Merge pull request #1190 from vmware-tanzu/client-secret-api-noop

aggregated api for oidcclientsecretrequest
2025-12-23 06:15:47 +00:00 · 2022-06-16 10:30:13 -04:00
parent 90077f7135 ff26c424ae
commit 4bf734061d
239 changed files with 9758 additions and 51 deletions
--- a/apis/supervisor/clientsecret/doc.go.tmpl
+++ b/apis/supervisor/clientsecret/doc.go.tmpl
@@ -0,0 +1,8 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=clientsecret.supervisor.pinniped.dev
+
+// Package clientsecret is the internal version of the Pinniped client secret API.
+package clientsecret
--- a/apis/supervisor/clientsecret/register.go.tmpl
+++ b/apis/supervisor/clientsecret/register.go.tmpl
@@ -0,0 +1,38 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package clientsecret
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const GroupName = "clientsecret.supervisor.pinniped.dev"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind.
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&OIDCClientSecretRequest{},
+		&OIDCClientSecretRequestList{},
+	)
+	return nil
+}
--- a/apis/supervisor/clientsecret/types_oidcclientsecretrequest.go.tmpl
+++ b/apis/supervisor/clientsecret/types_oidcclientsecretrequest.go.tmpl
@@ -0,0 +1,46 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package clientsecret
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+type OIDCClientSecretRequestSpec struct {
+	// Request a new client secret to for the OIDCClient referenced by the metadata.name field.
+	GenerateNewSecret bool `json:"generateNewSecret"`
+
+	// Revoke the old client secrets associated with the OIDCClient referenced by the metadata.name
+	// field.
+	RevokeOldSecrets bool `json:"revokeOldSecrets"`
+}
+
+type OIDCClientSecretRequestStatus struct {
+	// The unencrypted OIDC Client Secret. This will only be shared upon creation and cannot
+	// be recovered if you lose it.
+	GeneratedSecret string `json:"generatedSecret,omitempty"`
+
+	// The total number of client secrets associated with the OIDCClient referenced by the
+	// metadata.name field.
+	TotalClientSecrets int `json:"totalClientSecrets"`
+}
+
+// OIDCClientSecretRequest can be used to update the client secrets associated with an
+// OIDCClient.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type OIDCClientSecretRequest struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
+
+	Spec   OIDCClientSecretRequestSpec   `json:"spec"`
+	Status OIDCClientSecretRequestStatus `json:"status"`
+}
+
+// OIDCClientSecretList is a list of OIDCClientSecretRequest objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type OIDCClientSecretRequestList struct {
+	metav1.TypeMeta
+	metav1.ListMeta
+
+	// Items is a list of OIDCClientSecretRequest
+	Items []OIDCClientSecretRequest
+}
--- a/apis/supervisor/clientsecret/v1alpha1/conversion.go.tmpl
+++ b/apis/supervisor/clientsecret/v1alpha1/conversion.go.tmpl
@@ -0,0 +1,4 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
--- a/apis/supervisor/clientsecret/v1alpha1/defaults.go.tmpl
+++ b/apis/supervisor/clientsecret/v1alpha1/defaults.go.tmpl
@@ -0,0 +1,12 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+func addDefaultingFuncs(scheme *runtime.Scheme) error {
+	return RegisterDefaults(scheme)
+}
--- a/apis/supervisor/clientsecret/v1alpha1/doc.go.tmpl
+++ b/apis/supervisor/clientsecret/v1alpha1/doc.go.tmpl
@@ -0,0 +1,11 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/supervisor/clientsecret
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=clientsecret.supervisor.pinniped.dev
+
+// Package v1alpha1 is the v1alpha1 version of the Pinniped client secret API.
+package v1alpha1
--- a/apis/supervisor/clientsecret/v1alpha1/register.go.tmpl
+++ b/apis/supervisor/clientsecret/v1alpha1/register.go.tmpl
@@ -0,0 +1,43 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const GroupName = "clientsecret.supervisor.pinniped.dev"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
+
+var (
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = SchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
+}
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&OIDCClientSecretRequest{},
+		&OIDCClientSecretRequestList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}
+
+// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
--- a/apis/supervisor/clientsecret/v1alpha1/types_oidcclientsecretrequest.go.tmpl
+++ b/apis/supervisor/clientsecret/v1alpha1/types_oidcclientsecretrequest.go.tmpl
@@ -0,0 +1,36 @@
+// Copyright 2022 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+type OIDCClientSecretRequestSpec struct {
+	GenerateNewSecret bool `json:"generateNewSecret"`
+	RevokeOldSecrets  bool `json:"revokeOldSecrets"`
+}
+
+type OIDCClientSecretRequestStatus struct {
+	GeneratedSecret    string `json:"generatedSecret,omitempty"`
+	TotalClientSecrets int    `json:"totalClientSecrets"`
+}
+
+// +genclient
+// +genclient:onlyVerbs=create
+// +kubebuilder:subresource:status
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type OIDCClientSecretRequest struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"` // metadata.name must be set to the client ID
+
+	Spec   OIDCClientSecretRequestSpec   `json:"spec"`
+	Status OIDCClientSecretRequestStatus `json:"status"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type OIDCClientSecretRequestList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []OIDCClientSecretRequest `json:"items"`
+}