djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ba6bc7f105
ContainerImage.Pinniped/generated/1.18/README.adoc
Andrew Keesler ba6bc7f105
OpenIDConnectIdentityProvider CRD: first draft 
All fields are required right now for forwards-compatibility.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-09-25 10:56:22 -04:00

401 lines
18 KiB
Plaintext
Generated
Raw Blame History

// Generated documentation. Please do not edit.
:anchor_prefix: k8s-api
[id="{p}-api-reference"]
== API Reference
.Packages
- xref:{anchor_prefix}-config-pinniped-dev-v1alpha1[$$config.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$]
- xref:{anchor_prefix}-login-pinniped-dev-v1alpha1[$$login.pinniped.dev/v1alpha1$$]
[id="{anchor_prefix}-config-pinniped-dev-v1alpha1"]
=== config.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped configuration API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfig"]
==== CredentialIssuerConfig
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfiglist[$$CredentialIssuerConfigList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]__ | Status of the credential issuer.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigkubeconfiginfo"]
==== CredentialIssuerConfigKubeConfigInfo
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`server`* __string__ | The K8s API server URL.
| *`certificateAuthorityData`* __string__ | The K8s API server CA bundle.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigstatus"]
==== CredentialIssuerConfigStatus
Status of a credential issuer.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfig[$$CredentialIssuerConfig$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`strategies`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigstrategy[$$CredentialIssuerConfigStrategy$$] array__ | List of integration strategies that were attempted by Pinniped.
| *`kubeConfigInfo`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigkubeconfiginfo[$$CredentialIssuerConfigKubeConfigInfo$$]__ | Information needed to form a valid Pinniped-based kubeconfig using this credential issuer.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigstrategy"]
==== CredentialIssuerConfigStrategy
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-config-v1alpha1-credentialissuerconfigstatus[$$CredentialIssuerConfigStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __StrategyType__ | Type of integration attempted.
| *`status`* __StrategyStatus__ | Status of the attempted integration strategy.
| *`reason`* __StrategyReason__ | Reason for the current status.
| *`message`* __string__ | Human-readable description of the current status.
| *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | When the status was last checked.
|===
[id="{anchor_prefix}-idp-pinniped-dev-v1alpha1"]
=== idp.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-condition"]
==== Condition
Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderstatus[$$OpenIDConnectIdentityProviderStatus$$]
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`type`* __string__ | type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| *`status`* __ConditionStatus__ | status of the condition, one of True, False, Unknown.
| *`observedGeneration`* __integer__ | observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
| *`lastTransitionTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
| *`reason`* __string__ | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
| *`message`* __string__ | message is a human readable message indicating details about the transition. This may be an empty string.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectauthorizationconfig"]
==== OpenIDConnectAuthorizationConfig
OpenIDConnectAuthorizationConfig provides information about how to form the OAuth2 authorization request parameters.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderspec[$$OpenIDConnectIdentityProviderSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`redirectURI`* __string__ | RedirectURI is the URI of the redirect endpoint that will be used in the OAuth2 authorization request flow with an OIDC identity provider.
| *`scopes`* __string array__ | Scopes are the scopes that will be requested as part of the authorization request flow with an OIDC identity provider.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectclaims"]
==== OpenIDConnectClaims
OpenIDConnectClaims provides a mapping from upstream claims into identities.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderspec[$$OpenIDConnectIdentityProviderSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`groups`* __string__ | Groups provides the name of the token claim that will be used to ascertain the groups to which an identity belongs.
| *`username`* __string__ | Username provides the name of the token claim that will be used to ascertain an identity's username.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectclient"]
==== OpenIDConnectClient
OpenIDConnectClient contains information about an OIDC client (e.g., client ID and client secret).
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderspec[$$OpenIDConnectIdentityProviderSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`secretName`* __string__ | SecretName contains the name of a namespace-local Secret object that provides the clientID and clientSecret for an OIDC client. If only the SecretName is specified in an OpenIDConnectClient struct, then it is expected that the Secret is of type "secrets.pinniped.dev/oidc" with keys "clientID" and "clientSecret".
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityprovider"]
==== OpenIDConnectIdentityProvider
OpenIDConnectIdentityProvider describes the configuration of a Pinniped OIDC identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderlist[$$OpenIDConnectIdentityProviderList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderspec[$$OpenIDConnectIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderstatus[$$OpenIDConnectIdentityProviderStatus$$]__ | Status of the identity provider.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderspec"]
==== OpenIDConnectIdentityProviderSpec
Spec for configuring an OIDC identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityprovider[$$OpenIDConnectIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`issuer`* __string__ | Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch /.well-known/openid-configuration.
| *`authorizationConfig`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectauthorizationconfig[$$OpenIDConnectAuthorizationConfig$$]__ | AuthorizationConfig holds information about how to form the OAuth2 authorization request parameters to be used with this OIDC identity provider.
| *`claims`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectclaims[$$OpenIDConnectClaims$$]__ | Claims provides the names of token claims that will be used when inspecting an identity from this OIDC identity provider.
| *`client`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectclient[$$OpenIDConnectClient$$]__ | OpenIDConnectClient contains OIDC client information to be used used with this OIDC identity provider.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityproviderstatus"]
==== OpenIDConnectIdentityProviderStatus
Status of an OIDC identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-openidconnectidentityprovider[$$OpenIDConnectIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-tlsspec"]
==== TLSSpec
Configuration for configuring TLS on various identity providers.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider"]
==== WebhookIdentityProvider
WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderlist[$$WebhookIdentityProviderList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec[$$WebhookIdentityProviderSpec$$]__ | Spec for configuring the identity provider.
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus[$$WebhookIdentityProviderStatus$$]__ | Status of the identity provider.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderspec"]
==== WebhookIdentityProviderSpec
Spec for configuring a webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`endpoint`* __string__ | Webhook server endpoint URL.
| *`tls`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-tlsspec[$$TLSSpec$$]__ | TLS configuration.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityproviderstatus"]
==== WebhookIdentityProviderStatus
Status of a webhook identity provider.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-webhookidentityprovider[$$WebhookIdentityProvider$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`conditions`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-idp-v1alpha1-condition[$$Condition$$]__ | Represents the observations of an identity provider's current state.
|===
[id="{anchor_prefix}-login-pinniped-dev-v1alpha1"]
=== login.pinniped.dev/v1alpha1
Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-clustercredential"]
==== ClusterCredential
ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`expirationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | ExpirationTimestamp indicates a time when the provided credentials expire.
| *`token`* __string__ | Token is a bearer token used by the client for request authentication.
| *`clientCertificateData`* __string__ | PEM-encoded client TLS certificates (including intermediates, if any).
| *`clientKeyData`* __string__ | PEM-encoded private key for the above certificate.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequest"]
==== TokenCredentialRequest
TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequestlist[$$TokenCredentialRequestList$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
| *`spec`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequestspec[$$TokenCredentialRequestSpec$$]__ |
| *`status`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$]__ |
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequestspec"]
==== TokenCredentialRequestSpec
TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`token`* __string__ | Bearer token supplied with the credential request.
| *`identityProvider`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#typedlocalobjectreference-v1-core[$$TypedLocalObjectReference$$]__ | Reference to an identity provider which can fulfill this credential request.
|===
[id="{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequeststatus"]
==== TokenCredentialRequestStatus
TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
.Appears In:
****
- xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$]
****
[cols="25a,75a", options="header"]
|===
| Field | Description
| *`credential`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-18-apis-login-v1alpha1-clustercredential[$$ClusterCredential$$]__ | A Credential will be returned for a successful credential request.
| *`message`* __string__ | An error message will be returned for an unsuccessful credential request.
|===
Reference in New Issue View Git Blame Copy Permalink