From 59c2295dfd617ddb3882c0d1936352d50627f388 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Sat, 3 Aug 2024 17:37:34 -0700 Subject: [PATCH] improve api docs for TLSSpec in authenticator and IDP specs Signed-off-by: Ashish Amarnath Co-authored-by: Ashish Amarnath --- .../authentication/v1alpha1/types_tls.go.tmpl | 18 ++++++++++++++++-- apis/supervisor/idp/v1alpha1/types_tls.go.tmpl | 18 ++++++++++++++++-- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl b/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl index db9f4ceff..85ea7a94c 100644 --- a/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl +++ b/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl @@ -3,12 +3,26 @@ package v1alpha1 +// CertificateAuthorityDataSourceKind enumerates the sources for CA Bundles. +// +// +kubebuilder:validation:Enum=Secret;ConfigMap +type CertificateAuthorityDataSourceKind string + +const ( + // CertificateAuthorityDataSourceKindConfigMap uses a Kubernetes configmap to source CA Bundles. + CertificateAuthorityDataSourceKindConfigMap = CertificateAuthorityDataSourceKind("ConfigMap") + + // CertificateAuthorityDataSourceKindSecret uses a Kubernetes secret to source CA Bundles. + // Secrets used to source CA Bundles must be of type kubernetes.io/tls or Opaque. + CertificateAuthorityDataSourceKindSecret = CertificateAuthorityDataSourceKind("Secret") +) + // CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. type CertificateAuthorityDataSourceSpec struct { // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. - // Secrets must be of type kubernetes.io/tls or Opaque. // Allowed values are "Secret" or "ConfigMap". - // +kubebuilder:validation:Enum=Secret;ConfigMap + // "ConfigMap" uses a Kubernetes configmap to source CA Bundles. + // "Secret" uses Kubernetes secrets of type kubernetes.io/tls or Opaque to source CA Bundles. Kind string `json:"kind"` // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. diff --git a/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl b/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl index 70f1c71cc..8c28d7505 100644 --- a/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl +++ b/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl @@ -3,12 +3,26 @@ package v1alpha1 +// CertificateAuthorityDataSourceKind enumerates the sources for CA Bundles. +// +// +kubebuilder:validation:Enum=Secret;ConfigMap +type CertificateAuthorityDataSourceKind string + +const ( + // CertificateAuthorityDataSourceKindConfigMap uses a Kubernetes configmap to source CA Bundles. + CertificateAuthorityDataSourceKindConfigMap = CertificateAuthorityDataSourceKind("ConfigMap") + + // CertificateAuthorityDataSourceKindSecret uses a Kubernetes secret to source CA Bundles. + // Secrets used to source CA Bundles must be of type kubernetes.io/tls or Opaque. + CertificateAuthorityDataSourceKindSecret = CertificateAuthorityDataSourceKind("Secret") +) + // CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. type CertificateAuthorityDataSourceSpec struct { // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. - // Secrets must be of type kubernetes.io/tls or Opaque. // Allowed values are "Secret" or "ConfigMap". - // +kubebuilder:validation:Enum=Secret;ConfigMap + // "ConfigMap" uses a Kubernetes configmap to source CA Bundles. + // "Secret" uses Kubernetes secrets of type kubernetes.io/tls or Opaque to source CA Bundles. Kind string `json:"kind"` // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed.