Define the WebhookIdentityProvider CRD.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2026-01-07 14:05:50 +00:00 · 2020-09-01 11:55:33 -05:00
parent 9bb3d4ef28
commit 557fd0df26
112 changed files with 5445 additions and 4 deletions
--- a/generated/1.17/apis/idp/doc.go
+++ b/generated/1.17/apis/idp/doc.go
@@ -0,0 +1,10 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// +k8s:deepcopy-gen=package
+// +groupName=idp.pinniped.dev
+
+// Package idp is the internal version of the Pinniped identity provider API.
+package idp
--- a/generated/1.17/apis/idp/v1alpha1/conversion.go
+++ b/generated/1.17/apis/idp/v1alpha1/conversion.go
@@ -0,0 +1,6 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package v1alpha1
--- a/generated/1.17/apis/idp/v1alpha1/defaults.go
+++ b/generated/1.17/apis/idp/v1alpha1/defaults.go
@@ -0,0 +1,14 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+func addDefaultingFuncs(scheme *runtime.Scheme) error {
+	return RegisterDefaults(scheme)
+}
--- a/generated/1.17/apis/idp/v1alpha1/doc.go
+++ b/generated/1.17/apis/idp/v1alpha1/doc.go
@@ -0,0 +1,14 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +k8s:conversion-gen=github.com/suzerain-io/pinniped/generated/1.17/apis/idp
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=idp.pinniped.dev
+// +groupGoName=IDP
+
+// Package v1alpha1 is the v1alpha1 version of the Pinniped identity provider API.
+package v1alpha1
--- a/generated/1.17/apis/idp/v1alpha1/register.go
+++ b/generated/1.17/apis/idp/v1alpha1/register.go
@@ -0,0 +1,45 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const GroupName = "idp.pinniped.dev"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
+
+var (
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
+}
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&WebhookIdentityProvider{},
+		&WebhookIdentityProviderList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
--- a/generated/1.17/apis/idp/v1alpha1/types_meta.go
+++ b/generated/1.17/apis/idp/v1alpha1/types_meta.go
@@ -0,0 +1,77 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// ConditionStatus is effectively an enum type for Condition.Status.
+type ConditionStatus string
+
+// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
+// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
+// can't decide if a resource is in the condition or not. In the future, we could add other
+// intermediate conditions, e.g. ConditionDegraded.
+const (
+	ConditionTrue    ConditionStatus = "True"
+	ConditionFalse   ConditionStatus = "False"
+	ConditionUnknown ConditionStatus = "Unknown"
+)
+
+// Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API
+// version we can switch to using the upstream type.
+// See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
+type Condition struct {
+	// type of condition in CamelCase or in foo.example.com/CamelCase.
+	// ---
+	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+	// useful (see .node.status.conditions), the ability to deconflict is important.
+	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+	// +required
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
+	// +kubebuilder:validation:MaxLength=316
+	Type string `json:"type"`
+
+	// status of the condition, one of True, False, Unknown.
+	// +required
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Enum=True;False;Unknown
+	Status ConditionStatus `json:"status"`
+
+	// observedGeneration represents the .metadata.generation that the condition was set based upon.
+	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+	// with respect to the current state of the instance.
+	// +optional
+	// +kubebuilder:validation:Minimum=0
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// lastTransitionTime is the last time the condition transitioned from one status to another.
+	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+	// +required
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Format=date-time
+	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
+
+	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
+	// Producers of specific condition types may define expected values and meanings for this field,
+	// and whether the values are considered a guaranteed API.
+	// The value should be a CamelCase string.
+	// This field may not be empty.
+	// +required
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=1024
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
+	Reason string `json:"reason"`
+
+	// message is a human readable message indicating details about the transition.
+	// This may be an empty string.
+	// +required
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MaxLength=32768
+	Message string `json:"message"`
+}
--- a/generated/1.17/apis/idp/v1alpha1/types_tls.go
+++ b/generated/1.17/apis/idp/v1alpha1/types_tls.go
@@ -0,0 +1,13 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package v1alpha1
+
+// Configuration for configuring TLS on various identity providers.
+type TLSSpec struct {
+	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
+	// +optional
+	CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
+}
--- a/generated/1.17/apis/idp/v1alpha1/types_webhook.go
+++ b/generated/1.17/apis/idp/v1alpha1/types_webhook.go
@@ -0,0 +1,55 @@
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// Status of a webhook identity provider.
+type WebhookIdentityProviderStatus struct {
+	// Represents the observations of an identity provider's current state.
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=type
+	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+}
+
+// Spec for configuring a webhook identity provider.
+type WebhookIdentityProviderSpec struct {
+	// Webhook server endpoint URL.
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=`^https://`
+	Endpoint string `json:"endpoint"`
+
+	// TLS configuration.
+	// +optional
+	TLS *TLSSpec `json:"tls,omitempty"`
+}
+
+// WebhookIdentityProvider describes the configuration of a Pinniped webhook identity provider.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:categories=all;idp;idps,shortName=webhookidp;webhookidps
+// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
+type WebhookIdentityProvider struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec for configuring the identity provider.
+	Spec WebhookIdentityProviderSpec `json:"spec"`
+
+	// Status of the identity provider.
+	Status WebhookIdentityProviderStatus `json:"status,omitempty"`
+}
+
+// List of WebhookIdentityProvider objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type WebhookIdentityProviderList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []WebhookIdentityProvider `json:"items"`
+}
--- a/generated/1.17/apis/idp/v1alpha1/zz_generated.conversion.go
+++ b/generated/1.17/apis/idp/v1alpha1/zz_generated.conversion.go
@@ -0,0 +1,24 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// Code generated by conversion-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+func init() {
+	localSchemeBuilder.Register(RegisterConversions)
+}
+
+// RegisterConversions adds conversion functions to the given scheme.
+// Public to allow building arbitrary schemes.
+func RegisterConversions(s *runtime.Scheme) error {
+	return nil
+}
--- a/generated/1.17/apis/idp/v1alpha1/zz_generated.deepcopy.go
+++ b/generated/1.17/apis/idp/v1alpha1/zz_generated.deepcopy.go
@@ -0,0 +1,152 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Condition) DeepCopyInto(out *Condition) {
+	*out = *in
+	in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
+func (in *Condition) DeepCopy() *Condition {
+	if in == nil {
+		return nil
+	}
+	out := new(Condition)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *TLSSpec) DeepCopyInto(out *TLSSpec) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
+func (in *TLSSpec) DeepCopy() *TLSSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(TLSSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WebhookIdentityProvider) DeepCopyInto(out *WebhookIdentityProvider) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProvider.
+func (in *WebhookIdentityProvider) DeepCopy() *WebhookIdentityProvider {
+	if in == nil {
+		return nil
+	}
+	out := new(WebhookIdentityProvider)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *WebhookIdentityProvider) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WebhookIdentityProviderList) DeepCopyInto(out *WebhookIdentityProviderList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]WebhookIdentityProvider, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderList.
+func (in *WebhookIdentityProviderList) DeepCopy() *WebhookIdentityProviderList {
+	if in == nil {
+		return nil
+	}
+	out := new(WebhookIdentityProviderList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *WebhookIdentityProviderList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WebhookIdentityProviderSpec) DeepCopyInto(out *WebhookIdentityProviderSpec) {
+	*out = *in
+	if in.TLS != nil {
+		in, out := &in.TLS, &out.TLS
+		*out = new(TLSSpec)
+		**out = **in
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderSpec.
+func (in *WebhookIdentityProviderSpec) DeepCopy() *WebhookIdentityProviderSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(WebhookIdentityProviderSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WebhookIdentityProviderStatus) DeepCopyInto(out *WebhookIdentityProviderStatus) {
+	*out = *in
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookIdentityProviderStatus.
+func (in *WebhookIdentityProviderStatus) DeepCopy() *WebhookIdentityProviderStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(WebhookIdentityProviderStatus)
+	in.DeepCopyInto(out)
+	return out
+}
--- a/generated/1.17/apis/idp/v1alpha1/zz_generated.defaults.go
+++ b/generated/1.17/apis/idp/v1alpha1/zz_generated.defaults.go
@@ -0,0 +1,21 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// Code generated by defaulter-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// RegisterDefaults adds defaulters functions to the given scheme.
+// Public to allow building arbitrary schemes.
+// All generated defaulters are covering - they call all nested defaulters.
+func RegisterDefaults(scheme *runtime.Scheme) error {
+	return nil
+}
--- a/generated/1.17/apis/idp/zz_generated.deepcopy.go
+++ b/generated/1.17/apis/idp/zz_generated.deepcopy.go
@@ -0,0 +1,10 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2020 VMware, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package idp