889348e999
Signed-off-by: Margo Crawford <margaretc@vmware.com>
92 lines
3.5 KiB
Go
92 lines
3.5 KiB
Go
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Package scheme contains code to construct a proper runtime.Scheme for the Concierge aggregated
|
|
// API.
|
|
package scheme
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
oauthapi "go.pinniped.dev/generated/latest/apis/supervisor/virtual/oauth"
|
|
oauthv1alpha1 "go.pinniped.dev/generated/latest/apis/supervisor/virtual/oauth/v1alpha1"
|
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
|
|
|
"go.pinniped.dev/internal/groupsuffix"
|
|
)
|
|
|
|
// New returns a runtime.Scheme for use by the Supervisor aggregated API running with the provided
|
|
// apiGroupSuffix.
|
|
func New(apiGroupSuffix string) (_ *runtime.Scheme, oauth schema.GroupVersion) {
|
|
// standard set up of the server side scheme
|
|
scheme := runtime.NewScheme()
|
|
|
|
// add the options to empty v1
|
|
metav1.AddToGroupVersion(scheme, metav1.Unversioned)
|
|
|
|
// nothing fancy is required if using the standard group suffix
|
|
if apiGroupSuffix == groupsuffix.PinnipedDefaultSuffix {
|
|
schemeBuilder := runtime.NewSchemeBuilder(
|
|
oauthv1alpha1.AddToScheme,
|
|
oauthapi.AddToScheme,
|
|
)
|
|
utilruntime.Must(schemeBuilder.AddToScheme(scheme))
|
|
return scheme, oauthv1alpha1.SchemeGroupVersion
|
|
}
|
|
|
|
oauthVirtualSupervisorGroupData := groupsuffix.SupervisorAggregatedGroups(apiGroupSuffix)
|
|
|
|
addToSchemeAtNewGroup(scheme, oauthv1alpha1.GroupName, oauthVirtualSupervisorGroupData.Group, oauthv1alpha1.AddToScheme, oauthapi.AddToScheme)
|
|
|
|
// manually register conversions and defaulting into the correct scheme since we cannot directly call AddToScheme
|
|
schemeBuilder := runtime.NewSchemeBuilder(
|
|
oauthv1alpha1.RegisterConversions,
|
|
oauthv1alpha1.RegisterDefaults,
|
|
)
|
|
utilruntime.Must(schemeBuilder.AddToScheme(scheme))
|
|
|
|
// we do not have any defaulting functions for *loginv1alpha1.OIDCClientSecretRequest
|
|
// today, but we may have some in the future. Calling AddTypeDefaultingFunc overwrites
|
|
// any previously registered defaulting function. Thus to make sure that we catch
|
|
// a situation where we add a defaulting func, we attempt to call it here with a nil
|
|
// *oauthv1alpha1.OIDCClientSecretRequest. This will do nothing when there is no
|
|
// defaulting func registered, but it will almost certainly panic if one is added.
|
|
scheme.Default((*oauthv1alpha1.OIDCClientSecretRequest)(nil))
|
|
|
|
return scheme, schema.GroupVersion(oauthVirtualSupervisorGroupData)
|
|
}
|
|
|
|
func addToSchemeAtNewGroup(scheme *runtime.Scheme, oldGroup, newGroup string, funcs ...func(*runtime.Scheme) error) {
|
|
// we need a temporary place to register our types to avoid double registering them
|
|
tmpScheme := runtime.NewScheme()
|
|
schemeBuilder := runtime.NewSchemeBuilder(funcs...)
|
|
utilruntime.Must(schemeBuilder.AddToScheme(tmpScheme))
|
|
|
|
for gvk := range tmpScheme.AllKnownTypes() {
|
|
if gvk.GroupVersion() == metav1.Unversioned {
|
|
continue // metav1.AddToGroupVersion registers types outside of our aggregated API group that we need to ignore
|
|
}
|
|
|
|
if gvk.Group != oldGroup {
|
|
panic(fmt.Errorf("tmp scheme has type not in the old aggregated API group %s: %s", oldGroup, gvk)) // programmer error
|
|
}
|
|
|
|
obj, err := tmpScheme.New(gvk)
|
|
if err != nil {
|
|
panic(err) // programmer error, scheme internal code is broken
|
|
}
|
|
newGVK := schema.GroupVersionKind{
|
|
Group: newGroup,
|
|
Version: gvk.Version,
|
|
Kind: gvk.Kind,
|
|
}
|
|
|
|
// register the existing type but with the new group in the correct scheme
|
|
scheme.AddKnownTypeWithName(newGVK, obj)
|
|
}
|
|
}
|