From 58bf93b10cfda4ea3c03a4dc3ea19ef680b34b6c Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 16 Sep 2020 09:04:20 -0500 Subject: [PATCH 1/6] Add a new login.pinniped.dev API group with TokenCredentialRequest. This is essentially meant to be be "v1alpha2" of the existing CredentialRequest API, but since we want to move API groups we can just start over at v1alpha1. Signed-off-by: Matt Moyer --- apis/login/doc.go.tmpl | 8 + apis/login/register.go.tmpl | 38 ++++ apis/login/types_clustercred.go.tmpl | 21 ++ apis/login/types_token.go.tmpl | 42 ++++ apis/login/v1alpha1/conversion.go.tmpl | 4 + apis/login/v1alpha1/defaults.go.tmpl | 12 ++ apis/login/v1alpha1/doc.go.tmpl | 11 + apis/login/v1alpha1/register.go.tmpl | 43 ++++ apis/login/v1alpha1/types_clustercred.go.tmpl | 22 ++ apis/login/v1alpha1/types_token.go.tmpl | 43 ++++ generated/1.17/README.adoc | 86 ++++++++ generated/1.17/apis/login/doc.go | 8 + generated/1.17/apis/login/register.go | 38 ++++ .../1.17/apis/login/types_clustercred.go | 21 ++ generated/1.17/apis/login/types_token.go | 42 ++++ .../1.17/apis/login/v1alpha1/conversion.go | 4 + .../1.17/apis/login/v1alpha1/defaults.go | 12 ++ generated/1.17/apis/login/v1alpha1/doc.go | 11 + .../1.17/apis/login/v1alpha1/register.go | 43 ++++ .../apis/login/v1alpha1/types_clustercred.go | 22 ++ .../1.17/apis/login/v1alpha1/types_token.go | 43 ++++ .../login/v1alpha1/zz_generated.conversion.go | 198 ++++++++++++++++++ .../login/v1alpha1/zz_generated.deepcopy.go | 132 ++++++++++++ .../login/v1alpha1/zz_generated.defaults.go | 19 ++ .../1.17/apis/login/zz_generated.deepcopy.go | 132 ++++++++++++ .../client/clientset/versioned/clientset.go | 14 ++ .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../versioned/typed/login/v1alpha1/doc.go | 7 + .../typed/login/v1alpha1/fake/doc.go | 7 + .../login/v1alpha1/fake/fake_login_client.go | 27 +++ .../fake/fake_tokencredentialrequest.go | 127 +++++++++++ .../login/v1alpha1/generated_expansion.go | 8 + .../typed/login/v1alpha1/login_client.go | 76 +++++++ .../login/v1alpha1/tokencredentialrequest.go | 178 ++++++++++++++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/login/interface.go | 33 +++ .../login/v1alpha1/interface.go | 32 +++ .../login/v1alpha1/tokencredentialrequest.go | 76 +++++++ .../login/v1alpha1/expansion_generated.go | 14 ++ .../login/v1alpha1/tokencredentialrequest.go | 81 +++++++ .../client/openapi/zz_generated.openapi.go | 186 ++++++++++++++++ generated/1.18/README.adoc | 86 ++++++++ generated/1.18/apis/login/doc.go | 8 + generated/1.18/apis/login/register.go | 38 ++++ .../1.18/apis/login/types_clustercred.go | 21 ++ generated/1.18/apis/login/types_token.go | 42 ++++ .../1.18/apis/login/v1alpha1/conversion.go | 4 + .../1.18/apis/login/v1alpha1/defaults.go | 12 ++ generated/1.18/apis/login/v1alpha1/doc.go | 11 + .../1.18/apis/login/v1alpha1/register.go | 43 ++++ .../apis/login/v1alpha1/types_clustercred.go | 22 ++ .../1.18/apis/login/v1alpha1/types_token.go | 43 ++++ .../login/v1alpha1/zz_generated.conversion.go | 198 ++++++++++++++++++ .../login/v1alpha1/zz_generated.deepcopy.go | 132 ++++++++++++ .../login/v1alpha1/zz_generated.defaults.go | 19 ++ .../1.18/apis/login/zz_generated.deepcopy.go | 132 ++++++++++++ .../client/clientset/versioned/clientset.go | 14 ++ .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../versioned/typed/login/v1alpha1/doc.go | 7 + .../typed/login/v1alpha1/fake/doc.go | 7 + .../login/v1alpha1/fake/fake_login_client.go | 27 +++ .../fake/fake_tokencredentialrequest.go | 129 ++++++++++++ .../login/v1alpha1/generated_expansion.go | 8 + .../typed/login/v1alpha1/login_client.go | 76 +++++++ .../login/v1alpha1/tokencredentialrequest.go | 182 ++++++++++++++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/login/interface.go | 33 +++ .../login/v1alpha1/interface.go | 32 +++ .../login/v1alpha1/tokencredentialrequest.go | 77 +++++++ .../login/v1alpha1/expansion_generated.go | 14 ++ .../login/v1alpha1/tokencredentialrequest.go | 81 +++++++ .../client/openapi/zz_generated.openapi.go | 186 ++++++++++++++++ generated/1.19/README.adoc | 86 ++++++++ generated/1.19/apis/login/doc.go | 8 + generated/1.19/apis/login/register.go | 38 ++++ .../1.19/apis/login/types_clustercred.go | 21 ++ generated/1.19/apis/login/types_token.go | 42 ++++ .../1.19/apis/login/v1alpha1/conversion.go | 4 + .../1.19/apis/login/v1alpha1/defaults.go | 12 ++ generated/1.19/apis/login/v1alpha1/doc.go | 11 + .../1.19/apis/login/v1alpha1/register.go | 43 ++++ .../apis/login/v1alpha1/types_clustercred.go | 22 ++ .../1.19/apis/login/v1alpha1/types_token.go | 43 ++++ .../login/v1alpha1/zz_generated.conversion.go | 198 ++++++++++++++++++ .../login/v1alpha1/zz_generated.deepcopy.go | 132 ++++++++++++ .../login/v1alpha1/zz_generated.defaults.go | 19 ++ .../1.19/apis/login/zz_generated.deepcopy.go | 132 ++++++++++++ .../client/clientset/versioned/clientset.go | 14 ++ .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../versioned/typed/login/v1alpha1/doc.go | 7 + .../typed/login/v1alpha1/fake/doc.go | 7 + .../login/v1alpha1/fake/fake_login_client.go | 27 +++ .../fake/fake_tokencredentialrequest.go | 129 ++++++++++++ .../login/v1alpha1/generated_expansion.go | 8 + .../typed/login/v1alpha1/login_client.go | 76 +++++++ .../login/v1alpha1/tokencredentialrequest.go | 182 ++++++++++++++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../externalversions/login/interface.go | 33 +++ .../login/v1alpha1/interface.go | 32 +++ .../login/v1alpha1/tokencredentialrequest.go | 77 +++++++ .../login/v1alpha1/expansion_generated.go | 14 ++ .../login/v1alpha1/tokencredentialrequest.go | 86 ++++++++ .../client/openapi/zz_generated.openapi.go | 186 ++++++++++++++++ hack/lib/docs/config.yaml | 1 + hack/lib/update-codegen.sh | 6 +- 114 files changed, 5364 insertions(+), 3 deletions(-) create mode 100644 apis/login/doc.go.tmpl create mode 100644 apis/login/register.go.tmpl create mode 100644 apis/login/types_clustercred.go.tmpl create mode 100644 apis/login/types_token.go.tmpl create mode 100644 apis/login/v1alpha1/conversion.go.tmpl create mode 100644 apis/login/v1alpha1/defaults.go.tmpl create mode 100644 apis/login/v1alpha1/doc.go.tmpl create mode 100644 apis/login/v1alpha1/register.go.tmpl create mode 100644 apis/login/v1alpha1/types_clustercred.go.tmpl create mode 100644 apis/login/v1alpha1/types_token.go.tmpl create mode 100644 generated/1.17/apis/login/doc.go create mode 100644 generated/1.17/apis/login/register.go create mode 100644 generated/1.17/apis/login/types_clustercred.go create mode 100644 generated/1.17/apis/login/types_token.go create mode 100644 generated/1.17/apis/login/v1alpha1/conversion.go create mode 100644 generated/1.17/apis/login/v1alpha1/defaults.go create mode 100644 generated/1.17/apis/login/v1alpha1/doc.go create mode 100644 generated/1.17/apis/login/v1alpha1/register.go create mode 100644 generated/1.17/apis/login/v1alpha1/types_clustercred.go create mode 100644 generated/1.17/apis/login/v1alpha1/types_token.go create mode 100644 generated/1.17/apis/login/v1alpha1/zz_generated.conversion.go create mode 100644 generated/1.17/apis/login/v1alpha1/zz_generated.deepcopy.go create mode 100644 generated/1.17/apis/login/v1alpha1/zz_generated.defaults.go create mode 100644 generated/1.17/apis/login/zz_generated.deepcopy.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/doc.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/login_client.go create mode 100644 generated/1.17/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.17/client/informers/externalversions/login/interface.go create mode 100644 generated/1.17/client/informers/externalversions/login/v1alpha1/interface.go create mode 100644 generated/1.17/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.17/client/listers/login/v1alpha1/expansion_generated.go create mode 100644 generated/1.17/client/listers/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.18/apis/login/doc.go create mode 100644 generated/1.18/apis/login/register.go create mode 100644 generated/1.18/apis/login/types_clustercred.go create mode 100644 generated/1.18/apis/login/types_token.go create mode 100644 generated/1.18/apis/login/v1alpha1/conversion.go create mode 100644 generated/1.18/apis/login/v1alpha1/defaults.go create mode 100644 generated/1.18/apis/login/v1alpha1/doc.go create mode 100644 generated/1.18/apis/login/v1alpha1/register.go create mode 100644 generated/1.18/apis/login/v1alpha1/types_clustercred.go create mode 100644 generated/1.18/apis/login/v1alpha1/types_token.go create mode 100644 generated/1.18/apis/login/v1alpha1/zz_generated.conversion.go create mode 100644 generated/1.18/apis/login/v1alpha1/zz_generated.deepcopy.go create mode 100644 generated/1.18/apis/login/v1alpha1/zz_generated.defaults.go create mode 100644 generated/1.18/apis/login/zz_generated.deepcopy.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/doc.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/login_client.go create mode 100644 generated/1.18/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.18/client/informers/externalversions/login/interface.go create mode 100644 generated/1.18/client/informers/externalversions/login/v1alpha1/interface.go create mode 100644 generated/1.18/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.18/client/listers/login/v1alpha1/expansion_generated.go create mode 100644 generated/1.18/client/listers/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.19/apis/login/doc.go create mode 100644 generated/1.19/apis/login/register.go create mode 100644 generated/1.19/apis/login/types_clustercred.go create mode 100644 generated/1.19/apis/login/types_token.go create mode 100644 generated/1.19/apis/login/v1alpha1/conversion.go create mode 100644 generated/1.19/apis/login/v1alpha1/defaults.go create mode 100644 generated/1.19/apis/login/v1alpha1/doc.go create mode 100644 generated/1.19/apis/login/v1alpha1/register.go create mode 100644 generated/1.19/apis/login/v1alpha1/types_clustercred.go create mode 100644 generated/1.19/apis/login/v1alpha1/types_token.go create mode 100644 generated/1.19/apis/login/v1alpha1/zz_generated.conversion.go create mode 100644 generated/1.19/apis/login/v1alpha1/zz_generated.deepcopy.go create mode 100644 generated/1.19/apis/login/v1alpha1/zz_generated.defaults.go create mode 100644 generated/1.19/apis/login/zz_generated.deepcopy.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/doc.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/login_client.go create mode 100644 generated/1.19/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.19/client/informers/externalversions/login/interface.go create mode 100644 generated/1.19/client/informers/externalversions/login/v1alpha1/interface.go create mode 100644 generated/1.19/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go create mode 100644 generated/1.19/client/listers/login/v1alpha1/expansion_generated.go create mode 100644 generated/1.19/client/listers/login/v1alpha1/tokencredentialrequest.go diff --git a/apis/login/doc.go.tmpl b/apis/login/doc.go.tmpl new file mode 100644 index 000000000..4dfd85601 --- /dev/null +++ b/apis/login/doc.go.tmpl @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=login.pinniped.dev + +// Package login is the internal version of the Pinniped login API. +package login diff --git a/apis/login/register.go.tmpl b/apis/login/register.go.tmpl new file mode 100644 index 000000000..f1f029040 --- /dev/null +++ b/apis/login/register.go.tmpl @@ -0,0 +1,38 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + return nil +} diff --git a/apis/login/types_clustercred.go.tmpl b/apis/login/types_clustercred.go.tmpl new file mode 100644 index 000000000..fda1103af --- /dev/null +++ b/apis/login/types_clustercred.go.tmpl @@ -0,0 +1,21 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time + + // Token is a bearer token used by the client for request authentication. + Token string + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string + + // PEM-encoded private key for the above certificate. + ClientKeyData string +} diff --git a/apis/login/types_token.go.tmpl b/apis/login/types_token.go.tmpl new file mode 100644 index 000000000..55b9fc999 --- /dev/null +++ b/apis/login/types_token.go.tmpl @@ -0,0 +1,42 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string +} + +type TokenCredentialRequestStatus struct { + // A ClusterCredential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec TokenCredentialRequestSpec + Status TokenCredentialRequestStatus +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of TokenCredentialRequest + Items []TokenCredentialRequest +} diff --git a/apis/login/v1alpha1/conversion.go.tmpl b/apis/login/v1alpha1/conversion.go.tmpl new file mode 100644 index 000000000..226f6135f --- /dev/null +++ b/apis/login/v1alpha1/conversion.go.tmpl @@ -0,0 +1,4 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/apis/login/v1alpha1/defaults.go.tmpl b/apis/login/v1alpha1/defaults.go.tmpl new file mode 100644 index 000000000..830aa010a --- /dev/null +++ b/apis/login/v1alpha1/defaults.go.tmpl @@ -0,0 +1,12 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/apis/login/v1alpha1/doc.go.tmpl b/apis/login/v1alpha1/doc.go.tmpl new file mode 100644 index 000000000..38840f050 --- /dev/null +++ b/apis/login/v1alpha1/doc.go.tmpl @@ -0,0 +1,11 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/GENERATED_PKG/apis/login +// +k8s:defaulter-gen=TypeMeta +// +groupName=login.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped login API. +package v1alpha1 diff --git a/apis/login/v1alpha1/register.go.tmpl b/apis/login/v1alpha1/register.go.tmpl new file mode 100644 index 000000000..f49800f4e --- /dev/null +++ b/apis/login/v1alpha1/register.go.tmpl @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/apis/login/v1alpha1/types_clustercred.go.tmpl b/apis/login/v1alpha1/types_clustercred.go.tmpl new file mode 100644 index 000000000..574e8b51a --- /dev/null +++ b/apis/login/v1alpha1/types_clustercred.go.tmpl @@ -0,0 +1,22 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is the cluster-specific credential returned on a successful credential request. It +// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time `json:"expirationTimestamp,omitempty"` + + // Token is a bearer token used by the client for request authentication. + Token string `json:"token,omitempty"` + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string `json:"clientCertificateData,omitempty"` + + // PEM-encoded private key for the above certificate. + ClientKeyData string `json:"clientKeyData,omitempty"` +} diff --git a/apis/login/v1alpha1/types_token.go.tmpl b/apis/login/v1alpha1/types_token.go.tmpl new file mode 100644 index 000000000..7580874fd --- /dev/null +++ b/apis/login/v1alpha1/types_token.go.tmpl @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string `json:"token,omitempty"` +} + +// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. +type TokenCredentialRequestStatus struct { + // A Credential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential `json:"credential,omitempty"` + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string `json:"message,omitempty"` +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TokenCredentialRequestSpec `json:"spec,omitempty"` + Status TokenCredentialRequestStatus `json:"status,omitempty"` +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []TokenCredentialRequest `json:"items"` +} diff --git a/generated/1.17/README.adoc b/generated/1.17/README.adoc index 8015915a6..cb9a257af 100644 --- a/generated/1.17/README.adoc +++ b/generated/1.17/README.adoc @@ -7,6 +7,7 @@ .Packages - xref:{anchor_prefix}-crd-pinniped-dev-v1alpha1[$$crd.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-login-pinniped-dev-v1alpha1[$$login.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-pinniped-dev-v1alpha1[$$pinniped.dev/v1alpha1$$] @@ -200,6 +201,91 @@ Status of a webhook identity provider. +[id="{anchor_prefix}-login-pinniped-dev-v1alpha1"] +=== login.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped login API. + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-clustercredential"] +==== ClusterCredential + +ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`expirationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | ExpirationTimestamp indicates a time when the provided credentials expire. +| *`token`* __string__ | Token is a bearer token used by the client for request authentication. +| *`clientCertificateData`* __string__ | PEM-encoded client TLS certificates (including intermediates, if any). +| *`clientKeyData`* __string__ | PEM-encoded private key for the above certificate. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequest"] +==== TokenCredentialRequest + +TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequestlist[$$TokenCredentialRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequestspec[$$TokenCredentialRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$]__ | +|=== + + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequestspec"] +==== TokenCredentialRequestSpec + +TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`token`* __string__ | Bearer token supplied with the credential request. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequeststatus"] +==== TokenCredentialRequestStatus + +TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`credential`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-17-apis-login-v1alpha1-clustercredential[$$ClusterCredential$$]__ | A Credential will be returned for a successful credential request. +| *`message`* __string__ | An error message will be returned for an unsuccessful credential request. +|=== + + + [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 diff --git a/generated/1.17/apis/login/doc.go b/generated/1.17/apis/login/doc.go new file mode 100644 index 000000000..4dfd85601 --- /dev/null +++ b/generated/1.17/apis/login/doc.go @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=login.pinniped.dev + +// Package login is the internal version of the Pinniped login API. +package login diff --git a/generated/1.17/apis/login/register.go b/generated/1.17/apis/login/register.go new file mode 100644 index 000000000..f1f029040 --- /dev/null +++ b/generated/1.17/apis/login/register.go @@ -0,0 +1,38 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + return nil +} diff --git a/generated/1.17/apis/login/types_clustercred.go b/generated/1.17/apis/login/types_clustercred.go new file mode 100644 index 000000000..fda1103af --- /dev/null +++ b/generated/1.17/apis/login/types_clustercred.go @@ -0,0 +1,21 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time + + // Token is a bearer token used by the client for request authentication. + Token string + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string + + // PEM-encoded private key for the above certificate. + ClientKeyData string +} diff --git a/generated/1.17/apis/login/types_token.go b/generated/1.17/apis/login/types_token.go new file mode 100644 index 000000000..55b9fc999 --- /dev/null +++ b/generated/1.17/apis/login/types_token.go @@ -0,0 +1,42 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string +} + +type TokenCredentialRequestStatus struct { + // A ClusterCredential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec TokenCredentialRequestSpec + Status TokenCredentialRequestStatus +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of TokenCredentialRequest + Items []TokenCredentialRequest +} diff --git a/generated/1.17/apis/login/v1alpha1/conversion.go b/generated/1.17/apis/login/v1alpha1/conversion.go new file mode 100644 index 000000000..226f6135f --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.17/apis/login/v1alpha1/defaults.go b/generated/1.17/apis/login/v1alpha1/defaults.go new file mode 100644 index 000000000..830aa010a --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.17/apis/login/v1alpha1/doc.go b/generated/1.17/apis/login/v1alpha1/doc.go new file mode 100644 index 000000000..8c8120d51 --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.17/apis/login +// +k8s:defaulter-gen=TypeMeta +// +groupName=login.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped login API. +package v1alpha1 diff --git a/generated/1.17/apis/login/v1alpha1/register.go b/generated/1.17/apis/login/v1alpha1/register.go new file mode 100644 index 000000000..f49800f4e --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.17/apis/login/v1alpha1/types_clustercred.go b/generated/1.17/apis/login/v1alpha1/types_clustercred.go new file mode 100644 index 000000000..574e8b51a --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/types_clustercred.go @@ -0,0 +1,22 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is the cluster-specific credential returned on a successful credential request. It +// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time `json:"expirationTimestamp,omitempty"` + + // Token is a bearer token used by the client for request authentication. + Token string `json:"token,omitempty"` + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string `json:"clientCertificateData,omitempty"` + + // PEM-encoded private key for the above certificate. + ClientKeyData string `json:"clientKeyData,omitempty"` +} diff --git a/generated/1.17/apis/login/v1alpha1/types_token.go b/generated/1.17/apis/login/v1alpha1/types_token.go new file mode 100644 index 000000000..7580874fd --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/types_token.go @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string `json:"token,omitempty"` +} + +// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. +type TokenCredentialRequestStatus struct { + // A Credential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential `json:"credential,omitempty"` + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string `json:"message,omitempty"` +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TokenCredentialRequestSpec `json:"spec,omitempty"` + Status TokenCredentialRequestStatus `json:"status,omitempty"` +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []TokenCredentialRequest `json:"items"` +} diff --git a/generated/1.17/apis/login/v1alpha1/zz_generated.conversion.go b/generated/1.17/apis/login/v1alpha1/zz_generated.conversion.go new file mode 100644 index 000000000..e28e7dd2f --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,198 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + login "github.com/suzerain-io/pinniped/generated/1.17/apis/login" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*ClusterCredential)(nil), (*login.ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(a.(*ClusterCredential), b.(*login.ClusterCredential), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.ClusterCredential)(nil), (*ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(a.(*login.ClusterCredential), b.(*ClusterCredential), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequest)(nil), (*login.TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(a.(*TokenCredentialRequest), b.(*login.TokenCredentialRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequest)(nil), (*TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(a.(*login.TokenCredentialRequest), b.(*TokenCredentialRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestList)(nil), (*login.TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(a.(*TokenCredentialRequestList), b.(*login.TokenCredentialRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestList)(nil), (*TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(a.(*login.TokenCredentialRequestList), b.(*TokenCredentialRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestSpec)(nil), (*login.TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(a.(*TokenCredentialRequestSpec), b.(*login.TokenCredentialRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestSpec)(nil), (*TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(a.(*login.TokenCredentialRequestSpec), b.(*TokenCredentialRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestStatus)(nil), (*login.TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(a.(*TokenCredentialRequestStatus), b.(*login.TokenCredentialRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestStatus)(nil), (*TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(a.(*login.TokenCredentialRequestStatus), b.(*TokenCredentialRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error { + out.ExpirationTimestamp = in.ExpirationTimestamp + out.Token = in.Token + out.ClientCertificateData = in.ClientCertificateData + out.ClientKeyData = in.ClientKeyData + return nil +} + +// Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential is an autogenerated conversion function. +func Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error { + return autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in, out, s) +} + +func autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error { + out.ExpirationTimestamp = in.ExpirationTimestamp + out.Token = in.Token + out.ClientCertificateData = in.ClientCertificateData + out.ClientKeyData = in.ClientKeyData + return nil +} + +// Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential is an autogenerated conversion function. +func Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error { + return autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in, out, s) +} + +func autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest is an autogenerated conversion function. +func Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]login.TokenCredentialRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]TokenCredentialRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error { + out.Token = in.Token + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error { + out.Token = in.Token + return nil +} + +// Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error { + out.Credential = (*login.ClusterCredential)(unsafe.Pointer(in.Credential)) + out.Message = (*string)(unsafe.Pointer(in.Message)) + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error { + out.Credential = (*ClusterCredential)(unsafe.Pointer(in.Credential)) + out.Message = (*string)(unsafe.Pointer(in.Message)) + return nil +} + +// Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in, out, s) +} diff --git a/generated/1.17/apis/login/v1alpha1/zz_generated.deepcopy.go b/generated/1.17/apis/login/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000..439149d90 --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,132 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential. +func (in *ClusterCredential) DeepCopy() *ClusterCredential { + if in == nil { + return nil + } + out := new(ClusterCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest. +func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest { + if in == nil { + return nil + } + out := new(TokenCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TokenCredentialRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList. +func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList { + if in == nil { + return nil + } + out := new(TokenCredentialRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec. +func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec { + if in == nil { + return nil + } + out := new(TokenCredentialRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) { + *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(ClusterCredential) + (*in).DeepCopyInto(*out) + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus. +func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus { + if in == nil { + return nil + } + out := new(TokenCredentialRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/apis/login/v1alpha1/zz_generated.defaults.go b/generated/1.17/apis/login/v1alpha1/zz_generated.defaults.go new file mode 100644 index 000000000..427b2e2e1 --- /dev/null +++ b/generated/1.17/apis/login/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.17/apis/login/zz_generated.deepcopy.go b/generated/1.17/apis/login/zz_generated.deepcopy.go new file mode 100644 index 000000000..176c0b058 --- /dev/null +++ b/generated/1.17/apis/login/zz_generated.deepcopy.go @@ -0,0 +1,132 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package login + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential. +func (in *ClusterCredential) DeepCopy() *ClusterCredential { + if in == nil { + return nil + } + out := new(ClusterCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest. +func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest { + if in == nil { + return nil + } + out := new(TokenCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TokenCredentialRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList. +func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList { + if in == nil { + return nil + } + out := new(TokenCredentialRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec. +func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec { + if in == nil { + return nil + } + out := new(TokenCredentialRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) { + *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(ClusterCredential) + (*in).DeepCopyInto(*out) + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus. +func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus { + if in == nil { + return nil + } + out := new(TokenCredentialRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.17/client/clientset/versioned/clientset.go b/generated/1.17/client/clientset/versioned/clientset.go index 820222e94..50a00be64 100644 --- a/generated/1.17/client/clientset/versioned/clientset.go +++ b/generated/1.17/client/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/pinniped/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface + LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client + loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client pinnipedV1alpha1 *pinnipedv1alpha1.PinnipedV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { return c.iDPV1alpha1 } +// LoginV1alpha1 retrieves the LoginV1alpha1Client +func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { + return c.loginV1alpha1 +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return c.pinnipedV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.pinnipedV1alpha1, err = pinnipedv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) + cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.New(c) cs.iDPV1alpha1 = idpv1alpha1.New(c) + cs.loginV1alpha1 = loginv1alpha1.New(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.17/client/clientset/versioned/fake/clientset_generated.go b/generated/1.17/client/clientset/versioned/fake/clientset_generated.go index 11626a382..bf6439858 100644 --- a/generated/1.17/client/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.17/client/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakecrdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/crdpinniped/v1alpha1/fake" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1" fakeidpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/idp/v1alpha1/fake" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/login/v1alpha1" + fakeloginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/pinniped/v1alpha1" fakepinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/pinniped/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} } +// LoginV1alpha1 retrieves the LoginV1alpha1Client +func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { + return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return &fakepinnipedv1alpha1.FakePinnipedV1alpha1{Fake: &c.Fake} diff --git a/generated/1.17/client/clientset/versioned/fake/register.go b/generated/1.17/client/clientset/versioned/fake/register.go index 8efe243ea..d0f54d18b 100644 --- a/generated/1.17/client/clientset/versioned/fake/register.go +++ b/generated/1.17/client/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, idpv1alpha1.AddToScheme, + loginv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.17/client/clientset/versioned/scheme/register.go b/generated/1.17/client/clientset/versioned/scheme/register.go index ab2e4d751..75710b80c 100644 --- a/generated/1.17/client/clientset/versioned/scheme/register.go +++ b/generated/1.17/client/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, idpv1alpha1.AddToScheme, + loginv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/doc.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/doc.go new file mode 100644 index 000000000..f75bf91f5 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go new file mode 100644 index 000000000..7879170dc --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go new file mode 100644 index 000000000..5b6b5aa83 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go @@ -0,0 +1,27 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/typed/login/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeLoginV1alpha1 struct { + *testing.Fake +} + +func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface { + return &FakeTokenCredentialRequests{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeLoginV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go new file mode 100644 index 000000000..9ee72b399 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -0,0 +1,127 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeTokenCredentialRequests implements TokenCredentialRequestInterface +type FakeTokenCredentialRequests struct { + Fake *FakeLoginV1alpha1 + ns string +} + +var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"} + +var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} + +// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. +func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. +func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} + for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. +func (c *FakeTokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts)) + +} + +// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. +func (c *FakeTokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOptions) + + _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) + return err +} + +// Patch applies the patch and returns the patched tokenCredentialRequest. +func (c *FakeTokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go new file mode 100644 index 000000000..8de8bda50 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type TokenCredentialRequestExpansion interface{} diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/login_client.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/login_client.go new file mode 100644 index 000000000..b1fe67899 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/login_client.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type LoginV1alpha1Interface interface { + RESTClient() rest.Interface + TokenCredentialRequestsGetter +} + +// LoginV1alpha1Client is used to interact with features provided by the login.pinniped.dev group. +type LoginV1alpha1Client struct { + restClient rest.Interface +} + +func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface { + return newTokenCredentialRequests(c, namespace) +} + +// NewForConfig creates a new LoginV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*LoginV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &LoginV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new LoginV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *LoginV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new LoginV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *LoginV1alpha1Client { + return &LoginV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *LoginV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..0e7f39af8 --- /dev/null +++ b/generated/1.17/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,178 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "time" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" + scheme "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface. +// A group's client should implement this interface. +type TokenCredentialRequestsGetter interface { + TokenCredentialRequests(namespace string) TokenCredentialRequestInterface +} + +// TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. +type TokenCredentialRequestInterface interface { + Create(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) + Update(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) + UpdateStatus(*v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) + List(opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) + TokenCredentialRequestExpansion +} + +// tokenCredentialRequests implements TokenCredentialRequestInterface +type tokenCredentialRequests struct { + client rest.Interface + ns string +} + +// newTokenCredentialRequests returns a TokenCredentialRequests +func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests { + return &tokenCredentialRequests{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. +func (c *tokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. +func (c *tokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.TokenCredentialRequestList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. +func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch() +} + +// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Post(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Body(tokenCredentialRequest). + Do(). + Into(result) + return +} + +// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(tokenCredentialRequest.Name). + Body(tokenCredentialRequest). + Do(). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + +func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(tokenCredentialRequest.Name). + SubResource("status"). + Body(tokenCredentialRequest). + Do(). + Into(result) + return +} + +// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. +func (c *tokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + var timeout time.Duration + if listOptions.TimeoutSeconds != nil { + timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Timeout(timeout). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched tokenCredentialRequest. +func (c *tokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("tokencredentialrequests"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/generated/1.17/client/informers/externalversions/factory.go b/generated/1.17/client/informers/externalversions/factory.go index 6d4ff462f..10a2a3346 100644 --- a/generated/1.17/client/informers/externalversions/factory.go +++ b/generated/1.17/client/informers/externalversions/factory.go @@ -14,6 +14,7 @@ import ( crdpinniped "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/crdpinniped" idp "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/idp" internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" + login "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/login" pinniped "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/pinniped" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -163,6 +164,7 @@ type SharedInformerFactory interface { Crd() crdpinniped.Interface IDP() idp.Interface + Login() login.Interface Pinniped() pinniped.Interface } @@ -174,6 +176,10 @@ func (f *sharedInformerFactory) IDP() idp.Interface { return idp.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) Login() login.Interface { + return login.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Pinniped() pinniped.Interface { return pinniped.New(f, f.namespace, f.tweakListOptions) } diff --git a/generated/1.17/client/informers/externalversions/generic.go b/generated/1.17/client/informers/externalversions/generic.go index 5f3b3ba8c..ec65d7749 100644 --- a/generated/1.17/client/informers/externalversions/generic.go +++ b/generated/1.17/client/informers/externalversions/generic.go @@ -10,6 +10,7 @@ import ( v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -49,6 +50,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"): return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil + // Group=login.pinniped.dev, Version=v1alpha1 + case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil + // Group=pinniped.dev, Version=v1alpha1 case pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pinniped().V1alpha1().CredentialRequests().Informer()}, nil diff --git a/generated/1.17/client/informers/externalversions/login/interface.go b/generated/1.17/client/informers/externalversions/login/interface.go new file mode 100644 index 000000000..1ab095685 --- /dev/null +++ b/generated/1.17/client/informers/externalversions/login/interface.go @@ -0,0 +1,33 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package login + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/login/v1alpha1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/generated/1.17/client/informers/externalversions/login/v1alpha1/interface.go b/generated/1.17/client/informers/externalversions/login/v1alpha1/interface.go new file mode 100644 index 000000000..6959bbefa --- /dev/null +++ b/generated/1.17/client/informers/externalversions/login/v1alpha1/interface.go @@ -0,0 +1,32 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // TokenCredentialRequests returns a TokenCredentialRequestInformer. + TokenCredentialRequests() TokenCredentialRequestInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// TokenCredentialRequests returns a TokenCredentialRequestInformer. +func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { + return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/generated/1.17/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.17/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..44bebc4b6 --- /dev/null +++ b/generated/1.17/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" + versioned "github.com/suzerain-io/pinniped/generated/1.17/client/clientset/versioned" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.17/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/client/listers/login/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// TokenCredentialRequestInformer provides access to a shared informer and lister for +// TokenCredentialRequests. +type TokenCredentialRequestInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.TokenCredentialRequestLister +} + +type tokenCredentialRequestInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(options) + }, + }, + &loginv1alpha1.TokenCredentialRequest{}, + resyncPeriod, + indexers, + ) +} + +func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) +} + +func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { + return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.17/client/listers/login/v1alpha1/expansion_generated.go b/generated/1.17/client/listers/login/v1alpha1/expansion_generated.go new file mode 100644 index 000000000..f61ce6bb9 --- /dev/null +++ b/generated/1.17/client/listers/login/v1alpha1/expansion_generated.go @@ -0,0 +1,14 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// TokenCredentialRequestListerExpansion allows custom methods to be added to +// TokenCredentialRequestLister. +type TokenCredentialRequestListerExpansion interface{} + +// TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to +// TokenCredentialRequestNamespaceLister. +type TokenCredentialRequestNamespaceListerExpansion interface{} diff --git a/generated/1.17/client/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.17/client/listers/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..cc93794f2 --- /dev/null +++ b/generated/1.17/client/listers/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// TokenCredentialRequestLister helps list TokenCredentialRequests. +type TokenCredentialRequestLister interface { + // List lists all TokenCredentialRequests in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) + // TokenCredentialRequests returns an object that can list and get TokenCredentialRequests. + TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister + TokenCredentialRequestListerExpansion +} + +// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. +type tokenCredentialRequestLister struct { + indexer cache.Indexer +} + +// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. +func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { + return &tokenCredentialRequestLister{indexer: indexer} +} + +// List lists all TokenCredentialRequests in the indexer. +func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) + }) + return ret, err +} + +// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests. +func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister { + return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests. +type TokenCredentialRequestNamespaceLister interface { + // List lists all TokenCredentialRequests in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) + // Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.TokenCredentialRequest, error) + TokenCredentialRequestNamespaceListerExpansion +} + +// tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister +// interface. +type tokenCredentialRequestNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all TokenCredentialRequests in the indexer for a given namespace. +func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) + }) + return ret, err +} + +// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name. +func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) + } + return obj.(*v1alpha1.TokenCredentialRequest), nil +} diff --git a/generated/1.17/client/openapi/zz_generated.openapi.go b/generated/1.17/client/openapi/zz_generated.openapi.go index 7add14e68..b6dea34bb 100644 --- a/generated/1.17/client/openapi/zz_generated.openapi.go +++ b/generated/1.17/client/openapi/zz_generated.openapi.go @@ -28,6 +28,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderList(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_117_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.ClusterCredential": schema_117_apis_login_v1alpha1_ClusterCredential(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequest": schema_117_apis_login_v1alpha1_TokenCredentialRequest(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestList": schema_117_apis_login_v1alpha1_TokenCredentialRequestList(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestSpec": schema_117_apis_login_v1alpha1_TokenCredentialRequestSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestStatus": schema_117_apis_login_v1alpha1_TokenCredentialRequestStatus(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1.CredentialRequest": schema_117_apis_pinniped_v1alpha1_CredentialRequest(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1.CredentialRequestCredential": schema_117_apis_pinniped_v1alpha1_CredentialRequestCredential(ref), "github.com/suzerain-io/pinniped/generated/1.17/apis/pinniped/v1alpha1.CredentialRequestList": schema_117_apis_pinniped_v1alpha1_CredentialRequestList(ref), @@ -525,6 +530,187 @@ func schema_117_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.Refer } } +func schema_117_apis_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "expirationTimestamp": { + SchemaProps: spec.SchemaProps{ + Description: "ExpirationTimestamp indicates a time when the provided credentials expire.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "token": { + SchemaProps: spec.SchemaProps{ + Description: "Token is a bearer token used by the client for request authentication.", + Type: []string{"string"}, + Format: "", + }, + }, + "clientCertificateData": { + SchemaProps: spec.SchemaProps{ + Description: "PEM-encoded client TLS certificates (including intermediates, if any).", + Type: []string{"string"}, + Format: "", + }, + }, + "clientKeyData": { + SchemaProps: spec.SchemaProps{ + Description: "PEM-encoded private key for the above certificate.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_117_apis_login_v1alpha1_TokenCredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestSpec", "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_117_apis_login_v1alpha1_TokenCredentialRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestList is a list of TokenCredentialRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.TokenCredentialRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_117_apis_login_v1alpha1_TokenCredentialRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "token": { + SchemaProps: spec.SchemaProps{ + Description: "Bearer token supplied with the credential request.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_117_apis_login_v1alpha1_TokenCredentialRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "credential": { + SchemaProps: spec.SchemaProps{ + Description: "A Credential will be returned for a successful credential request.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.ClusterCredential"), + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "An error message will be returned for an unsuccessful credential request.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.17/apis/login/v1alpha1.ClusterCredential"}, + } +} + func schema_117_apis_pinniped_v1alpha1_CredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.18/README.adoc b/generated/1.18/README.adoc index 3e7c5f74d..b935aebe7 100644 --- a/generated/1.18/README.adoc +++ b/generated/1.18/README.adoc @@ -7,6 +7,7 @@ .Packages - xref:{anchor_prefix}-crd-pinniped-dev-v1alpha1[$$crd.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-login-pinniped-dev-v1alpha1[$$login.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-pinniped-dev-v1alpha1[$$pinniped.dev/v1alpha1$$] @@ -200,6 +201,91 @@ Status of a webhook identity provider. +[id="{anchor_prefix}-login-pinniped-dev-v1alpha1"] +=== login.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped login API. + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-clustercredential"] +==== ClusterCredential + +ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`expirationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | ExpirationTimestamp indicates a time when the provided credentials expire. +| *`token`* __string__ | Token is a bearer token used by the client for request authentication. +| *`clientCertificateData`* __string__ | PEM-encoded client TLS certificates (including intermediates, if any). +| *`clientKeyData`* __string__ | PEM-encoded private key for the above certificate. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequest"] +==== TokenCredentialRequest + +TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequestlist[$$TokenCredentialRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequestspec[$$TokenCredentialRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$]__ | +|=== + + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequestspec"] +==== TokenCredentialRequestSpec + +TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`token`* __string__ | Bearer token supplied with the credential request. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequeststatus"] +==== TokenCredentialRequestStatus + +TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`credential`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-18-apis-login-v1alpha1-clustercredential[$$ClusterCredential$$]__ | A Credential will be returned for a successful credential request. +| *`message`* __string__ | An error message will be returned for an unsuccessful credential request. +|=== + + + [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 diff --git a/generated/1.18/apis/login/doc.go b/generated/1.18/apis/login/doc.go new file mode 100644 index 000000000..4dfd85601 --- /dev/null +++ b/generated/1.18/apis/login/doc.go @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=login.pinniped.dev + +// Package login is the internal version of the Pinniped login API. +package login diff --git a/generated/1.18/apis/login/register.go b/generated/1.18/apis/login/register.go new file mode 100644 index 000000000..f1f029040 --- /dev/null +++ b/generated/1.18/apis/login/register.go @@ -0,0 +1,38 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + return nil +} diff --git a/generated/1.18/apis/login/types_clustercred.go b/generated/1.18/apis/login/types_clustercred.go new file mode 100644 index 000000000..fda1103af --- /dev/null +++ b/generated/1.18/apis/login/types_clustercred.go @@ -0,0 +1,21 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time + + // Token is a bearer token used by the client for request authentication. + Token string + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string + + // PEM-encoded private key for the above certificate. + ClientKeyData string +} diff --git a/generated/1.18/apis/login/types_token.go b/generated/1.18/apis/login/types_token.go new file mode 100644 index 000000000..55b9fc999 --- /dev/null +++ b/generated/1.18/apis/login/types_token.go @@ -0,0 +1,42 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string +} + +type TokenCredentialRequestStatus struct { + // A ClusterCredential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec TokenCredentialRequestSpec + Status TokenCredentialRequestStatus +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of TokenCredentialRequest + Items []TokenCredentialRequest +} diff --git a/generated/1.18/apis/login/v1alpha1/conversion.go b/generated/1.18/apis/login/v1alpha1/conversion.go new file mode 100644 index 000000000..226f6135f --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.18/apis/login/v1alpha1/defaults.go b/generated/1.18/apis/login/v1alpha1/defaults.go new file mode 100644 index 000000000..830aa010a --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.18/apis/login/v1alpha1/doc.go b/generated/1.18/apis/login/v1alpha1/doc.go new file mode 100644 index 000000000..7bd69f722 --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.18/apis/login +// +k8s:defaulter-gen=TypeMeta +// +groupName=login.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped login API. +package v1alpha1 diff --git a/generated/1.18/apis/login/v1alpha1/register.go b/generated/1.18/apis/login/v1alpha1/register.go new file mode 100644 index 000000000..f49800f4e --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.18/apis/login/v1alpha1/types_clustercred.go b/generated/1.18/apis/login/v1alpha1/types_clustercred.go new file mode 100644 index 000000000..574e8b51a --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/types_clustercred.go @@ -0,0 +1,22 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is the cluster-specific credential returned on a successful credential request. It +// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time `json:"expirationTimestamp,omitempty"` + + // Token is a bearer token used by the client for request authentication. + Token string `json:"token,omitempty"` + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string `json:"clientCertificateData,omitempty"` + + // PEM-encoded private key for the above certificate. + ClientKeyData string `json:"clientKeyData,omitempty"` +} diff --git a/generated/1.18/apis/login/v1alpha1/types_token.go b/generated/1.18/apis/login/v1alpha1/types_token.go new file mode 100644 index 000000000..7580874fd --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/types_token.go @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string `json:"token,omitempty"` +} + +// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. +type TokenCredentialRequestStatus struct { + // A Credential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential `json:"credential,omitempty"` + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string `json:"message,omitempty"` +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TokenCredentialRequestSpec `json:"spec,omitempty"` + Status TokenCredentialRequestStatus `json:"status,omitempty"` +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []TokenCredentialRequest `json:"items"` +} diff --git a/generated/1.18/apis/login/v1alpha1/zz_generated.conversion.go b/generated/1.18/apis/login/v1alpha1/zz_generated.conversion.go new file mode 100644 index 000000000..6d24203b7 --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,198 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + login "github.com/suzerain-io/pinniped/generated/1.18/apis/login" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*ClusterCredential)(nil), (*login.ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(a.(*ClusterCredential), b.(*login.ClusterCredential), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.ClusterCredential)(nil), (*ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(a.(*login.ClusterCredential), b.(*ClusterCredential), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequest)(nil), (*login.TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(a.(*TokenCredentialRequest), b.(*login.TokenCredentialRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequest)(nil), (*TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(a.(*login.TokenCredentialRequest), b.(*TokenCredentialRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestList)(nil), (*login.TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(a.(*TokenCredentialRequestList), b.(*login.TokenCredentialRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestList)(nil), (*TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(a.(*login.TokenCredentialRequestList), b.(*TokenCredentialRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestSpec)(nil), (*login.TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(a.(*TokenCredentialRequestSpec), b.(*login.TokenCredentialRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestSpec)(nil), (*TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(a.(*login.TokenCredentialRequestSpec), b.(*TokenCredentialRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestStatus)(nil), (*login.TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(a.(*TokenCredentialRequestStatus), b.(*login.TokenCredentialRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestStatus)(nil), (*TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(a.(*login.TokenCredentialRequestStatus), b.(*TokenCredentialRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error { + out.ExpirationTimestamp = in.ExpirationTimestamp + out.Token = in.Token + out.ClientCertificateData = in.ClientCertificateData + out.ClientKeyData = in.ClientKeyData + return nil +} + +// Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential is an autogenerated conversion function. +func Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error { + return autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in, out, s) +} + +func autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error { + out.ExpirationTimestamp = in.ExpirationTimestamp + out.Token = in.Token + out.ClientCertificateData = in.ClientCertificateData + out.ClientKeyData = in.ClientKeyData + return nil +} + +// Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential is an autogenerated conversion function. +func Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error { + return autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in, out, s) +} + +func autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest is an autogenerated conversion function. +func Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]login.TokenCredentialRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]TokenCredentialRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error { + out.Token = in.Token + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error { + out.Token = in.Token + return nil +} + +// Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error { + out.Credential = (*login.ClusterCredential)(unsafe.Pointer(in.Credential)) + out.Message = (*string)(unsafe.Pointer(in.Message)) + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error { + out.Credential = (*ClusterCredential)(unsafe.Pointer(in.Credential)) + out.Message = (*string)(unsafe.Pointer(in.Message)) + return nil +} + +// Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in, out, s) +} diff --git a/generated/1.18/apis/login/v1alpha1/zz_generated.deepcopy.go b/generated/1.18/apis/login/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000..439149d90 --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,132 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential. +func (in *ClusterCredential) DeepCopy() *ClusterCredential { + if in == nil { + return nil + } + out := new(ClusterCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest. +func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest { + if in == nil { + return nil + } + out := new(TokenCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TokenCredentialRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList. +func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList { + if in == nil { + return nil + } + out := new(TokenCredentialRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec. +func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec { + if in == nil { + return nil + } + out := new(TokenCredentialRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) { + *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(ClusterCredential) + (*in).DeepCopyInto(*out) + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus. +func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus { + if in == nil { + return nil + } + out := new(TokenCredentialRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/apis/login/v1alpha1/zz_generated.defaults.go b/generated/1.18/apis/login/v1alpha1/zz_generated.defaults.go new file mode 100644 index 000000000..427b2e2e1 --- /dev/null +++ b/generated/1.18/apis/login/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.18/apis/login/zz_generated.deepcopy.go b/generated/1.18/apis/login/zz_generated.deepcopy.go new file mode 100644 index 000000000..176c0b058 --- /dev/null +++ b/generated/1.18/apis/login/zz_generated.deepcopy.go @@ -0,0 +1,132 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package login + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential. +func (in *ClusterCredential) DeepCopy() *ClusterCredential { + if in == nil { + return nil + } + out := new(ClusterCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest. +func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest { + if in == nil { + return nil + } + out := new(TokenCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TokenCredentialRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList. +func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList { + if in == nil { + return nil + } + out := new(TokenCredentialRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec. +func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec { + if in == nil { + return nil + } + out := new(TokenCredentialRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) { + *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(ClusterCredential) + (*in).DeepCopyInto(*out) + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus. +func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus { + if in == nil { + return nil + } + out := new(TokenCredentialRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.18/client/clientset/versioned/clientset.go b/generated/1.18/client/clientset/versioned/clientset.go index cae43efea..86c060010 100644 --- a/generated/1.18/client/clientset/versioned/clientset.go +++ b/generated/1.18/client/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/pinniped/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface + LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client + loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client pinnipedV1alpha1 *pinnipedv1alpha1.PinnipedV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { return c.iDPV1alpha1 } +// LoginV1alpha1 retrieves the LoginV1alpha1Client +func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { + return c.loginV1alpha1 +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return c.pinnipedV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.pinnipedV1alpha1, err = pinnipedv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) + cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.New(c) cs.iDPV1alpha1 = idpv1alpha1.New(c) + cs.loginV1alpha1 = loginv1alpha1.New(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.18/client/clientset/versioned/fake/clientset_generated.go b/generated/1.18/client/clientset/versioned/fake/clientset_generated.go index 9bce255c1..0ba27dd38 100644 --- a/generated/1.18/client/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.18/client/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakecrdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/crdpinniped/v1alpha1/fake" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1" fakeidpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/idp/v1alpha1/fake" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/login/v1alpha1" + fakeloginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/pinniped/v1alpha1" fakepinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/pinniped/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} } +// LoginV1alpha1 retrieves the LoginV1alpha1Client +func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { + return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return &fakepinnipedv1alpha1.FakePinnipedV1alpha1{Fake: &c.Fake} diff --git a/generated/1.18/client/clientset/versioned/fake/register.go b/generated/1.18/client/clientset/versioned/fake/register.go index 55af578bd..56768b743 100644 --- a/generated/1.18/client/clientset/versioned/fake/register.go +++ b/generated/1.18/client/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var parameterCodec = runtime.NewParameterCodec(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, idpv1alpha1.AddToScheme, + loginv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.18/client/clientset/versioned/scheme/register.go b/generated/1.18/client/clientset/versioned/scheme/register.go index 6e9c34687..6a935cd81 100644 --- a/generated/1.18/client/clientset/versioned/scheme/register.go +++ b/generated/1.18/client/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, idpv1alpha1.AddToScheme, + loginv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/doc.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/doc.go new file mode 100644 index 000000000..f75bf91f5 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go new file mode 100644 index 000000000..7879170dc --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go new file mode 100644 index 000000000..003fa7afb --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go @@ -0,0 +1,27 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/typed/login/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeLoginV1alpha1 struct { + *testing.Fake +} + +func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface { + return &FakeTokenCredentialRequests{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeLoginV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go new file mode 100644 index 000000000..fd6d3704c --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeTokenCredentialRequests implements TokenCredentialRequestInterface +type FakeTokenCredentialRequests struct { + Fake *FakeLoginV1alpha1 + ns string +} + +var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"} + +var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} + +// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. +func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. +func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} + for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. +func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts)) + +} + +// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. +func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) + return err +} + +// Patch applies the patch and returns the patched tokenCredentialRequest. +func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go new file mode 100644 index 000000000..8de8bda50 --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type TokenCredentialRequestExpansion interface{} diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/login_client.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/login_client.go new file mode 100644 index 000000000..6d813147a --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/login_client.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type LoginV1alpha1Interface interface { + RESTClient() rest.Interface + TokenCredentialRequestsGetter +} + +// LoginV1alpha1Client is used to interact with features provided by the login.pinniped.dev group. +type LoginV1alpha1Client struct { + restClient rest.Interface +} + +func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface { + return newTokenCredentialRequests(c, namespace) +} + +// NewForConfig creates a new LoginV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*LoginV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &LoginV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new LoginV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *LoginV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new LoginV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *LoginV1alpha1Client { + return &LoginV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *LoginV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..ad6f4c99d --- /dev/null +++ b/generated/1.18/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" + scheme "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface. +// A group's client should implement this interface. +type TokenCredentialRequestsGetter interface { + TokenCredentialRequests(namespace string) TokenCredentialRequestInterface +} + +// TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. +type TokenCredentialRequestInterface interface { + Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (*v1alpha1.TokenCredentialRequest, error) + Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) + UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) + TokenCredentialRequestExpansion +} + +// tokenCredentialRequests implements TokenCredentialRequestInterface +type tokenCredentialRequests struct { + client rest.Interface + ns string +} + +// newTokenCredentialRequests returns a TokenCredentialRequests +func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests { + return &tokenCredentialRequests{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. +func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. +func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.TokenCredentialRequestList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. +func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Post(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(tokenCredentialRequest). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(tokenCredentialRequest.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(tokenCredentialRequest). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(tokenCredentialRequest.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(tokenCredentialRequest). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. +func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched tokenCredentialRequest. +func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.18/client/informers/externalversions/factory.go b/generated/1.18/client/informers/externalversions/factory.go index 075ee565a..1d6596a6c 100644 --- a/generated/1.18/client/informers/externalversions/factory.go +++ b/generated/1.18/client/informers/externalversions/factory.go @@ -14,6 +14,7 @@ import ( crdpinniped "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/crdpinniped" idp "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/idp" internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" + login "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/login" pinniped "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/pinniped" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -163,6 +164,7 @@ type SharedInformerFactory interface { Crd() crdpinniped.Interface IDP() idp.Interface + Login() login.Interface Pinniped() pinniped.Interface } @@ -174,6 +176,10 @@ func (f *sharedInformerFactory) IDP() idp.Interface { return idp.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) Login() login.Interface { + return login.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Pinniped() pinniped.Interface { return pinniped.New(f, f.namespace, f.tweakListOptions) } diff --git a/generated/1.18/client/informers/externalversions/generic.go b/generated/1.18/client/informers/externalversions/generic.go index a2a395170..1b576f89c 100644 --- a/generated/1.18/client/informers/externalversions/generic.go +++ b/generated/1.18/client/informers/externalversions/generic.go @@ -10,6 +10,7 @@ import ( v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -49,6 +50,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"): return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil + // Group=login.pinniped.dev, Version=v1alpha1 + case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil + // Group=pinniped.dev, Version=v1alpha1 case pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pinniped().V1alpha1().CredentialRequests().Informer()}, nil diff --git a/generated/1.18/client/informers/externalversions/login/interface.go b/generated/1.18/client/informers/externalversions/login/interface.go new file mode 100644 index 000000000..ab62c3bec --- /dev/null +++ b/generated/1.18/client/informers/externalversions/login/interface.go @@ -0,0 +1,33 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package login + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/login/v1alpha1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/generated/1.18/client/informers/externalversions/login/v1alpha1/interface.go b/generated/1.18/client/informers/externalversions/login/v1alpha1/interface.go new file mode 100644 index 000000000..6ff924c83 --- /dev/null +++ b/generated/1.18/client/informers/externalversions/login/v1alpha1/interface.go @@ -0,0 +1,32 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // TokenCredentialRequests returns a TokenCredentialRequestInformer. + TokenCredentialRequests() TokenCredentialRequestInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// TokenCredentialRequests returns a TokenCredentialRequestInformer. +func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { + return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/generated/1.18/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.18/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..bde07c41c --- /dev/null +++ b/generated/1.18/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" + versioned "github.com/suzerain-io/pinniped/generated/1.18/client/clientset/versioned" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.18/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/client/listers/login/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// TokenCredentialRequestInformer provides access to a shared informer and lister for +// TokenCredentialRequests. +type TokenCredentialRequestInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.TokenCredentialRequestLister +} + +type tokenCredentialRequestInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(context.TODO(), options) + }, + }, + &loginv1alpha1.TokenCredentialRequest{}, + resyncPeriod, + indexers, + ) +} + +func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) +} + +func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { + return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.18/client/listers/login/v1alpha1/expansion_generated.go b/generated/1.18/client/listers/login/v1alpha1/expansion_generated.go new file mode 100644 index 000000000..f61ce6bb9 --- /dev/null +++ b/generated/1.18/client/listers/login/v1alpha1/expansion_generated.go @@ -0,0 +1,14 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// TokenCredentialRequestListerExpansion allows custom methods to be added to +// TokenCredentialRequestLister. +type TokenCredentialRequestListerExpansion interface{} + +// TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to +// TokenCredentialRequestNamespaceLister. +type TokenCredentialRequestNamespaceListerExpansion interface{} diff --git a/generated/1.18/client/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.18/client/listers/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..a2c833632 --- /dev/null +++ b/generated/1.18/client/listers/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,81 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// TokenCredentialRequestLister helps list TokenCredentialRequests. +type TokenCredentialRequestLister interface { + // List lists all TokenCredentialRequests in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) + // TokenCredentialRequests returns an object that can list and get TokenCredentialRequests. + TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister + TokenCredentialRequestListerExpansion +} + +// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. +type tokenCredentialRequestLister struct { + indexer cache.Indexer +} + +// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. +func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { + return &tokenCredentialRequestLister{indexer: indexer} +} + +// List lists all TokenCredentialRequests in the indexer. +func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) + }) + return ret, err +} + +// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests. +func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister { + return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests. +type TokenCredentialRequestNamespaceLister interface { + // List lists all TokenCredentialRequests in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) + // Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.TokenCredentialRequest, error) + TokenCredentialRequestNamespaceListerExpansion +} + +// tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister +// interface. +type tokenCredentialRequestNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all TokenCredentialRequests in the indexer for a given namespace. +func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) + }) + return ret, err +} + +// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name. +func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) + } + return obj.(*v1alpha1.TokenCredentialRequest), nil +} diff --git a/generated/1.18/client/openapi/zz_generated.openapi.go b/generated/1.18/client/openapi/zz_generated.openapi.go index b0ab8d34e..28a805a02 100644 --- a/generated/1.18/client/openapi/zz_generated.openapi.go +++ b/generated/1.18/client/openapi/zz_generated.openapi.go @@ -28,6 +28,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_118_apis_idp_v1alpha1_WebhookIdentityProviderList(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_118_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_118_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.ClusterCredential": schema_118_apis_login_v1alpha1_ClusterCredential(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequest": schema_118_apis_login_v1alpha1_TokenCredentialRequest(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestList": schema_118_apis_login_v1alpha1_TokenCredentialRequestList(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestSpec": schema_118_apis_login_v1alpha1_TokenCredentialRequestSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestStatus": schema_118_apis_login_v1alpha1_TokenCredentialRequestStatus(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1.CredentialRequest": schema_118_apis_pinniped_v1alpha1_CredentialRequest(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1.CredentialRequestCredential": schema_118_apis_pinniped_v1alpha1_CredentialRequestCredential(ref), "github.com/suzerain-io/pinniped/generated/1.18/apis/pinniped/v1alpha1.CredentialRequestList": schema_118_apis_pinniped_v1alpha1_CredentialRequestList(ref), @@ -525,6 +530,187 @@ func schema_118_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.Refer } } +func schema_118_apis_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "expirationTimestamp": { + SchemaProps: spec.SchemaProps{ + Description: "ExpirationTimestamp indicates a time when the provided credentials expire.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "token": { + SchemaProps: spec.SchemaProps{ + Description: "Token is a bearer token used by the client for request authentication.", + Type: []string{"string"}, + Format: "", + }, + }, + "clientCertificateData": { + SchemaProps: spec.SchemaProps{ + Description: "PEM-encoded client TLS certificates (including intermediates, if any).", + Type: []string{"string"}, + Format: "", + }, + }, + "clientKeyData": { + SchemaProps: spec.SchemaProps{ + Description: "PEM-encoded private key for the above certificate.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_118_apis_login_v1alpha1_TokenCredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestSpec", "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_118_apis_login_v1alpha1_TokenCredentialRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestList is a list of TokenCredentialRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.TokenCredentialRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_118_apis_login_v1alpha1_TokenCredentialRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "token": { + SchemaProps: spec.SchemaProps{ + Description: "Bearer token supplied with the credential request.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_118_apis_login_v1alpha1_TokenCredentialRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "credential": { + SchemaProps: spec.SchemaProps{ + Description: "A Credential will be returned for a successful credential request.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.ClusterCredential"), + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "An error message will be returned for an unsuccessful credential request.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.18/apis/login/v1alpha1.ClusterCredential"}, + } +} + func schema_118_apis_pinniped_v1alpha1_CredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/generated/1.19/README.adoc b/generated/1.19/README.adoc index 723765955..b5302c57a 100644 --- a/generated/1.19/README.adoc +++ b/generated/1.19/README.adoc @@ -7,6 +7,7 @@ .Packages - xref:{anchor_prefix}-crd-pinniped-dev-v1alpha1[$$crd.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-idp-pinniped-dev-v1alpha1[$$idp.pinniped.dev/v1alpha1$$] +- xref:{anchor_prefix}-login-pinniped-dev-v1alpha1[$$login.pinniped.dev/v1alpha1$$] - xref:{anchor_prefix}-pinniped-dev-v1alpha1[$$pinniped.dev/v1alpha1$$] @@ -200,6 +201,91 @@ Status of a webhook identity provider. +[id="{anchor_prefix}-login-pinniped-dev-v1alpha1"] +=== login.pinniped.dev/v1alpha1 + +Package v1alpha1 is the v1alpha1 version of the Pinniped login API. + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-clustercredential"] +==== ClusterCredential + +ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`expirationTimestamp`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | ExpirationTimestamp indicates a time when the provided credentials expire. +| *`token`* __string__ | Token is a bearer token used by the client for request authentication. +| *`clientCertificateData`* __string__ | PEM-encoded client TLS certificates (including intermediates, if any). +| *`clientKeyData`* __string__ | PEM-encoded private key for the above certificate. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequest"] +==== TokenCredentialRequest + +TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequestlist[$$TokenCredentialRequestList$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. + +| *`spec`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequestspec[$$TokenCredentialRequestSpec$$]__ | +| *`status`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequeststatus[$$TokenCredentialRequestStatus$$]__ | +|=== + + + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequestspec"] +==== TokenCredentialRequestSpec + +TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`token`* __string__ | Bearer token supplied with the credential request. +|=== + + +[id="{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequeststatus"] +==== TokenCredentialRequestStatus + +TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-tokencredentialrequest[$$TokenCredentialRequest$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`credential`* __xref:{anchor_prefix}-github-com-suzerain-io-pinniped-generated-1-19-apis-login-v1alpha1-clustercredential[$$ClusterCredential$$]__ | A Credential will be returned for a successful credential request. +| *`message`* __string__ | An error message will be returned for an unsuccessful credential request. +|=== + + + [id="{anchor_prefix}-pinniped-dev-v1alpha1"] === pinniped.dev/v1alpha1 diff --git a/generated/1.19/apis/login/doc.go b/generated/1.19/apis/login/doc.go new file mode 100644 index 000000000..4dfd85601 --- /dev/null +++ b/generated/1.19/apis/login/doc.go @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package +// +groupName=login.pinniped.dev + +// Package login is the internal version of the Pinniped login API. +package login diff --git a/generated/1.19/apis/login/register.go b/generated/1.19/apis/login/register.go new file mode 100644 index 000000000..f1f029040 --- /dev/null +++ b/generated/1.19/apis/login/register.go @@ -0,0 +1,38 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + return nil +} diff --git a/generated/1.19/apis/login/types_clustercred.go b/generated/1.19/apis/login/types_clustercred.go new file mode 100644 index 000000000..fda1103af --- /dev/null +++ b/generated/1.19/apis/login/types_clustercred.go @@ -0,0 +1,21 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time + + // Token is a bearer token used by the client for request authentication. + Token string + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string + + // PEM-encoded private key for the above certificate. + ClientKeyData string +} diff --git a/generated/1.19/apis/login/types_token.go b/generated/1.19/apis/login/types_token.go new file mode 100644 index 000000000..55b9fc999 --- /dev/null +++ b/generated/1.19/apis/login/types_token.go @@ -0,0 +1,42 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package login + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string +} + +type TokenCredentialRequestStatus struct { + // A ClusterCredential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta + metav1.ObjectMeta + + Spec TokenCredentialRequestSpec + Status TokenCredentialRequestStatus +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta + metav1.ListMeta + + // Items is a list of TokenCredentialRequest + Items []TokenCredentialRequest +} diff --git a/generated/1.19/apis/login/v1alpha1/conversion.go b/generated/1.19/apis/login/v1alpha1/conversion.go new file mode 100644 index 000000000..226f6135f --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/conversion.go @@ -0,0 +1,4 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 diff --git a/generated/1.19/apis/login/v1alpha1/defaults.go b/generated/1.19/apis/login/v1alpha1/defaults.go new file mode 100644 index 000000000..830aa010a --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/defaults.go @@ -0,0 +1,12 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/generated/1.19/apis/login/v1alpha1/doc.go b/generated/1.19/apis/login/v1alpha1/doc.go new file mode 100644 index 000000000..6f8b8eeff --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/doc.go @@ -0,0 +1,11 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.19/apis/login +// +k8s:defaulter-gen=TypeMeta +// +groupName=login.pinniped.dev + +// Package v1alpha1 is the v1alpha1 version of the Pinniped login API. +package v1alpha1 diff --git a/generated/1.19/apis/login/v1alpha1/register.go b/generated/1.19/apis/login/v1alpha1/register.go new file mode 100644 index 000000000..f49800f4e --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/register.go @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +const GroupName = "login.pinniped.dev" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) +} + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &TokenCredentialRequest{}, + &TokenCredentialRequestList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} diff --git a/generated/1.19/apis/login/v1alpha1/types_clustercred.go b/generated/1.19/apis/login/v1alpha1/types_clustercred.go new file mode 100644 index 000000000..574e8b51a --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/types_clustercred.go @@ -0,0 +1,22 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// ClusterCredential is the cluster-specific credential returned on a successful credential request. It +// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster. +type ClusterCredential struct { + // ExpirationTimestamp indicates a time when the provided credentials expire. + ExpirationTimestamp metav1.Time `json:"expirationTimestamp,omitempty"` + + // Token is a bearer token used by the client for request authentication. + Token string `json:"token,omitempty"` + + // PEM-encoded client TLS certificates (including intermediates, if any). + ClientCertificateData string `json:"clientCertificateData,omitempty"` + + // PEM-encoded private key for the above certificate. + ClientKeyData string `json:"clientKeyData,omitempty"` +} diff --git a/generated/1.19/apis/login/v1alpha1/types_token.go b/generated/1.19/apis/login/v1alpha1/types_token.go new file mode 100644 index 000000000..7580874fd --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/types_token.go @@ -0,0 +1,43 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API. +type TokenCredentialRequestSpec struct { + // Bearer token supplied with the credential request. + Token string `json:"token,omitempty"` +} + +// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API. +type TokenCredentialRequestStatus struct { + // A Credential will be returned for a successful credential request. + // +optional + Credential *ClusterCredential `json:"credential,omitempty"` + + // An error message will be returned for an unsuccessful credential request. + // +optional + Message *string `json:"message,omitempty"` +} + +// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential. +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequest struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec TokenCredentialRequestSpec `json:"spec,omitempty"` + Status TokenCredentialRequestStatus `json:"status,omitempty"` +} + +// TokenCredentialRequestList is a list of TokenCredentialRequest objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type TokenCredentialRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []TokenCredentialRequest `json:"items"` +} diff --git a/generated/1.19/apis/login/v1alpha1/zz_generated.conversion.go b/generated/1.19/apis/login/v1alpha1/zz_generated.conversion.go new file mode 100644 index 000000000..56d9b6a6a --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,198 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + login "github.com/suzerain-io/pinniped/generated/1.19/apis/login" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*ClusterCredential)(nil), (*login.ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(a.(*ClusterCredential), b.(*login.ClusterCredential), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.ClusterCredential)(nil), (*ClusterCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(a.(*login.ClusterCredential), b.(*ClusterCredential), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequest)(nil), (*login.TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(a.(*TokenCredentialRequest), b.(*login.TokenCredentialRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequest)(nil), (*TokenCredentialRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(a.(*login.TokenCredentialRequest), b.(*TokenCredentialRequest), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestList)(nil), (*login.TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(a.(*TokenCredentialRequestList), b.(*login.TokenCredentialRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestList)(nil), (*TokenCredentialRequestList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(a.(*login.TokenCredentialRequestList), b.(*TokenCredentialRequestList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestSpec)(nil), (*login.TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(a.(*TokenCredentialRequestSpec), b.(*login.TokenCredentialRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestSpec)(nil), (*TokenCredentialRequestSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(a.(*login.TokenCredentialRequestSpec), b.(*TokenCredentialRequestSpec), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*TokenCredentialRequestStatus)(nil), (*login.TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(a.(*TokenCredentialRequestStatus), b.(*login.TokenCredentialRequestStatus), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*login.TokenCredentialRequestStatus)(nil), (*TokenCredentialRequestStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(a.(*login.TokenCredentialRequestStatus), b.(*TokenCredentialRequestStatus), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error { + out.ExpirationTimestamp = in.ExpirationTimestamp + out.Token = in.Token + out.ClientCertificateData = in.ClientCertificateData + out.ClientKeyData = in.ClientKeyData + return nil +} + +// Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential is an autogenerated conversion function. +func Convert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in *ClusterCredential, out *login.ClusterCredential, s conversion.Scope) error { + return autoConvert_v1alpha1_ClusterCredential_To_login_ClusterCredential(in, out, s) +} + +func autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error { + out.ExpirationTimestamp = in.ExpirationTimestamp + out.Token = in.Token + out.ClientCertificateData = in.ClientCertificateData + out.ClientKeyData = in.ClientKeyData + return nil +} + +// Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential is an autogenerated conversion function. +func Convert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in *login.ClusterCredential, out *ClusterCredential, s conversion.Scope) error { + return autoConvert_login_ClusterCredential_To_v1alpha1_ClusterCredential(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in *TokenCredentialRequest, out *login.TokenCredentialRequest, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequest_To_login_TokenCredentialRequest(in, out, s) +} + +func autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(&in.Spec, &out.Spec, s); err != nil { + return err + } + if err := Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(&in.Status, &out.Status, s); err != nil { + return err + } + return nil +} + +// Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest is an autogenerated conversion function. +func Convert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in *login.TokenCredentialRequest, out *TokenCredentialRequest, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequest_To_v1alpha1_TokenCredentialRequest(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]login.TokenCredentialRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in *TokenCredentialRequestList, out *login.TokenCredentialRequestList, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestList_To_login_TokenCredentialRequestList(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]TokenCredentialRequest)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in *login.TokenCredentialRequestList, out *TokenCredentialRequestList, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestList_To_v1alpha1_TokenCredentialRequestList(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error { + out.Token = in.Token + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in *TokenCredentialRequestSpec, out *login.TokenCredentialRequestSpec, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestSpec_To_login_TokenCredentialRequestSpec(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error { + out.Token = in.Token + return nil +} + +// Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in *login.TokenCredentialRequestSpec, out *TokenCredentialRequestSpec, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestSpec_To_v1alpha1_TokenCredentialRequestSpec(in, out, s) +} + +func autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error { + out.Credential = (*login.ClusterCredential)(unsafe.Pointer(in.Credential)) + out.Message = (*string)(unsafe.Pointer(in.Message)) + return nil +} + +// Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus is an autogenerated conversion function. +func Convert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in *TokenCredentialRequestStatus, out *login.TokenCredentialRequestStatus, s conversion.Scope) error { + return autoConvert_v1alpha1_TokenCredentialRequestStatus_To_login_TokenCredentialRequestStatus(in, out, s) +} + +func autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error { + out.Credential = (*ClusterCredential)(unsafe.Pointer(in.Credential)) + out.Message = (*string)(unsafe.Pointer(in.Message)) + return nil +} + +// Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus is an autogenerated conversion function. +func Convert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in *login.TokenCredentialRequestStatus, out *TokenCredentialRequestStatus, s conversion.Scope) error { + return autoConvert_login_TokenCredentialRequestStatus_To_v1alpha1_TokenCredentialRequestStatus(in, out, s) +} diff --git a/generated/1.19/apis/login/v1alpha1/zz_generated.deepcopy.go b/generated/1.19/apis/login/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 000000000..439149d90 --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,132 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential. +func (in *ClusterCredential) DeepCopy() *ClusterCredential { + if in == nil { + return nil + } + out := new(ClusterCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest. +func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest { + if in == nil { + return nil + } + out := new(TokenCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TokenCredentialRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList. +func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList { + if in == nil { + return nil + } + out := new(TokenCredentialRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec. +func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec { + if in == nil { + return nil + } + out := new(TokenCredentialRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) { + *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(ClusterCredential) + (*in).DeepCopyInto(*out) + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus. +func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus { + if in == nil { + return nil + } + out := new(TokenCredentialRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/apis/login/v1alpha1/zz_generated.defaults.go b/generated/1.19/apis/login/v1alpha1/zz_generated.defaults.go new file mode 100644 index 000000000..427b2e2e1 --- /dev/null +++ b/generated/1.19/apis/login/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,19 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/generated/1.19/apis/login/zz_generated.deepcopy.go b/generated/1.19/apis/login/zz_generated.deepcopy.go new file mode 100644 index 000000000..176c0b058 --- /dev/null +++ b/generated/1.19/apis/login/zz_generated.deepcopy.go @@ -0,0 +1,132 @@ +// +build !ignore_autogenerated + +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package login + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCredential) DeepCopyInto(out *ClusterCredential) { + *out = *in + in.ExpirationTimestamp.DeepCopyInto(&out.ExpirationTimestamp) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCredential. +func (in *ClusterCredential) DeepCopy() *ClusterCredential { + if in == nil { + return nil + } + out := new(ClusterCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequest) DeepCopyInto(out *TokenCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequest. +func (in *TokenCredentialRequest) DeepCopy() *TokenCredentialRequest { + if in == nil { + return nil + } + out := new(TokenCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestList) DeepCopyInto(out *TokenCredentialRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TokenCredentialRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestList. +func (in *TokenCredentialRequestList) DeepCopy() *TokenCredentialRequestList { + if in == nil { + return nil + } + out := new(TokenCredentialRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TokenCredentialRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestSpec) DeepCopyInto(out *TokenCredentialRequestSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestSpec. +func (in *TokenCredentialRequestSpec) DeepCopy() *TokenCredentialRequestSpec { + if in == nil { + return nil + } + out := new(TokenCredentialRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenCredentialRequestStatus) DeepCopyInto(out *TokenCredentialRequestStatus) { + *out = *in + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = new(ClusterCredential) + (*in).DeepCopyInto(*out) + } + if in.Message != nil { + in, out := &in.Message, &out.Message + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenCredentialRequestStatus. +func (in *TokenCredentialRequestStatus) DeepCopy() *TokenCredentialRequestStatus { + if in == nil { + return nil + } + out := new(TokenCredentialRequestStatus) + in.DeepCopyInto(out) + return out +} diff --git a/generated/1.19/client/clientset/versioned/clientset.go b/generated/1.19/client/clientset/versioned/clientset.go index 971c13737..db94131c8 100644 --- a/generated/1.19/client/clientset/versioned/clientset.go +++ b/generated/1.19/client/clientset/versioned/clientset.go @@ -10,6 +10,7 @@ import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/pinniped/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -20,6 +21,7 @@ type Interface interface { Discovery() discovery.DiscoveryInterface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface + LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface } @@ -29,6 +31,7 @@ type Clientset struct { *discovery.DiscoveryClient crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client iDPV1alpha1 *idpv1alpha1.IDPV1alpha1Client + loginV1alpha1 *loginv1alpha1.LoginV1alpha1Client pinnipedV1alpha1 *pinnipedv1alpha1.PinnipedV1alpha1Client } @@ -42,6 +45,11 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { return c.iDPV1alpha1 } +// LoginV1alpha1 retrieves the LoginV1alpha1Client +func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { + return c.loginV1alpha1 +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return c.pinnipedV1alpha1 @@ -76,6 +84,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.loginV1alpha1, err = loginv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.pinnipedV1alpha1, err = pinnipedv1alpha1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -94,6 +106,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) cs.iDPV1alpha1 = idpv1alpha1.NewForConfigOrDie(c) + cs.loginV1alpha1 = loginv1alpha1.NewForConfigOrDie(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -105,6 +118,7 @@ func New(c rest.Interface) *Clientset { var cs Clientset cs.crdV1alpha1 = crdv1alpha1.New(c) cs.iDPV1alpha1 = idpv1alpha1.New(c) + cs.loginV1alpha1 = loginv1alpha1.New(c) cs.pinnipedV1alpha1 = pinnipedv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/generated/1.19/client/clientset/versioned/fake/clientset_generated.go b/generated/1.19/client/clientset/versioned/fake/clientset_generated.go index b1cad921c..05b5e6757 100644 --- a/generated/1.19/client/clientset/versioned/fake/clientset_generated.go +++ b/generated/1.19/client/clientset/versioned/fake/clientset_generated.go @@ -11,6 +11,8 @@ import ( fakecrdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/crdpinniped/v1alpha1/fake" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1" fakeidpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/idp/v1alpha1/fake" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/login/v1alpha1" + fakeloginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/pinniped/v1alpha1" fakepinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/pinniped/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" @@ -77,6 +79,11 @@ func (c *Clientset) IDPV1alpha1() idpv1alpha1.IDPV1alpha1Interface { return &fakeidpv1alpha1.FakeIDPV1alpha1{Fake: &c.Fake} } +// LoginV1alpha1 retrieves the LoginV1alpha1Client +func (c *Clientset) LoginV1alpha1() loginv1alpha1.LoginV1alpha1Interface { + return &fakeloginv1alpha1.FakeLoginV1alpha1{Fake: &c.Fake} +} + // PinnipedV1alpha1 retrieves the PinnipedV1alpha1Client func (c *Clientset) PinnipedV1alpha1() pinnipedv1alpha1.PinnipedV1alpha1Interface { return &fakepinnipedv1alpha1.FakePinnipedV1alpha1{Fake: &c.Fake} diff --git a/generated/1.19/client/clientset/versioned/fake/register.go b/generated/1.19/client/clientset/versioned/fake/register.go index fd296b2ee..a99f597f0 100644 --- a/generated/1.19/client/clientset/versioned/fake/register.go +++ b/generated/1.19/client/clientset/versioned/fake/register.go @@ -8,6 +8,7 @@ package fake import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, idpv1alpha1.AddToScheme, + loginv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.19/client/clientset/versioned/scheme/register.go b/generated/1.19/client/clientset/versioned/scheme/register.go index cb463ee19..99692e749 100644 --- a/generated/1.19/client/clientset/versioned/scheme/register.go +++ b/generated/1.19/client/clientset/versioned/scheme/register.go @@ -8,6 +8,7 @@ package scheme import ( crdv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -22,6 +23,7 @@ var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ crdv1alpha1.AddToScheme, idpv1alpha1.AddToScheme, + loginv1alpha1.AddToScheme, pinnipedv1alpha1.AddToScheme, } diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/doc.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/doc.go new file mode 100644 index 000000000..f75bf91f5 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go new file mode 100644 index 000000000..7879170dc --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/doc.go @@ -0,0 +1,7 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go new file mode 100644 index 000000000..073a74a89 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go @@ -0,0 +1,27 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/typed/login/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeLoginV1alpha1 struct { + *testing.Fake +} + +func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface { + return &FakeTokenCredentialRequests{c, namespace} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeLoginV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go new file mode 100644 index 000000000..1e271cec1 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go @@ -0,0 +1,129 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeTokenCredentialRequests implements TokenCredentialRequestInterface +type FakeTokenCredentialRequests struct { + Fake *FakeLoginV1alpha1 + ns string +} + +var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"} + +var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.pinniped.dev", Version: "v1alpha1", Kind: "TokenCredentialRequest"} + +// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. +func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. +func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.TokenCredentialRequestList{ListMeta: obj.(*v1alpha1.TokenCredentialRequestList).ListMeta} + for _, item := range obj.(*v1alpha1.TokenCredentialRequestList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. +func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts)) + +} + +// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} + +// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. +func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{}) + return err +} + +// Patch applies the patch and returns the patched tokenCredentialRequest. +func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.TokenCredentialRequest), err +} diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go new file mode 100644 index 000000000..8de8bda50 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/generated_expansion.go @@ -0,0 +1,8 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type TokenCredentialRequestExpansion interface{} diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/login_client.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/login_client.go new file mode 100644 index 000000000..85453be94 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/login_client.go @@ -0,0 +1,76 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type LoginV1alpha1Interface interface { + RESTClient() rest.Interface + TokenCredentialRequestsGetter +} + +// LoginV1alpha1Client is used to interact with features provided by the login.pinniped.dev group. +type LoginV1alpha1Client struct { + restClient rest.Interface +} + +func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface { + return newTokenCredentialRequests(c, namespace) +} + +// NewForConfig creates a new LoginV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*LoginV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &LoginV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new LoginV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *LoginV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new LoginV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *LoginV1alpha1Client { + return &LoginV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *LoginV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..72ee35632 --- /dev/null +++ b/generated/1.19/client/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,182 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" + scheme "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface. +// A group's client should implement this interface. +type TokenCredentialRequestsGetter interface { + TokenCredentialRequests(namespace string) TokenCredentialRequestInterface +} + +// TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources. +type TokenCredentialRequestInterface interface { + Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (*v1alpha1.TokenCredentialRequest, error) + Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) + UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.TokenCredentialRequest, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.TokenCredentialRequestList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) + TokenCredentialRequestExpansion +} + +// tokenCredentialRequests implements TokenCredentialRequestInterface +type tokenCredentialRequests struct { + client rest.Interface + ns string +} + +// newTokenCredentialRequests returns a TokenCredentialRequests +func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests { + return &tokenCredentialRequests{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any. +func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors. +func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.TokenCredentialRequestList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested tokenCredentialRequests. +func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Post(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(tokenCredentialRequest). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any. +func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(tokenCredentialRequest.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(tokenCredentialRequest). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Put(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(tokenCredentialRequest.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(tokenCredentialRequest). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs. +func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("tokencredentialrequests"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched tokenCredentialRequest. +func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) { + result = &v1alpha1.TokenCredentialRequest{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("tokencredentialrequests"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/generated/1.19/client/informers/externalversions/factory.go b/generated/1.19/client/informers/externalversions/factory.go index 402129f3c..16a54a56f 100644 --- a/generated/1.19/client/informers/externalversions/factory.go +++ b/generated/1.19/client/informers/externalversions/factory.go @@ -14,6 +14,7 @@ import ( crdpinniped "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/crdpinniped" idp "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/idp" internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" + login "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/login" pinniped "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/pinniped" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -163,6 +164,7 @@ type SharedInformerFactory interface { Crd() crdpinniped.Interface IDP() idp.Interface + Login() login.Interface Pinniped() pinniped.Interface } @@ -174,6 +176,10 @@ func (f *sharedInformerFactory) IDP() idp.Interface { return idp.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) Login() login.Interface { + return login.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Pinniped() pinniped.Interface { return pinniped.New(f, f.namespace, f.tweakListOptions) } diff --git a/generated/1.19/client/informers/externalversions/generic.go b/generated/1.19/client/informers/externalversions/generic.go index 4ba9a5160..751b9ec73 100644 --- a/generated/1.19/client/informers/externalversions/generic.go +++ b/generated/1.19/client/informers/externalversions/generic.go @@ -10,6 +10,7 @@ import ( v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/crdpinniped/v1alpha1" idpv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -49,6 +50,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case idpv1alpha1.SchemeGroupVersion.WithResource("webhookidentityproviders"): return &genericInformer{resource: resource.GroupResource(), informer: f.IDP().V1alpha1().WebhookIdentityProviders().Informer()}, nil + // Group=login.pinniped.dev, Version=v1alpha1 + case loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Login().V1alpha1().TokenCredentialRequests().Informer()}, nil + // Group=pinniped.dev, Version=v1alpha1 case pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): return &genericInformer{resource: resource.GroupResource(), informer: f.Pinniped().V1alpha1().CredentialRequests().Informer()}, nil diff --git a/generated/1.19/client/informers/externalversions/login/interface.go b/generated/1.19/client/informers/externalversions/login/interface.go new file mode 100644 index 000000000..5e5a128b7 --- /dev/null +++ b/generated/1.19/client/informers/externalversions/login/interface.go @@ -0,0 +1,33 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package login + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/login/v1alpha1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/generated/1.19/client/informers/externalversions/login/v1alpha1/interface.go b/generated/1.19/client/informers/externalversions/login/v1alpha1/interface.go new file mode 100644 index 000000000..eea1c38ec --- /dev/null +++ b/generated/1.19/client/informers/externalversions/login/v1alpha1/interface.go @@ -0,0 +1,32 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // TokenCredentialRequests returns a TokenCredentialRequestInformer. + TokenCredentialRequests() TokenCredentialRequestInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// TokenCredentialRequests returns a TokenCredentialRequestInformer. +func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer { + return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/generated/1.19/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go b/generated/1.19/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..67ce33958 --- /dev/null +++ b/generated/1.19/client/informers/externalversions/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,77 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" + versioned "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" + internalinterfaces "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/client/listers/login/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// TokenCredentialRequestInformer provides access to a shared informer and lister for +// TokenCredentialRequests. +type TokenCredentialRequestInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.TokenCredentialRequestLister +} + +type tokenCredentialRequestInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(context.TODO(), options) + }, + }, + &loginv1alpha1.TokenCredentialRequest{}, + resyncPeriod, + indexers, + ) +} + +func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&loginv1alpha1.TokenCredentialRequest{}, f.defaultInformer) +} + +func (f *tokenCredentialRequestInformer) Lister() v1alpha1.TokenCredentialRequestLister { + return v1alpha1.NewTokenCredentialRequestLister(f.Informer().GetIndexer()) +} diff --git a/generated/1.19/client/listers/login/v1alpha1/expansion_generated.go b/generated/1.19/client/listers/login/v1alpha1/expansion_generated.go new file mode 100644 index 000000000..f61ce6bb9 --- /dev/null +++ b/generated/1.19/client/listers/login/v1alpha1/expansion_generated.go @@ -0,0 +1,14 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// TokenCredentialRequestListerExpansion allows custom methods to be added to +// TokenCredentialRequestLister. +type TokenCredentialRequestListerExpansion interface{} + +// TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to +// TokenCredentialRequestNamespaceLister. +type TokenCredentialRequestNamespaceListerExpansion interface{} diff --git a/generated/1.19/client/listers/login/v1alpha1/tokencredentialrequest.go b/generated/1.19/client/listers/login/v1alpha1/tokencredentialrequest.go new file mode 100644 index 000000000..bd23e1e0f --- /dev/null +++ b/generated/1.19/client/listers/login/v1alpha1/tokencredentialrequest.go @@ -0,0 +1,86 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// TokenCredentialRequestLister helps list TokenCredentialRequests. +// All objects returned here must be treated as read-only. +type TokenCredentialRequestLister interface { + // List lists all TokenCredentialRequests in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) + // TokenCredentialRequests returns an object that can list and get TokenCredentialRequests. + TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister + TokenCredentialRequestListerExpansion +} + +// tokenCredentialRequestLister implements the TokenCredentialRequestLister interface. +type tokenCredentialRequestLister struct { + indexer cache.Indexer +} + +// NewTokenCredentialRequestLister returns a new TokenCredentialRequestLister. +func NewTokenCredentialRequestLister(indexer cache.Indexer) TokenCredentialRequestLister { + return &tokenCredentialRequestLister{indexer: indexer} +} + +// List lists all TokenCredentialRequests in the indexer. +func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) + }) + return ret, err +} + +// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests. +func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister { + return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests. +// All objects returned here must be treated as read-only. +type TokenCredentialRequestNamespaceLister interface { + // List lists all TokenCredentialRequests in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) + // Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.TokenCredentialRequest, error) + TokenCredentialRequestNamespaceListerExpansion +} + +// tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister +// interface. +type tokenCredentialRequestNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all TokenCredentialRequests in the indexer for a given namespace. +func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.TokenCredentialRequest)) + }) + return ret, err +} + +// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name. +func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("tokencredentialrequest"), name) + } + return obj.(*v1alpha1.TokenCredentialRequest), nil +} diff --git a/generated/1.19/client/openapi/zz_generated.openapi.go b/generated/1.19/client/openapi/zz_generated.openapi.go index 0e4ce9c79..419e95274 100644 --- a/generated/1.19/client/openapi/zz_generated.openapi.go +++ b/generated/1.19/client/openapi/zz_generated.openapi.go @@ -28,6 +28,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderList": schema_119_apis_idp_v1alpha1_WebhookIdentityProviderList(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderSpec": schema_119_apis_idp_v1alpha1_WebhookIdentityProviderSpec(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/idp/v1alpha1.WebhookIdentityProviderStatus": schema_119_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.ClusterCredential": schema_119_apis_login_v1alpha1_ClusterCredential(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequest": schema_119_apis_login_v1alpha1_TokenCredentialRequest(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestList": schema_119_apis_login_v1alpha1_TokenCredentialRequestList(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestSpec": schema_119_apis_login_v1alpha1_TokenCredentialRequestSpec(ref), + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestStatus": schema_119_apis_login_v1alpha1_TokenCredentialRequestStatus(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1.CredentialRequest": schema_119_apis_pinniped_v1alpha1_CredentialRequest(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1.CredentialRequestCredential": schema_119_apis_pinniped_v1alpha1_CredentialRequestCredential(ref), "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1.CredentialRequestList": schema_119_apis_pinniped_v1alpha1_CredentialRequestList(ref), @@ -526,6 +531,187 @@ func schema_119_apis_idp_v1alpha1_WebhookIdentityProviderStatus(ref common.Refer } } +func schema_119_apis_login_v1alpha1_ClusterCredential(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterCredential is the cluster-specific credential returned on a successful credential request. It contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "expirationTimestamp": { + SchemaProps: spec.SchemaProps{ + Description: "ExpirationTimestamp indicates a time when the provided credentials expire.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "token": { + SchemaProps: spec.SchemaProps{ + Description: "Token is a bearer token used by the client for request authentication.", + Type: []string{"string"}, + Format: "", + }, + }, + "clientCertificateData": { + SchemaProps: spec.SchemaProps{ + Description: "PEM-encoded client TLS certificates (including intermediates, if any).", + Type: []string{"string"}, + Format: "", + }, + }, + "clientKeyData": { + SchemaProps: spec.SchemaProps{ + Description: "PEM-encoded private key for the above certificate.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_119_apis_login_v1alpha1_TokenCredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestSpec", "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequestStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_119_apis_login_v1alpha1_TokenCredentialRequestList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestList is a list of TokenCredentialRequest objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequest"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.TokenCredentialRequest", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_119_apis_login_v1alpha1_TokenCredentialRequestSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "token": { + SchemaProps: spec.SchemaProps{ + Description: "Bearer token supplied with the credential request.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_119_apis_login_v1alpha1_TokenCredentialRequestStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "credential": { + SchemaProps: spec.SchemaProps{ + Description: "A Credential will be returned for a successful credential request.", + Ref: ref("github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.ClusterCredential"), + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "An error message will be returned for an unsuccessful credential request.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1.ClusterCredential"}, + } +} + func schema_119_apis_pinniped_v1alpha1_CredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/hack/lib/docs/config.yaml b/hack/lib/docs/config.yaml index 2a01e07c9..ba696fbf3 100644 --- a/hack/lib/docs/config.yaml +++ b/hack/lib/docs/config.yaml @@ -6,6 +6,7 @@ processor: - "crd.pinniped.dev/crdpinniped" - "idp.pinniped.dev/idp" - "pinniped.dev/pinniped" + - "login.pinniped.dev/login" ignoreFields: - "TypeMeta$" diff --git a/hack/lib/update-codegen.sh b/hack/lib/update-codegen.sh index d3316e049..a21d95230 100755 --- a/hack/lib/update-codegen.sh +++ b/hack/lib/update-codegen.sh @@ -109,7 +109,7 @@ echo "generating API-related code for our public API groups..." deepcopy \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "pinniped:v1alpha1 crdpinniped:v1alpha1" \ + "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1 login:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-api > |" ) @@ -121,7 +121,7 @@ echo "generating API-related code for our internal API groups..." "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/client" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1" \ + "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1 login:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-int-api > |" ) @@ -136,7 +136,7 @@ echo "generating client code for our public API groups..." client,lister,informer \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/client" \ "${BASE_PKG}/generated/${KUBE_MINOR_VERSION}/apis" \ - "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1" \ + "pinniped:v1alpha1 crdpinniped:v1alpha1 idp:v1alpha1 login:v1alpha1" \ --go-header-file "${ROOT}/hack/boilerplate.go.txt" 2>&1 | sed "s|^|gen-client > |" ) From a8487b78c9838825e068b03cd881e1a360afd45e Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 16 Sep 2020 14:57:18 -0500 Subject: [PATCH 2/6] Add some conversions to allow our REST handler to handle both old and new credential request APIs. Eventually we could refactor to remove support for the old APIs, but they are so similar that a single implementation seems to handle both easily. Signed-off-by: Matt Moyer --- internal/apiserver/apiserver.go | 41 +++---- .../registry/credentialrequest/conversions.go | 54 +++++++++ .../credentialrequest/conversions_test.go | 111 ++++++++++++++++++ internal/registry/credentialrequest/rest.go | 55 ++++++--- .../registry/credentialrequest/rest_test.go | 60 +++++++++- 5 files changed, 280 insertions(+), 41 deletions(-) create mode 100644 internal/registry/credentialrequest/conversions.go create mode 100644 internal/registry/credentialrequest/conversions_test.go diff --git a/internal/apiserver/apiserver.go b/internal/apiserver/apiserver.go index 822dbdb67..146bbb0da 100644 --- a/internal/apiserver/apiserver.go +++ b/internal/apiserver/apiserver.go @@ -18,6 +18,8 @@ import ( "k8s.io/client-go/pkg/version" "k8s.io/klog/v2" + loginapi "github.com/suzerain-io/pinniped/generated/1.19/apis/login" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" pinnipedapi "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" "github.com/suzerain-io/pinniped/internal/registry/credentialrequest" @@ -35,6 +37,8 @@ var ( func init() { utilruntime.Must(pinnipedv1alpha1.AddToScheme(scheme)) utilruntime.Must(pinnipedapi.AddToScheme(scheme)) + utilruntime.Must(loginv1alpha1.AddToScheme(scheme)) + utilruntime.Must(loginapi.AddToScheme(scheme)) // add the options to empty v1 metav1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) @@ -98,28 +102,21 @@ func (c completedConfig) New() (*PinnipedServer, error) { GenericAPIServer: genericServer, } - gvr := pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests") - - apiGroupInfo := genericapiserver.APIGroupInfo{ - PrioritizedVersions: []schema.GroupVersion{gvr.GroupVersion()}, - VersionedResourcesStorageMap: map[string]map[string]rest.Storage{}, - OptionsExternalVersion: &schema.GroupVersion{Version: "v1"}, - Scheme: scheme, - ParameterCodec: metav1.ParameterCodec, - NegotiatedSerializer: Codecs, - } - - credentialRequestStorage := credentialrequest.NewREST(c.ExtraConfig.TokenAuthenticator, c.ExtraConfig.Issuer) - - v1alpha1Storage, ok := apiGroupInfo.VersionedResourcesStorageMap[gvr.Version] - if !ok { - v1alpha1Storage = map[string]rest.Storage{} - } - v1alpha1Storage[gvr.Resource] = credentialRequestStorage - apiGroupInfo.VersionedResourcesStorageMap[gvr.Version] = v1alpha1Storage - - if err := s.GenericAPIServer.InstallAPIGroup(&apiGroupInfo); err != nil { - return nil, fmt.Errorf("install API group error: %w", err) + restHandler := credentialrequest.NewREST(c.ExtraConfig.TokenAuthenticator, c.ExtraConfig.Issuer) + for gvr, storage := range map[schema.GroupVersionResource]rest.Storage{ + pinnipedv1alpha1.SchemeGroupVersion.WithResource("credentialrequests"): restHandler.PinnipedV1alpha1Storage(), + loginv1alpha1.SchemeGroupVersion.WithResource("tokencredentialrequests"): restHandler.LoginV1alpha1Storage(), + } { + if err := s.GenericAPIServer.InstallAPIGroup(&genericapiserver.APIGroupInfo{ + PrioritizedVersions: []schema.GroupVersion{gvr.GroupVersion()}, + VersionedResourcesStorageMap: map[string]map[string]rest.Storage{gvr.Version: {gvr.Resource: storage}}, + OptionsExternalVersion: &schema.GroupVersion{Version: "v1"}, + Scheme: scheme, + ParameterCodec: metav1.ParameterCodec, + NegotiatedSerializer: Codecs, + }); err != nil { + return nil, fmt.Errorf("could not install API group %s: %w", gvr.String(), err) + } } s.GenericAPIServer.AddPostStartHookOrDie("start-controllers", diff --git a/internal/registry/credentialrequest/conversions.go b/internal/registry/credentialrequest/conversions.go new file mode 100644 index 000000000..923a57c55 --- /dev/null +++ b/internal/registry/credentialrequest/conversions.go @@ -0,0 +1,54 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package credentialrequest + +import ( + loginapi "github.com/suzerain-io/pinniped/generated/1.19/apis/login" + pinnipedapi "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped" +) + +func convertToLoginAPI(input *pinnipedapi.CredentialRequest) *loginapi.TokenCredentialRequest { + if input == nil { + return nil + } + + result := loginapi.TokenCredentialRequest{} + result.ObjectMeta = input.ObjectMeta + if input.Spec.Token != nil { + result.Spec.Token = input.Spec.Token.Value + } + result.Status.Message = input.Status.Message + if input.Status.Credential != nil { + result.Status.Credential = &loginapi.ClusterCredential{ + ExpirationTimestamp: input.Status.Credential.ExpirationTimestamp, + Token: input.Status.Credential.Token, + ClientCertificateData: input.Status.Credential.ClientCertificateData, + ClientKeyData: input.Status.Credential.ClientKeyData, + } + } + return &result +} + +func convertFromLoginAPI(input *loginapi.TokenCredentialRequest) *pinnipedapi.CredentialRequest { + if input == nil { + return nil + } + + result := pinnipedapi.CredentialRequest{} + result.ObjectMeta = input.ObjectMeta + if input.Spec.Token != "" { + result.Spec.Type = pinnipedapi.TokenCredentialType + result.Spec.Token = &pinnipedapi.CredentialRequestTokenCredential{Value: input.Spec.Token} + } + result.Status.Message = input.Status.Message + if input.Status.Credential != nil { + result.Status.Credential = &pinnipedapi.CredentialRequestCredential{ + ExpirationTimestamp: input.Status.Credential.ExpirationTimestamp, + Token: input.Status.Credential.Token, + ClientCertificateData: input.Status.Credential.ClientCertificateData, + ClientKeyData: input.Status.Credential.ClientKeyData, + } + } + return &result +} diff --git a/internal/registry/credentialrequest/conversions_test.go b/internal/registry/credentialrequest/conversions_test.go new file mode 100644 index 000000000..b909e3baf --- /dev/null +++ b/internal/registry/credentialrequest/conversions_test.go @@ -0,0 +1,111 @@ +// Copyright 2020 the Pinniped contributors. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package credentialrequest + +import ( + "testing" + "time" + + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + loginapi "github.com/suzerain-io/pinniped/generated/1.19/apis/login" + pinnipedapi "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped" +) + +func TestConversions(t *testing.T) { + now := time.Now() + errMsg := "some error message" + + tests := []struct { + name string + new *loginapi.TokenCredentialRequest + old *pinnipedapi.CredentialRequest + }{ + { + name: "nil input", + }, + { + name: "usual request", + new: &loginapi.TokenCredentialRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-object", + }, + Spec: loginapi.TokenCredentialRequestSpec{Token: "test-token"}, + }, + old: &pinnipedapi.CredentialRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-object", + }, + Spec: pinnipedapi.CredentialRequestSpec{ + Type: pinnipedapi.TokenCredentialType, + Token: &pinnipedapi.CredentialRequestTokenCredential{Value: "test-token"}, + }, + }, + }, + { + name: "usual response", + new: &loginapi.TokenCredentialRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-object", + }, + Status: loginapi.TokenCredentialRequestStatus{ + Credential: &loginapi.ClusterCredential{ + ExpirationTimestamp: metav1.NewTime(now), + Token: "test-cluster-token", + ClientCertificateData: "test-cluster-cert", + ClientKeyData: "test-cluster-key", + }, + }, + }, + old: &pinnipedapi.CredentialRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-object", + }, + Status: pinnipedapi.CredentialRequestStatus{ + Credential: &pinnipedapi.CredentialRequestCredential{ + ExpirationTimestamp: metav1.NewTime(now), + Token: "test-cluster-token", + ClientCertificateData: "test-cluster-cert", + ClientKeyData: "test-cluster-key", + }, + }, + }, + }, + { + name: "error response", + new: &loginapi.TokenCredentialRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-object", + }, + Status: loginapi.TokenCredentialRequestStatus{ + Message: &errMsg, + }, + }, + old: &pinnipedapi.CredentialRequest{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-object", + }, + Status: pinnipedapi.CredentialRequestStatus{ + Message: &errMsg, + }, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Run("upgrade", func(t *testing.T) { + require.Equal(t, tt.new, convertToLoginAPI(tt.old)) + }) + t.Run("downgrade", func(t *testing.T) { + require.Equal(t, tt.old, convertFromLoginAPI(tt.new)) + }) + t.Run("roundtrip", func(t *testing.T) { + require.Equal(t, tt.old, convertFromLoginAPI(convertToLoginAPI(tt.old))) + require.Equal(t, tt.new, convertToLoginAPI(convertFromLoginAPI(tt.new))) + }) + }) + } +} diff --git a/internal/registry/credentialrequest/rest.go b/internal/registry/credentialrequest/rest.go index 0a37c6994..45a49f895 100644 --- a/internal/registry/credentialrequest/rest.go +++ b/internal/registry/credentialrequest/rest.go @@ -18,18 +18,19 @@ import ( "k8s.io/apiserver/pkg/registry/rest" "k8s.io/utils/trace" + loginapi "github.com/suzerain-io/pinniped/generated/1.19/apis/login" pinnipedapi "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped" ) // clientCertificateTTL is the TTL for short-lived client certificates returned by this API. const clientCertificateTTL = 1 * time.Hour -var ( - _ rest.Creater = &REST{} - _ rest.NamespaceScopedStrategy = &REST{} - _ rest.Scoper = &REST{} - _ rest.Storage = &REST{} -) +type Storage interface { + rest.Creater + rest.NamespaceScopedStrategy + rest.Scoper + rest.Storage +} type CertIssuer interface { IssuePEM(subject pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error) @@ -47,18 +48,38 @@ type REST struct { issuer CertIssuer } -func (r *REST) New() runtime.Object { - return &pinnipedapi.CredentialRequest{} -} +// PinnipedV1alpha1Storage returns a wrapper of the REST which serves the pinniped.dev/v1alpha1 API. +func (r *REST) PinnipedV1alpha1Storage() Storage { return &oldAPIREST{r} } -func (r *REST) NamespaceScoped() bool { - return false -} +type oldAPIREST struct{ *REST } + +func (*oldAPIREST) New() runtime.Object { return &pinnipedapi.CredentialRequest{} } + +func (*oldAPIREST) NamespaceScoped() bool { return false } + +// LoginV1alpha1Storage returns a wrapper of the REST which serves the login.pinniped.dev/v1alpha1 API. +func (r *REST) LoginV1alpha1Storage() Storage { return &newAPIREST{r} } + +type newAPIREST struct{ *REST } + +func (*newAPIREST) New() runtime.Object { return &loginapi.TokenCredentialRequest{} } + +func (*newAPIREST) NamespaceScoped() bool { return true } func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) { - t := trace.FromContext(ctx).Nest("create CredentialRequest") + t := trace.FromContext(ctx).Nest("create", trace.Field{ + Key: "kind", + Value: obj.GetObjectKind().GroupVersionKind().Kind, + }) defer t.Log() + // If the incoming request is from the newer version of the API, convert it into the older API and map the result back later. + convertResponse := func(in *pinnipedapi.CredentialRequest) runtime.Object { return in } + if req, ok := obj.(*loginapi.TokenCredentialRequest); ok { + obj = convertFromLoginAPI(req) + convertResponse = func(in *pinnipedapi.CredentialRequest) runtime.Object { return convertToLoginAPI(in) } + } + credentialRequest, err := validateRequest(ctx, obj, createValidation, options, t) if err != nil { return nil, err @@ -79,11 +100,11 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation authResponse, authenticated, err := r.tokenAuthenticator.AuthenticateToken(cancelCtx, credentialRequest.Spec.Token.Value) if err != nil { traceFailureWithError(t, "webhook authentication", err) - return failureResponse(), nil + return convertResponse(failureResponse()), nil } if !authenticated || authResponse == nil || authResponse.User == nil || authResponse.User.GetName() == "" { traceSuccess(t, authResponse, authenticated, false) - return failureResponse(), nil + return convertResponse(failureResponse()), nil } username := authResponse.User.GetName() @@ -104,7 +125,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation traceSuccess(t, authResponse, authenticated, true) - return &pinnipedapi.CredentialRequest{ + return convertResponse(&pinnipedapi.CredentialRequest{ Status: pinnipedapi.CredentialRequestStatus{ Credential: &pinnipedapi.CredentialRequestCredential{ ExpirationTimestamp: metav1.NewTime(time.Now().UTC().Add(clientCertificateTTL)), @@ -112,7 +133,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation ClientKeyData: string(keyPEM), }, }, - }, nil + }), nil } func validateRequest(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions, t *trace.Trace) (*pinnipedapi.CredentialRequest, error) { diff --git a/internal/registry/credentialrequest/rest_test.go b/internal/registry/credentialrequest/rest_test.go index 8199d72e1..1238cbc18 100644 --- a/internal/registry/credentialrequest/rest_test.go +++ b/internal/registry/credentialrequest/rest_test.go @@ -23,6 +23,7 @@ import ( "k8s.io/apiserver/pkg/registry/rest" "k8s.io/klog/v2" + loginapi "github.com/suzerain-io/pinniped/generated/1.19/apis/login" pinnipedapi "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped" "github.com/suzerain-io/pinniped/internal/mocks/mockcertissuer" "github.com/suzerain-io/pinniped/internal/testutil" @@ -123,6 +124,61 @@ func TestCreate(t *testing.T) { requireOneLogStatement(r, logger, `"success" userID:test-user-uid,idpAuthenticated:true`) }) + it("CreateSucceedsWhenGivenANewLoginAPITokenAndTheWebhookAuthenticatesTheToken", func() { + webhook := FakeToken{ + returnResponse: &authenticator.Response{ + User: &user.DefaultInfo{ + Name: "test-user", + UID: "test-user-uid", + Groups: []string{"test-group-1", "test-group-2"}, + }, + }, + returnUnauthenticated: false, + } + + issuer := mockcertissuer.NewMockCertIssuer(ctrl) + issuer.EXPECT().IssuePEM( + pkix.Name{ + CommonName: "test-user", + Organization: []string{"test-group-1", "test-group-2"}}, + []string{}, + 1*time.Hour, + ).Return([]byte("test-cert"), []byte("test-key"), nil) + + storage := NewREST(&webhook, issuer) + requestToken := "a token" + + response, err := callCreate(context.Background(), storage, &loginapi.TokenCredentialRequest{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "request name", + }, + Spec: loginapi.TokenCredentialRequestSpec{ + Token: requestToken, + }, + }) + + r.NoError(err) + r.IsType(&loginapi.TokenCredentialRequest{}, response) + + expires := response.(*loginapi.TokenCredentialRequest).Status.Credential.ExpirationTimestamp + r.NotNil(expires) + r.InDelta(time.Now().Add(1*time.Hour).Unix(), expires.Unix(), 5) + response.(*loginapi.TokenCredentialRequest).Status.Credential.ExpirationTimestamp = metav1.Time{} + + r.Equal(response, &loginapi.TokenCredentialRequest{ + Status: loginapi.TokenCredentialRequestStatus{ + Credential: &loginapi.ClusterCredential{ + ExpirationTimestamp: metav1.Time{}, + ClientCertificateData: "test-cert", + ClientKeyData: "test-key", + }, + }, + }) + r.Equal(requestToken, webhook.calledWithToken) + requireOneLogStatement(r, logger, `"success" userID:test-user-uid,idpAuthenticated:true`) + }) + it("CreateFailsWithValidTokenWhenCertIssuerFails", func() { webhook := FakeToken{ returnResponse: &authenticator.Response{ @@ -442,10 +498,10 @@ func requireOneLogStatement(r *require.Assertions, logger *testutil.TranscriptLo r.Contains(transcript[0].Message, messageContains) } -func callCreate(ctx context.Context, storage *REST, credentialRequest *pinnipedapi.CredentialRequest) (runtime.Object, error) { +func callCreate(ctx context.Context, storage *REST, obj runtime.Object) (runtime.Object, error) { return storage.Create( ctx, - credentialRequest, + obj, rest.ValidateAllObjectFunc, &metav1.CreateOptions{ DryRun: []string{}, From af034befb0b4da8da6215b1266d7aaac3cc28102 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 16 Sep 2020 14:59:23 -0500 Subject: [PATCH 3/6] Paramaterize the APIService name in apiServiceUpdaterController rather than hardcoding. Signed-off-by: Matt Moyer --- internal/controller/apicerts/apiservice_updater.go | 5 ++++- internal/controller/apicerts/apiservice_updater_test.go | 2 ++ internal/controller/apicerts/update_api_service.go | 5 +---- internal/controller/apicerts/update_api_service_test.go | 4 +++- internal/controllermanager/prepare_controllers.go | 2 ++ 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/internal/controller/apicerts/apiservice_updater.go b/internal/controller/apicerts/apiservice_updater.go index 68bade3da..88ab0fd9c 100644 --- a/internal/controller/apicerts/apiservice_updater.go +++ b/internal/controller/apicerts/apiservice_updater.go @@ -19,10 +19,12 @@ type apiServiceUpdaterController struct { namespace string aggregatorClient aggregatorclient.Interface secretInformer corev1informers.SecretInformer + apiServiceName string } func NewAPIServiceUpdaterController( namespace string, + apiServiceName string, aggregatorClient aggregatorclient.Interface, secretInformer corev1informers.SecretInformer, withInformer pinnipedcontroller.WithInformerOptionFunc, @@ -34,6 +36,7 @@ func NewAPIServiceUpdaterController( namespace: namespace, aggregatorClient: aggregatorClient, secretInformer: secretInformer, + apiServiceName: apiServiceName, }, }, withInformer( @@ -58,7 +61,7 @@ func (c *apiServiceUpdaterController) Sync(ctx controllerlib.Context) error { } // Update the APIService to give it the new CA bundle. - if err := UpdateAPIService(ctx.Context, c.aggregatorClient, certSecret.Data[caCertificateSecretKey]); err != nil { + if err := UpdateAPIService(ctx.Context, c.aggregatorClient, c.apiServiceName, certSecret.Data[caCertificateSecretKey]); err != nil { return fmt.Errorf("could not update the API service: %w", err) } diff --git a/internal/controller/apicerts/apiservice_updater_test.go b/internal/controller/apicerts/apiservice_updater_test.go index bac002575..afaaa910f 100644 --- a/internal/controller/apicerts/apiservice_updater_test.go +++ b/internal/controller/apicerts/apiservice_updater_test.go @@ -41,6 +41,7 @@ func TestAPIServiceUpdaterControllerOptions(t *testing.T) { secretsInformer := kubeinformers.NewSharedInformerFactory(nil, 0).Core().V1().Secrets() _ = NewAPIServiceUpdaterController( installedInNamespace, + pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, nil, secretsInformer, observableWithInformerOption.WithInformer, // make it possible to observe the behavior of the Filters @@ -118,6 +119,7 @@ func TestAPIServiceUpdaterControllerSync(t *testing.T) { // Set this at the last second to allow for injection of server override. subject = NewAPIServiceUpdaterController( installedInNamespace, + pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, aggregatorAPIClient, kubeInformers.Core().V1().Secrets(), controllerlib.WithInformer, diff --git a/internal/controller/apicerts/update_api_service.go b/internal/controller/apicerts/update_api_service.go index cfc5a7add..ea159385d 100644 --- a/internal/controller/apicerts/update_api_service.go +++ b/internal/controller/apicerts/update_api_service.go @@ -11,14 +11,11 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" - - pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" ) // UpdateAPIService updates the APIService's CA bundle. -func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, aggregatedAPIServerCA []byte) error { +func UpdateAPIService(ctx context.Context, aggregatorClient aggregatorclient.Interface, apiServiceName string, aggregatedAPIServerCA []byte) error { apiServices := aggregatorClient.ApiregistrationV1().APIServices() - apiServiceName := pinnipedv1alpha1.SchemeGroupVersion.Version + "." + pinnipedv1alpha1.GroupName if err := retry.RetryOnConflict(retry.DefaultRetry, func() error { // Retrieve the latest version of the Service. diff --git a/internal/controller/apicerts/update_api_service_test.go b/internal/controller/apicerts/update_api_service_test.go index 92a6851fb..0beb522c5 100644 --- a/internal/controller/apicerts/update_api_service_test.go +++ b/internal/controller/apicerts/update_api_service_test.go @@ -16,6 +16,8 @@ import ( kubetesting "k8s.io/client-go/testing" apiregistrationv1 "k8s.io/kube-aggregator/pkg/apis/apiregistration/v1" aggregatorv1fake "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/fake" + + pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" ) func TestUpdateAPIService(t *testing.T) { @@ -179,7 +181,7 @@ func TestUpdateAPIService(t *testing.T) { tt.mocks(client) } - err := UpdateAPIService(ctx, client, tt.caInput) + err := UpdateAPIService(ctx, client, pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, tt.caInput) if tt.wantErr != "" { require.EqualError(t, err, tt.wantErr) return diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index c9c6fcb12..ebab153b5 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -15,6 +15,7 @@ import ( "k8s.io/klog/v2/klogr" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" + pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" pinnipedclientset "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" pinnipedinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions" "github.com/suzerain-io/pinniped/internal/controller/apicerts" @@ -83,6 +84,7 @@ func PrepareControllers( WithController( apicerts.NewAPIServiceUpdaterController( serverInstallationNamespace, + pinnipedv1alpha1.SchemeGroupVersion.Version+"."+pinnipedv1alpha1.GroupName, aggregatorClient, installationNamespaceK8sInformers.Core().V1().Secrets(), controllerlib.WithInformer, From 7ce760a5dda73d24b5ec8ad2cc0e8279c5cc9d6b Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 16 Sep 2020 15:00:03 -0500 Subject: [PATCH 4/6] Register a second APIService for the login.pinniped.dev. This is handled by a second instance of the APIServiceUpdaterController. Signed-off-by: Matt Moyer --- deploy/deployment.yaml | 17 +++++++++++++++++ .../controllermanager/prepare_controllers.go | 11 +++++++++++ 2 files changed, 28 insertions(+) diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 3bc34a83d..c1dcd8d90 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -173,3 +173,20 @@ spec: name: pinniped-api namespace: #@ data.values.namespace port: 443 +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.login.pinniped.dev + labels: + app: #@ data.values.app_name +spec: + version: v1alpha1 + group: login.pinniped.dev + groupPriorityMinimum: 2500 + versionPriority: 10 + #! caBundle: Do not include this key here. Starts out null, will be updated/owned by the golang code. + service: + name: pinniped-api + namespace: #@ data.values.namespace + port: 443 diff --git a/internal/controllermanager/prepare_controllers.go b/internal/controllermanager/prepare_controllers.go index ebab153b5..41b17afb6 100644 --- a/internal/controllermanager/prepare_controllers.go +++ b/internal/controllermanager/prepare_controllers.go @@ -15,6 +15,7 @@ import ( "k8s.io/klog/v2/klogr" aggregatorclient "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset" + loginv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" pinnipedv1alpha1 "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" pinnipedclientset "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" pinnipedinformers "github.com/suzerain-io/pinniped/generated/1.19/client/informers/externalversions" @@ -91,6 +92,16 @@ func PrepareControllers( ), singletonWorker, ). + WithController( + apicerts.NewAPIServiceUpdaterController( + serverInstallationNamespace, + loginv1alpha1.SchemeGroupVersion.Version+"."+loginv1alpha1.GroupName, + aggregatorClient, + installationNamespaceK8sInformers.Core().V1().Secrets(), + controllerlib.WithInformer, + ), + singletonWorker, + ). WithController( apicerts.NewCertsObserverController( serverInstallationNamespace, From 10793ac11f70e6d3ec651b9aa1f2374186930a70 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 16 Sep 2020 15:03:36 -0500 Subject: [PATCH 5/6] Allow anonymous access to TokenCredentialRequests. Signed-off-by: Matt Moyer --- deploy/rbac.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 931506ccb..0600ff7fd 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -104,6 +104,9 @@ rules: - apiGroups: [pinniped.dev] resources: [credentialrequests] verbs: [create] + - apiGroups: [login.pinniped.dev] + resources: [tokencredentialrequests] + verbs: [create] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 From b3327d752270207fb4c02f5c09ee1d90136e120f Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Wed, 16 Sep 2020 15:03:54 -0500 Subject: [PATCH 6/6] Switch our client over to use the new TokenCredentialRequest API. Signed-off-by: Matt Moyer --- cmd/pinniped/cmd/exchange_credential.go | 9 +++- cmd/pinniped/cmd/exchange_credential_test.go | 20 +++++--- internal/client/client.go | 18 ++++--- internal/client/client_test.go | 50 +++++++++++++------- test/integration/client_test.go | 3 +- 5 files changed, 63 insertions(+), 37 deletions(-) diff --git a/cmd/pinniped/cmd/exchange_credential.go b/cmd/pinniped/cmd/exchange_credential.go index df910d166..d7cf16f95 100644 --- a/cmd/pinniped/cmd/exchange_credential.go +++ b/cmd/pinniped/cmd/exchange_credential.go @@ -75,7 +75,7 @@ func newExchangeCredentialCmd(args []string, stdout, stderr io.Writer) *exchange } type envGetter func(string) (string, bool) -type tokenExchanger func(ctx context.Context, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) +type tokenExchanger func(ctx context.Context, namespace, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) const ErrMissingEnvVar = constable.Error("failed to get credential: environment variable not set") @@ -91,6 +91,11 @@ func exchangeCredential(envGetter envGetter, tokenExchanger tokenExchanger, outp ctx, cancel := context.WithTimeout(context.Background(), timeout) defer cancel() + namespace, varExists := envGetter("PINNIPED_NAMESPACE") + if !varExists { + return envVarNotSetError("PINNIPED_NAMESPACE") + } + token, varExists := envGetter("PINNIPED_TOKEN") if !varExists { return envVarNotSetError("PINNIPED_TOKEN") @@ -106,7 +111,7 @@ func exchangeCredential(envGetter envGetter, tokenExchanger tokenExchanger, outp return envVarNotSetError("PINNIPED_K8S_API_ENDPOINT") } - cred, err := tokenExchanger(ctx, token, caBundle, apiEndpoint) + cred, err := tokenExchanger(ctx, namespace, token, caBundle, apiEndpoint) if err != nil { return fmt.Errorf("failed to get credential: %w", err) } diff --git a/cmd/pinniped/cmd/exchange_credential_test.go b/cmd/pinniped/cmd/exchange_credential_test.go index 672a064cc..74ebb8c0e 100644 --- a/cmd/pinniped/cmd/exchange_credential_test.go +++ b/cmd/pinniped/cmd/exchange_credential_test.go @@ -135,6 +135,7 @@ func TestExchangeCredential(t *testing.T) { r = require.New(t) buffer = new(bytes.Buffer) fakeEnv = map[string]string{ + "PINNIPED_NAMESPACE": "namespace from env", "PINNIPED_TOKEN": "token from env", "PINNIPED_CA_BUNDLE": "ca bundle from env", "PINNIPED_K8S_API_ENDPOINT": "k8s api from env", @@ -142,6 +143,12 @@ func TestExchangeCredential(t *testing.T) { }) when("env vars are missing", func() { + it("returns an error when PINNIPED_NAMESPACE is missing", func() { + delete(fakeEnv, "PINNIPED_NAMESPACE") + err := exchangeCredential(envGetter, tokenExchanger, buffer, 30*time.Second) + r.EqualError(err, "failed to get credential: environment variable not set: PINNIPED_NAMESPACE") + }) + it("returns an error when PINNIPED_TOKEN is missing", func() { delete(fakeEnv, "PINNIPED_TOKEN") err := exchangeCredential(envGetter, tokenExchanger, buffer, 30*time.Second) @@ -163,7 +170,7 @@ func TestExchangeCredential(t *testing.T) { when("the token exchange fails", func() { it.Before(func() { - tokenExchanger = func(ctx context.Context, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { + tokenExchanger = func(ctx context.Context, namespace, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { return nil, fmt.Errorf("some error") } }) @@ -176,7 +183,7 @@ func TestExchangeCredential(t *testing.T) { when("the JSON encoder fails", func() { it.Before(func() { - tokenExchanger = func(ctx context.Context, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { + tokenExchanger = func(ctx context.Context, namespace, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { return &clientauthenticationv1beta1.ExecCredential{ Status: &clientauthenticationv1beta1.ExecCredentialStatus{ Token: "some token", @@ -193,7 +200,7 @@ func TestExchangeCredential(t *testing.T) { when("the token exchange times out", func() { it.Before(func() { - tokenExchanger = func(ctx context.Context, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { + tokenExchanger = func(ctx context.Context, namespace, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { select { case <-time.After(100 * time.Millisecond): return &clientauthenticationv1beta1.ExecCredential{ @@ -214,11 +221,11 @@ func TestExchangeCredential(t *testing.T) { }) when("the token exchange succeeds", func() { - var actualToken, actualCaBundle, actualAPIEndpoint string + var actualNamespace, actualToken, actualCaBundle, actualAPIEndpoint string it.Before(func() { - tokenExchanger = func(ctx context.Context, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { - actualToken, actualCaBundle, actualAPIEndpoint = token, caBundle, apiEndpoint + tokenExchanger = func(ctx context.Context, namespace, token, caBundle, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { + actualNamespace, actualToken, actualCaBundle, actualAPIEndpoint = namespace, token, caBundle, apiEndpoint now := metav1.NewTime(time.Date(2020, 7, 29, 1, 2, 3, 0, time.UTC)) return &clientauthenticationv1beta1.ExecCredential{ TypeMeta: metav1.TypeMeta{ @@ -238,6 +245,7 @@ func TestExchangeCredential(t *testing.T) { it("writes the execCredential to the given writer", func() { err := exchangeCredential(envGetter, tokenExchanger, buffer, 30*time.Second) r.NoError(err) + r.Equal(fakeEnv["PINNIPED_NAMESPACE"], actualNamespace) r.Equal(fakeEnv["PINNIPED_TOKEN"], actualToken) r.Equal(fakeEnv["PINNIPED_CA_BUNDLE"], actualCaBundle) r.Equal(fakeEnv["PINNIPED_K8S_API_ENDPOINT"], actualAPIEndpoint) diff --git a/internal/client/client.go b/internal/client/client.go index 15dcc1bdf..bde9b2ca5 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -14,7 +14,7 @@ import ( "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" "github.com/suzerain-io/pinniped/generated/1.19/client/clientset/versioned" ) @@ -22,25 +22,23 @@ import ( var ErrLoginFailed = errors.New("login failed") // ExchangeToken exchanges an opaque token using the Pinniped CredentialRequest API, returning a client-go ExecCredential valid on the target cluster. -func ExchangeToken(ctx context.Context, token string, caBundle string, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { +func ExchangeToken(ctx context.Context, namespace string, token string, caBundle string, apiEndpoint string) (*clientauthenticationv1beta1.ExecCredential, error) { client, err := getClient(apiEndpoint, caBundle) if err != nil { return nil, fmt.Errorf("could not get API client: %w", err) } - resp, err := client.PinnipedV1alpha1().CredentialRequests().Create(ctx, &v1alpha1.CredentialRequest{ - Spec: v1alpha1.CredentialRequestSpec{ - Type: v1alpha1.TokenCredentialType, - Token: &v1alpha1.CredentialRequestTokenCredential{ - Value: token, - }, - }, + resp, err := client.LoginV1alpha1().TokenCredentialRequests(namespace).Create(ctx, &v1alpha1.TokenCredentialRequest{ + Spec: v1alpha1.TokenCredentialRequestSpec{Token: token}, }, metav1.CreateOptions{}) if err != nil { return nil, fmt.Errorf("could not login: %w", err) } if resp.Status.Credential == nil || resp.Status.Message != nil { - return nil, fmt.Errorf("%w: %s", ErrLoginFailed, *resp.Status.Message) + if resp.Status.Message != nil { + return nil, fmt.Errorf("%w: %s", ErrLoginFailed, *resp.Status.Message) + } + return nil, fmt.Errorf("%w: unknown", ErrLoginFailed) } return &clientauthenticationv1beta1.ExecCredential{ diff --git a/internal/client/client_test.go b/internal/client/client_test.go index 659b77ad1..0874c6db7 100644 --- a/internal/client/client_test.go +++ b/internal/client/client_test.go @@ -15,7 +15,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" - "github.com/suzerain-io/pinniped/generated/1.19/apis/pinniped/v1alpha1" + "github.com/suzerain-io/pinniped/generated/1.19/apis/login/v1alpha1" "github.com/suzerain-io/pinniped/internal/testutil" ) @@ -25,7 +25,7 @@ func TestExchangeToken(t *testing.T) { t.Run("invalid configuration", func(t *testing.T) { t.Parallel() - got, err := ExchangeToken(ctx, "", "", "") + got, err := ExchangeToken(ctx, "test-namespace", "", "", "") require.EqualError(t, err, "could not get API client: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable") require.Nil(t, got) }) @@ -38,8 +38,8 @@ func TestExchangeToken(t *testing.T) { _, _ = w.Write([]byte("some server error")) }) - got, err := ExchangeToken(ctx, "", caBundle, endpoint) - require.EqualError(t, err, `could not login: an error on the server ("some server error") has prevented the request from succeeding (post credentialrequests.pinniped.dev)`) + got, err := ExchangeToken(ctx, "test-namespace", "", caBundle, endpoint) + require.EqualError(t, err, `could not login: an error on the server ("some server error") has prevented the request from succeeding (post tokencredentialrequests.login.pinniped.dev)`) require.Nil(t, got) }) @@ -49,17 +49,32 @@ func TestExchangeToken(t *testing.T) { errorMessage := "some login failure" caBundle, endpoint := testutil.TLSTestServer(t, func(w http.ResponseWriter, r *http.Request) { w.Header().Set("content-type", "application/json") - _ = json.NewEncoder(w).Encode(&v1alpha1.CredentialRequest{ - TypeMeta: metav1.TypeMeta{APIVersion: "pinniped.dev/v1alpha1", Kind: "CredentialRequest"}, - Status: v1alpha1.CredentialRequestStatus{Message: &errorMessage}, + _ = json.NewEncoder(w).Encode(&v1alpha1.TokenCredentialRequest{ + TypeMeta: metav1.TypeMeta{APIVersion: "login.pinniped.dev/v1alpha1", Kind: "TokenCredentialRequest"}, + Status: v1alpha1.TokenCredentialRequestStatus{Message: &errorMessage}, }) }) - got, err := ExchangeToken(ctx, "", caBundle, endpoint) + got, err := ExchangeToken(ctx, "test-namespace", "", caBundle, endpoint) require.EqualError(t, err, `login failed: some login failure`) require.Nil(t, got) }) + t.Run("login failure unknown error", func(t *testing.T) { + t.Parallel() + // Start a test server that returns without any error message but also without valid credentials + caBundle, endpoint := testutil.TLSTestServer(t, func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("content-type", "application/json") + _ = json.NewEncoder(w).Encode(&v1alpha1.TokenCredentialRequest{ + TypeMeta: metav1.TypeMeta{APIVersion: "login.pinniped.dev/v1alpha1", Kind: "TokenCredentialRequest"}, + }) + }) + + got, err := ExchangeToken(ctx, "test-namespace", "", caBundle, endpoint) + require.EqualError(t, err, `login failed: unknown`) + require.Nil(t, got) + }) + t.Run("success", func(t *testing.T) { t.Parallel() expires := metav1.NewTime(time.Now().Truncate(time.Second)) @@ -67,21 +82,20 @@ func TestExchangeToken(t *testing.T) { // Start a test server that returns successfully and asserts various properties of the request. caBundle, endpoint := testutil.TLSTestServer(t, func(w http.ResponseWriter, r *http.Request) { require.Equal(t, http.MethodPost, r.Method) - require.Equal(t, "/apis/pinniped.dev/v1alpha1/credentialrequests", r.URL.Path) + require.Equal(t, "/apis/login.pinniped.dev/v1alpha1/namespaces/test-namespace/tokencredentialrequests", r.URL.Path) require.Equal(t, "application/json", r.Header.Get("content-type")) body, err := ioutil.ReadAll(r.Body) require.NoError(t, err) require.JSONEq(t, `{ - "kind": "CredentialRequest", - "apiVersion": "pinniped.dev/v1alpha1", + "kind": "TokenCredentialRequest", + "apiVersion": "login.pinniped.dev/v1alpha1", "metadata": { "creationTimestamp": null }, "spec": { - "type": "token", - "token": {} + "token": "test-token" }, "status": {} }`, @@ -89,10 +103,10 @@ func TestExchangeToken(t *testing.T) { ) w.Header().Set("content-type", "application/json") - _ = json.NewEncoder(w).Encode(&v1alpha1.CredentialRequest{ - TypeMeta: metav1.TypeMeta{APIVersion: "pinniped.dev/v1alpha1", Kind: "CredentialRequest"}, - Status: v1alpha1.CredentialRequestStatus{ - Credential: &v1alpha1.CredentialRequestCredential{ + _ = json.NewEncoder(w).Encode(&v1alpha1.TokenCredentialRequest{ + TypeMeta: metav1.TypeMeta{APIVersion: "login.pinniped.dev/v1alpha1", Kind: "TokenCredentialRequest"}, + Status: v1alpha1.TokenCredentialRequestStatus{ + Credential: &v1alpha1.ClusterCredential{ ExpirationTimestamp: expires, ClientCertificateData: "test-certificate", ClientKeyData: "test-key", @@ -101,7 +115,7 @@ func TestExchangeToken(t *testing.T) { }) }) - got, err := ExchangeToken(ctx, "", caBundle, endpoint) + got, err := ExchangeToken(ctx, "test-namespace", "test-token", caBundle, endpoint) require.NoError(t, err) require.Equal(t, &clientauthenticationv1beta1.ExecCredential{ TypeMeta: metav1.TypeMeta{ diff --git a/test/integration/client_test.go b/test/integration/client_test.go index 4fed26983..795d2f324 100644 --- a/test/integration/client_test.go +++ b/test/integration/client_test.go @@ -56,6 +56,7 @@ func TestClient(t *testing.T) { library.SkipUnlessIntegration(t) library.SkipUnlessClusterHasCapability(t, library.ClusterSigningKeyIsAvailable) token := library.GetEnv(t, "PINNIPED_TEST_USER_TOKEN") + namespace := library.GetEnv(t, "PINNIPED_NAMESPACE") ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() @@ -67,7 +68,7 @@ func TestClient(t *testing.T) { // Using the CA bundle and host from the current (admin) kubeconfig, do the token exchange. clientConfig := library.NewClientConfig(t) - resp, err := client.ExchangeToken(ctx, token, string(clientConfig.CAData), clientConfig.Host) + resp, err := client.ExchangeToken(ctx, namespace, token, string(clientConfig.CAData), clientConfig.Host) require.NoError(t, err) require.NotNil(t, resp.Status.ExpirationTimestamp) require.InDelta(t, time.Until(resp.Status.ExpirationTimestamp.Time), 1*time.Hour, float64(3*time.Minute))