIssuer.Name).
-		Body(credentialIssuer).
-		Do().
-		Into(result)
-	return
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-
-func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
-	result = &v1alpha1.CredentialIssuer{}
-	err = c.client.Put().
-		Resource("credentialissuers").
-		Name(credentialIssuer.Name).
-		SubResource("status").
-		Body(credentialIssuer).
-		Do().
-		Into(result)
-	return
-}
-
-// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
-func (c *credentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
-	return c.client.Delete().
-		Resource("credentialissuers").
-		Name(name).
-		Body(options).
-		Do().
-		Error()
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	var timeout time.Duration
-	if listOptions.TimeoutSeconds != nil {
-		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
-	}
-	return c.client.Delete().
-		Resource("credentialissuers").
-		VersionedParams(&listOptions, scheme.ParameterCodec).
-		Timeout(timeout).
-		Body(options).
-		Do().
-		Error()
-}
-
-// Patch applies the patch and returns the patched credentialIssuer.
-func (c *credentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
-	result = &v1alpha1.CredentialIssuer{}
-	err = c.client.Patch(pt).
-		Resource("credentialissuers").
-		SubResource(subresources...).
-		Name(name).
-		Body(data).
-		Do().
-		Into(result)
-	return
-}

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go

@@ -1,27 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeConfigV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
-	return &FakeCredentialIssuers{c}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go

@@ -1,118 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeCredentialIssuers implements CredentialIssuerInterface
-type FakeCredentialIssuers struct {
-	Fake *FakeConfigV1alpha1
-}
-
-var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
-
-var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Kind: "CredentialIssuer"}
-
-// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
-func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.CredentialIssuer), err
-}
-
-// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
-func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
-	if obj == nil {
-		return nil, err
-	}
-
-	label, _, _ := testing.ExtractFromListOptions(opts)
-	if label == nil {
-		label = labels.Everything()
-	}
-	list := &v1alpha1.CredentialIssuerList{ListMeta: obj.(*v1alpha1.CredentialIssuerList).ListMeta}
-	for _, item := range obj.(*v1alpha1.CredentialIssuerList).Items {
-		if label.Matches(labels.Set(item.Labels)) {
-			list.Items = append(list.Items, item)
-		}
-	}
-	return list, err
-}
-
-// Watch returns a watch.Interface that watches the requested credentialIssuers.
-func (c *FakeCredentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	return c.Fake.
-		InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
-}
-
-// Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
-func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.CredentialIssuer), err
-}
-
-// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
-func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.CredentialIssuer), err
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.CredentialIssuer), err
-}
-
-// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
-func (c *FakeCredentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
-	_, err := c.Fake.
-		Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
-	return err
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOptions)
-
-	_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
-	return err
-}
-
-// Patch applies the patch and returns the patched credentialIssuer.
-func (c *FakeCredentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.CredentialIssuer), err
-}

generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go

@@ -1,27 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeIdentityV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeIdentityV1alpha1) WhoAmIRequests() v1alpha1.WhoAmIRequestInterface {
-	return &FakeWhoAmIRequests{c}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeIdentityV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go

@@ -1,31 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeWhoAmIRequests implements WhoAmIRequestInterface
-type FakeWhoAmIRequests struct {
-	Fake *FakeIdentityV1alpha1
-}
-
-var whoamirequestsResource = schema.GroupVersionResource{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Resource: "whoamirequests"}
-
-var whoamirequestsKind = schema.GroupVersionKind{Group: "identity.concierge.pinniped.dev", Version: "v1alpha1", Kind: "WhoAmIRequest"}
-
-// Create takes the representation of a whoAmIRequest and creates it.  Returns the server's representation of the whoAmIRequest, and an error, if there is any.
-func (c *FakeWhoAmIRequests) Create(whoAmIRequest *v1alpha1.WhoAmIRequest) (result *v1alpha1.WhoAmIRequest, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootCreateAction(whoamirequestsResource, whoAmIRequest), &v1alpha1.WhoAmIRequest{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.WhoAmIRequest), err
-}

generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go

@@ -1,76 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type IdentityV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	WhoAmIRequestsGetter
-}
-
-// IdentityV1alpha1Client is used to interact with features provided by the identity.concierge.pinniped.dev group.
-type IdentityV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *IdentityV1alpha1Client) WhoAmIRequests() WhoAmIRequestInterface {
-	return newWhoAmIRequests(c)
-}
-
-// NewForConfig creates a new IdentityV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*IdentityV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return &IdentityV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new IdentityV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *IdentityV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new IdentityV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *IdentityV1alpha1Client {
-	return &IdentityV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *IdentityV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}

generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go

@@ -1,46 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/identity/v1alpha1"
-	rest "k8s.io/client-go/rest"
-)
-
-// WhoAmIRequestsGetter has a method to return a WhoAmIRequestInterface.
-// A group's client should implement this interface.
-type WhoAmIRequestsGetter interface {
-	WhoAmIRequests() WhoAmIRequestInterface
-}
-
-// WhoAmIRequestInterface has methods to work with WhoAmIRequest resources.
-type WhoAmIRequestInterface interface {
-	Create(*v1alpha1.WhoAmIRequest) (*v1alpha1.WhoAmIRequest, error)
-	WhoAmIRequestExpansion
-}
-
-// whoAmIRequests implements WhoAmIRequestInterface
-type whoAmIRequests struct {
-	client rest.Interface
-}
-
-// newWhoAmIRequests returns a WhoAmIRequests
-func newWhoAmIRequests(c *IdentityV1alpha1Client) *whoAmIRequests {
-	return &whoAmIRequests{
-		client: c.RESTClient(),
-	}
-}
-
-// Create takes the representation of a whoAmIRequest and creates it.  Returns the server's representation of the whoAmIRequest, and an error, if there is any.
-func (c *whoAmIRequests) Create(whoAmIRequest *v1alpha1.WhoAmIRequest) (result *v1alpha1.WhoAmIRequest, err error) {
-	result = &v1alpha1.WhoAmIRequest{}
-	err = c.client.Post().
-		Resource("whoamirequests").
-		Body(whoAmIRequest).
-		Do().
-		Into(result)
-	return
-}

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go

@@ -1,27 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeLoginV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
-	return &FakeTokenCredentialRequests{c}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeLoginV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go

@@ -1,31 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeTokenCredentialRequests implements TokenCredentialRequestInterface
-type FakeTokenCredentialRequests struct {
-	Fake *FakeLoginV1alpha1
-}
-
-var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
-
-var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"}
-
-// Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
-func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.TokenCredentialRequest), err
-}

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go

@@ -1,76 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type LoginV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	TokenCredentialRequestsGetter
-}
-
-// LoginV1alpha1Client is used to interact with features provided by the login.concierge.pinniped.dev group.
-type LoginV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
-	return newTokenCredentialRequests(c)
-}
-
-// NewForConfig creates a new LoginV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*LoginV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return &LoginV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new LoginV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *LoginV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new LoginV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *LoginV1alpha1Client {
-	return &LoginV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *LoginV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}

generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go

@@ -1,46 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/login/v1alpha1"
-	rest "k8s.io/client-go/rest"
-)
-
-// TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
-// A group's client should implement this interface.
-type TokenCredentialRequestsGetter interface {
-	TokenCredentialRequests() TokenCredentialRequestInterface
-}
-
-// TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
-type TokenCredentialRequestInterface interface {
-	Create(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error)
-	TokenCredentialRequestExpansion
-}
-
-// tokenCredentialRequests implements TokenCredentialRequestInterface
-type tokenCredentialRequests struct {
-	client rest.Interface
-}
-
-// newTokenCredentialRequests returns a TokenCredentialRequests
-func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
-	return &tokenCredentialRequests{
-		client: c.RESTClient(),
-	}
-}
-
-// Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
-func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
-	result = &v1alpha1.TokenCredentialRequest{}
-	err = c.client.Post().
-		Resource("tokencredentialrequests").
-		Body(tokenCredentialRequest).
-		Do().
-		Into(result)
-	return
-}

generated/1.17/client/concierge/informers/externalversions/authentication/interface.go

@@ -1,33 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package authentication
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1"
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-)
-
-// Interface provides access to each of this group's versions.
-type Interface interface {
-	// V1alpha1 provides access to shared informers for resources in V1alpha1.
-	V1alpha1() v1alpha1.Interface
-}
-
-type group struct {
-	factory          internalinterfaces.SharedInformerFactory
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// New returns a new Interface.
-func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
-	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
-}
-
-// V1alpha1 returns a new v1alpha1.Interface.
-func (g *group) V1alpha1() v1alpha1.Interface {
-	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
-}

generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go

@@ -1,75 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	time "time"
-
-	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/listers/authentication/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	watch "k8s.io/apimachinery/pkg/watch"
-	cache "k8s.io/client-go/tools/cache"
-)
-
-// JWTAuthenticatorInformer provides access to a shared informer and lister for
-// JWTAuthenticators.
-type JWTAuthenticatorInformer interface {
-	Informer() cache.SharedIndexInformer
-	Lister() v1alpha1.JWTAuthenticatorLister
-}
-
-type jWTAuthenticatorInformer struct {
-	factory          internalinterfaces.SharedInformerFactory
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
-}
-
-// NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
-	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
-			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators().List(options)
-			},
-			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(options)
-			},
-		},
-		&authenticationv1alpha1.JWTAuthenticator{},
-		resyncPeriod,
-		indexers,
-	)
-}
-
-func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
-}
-
-func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&authenticationv1alpha1.JWTAuthenticator{}, f.defaultInformer)
-}
-
-func (f *jWTAuthenticatorInformer) Lister() v1alpha1.JWTAuthenticatorLister {
-	return v1alpha1.NewJWTAuthenticatorLister(f.Informer().GetIndexer())
-}

generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go

@@ -1,75 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	time "time"
-
-	authenticationv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/listers/authentication/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	watch "k8s.io/apimachinery/pkg/watch"
-	cache "k8s.io/client-go/tools/cache"
-)
-
-// WebhookAuthenticatorInformer provides access to a shared informer and lister for
-// WebhookAuthenticators.
-type WebhookAuthenticatorInformer interface {
-	Informer() cache.SharedIndexInformer
-	Lister() v1alpha1.WebhookAuthenticatorLister
-}
-
-type webhookAuthenticatorInformer struct {
-	factory          internalinterfaces.SharedInformerFactory
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
-}
-
-// NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
-	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
-			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators().List(options)
-			},
-			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(options)
-			},
-		},
-		&authenticationv1alpha1.WebhookAuthenticator{},
-		resyncPeriod,
-		indexers,
-	)
-}
-
-func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
-}
-
-func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&authenticationv1alpha1.WebhookAuthenticator{}, f.defaultInformer)
-}
-
-func (f *webhookAuthenticatorInformer) Lister() v1alpha1.WebhookAuthenticatorLister {
-	return v1alpha1.NewWebhookAuthenticatorLister(f.Informer().GetIndexer())
-}

generated/1.17/client/concierge/informers/externalversions/config/interface.go

@@ -1,33 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package config
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1"
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-)
-
-// Interface provides access to each of this group's versions.
-type Interface interface {
-	// V1alpha1 provides access to shared informers for resources in V1alpha1.
-	V1alpha1() v1alpha1.Interface
-}
-
-type group struct {
-	factory          internalinterfaces.SharedInformerFactory
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// New returns a new Interface.
-func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
-	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
-}
-
-// V1alpha1 returns a new v1alpha1.Interface.
-func (g *group) V1alpha1() v1alpha1.Interface {
-	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
-}

generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go

@@ -1,75 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	time "time"
-
-	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
-	versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/concierge/listers/config/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	watch "k8s.io/apimachinery/pkg/watch"
-	cache "k8s.io/client-go/tools/cache"
-)
-
-// CredentialIssuerInformer provides access to a shared informer and lister for
-// CredentialIssuers.
-type CredentialIssuerInformer interface {
-	Informer() cache.SharedIndexInformer
-	Lister() v1alpha1.CredentialIssuerLister
-}
-
-type credentialIssuerInformer struct {
-	factory          internalinterfaces.SharedInformerFactory
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
-}
-
-// NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
-// Always prefer using an informer factory to get a shared informer instead of getting an independent
-// one. This reduces memory footprint and number of connections to the server.
-func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
-	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
-			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.ConfigV1alpha1().CredentialIssuers().List(options)
-			},
-			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
-				if tweakListOptions != nil {
-					tweakListOptions(&options)
-				}
-				return client.ConfigV1alpha1().CredentialIssuers().Watch(options)
-			},
-		},
-		&configv1alpha1.CredentialIssuer{},
-		resyncPeriod,
-		indexers,
-	)
-}
-
-func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
-}
-
-func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {
-	return f.factory.InformerFor(&configv1alpha1.CredentialIssuer{}, f.defaultInformer)
-}
-
-func (f *credentialIssuerInformer) Lister() v1alpha1.CredentialIssuerLister {
-	return v1alpha1.NewCredentialIssuerLister(f.Informer().GetIndexer())
-}

generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go

@@ -1,32 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-)
-
-// Interface provides access to all the informers in this group version.
-type Interface interface {
-	// CredentialIssuers returns a CredentialIssuerInformer.
-	CredentialIssuers() CredentialIssuerInformer
-}
-
-type version struct {
-	factory          internalinterfaces.SharedInformerFactory
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-}
-
-// New returns a new Interface.
-func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
-	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
-}
-
-// CredentialIssuers returns a CredentialIssuerInformer.
-func (v *version) CredentialIssuers() CredentialIssuerInformer {
-	return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
-}

generated/1.17/client/concierge/informers/externalversions/factory.go

@@ -1,173 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package externalversions
-
-import (
-	reflect "reflect"
-	sync "sync"
-	time "time"
-
-	versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
-	authentication "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/authentication"
-	config "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/config"
-	internalinterfaces "go.pinniped.dev/generated/1.17/client/concierge/informers/externalversions/internalinterfaces"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	cache "k8s.io/client-go/tools/cache"
-)
-
-// SharedInformerOption defines the functional option type for SharedInformerFactory.
-type SharedInformerOption func(*sharedInformerFactory) *sharedInformerFactory
-
-type sharedInformerFactory struct {
-	client           versioned.Interface
-	namespace        string
-	tweakListOptions internalinterfaces.TweakListOptionsFunc
-	lock             sync.Mutex
-	defaultResync    time.Duration
-	customResync     map[reflect.Type]time.Duration
-
-	informers map[reflect.Type]cache.SharedIndexInformer
-	// startedInformers is used for tracking which informers have been started.
-	// This allows Start() to be called multiple times safely.
-	startedInformers map[reflect.Type]bool
-}
-
-// WithCustomResyncConfig sets a custom resync period for the specified informer types.
-func WithCustomResyncConfig(resyncConfig map[v1.Object]time.Duration) SharedInformerOption {
-	return func(factory *sharedInformerFactory) *sharedInformerFactory {
-		for k, v := range resyncConfig {
-			factory.customResync[reflect.TypeOf(k)] = v
-		}
-		return factory
-	}
-}
-
-// WithTweakListOptions sets a custom filter on all listers of the configured SharedInformerFactory.
-func WithTweakListOptions(tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerOption {
-	return func(factory *sharedInformerFactory) *sharedInformerFactory {
-		factory.tweakListOptions = tweakListOptions
-		return factory
-	}
-}
-
-// WithNamespace limits the SharedInformerFactory to the specified namespace.
-func WithNamespace(namespace string) SharedInformerOption {
-	return func(factory *sharedInformerFactory) *sharedInformerFactory {
-		factory.namespace = namespace
-		return factory
-	}
-}
-
-// NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
-func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory {
-	return NewSharedInformerFactoryWithOptions(client, defaultResync)
-}
-
-// NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
-// Listers obtained via this SharedInformerFactory will be subject to the same filters
-// as specified here.
-// Deprecated: Please use NewSharedInformerFactoryWithOptions instead
-func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
-	return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
-}
-
-// NewSharedInformerFactoryWithOptions constructs a new instance of a SharedInformerFactory with additional options.
-func NewSharedInformerFactoryWithOptions(client versioned.Interface, defaultResync time.Duration, options ...SharedInformerOption) SharedInformerFactory {
-	factory := &sharedInformerFactory{
-		client:           client,
-		namespace:        v1.NamespaceAll,
-		defaultResync:    defaultResync,
-		informers:        make(map[reflect.Type]cache.SharedIndexInformer),
-		startedInformers: make(map[reflect.Type]bool),
-		customResync:     make(map[reflect.Type]time.Duration),
-	}
-
-	// Apply all options
-	for _, opt := range options {
-		factory = opt(factory)
-	}
-
-	return factory
-}
-
-// Start initializes all requested informers.
-func (f *sharedInformerFactory) Start(stopCh <-chan struct{}) {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	for informerType, informer := range f.informers {
-		if !f.startedInformers[informerType] {
-			go informer.Run(stopCh)
-			f.startedInformers[informerType] = true
-		}
-	}
-}
-
-// WaitForCacheSync waits for all started informers' cache were synced.
-func (f *sharedInformerFactory) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool {
-	informers := func() map[reflect.Type]cache.SharedIndexInformer {
-		f.lock.Lock()
-		defer f.lock.Unlock()
-
-		informers := map[reflect.Type]cache.SharedIndexInformer{}
-		for informerType, informer := range f.informers {
-			if f.startedInformers[informerType] {
-				informers[informerType] = informer
-			}
-		}
-		return informers
-	}()
-
-	res := map[reflect.Type]bool{}
-	for informType, informer := range informers {
-		res[informType] = cache.WaitForCacheSync(stopCh, informer.HasSynced)
-	}
-	return res
-}
-
-// InternalInformerFor returns the SharedIndexInformer for obj using an internal
-// client.
-func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer {
-	f.lock.Lock()
-	defer f.lock.Unlock()
-
-	informerType := reflect.TypeOf(obj)
-	informer, exists := f.informers[informerType]
-	if exists {
-		return informer
-	}
-
-	resyncPeriod, exists := f.customResync[informerType]
-	if !exists {
-		resyncPeriod = f.defaultResync
-	}
-
-	informer = newFunc(f.client, resyncPeriod)
-	f.informers[informerType] = informer
-
-	return informer
-}
-
-// SharedInformerFactory provides shared informers for resources in all known
-// API group versions.
-type SharedInformerFactory interface {
-	internalinterfaces.SharedInformerFactory
-	ForResource(resource schema.GroupVersionResource) (GenericInformer, error)
-	WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool
-
-	Authentication() authentication.Interface
-	Config() config.Interface
-}
-
-func (f *sharedInformerFactory) Authentication() authentication.Interface {
-	return authentication.New(f, f.namespace, f.tweakListOptions)
-}
-
-func (f *sharedInformerFactory) Config() config.Interface {
-	return config.New(f, f.namespace, f.tweakListOptions)
-}

generated/1.17/client/concierge/informers/externalversions/internalinterfaces/factory_interfaces.go

@@ -1,27 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by informer-gen. DO NOT EDIT.
-
-package internalinterfaces
-
-import (
-	time "time"
-
-	versioned "go.pinniped.dev/generated/1.17/client/concierge/clientset/versioned"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	cache "k8s.io/client-go/tools/cache"
-)
-
-// NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer.
-type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer
-
-// SharedInformerFactory a small interface to allow for adding an informer without an import cycle
-type SharedInformerFactory interface {
-	Start(stopCh <-chan struct{})
-	InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer
-}
-
-// TweakListOptionsFunc is a function that transforms a v1.ListOptions.
-type TweakListOptionsFunc func(*v1.ListOptions)

generated/1.17/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go

@@ -1,52 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by lister-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/client-go/tools/cache"
-)
-
-// JWTAuthenticatorLister helps list JWTAuthenticators.
-type JWTAuthenticatorLister interface {
-	// List lists all JWTAuthenticators in the indexer.
-	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// Get retrieves the JWTAuthenticator from the index for a given name.
-	Get(name string) (*v1alpha1.JWTAuthenticator, error)
-	JWTAuthenticatorListerExpansion
-}
-
-// jWTAuthenticatorLister implements the JWTAuthenticatorLister interface.
-type jWTAuthenticatorLister struct {
-	indexer cache.Indexer
-}
-
-// NewJWTAuthenticatorLister returns a new JWTAuthenticatorLister.
-func NewJWTAuthenticatorLister(indexer cache.Indexer) JWTAuthenticatorLister {
-	return &jWTAuthenticatorLister{indexer: indexer}
-}
-
-// List lists all JWTAuthenticators in the indexer.
-func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
-	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
-	})
-	return ret, err
-}
-
-// Get retrieves the JWTAuthenticator from the index for a given name.
-func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	obj, exists, err := s.indexer.GetByKey(name)
-	if err != nil {
-		return nil, err
-	}
-	if !exists {
-		return nil, errors.NewNotFound(v1alpha1.Resource("jwtauthenticator"), name)
-	}
-	return obj.(*v1alpha1.JWTAuthenticator), nil
-}

generated/1.17/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go

@@ -1,52 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by lister-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/authentication/v1alpha1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/client-go/tools/cache"
-)
-
-// WebhookAuthenticatorLister helps list WebhookAuthenticators.
-type WebhookAuthenticatorLister interface {
-	// List lists all WebhookAuthenticators in the indexer.
-	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// Get retrieves the WebhookAuthenticator from the index for a given name.
-	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
-	WebhookAuthenticatorListerExpansion
-}
-
-// webhookAuthenticatorLister implements the WebhookAuthenticatorLister interface.
-type webhookAuthenticatorLister struct {
-	indexer cache.Indexer
-}
-
-// NewWebhookAuthenticatorLister returns a new WebhookAuthenticatorLister.
-func NewWebhookAuthenticatorLister(indexer cache.Indexer) WebhookAuthenticatorLister {
-	return &webhookAuthenticatorLister{indexer: indexer}
-}
-
-// List lists all WebhookAuthenticators in the indexer.
-func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
-	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
-	})
-	return ret, err
-}
-
-// Get retrieves the WebhookAuthenticator from the index for a given name.
-func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	obj, exists, err := s.indexer.GetByKey(name)
-	if err != nil {
-		return nil, err
-	}
-	if !exists {
-		return nil, errors.NewNotFound(v1alpha1.Resource("webhookauthenticator"), name)
-	}
-	return obj.(*v1alpha1.WebhookAuthenticator), nil
-}

generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go

@@ -1,52 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by lister-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/concierge/config/v1alpha1"
-	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/client-go/tools/cache"
-)
-
-// CredentialIssuerLister helps list CredentialIssuers.
-type CredentialIssuerLister interface {
-	// List lists all CredentialIssuers in the indexer.
-	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// Get retrieves the CredentialIssuer from the index for a given name.
-	Get(name string) (*v1alpha1.CredentialIssuer, error)
-	CredentialIssuerListerExpansion
-}
-
-// credentialIssuerLister implements the CredentialIssuerLister interface.
-type credentialIssuerLister struct {
-	indexer cache.Indexer
-}
-
-// NewCredentialIssuerLister returns a new CredentialIssuerLister.
-func NewCredentialIssuerLister(indexer cache.Indexer) CredentialIssuerLister {
-	return &credentialIssuerLister{indexer: indexer}
-}
-
-// List lists all CredentialIssuers in the indexer.
-func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
-	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
-		ret = append(ret, m.(*v1alpha1.CredentialIssuer))
-	})
-	return ret, err
-}
-
-// Get retrieves the CredentialIssuer from the index for a given name.
-func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	obj, exists, err := s.indexer.GetByKey(name)
-	if err != nil {
-		return nil, err
-	}
-	if !exists {
-		return nil, errors.NewNotFound(v1alpha1.Resource("credentialissuer"), name)
-	}
-	return obj.(*v1alpha1.CredentialIssuer), nil
-}

generated/1.17/client/go.mod

@@ -1,14 +0,0 @@
-// This go.mod file is generated by ./hack/codegen.sh.
-module go.pinniped.dev/generated/1.17/client
-
-go 1.13
-
-require (
-	github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501
-	go.pinniped.dev/generated/1.17/apis v0.0.0
-	k8s.io/apimachinery v0.17.17
-	k8s.io/client-go v0.17.17
-	k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29
-)
-
-replace go.pinniped.dev/generated/1.17/apis => ../apis

generated/1.17/client/go.sum

@@ -1,204 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
-github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
-github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
-github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
-github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/PuerkitoBio/purell v1.0.0 h1:0GoNN3taZV6QI81IXgCbxMyEaJDXMSIjArYBCYzVVvs=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2 h1:JCHLVE3B+kJde7bIEo5N4J+ZbLhp0J1Fs+ulyRws4gE=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633 h1:H2pdYOb3KQ1/YsqVWoWNLQO+fusocsw354rqGTZtAgw=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
-github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1 h1:wSt/4CYxs70xbATrGXhokKF1i0tZjENLOo1ioIO13zk=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9 h1:tF+augKRWlWx0J0B7ZyyKSiTyV6E1zZe+7b3qQlcEf8=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501 h1:C1JKChikHGpXwT5UQDFaryIpDtyyGL/CR6C2kB7F1oc=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87 h1:zP3nY8Tk2E6RTkqGYrarZXuzh+ffyLDljLxCy1iJw80=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903 h1:LbsanbbD6LieFkXbj9YNNBupiGHJgFeLpO0j0Fza1h8=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a h1:TpvdAwDAt1K4ANVOfcihouRdvP+MgAfDWwBuct4l6ZY=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
-golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.17.17 h1:S+Yv5pdfvy9OG1t148zMFk3/l/VYpF1N4j5Y/q8IMdg=
-k8s.io/api v0.17.17/go.mod h1:kk4nQM0EVx+BEY7o8CN5YL99CWmWEQ2a4NCak58yB6E=
-k8s.io/apimachinery v0.17.17 h1:HMpFl9yqNI5G2+2WllKOe2XYLkCyaWzfXvk7SosyVko=
-k8s.io/apimachinery v0.17.17/go.mod h1:T54ZSpncArE25c5r2PbUPsLeTpkPWY/ivafigSX6+xk=
-k8s.io/client-go v0.17.17 h1:5jTDCwRXCKJwmPvtgTFgCSMIzdyAOUyPmSU3PHIuVVY=
-k8s.io/client-go v0.17.17/go.mod h1:IpXd6i0FlhG3fJ+UuEWMfTUaDw6TlmMkpjmJrmbY6tY=
-k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29 h1:NeQXVJ2XFSkRoPzRo8AId01ZER+j8oV4SZADT4iBOXQ=
-k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29/go.mod h1:F+5wygcW0wmRTnM3cOgIqGivxkwSWIWT5YdsDbeAOaU=
-k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
-k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
-sigs.k8s.io/structured-merge-diff/v2 v2.0.1/go.mod h1:Wb7vfKAodbKgf6tn1Kl0VvGj7mRH6DGaRcixXEJXTsE=
-sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

generated/1.17/client/supervisor/clientset/versioned/clientset.go

@@ -1,112 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package versioned
-
-import (
-	"fmt"
-
-	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
-	discovery "k8s.io/client-go/discovery"
-	rest "k8s.io/client-go/rest"
-	flowcontrol "k8s.io/client-go/util/flowcontrol"
-)
-
-type Interface interface {
-	Discovery() discovery.DiscoveryInterface
-	ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface
-	ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface
-	IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface
-}
-
-// Clientset contains the clients for groups. Each group has exactly one
-// version included in a Clientset.
-type Clientset struct {
-	*discovery.DiscoveryClient
-	clientsecretV1alpha1 *clientsecretv1alpha1.ClientsecretV1alpha1Client
-	configV1alpha1       *configv1alpha1.ConfigV1alpha1Client
-	iDPV1alpha1          *idpv1alpha1.IDPV1alpha1Client
-}
-
-// ClientsecretV1alpha1 retrieves the ClientsecretV1alpha1Client
-func (c *Clientset) ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface {
-	return c.clientsecretV1alpha1
-}
-
-// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
-func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
-	return c.configV1alpha1
-}
-
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return c.iDPV1alpha1
-}
-
-// Discovery retrieves the DiscoveryClient
-func (c *Clientset) Discovery() discovery.DiscoveryInterface {
-	if c == nil {
-		return nil
-	}
-	return c.DiscoveryClient
-}
-
-// NewForConfig creates a new Clientset for the given config.
-// If config's RateLimiter is not set and QPS and Burst are acceptable,
-// NewForConfig will generate a rate-limiter in configShallowCopy.
-func NewForConfig(c *rest.Config) (*Clientset, error) {
-	configShallowCopy := *c
-	if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 {
-		if configShallowCopy.Burst <= 0 {
-			return nil, fmt.Errorf("Burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0")
-		}
-		configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst)
-	}
-	var cs Clientset
-	var err error
-	cs.clientsecretV1alpha1, err = clientsecretv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	cs.configV1alpha1, err = configv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	cs.iDPV1alpha1, err = idpv1alpha1.NewForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-
-	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy)
-	if err != nil {
-		return nil, err
-	}
-	return &cs, nil
-}
-
-// NewForConfigOrDie creates a new Clientset for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *Clientset {
-	var cs Clientset
-	cs.clientsecretV1alpha1 = clientsecretv1alpha1.NewForConfigOrDie(c)
-	cs.configV1alpha1 = configv1alpha1.NewForConfigOrDie(c)
-	cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c)
-
-	cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c)
-	return &cs
-}
-
-// New creates a new Clientset for the given RESTClient.
-func New(c rest.Interface) *Clientset {
-	var cs Clientset
-	cs.clientsecretV1alpha1 = clientsecretv1alpha1.New(c)
-	cs.configV1alpha1 = configv1alpha1.New(c)
-	cs.iDPV1alpha1 = idpv1alpha1.New(c)
-
-	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
-	return &cs
-}

generated/1.17/client/supervisor/clientset/versioned/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-// This package has the automatically generated clientset.
-package versioned

generated/1.17/client/supervisor/clientset/versioned/fake/clientset_generated.go

@@ -1,83 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	clientset "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned"
-	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
-	fakeclientsecretv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
-	fakeconfigv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake"
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1"
-	fakeidpv1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/idp/v1alpha1/fake"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/discovery"
-	fakediscovery "k8s.io/client-go/discovery/fake"
-	"k8s.io/client-go/testing"
-)
-
-// NewSimpleClientset returns a clientset that will respond with the provided objects.
-// It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
-// without applying any validations and/or defaults. It shouldn't be considered a replacement
-// for a real clientset and is mostly useful in simple unit tests.
-func NewSimpleClientset(objects ...runtime.Object) *Clientset {
-	o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder())
-	for _, obj := range objects {
-		if err := o.Add(obj); err != nil {
-			panic(err)
-		}
-	}
-
-	cs := &Clientset{tracker: o}
-	cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake}
-	cs.AddReactor("*", "*", testing.ObjectReaction(o))
-	cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
-		gvr := action.GetResource()
-		ns := action.GetNamespace()
-		watch, err := o.Watch(gvr, ns)
-		if err != nil {
-			return false, nil, err
-		}
-		return true, watch, nil
-	})
-
-	return cs
-}
-
-// Clientset implements clientset.Interface. Meant to be embedded into a
-// struct to get a default implementation. This makes faking out just the method
-// you want to test easier.
-type Clientset struct {
-	testing.Fake
-	discovery *fakediscovery.FakeDiscovery
-	tracker   testing.ObjectTracker
-}
-
-func (c *Clientset) Discovery() discovery.DiscoveryInterface {
-	return c.discovery
-}
-
-func (c *Clientset) Tracker() testing.ObjectTracker {
-	return c.tracker
-}
-
-var _ clientset.Interface = &Clientset{}
-
-// ClientsecretV1alpha1 retrieves the ClientsecretV1alpha1Client
-func (c *Clientset) ClientsecretV1alpha1() clientsecretv1alpha1.ClientsecretV1alpha1Interface {
-	return &fakeclientsecretv1alpha1.FakeClientsecretV1alpha1{Fake: &c.Fake}
-}
-
-// ConfigV1alpha1 retrieves the ConfigV1alpha1Client
-func (c *Clientset) ConfigV1alpha1() configv1alpha1.ConfigV1alpha1Interface {
-	return &fakeconfigv1alpha1.FakeConfigV1alpha1{Fake: &c.Fake}
-}
-
-// IDPV1alpha1 retrieves the IDPV1alpha1Client
-func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface {
-	return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake}
-}

generated/1.17/client/supervisor/clientset/versioned/fake/register.go

@@ -1,47 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-var scheme = runtime.NewScheme()
-var codecs = serializer.NewCodecFactory(scheme)
-var parameterCodec = runtime.NewParameterCodec(scheme)
-var localSchemeBuilder = runtime.SchemeBuilder{
-	clientsecretv1alpha1.AddToScheme,
-	configv1alpha1.AddToScheme,
-	idpv1alpha1.AddToScheme,
-}
-
-// AddToScheme adds all types of this clientset into the given scheme. This allows composition
-// of clientsets, like in:
-//
-//	import (
-//	  "k8s.io/client-go/kubernetes"
-//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//	)
-//
-//	kclientset, _ := kubernetes.NewForConfig(c)
-//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
-//
-// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
-// correctly.
-var AddToScheme = localSchemeBuilder.AddToScheme
-
-func init() {
-	v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
-	utilruntime.Must(AddToScheme(scheme))
-}

generated/1.17/client/supervisor/clientset/versioned/scheme/register.go

@@ -1,47 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package scheme
-
-import (
-	clientsecretv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
-	configv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
-	idpv1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/idp/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-var Scheme = runtime.NewScheme()
-var Codecs = serializer.NewCodecFactory(Scheme)
-var ParameterCodec = runtime.NewParameterCodec(Scheme)
-var localSchemeBuilder = runtime.SchemeBuilder{
-	clientsecretv1alpha1.AddToScheme,
-	configv1alpha1.AddToScheme,
-	idpv1alpha1.AddToScheme,
-}
-
-// AddToScheme adds all types of this clientset into the given scheme. This allows composition
-// of clientsets, like in:
-//
-//	import (
-//	  "k8s.io/client-go/kubernetes"
-//	  clientsetscheme "k8s.io/client-go/kubernetes/scheme"
-//	  aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme"
-//	)
-//
-//	kclientset, _ := kubernetes.NewForConfig(c)
-//	_ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme)
-//
-// After this, RawExtensions in Kubernetes types will serialize kube-aggregator types
-// correctly.
-var AddToScheme = localSchemeBuilder.AddToScheme
-
-func init() {
-	v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"})
-	utilruntime.Must(AddToScheme(Scheme))
-}

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/clientsecret_client.go

@@ -1,76 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type ClientsecretV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	OIDCClientSecretRequestsGetter
-}
-
-// ClientsecretV1alpha1Client is used to interact with features provided by the clientsecret.supervisor.pinniped.dev group.
-type ClientsecretV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *ClientsecretV1alpha1Client) OIDCClientSecretRequests(namespace string) OIDCClientSecretRequestInterface {
-	return newOIDCClientSecretRequests(c, namespace)
-}
-
-// NewForConfig creates a new ClientsecretV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*ClientsecretV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return &ClientsecretV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new ClientsecretV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *ClientsecretV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new ClientsecretV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *ClientsecretV1alpha1Client {
-	return &ClientsecretV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *ClientsecretV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake/fake_clientsecret_client.go

@@ -1,27 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeClientsecretV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeClientsecretV1alpha1) OIDCClientSecretRequests(namespace string) v1alpha1.OIDCClientSecretRequestInterface {
-	return &FakeOIDCClientSecretRequests{c, namespace}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeClientsecretV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/fake/fake_oidcclientsecretrequest.go

@@ -1,33 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeOIDCClientSecretRequests implements OIDCClientSecretRequestInterface
-type FakeOIDCClientSecretRequests struct {
-	Fake *FakeClientsecretV1alpha1
-	ns   string
-}
-
-var oidcclientsecretrequestsResource = schema.GroupVersionResource{Group: "clientsecret.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "oidcclientsecretrequests"}
-
-var oidcclientsecretrequestsKind = schema.GroupVersionKind{Group: "clientsecret.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "OIDCClientSecretRequest"}
-
-// Create takes the representation of a oIDCClientSecretRequest and creates it.  Returns the server's representation of the oIDCClientSecretRequest, and an error, if there is any.
-func (c *FakeOIDCClientSecretRequests) Create(oIDCClientSecretRequest *v1alpha1.OIDCClientSecretRequest) (result *v1alpha1.OIDCClientSecretRequest, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(oidcclientsecretrequestsResource, c.ns, oIDCClientSecretRequest), &v1alpha1.OIDCClientSecretRequest{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.OIDCClientSecretRequest), err
-}

generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/oidcclientsecretrequest.go

@@ -1,49 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/clientsecret/v1alpha1"
-	rest "k8s.io/client-go/rest"
-)
-
-// OIDCClientSecretRequestsGetter has a method to return a OIDCClientSecretRequestInterface.
-// A group's client should implement this interface.
-type OIDCClientSecretRequestsGetter interface {
-	OIDCClientSecretRequests(namespace string) OIDCClientSecretRequestInterface
-}
-
-// OIDCClientSecretRequestInterface has methods to work with OIDCClientSecretRequest resources.
-type OIDCClientSecretRequestInterface interface {
-	Create(*v1alpha1.OIDCClientSecretRequest) (*v1alpha1.OIDCClientSecretRequest, error)
-	OIDCClientSecretRequestExpansion
-}
-
-// oIDCClientSecretRequests implements OIDCClientSecretRequestInterface
-type oIDCClientSecretRequests struct {
-	client rest.Interface
-	ns     string
-}
-
-// newOIDCClientSecretRequests returns a OIDCClientSecretRequests
-func newOIDCClientSecretRequests(c *ClientsecretV1alpha1Client, namespace string) *oIDCClientSecretRequests {
-	return &oIDCClientSecretRequests{
-		client: c.RESTClient(),
-		ns:     namespace,
-	}
-}
-
-// Create takes the representation of a oIDCClientSecretRequest and creates it.  Returns the server's representation of the oIDCClientSecretRequest, and an error, if there is any.
-func (c *oIDCClientSecretRequests) Create(oIDCClientSecretRequest *v1alpha1.OIDCClientSecretRequest) (result *v1alpha1.OIDCClientSecretRequest, err error) {
-	result = &v1alpha1.OIDCClientSecretRequest{}
-	err = c.client.Post().
-		Namespace(c.ns).
-		Resource("oidcclientsecretrequests").
-		Body(oIDCClientSecretRequest).
-		Do().
-		Into(result)
-	return
-}

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/config_client.go

@@ -1,81 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
-	"go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/scheme"
-	rest "k8s.io/client-go/rest"
-)
-
-type ConfigV1alpha1Interface interface {
-	RESTClient() rest.Interface
-	FederationDomainsGetter
-	OIDCClientsGetter
-}
-
-// ConfigV1alpha1Client is used to interact with features provided by the config.supervisor.pinniped.dev group.
-type ConfigV1alpha1Client struct {
-	restClient rest.Interface
-}
-
-func (c *ConfigV1alpha1Client) FederationDomains(namespace string) FederationDomainInterface {
-	return newFederationDomains(c, namespace)
-}
-
-func (c *ConfigV1alpha1Client) OIDCClients(namespace string) OIDCClientInterface {
-	return newOIDCClients(c, namespace)
-}
-
-// NewForConfig creates a new ConfigV1alpha1Client for the given config.
-func NewForConfig(c *rest.Config) (*ConfigV1alpha1Client, error) {
-	config := *c
-	if err := setConfigDefaults(&config); err != nil {
-		return nil, err
-	}
-	client, err := rest.RESTClientFor(&config)
-	if err != nil {
-		return nil, err
-	}
-	return &ConfigV1alpha1Client{client}, nil
-}
-
-// NewForConfigOrDie creates a new ConfigV1alpha1Client for the given config and
-// panics if there is an error in the config.
-func NewForConfigOrDie(c *rest.Config) *ConfigV1alpha1Client {
-	client, err := NewForConfig(c)
-	if err != nil {
-		panic(err)
-	}
-	return client
-}
-
-// New creates a new ConfigV1alpha1Client for the given RESTClient.
-func New(c rest.Interface) *ConfigV1alpha1Client {
-	return &ConfigV1alpha1Client{c}
-}
-
-func setConfigDefaults(config *rest.Config) error {
-	gv := v1alpha1.SchemeGroupVersion
-	config.GroupVersion = &gv
-	config.APIPath = "/apis"
-	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
-
-	if config.UserAgent == "" {
-		config.UserAgent = rest.DefaultKubernetesUserAgent()
-	}
-
-	return nil
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *ConfigV1alpha1Client) RESTClient() rest.Interface {
-	if c == nil {
-		return nil
-	}
-	return c.restClient
-}

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go

@@ -1,31 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1"
-	rest "k8s.io/client-go/rest"
-	testing "k8s.io/client-go/testing"
-)
-
-type FakeConfigV1alpha1 struct {
-	*testing.Fake
-}
-
-func (c *FakeConfigV1alpha1) FederationDomains(namespace string) v1alpha1.FederationDomainInterface {
-	return &FakeFederationDomains{c, namespace}
-}
-
-func (c *FakeConfigV1alpha1) OIDCClients(namespace string) v1alpha1.OIDCClientInterface {
-	return &FakeOIDCClients{c, namespace}
-}
-
-// RESTClient returns a RESTClient that is used to communicate
-// with API server by this client implementation.
-func (c *FakeConfigV1alpha1) RESTClient() rest.Interface {
-	var ret *rest.RESTClient
-	return ret
-}

generated/1.17/client/supervisor/clientset/versioned/typed/config/v1alpha1/fake/fake_federationdomain.go

@@ -1,127 +0,0 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated by client-gen. DO NOT EDIT.
-
-package fake
-
-import (
-	v1alpha1 "go.pinniped.dev/generated/1.17/apis/supervisor/config/v1alpha1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	labels "k8s.io/apimachinery/pkg/labels"
-	schema "k8s.io/apimachinery/pkg/runtime/schema"
-	types "k8s.io/apimachinery/pkg/types"
-	watch "k8s.io/apimachinery/pkg/watch"
-	testing "k8s.io/client-go/testing"
-)
-
-// FakeFederationDomains implements FederationDomainInterface
-type FakeFederationDomains struct {
-	Fake *FakeConfigV1alpha1
-	ns   string
-}
-
-var federationdomainsResource = schema.GroupVersionResource{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Resource: "federationdomains"}
-
-var federationdomainsKind = schema.GroupVersionKind{Group: "config.supervisor.pinniped.dev", Version: "v1alpha1", Kind: "FederationDomain"}
-
-// Get takes name of the federationDomain, and returns the corresponding federationDomain object, and an error if there is any.
-func (c *FakeFederationDomains) Get(name string, options v1.GetOptions) (result *v1alpha1.FederationDomain, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.FederationDomain), err
-}
-
-// List takes label and field selectors, and returns the list of FederationDomains that match those selectors.
-func (c *FakeFederationDomains) List(opts v1.ListOptions) (result *v1alpha1.FederationDomainList, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewListAction(federationdomainsResource, federationdomainsKind, c.ns, opts), &v1alpha1.FederationDomainList{})
-
-	if obj == nil {
-		return nil, err
-	}
-
-	label, _, _ := testing.ExtractFromListOptions(opts)
-	if label == nil {
-		label = labels.Everything()
-	}
-	list := &v1alpha1.FederationDomainList{ListMeta: obj.(*v1alpha1.FederationDomainList).ListMeta}
-	for _, item := range obj.(*v1alpha1.FederationDomainList).Items {
-		if label.Matches(labels.Set(item.Labels)) {
-			list.Items = append(list.Items, item)
-		}
-	}
-	return list, err
-}
-
-// Watch returns a watch.Interface that watches the requested federationDomains.
-func (c *FakeFederationDomains) Watch(opts v1.ListOptions) (watch.Interface, error) {
-	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(federationdomainsResource, c.ns, opts))
-
-}
-
-// Create takes the representation of a federationDomain and creates it.  Returns the server's representation of the federationDomain, and an error, if there is any.
-func (c *FakeFederationDomains) Create(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.FederationDomain), err
-}
-
-// Update takes the representation of a federationDomain and updates it. Returns the server's representation of the federationDomain, and an error, if there is any.
-func (c *FakeFederationDomains) Update(federationDomain *v1alpha1.FederationDomain) (result *v1alpha1.FederationDomain, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(federationdomainsResource, c.ns, federationDomain), &v1alpha1.FederationDomain{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.FederationDomain), err
-}
-
-// UpdateStatus was generated because the type contains a Status member.
-// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
-func (c *FakeFederationDomains) UpdateStatus(federationDomain *v1alpha1.FederationDomain) (*v1alpha1.FederationDomain, error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(federationdomainsResource, "status", c.ns, federationDomain), &v1alpha1.FederationDomain{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.FederationDomain), err
-}
-
-// Delete takes name of the federationDomain and deletes it. Returns an error if one occurs.
-func (c *FakeFederationDomains) Delete(name string, options *v1.DeleteOptions) error {
-	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(federationdomainsResource, c.ns, name), &v1alpha1.FederationDomain{})
-
-	return err
-}
-
-// DeleteCollection deletes a collection of objects.
-func (c *FakeFederationDomains) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(federationdomainsResource, c.ns, listOptions)
-
-	_, err := c.Fake.Invokes(action, &v1alpha1.FederationDomainList{})
-	return err
-}
-
-// Patch applies the patch and returns the patched federationDomain.
-func (c *FakeFederationDomains) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.FederationDomain, err error) {
-	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(federationdomainsResource, c.ns, name, pt, data, subresources...), &v1alpha1.FederationDomain{})
-
-	if obj == nil {
-		return nil, err
-	}
-	return obj.(*v1alpha1.FederationDomain), err
-}