supervisor-generate-key: initial spike

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

generated/1.17/README.adoc

@@ -151,6 +151,7 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
 | *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure.
 | *`message`* __string__ | Message provides human-readable details about the Status.
 | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811).
+| *`jwksSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#localobjectreference-v1-core[$$LocalObjectReference$$]__ | JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist.
 |===
 
 

generated/1.17/apis/config/v1alpha1/types_oidcproviderconfig.go

@@ -3,7 +3,10 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
 
 // +kubebuilder:validation:Enum=Success;Duplicate;Invalid
 type OIDCProviderStatus string
@@ -39,11 +42,17 @@ type OIDCProviderConfigStatus struct {
 	// +optional
 	Message string `json:"message,omitempty"`
 
-  // LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
-  // around some undesirable behavior with respect to the empty metav1.Time value (see
-  // https://github.com/kubernetes/kubernetes/issues/86811).
-  // +optional
-  LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+	// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
+	// around some undesirable behavior with respect to the empty metav1.Time value (see
+	// https://github.com/kubernetes/kubernetes/issues/86811).
+	// +optional
+	LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+
+  // JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys
+  // are stored. If it is empty, then the signing/verification keys are either unknown or they don't
+  // exist.
+	// +optional
+	JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"`
 }
 
 // OIDCProviderConfig describes the configuration of an OIDC provider.

generated/1.17/apis/config/v1alpha1/zz_generated.deepcopy.go

@@ -216,6 +216,7 @@ func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus)
 		in, out := &in.LastUpdateTime, &out.LastUpdateTime
 		*out = (*in).DeepCopy()
 	}
+	out.JWKSSecret = in.JWKSSecret
 	return
 }
 

generated/1.17/client/openapi/zz_generated.openapi.go

@@ -431,11 +431,17 @@ func schema_117_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.Referen
 							Ref:         ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
 						},
 					},
+					"jwksSecret": {
+						SchemaProps: spec.SchemaProps{
+							Description: "JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist.",
+							Ref:         ref("k8s.io/api/core/v1.LocalObjectReference"),
+						},
+					},
 				},
 			},
 		},
 		Dependencies: []string{
-			"k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
+			"k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
 	}
 }
 

generated/1.17/crds/config.pinniped.dev_oidcproviderconfigs.yaml

@@ -55,6 +55,17 @@ spec:
           status:
             description: Status of the OIDC provider.
             properties:
+              jwksSecret:
+                description: JWKSSecret holds the name of the secret in which this
+                  OIDC Provider's signing/verification keys are stored. If it is empty,
+                  then the signing/verification keys are either unknown or they don't
+                  exist.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
               lastUpdateTime:
                 description: LastUpdateTime holds the time at which the Status was
                   last updated. It is a pointer to get around some undesirable behavior

generated/1.18/README.adoc

@@ -151,6 +151,7 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
 | *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure.
 | *`message`* __string__ | Message provides human-readable details about the Status.
 | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811).
+| *`jwksSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core[$$LocalObjectReference$$]__ | JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist.
 |===
 
 

generated/1.18/apis/config/v1alpha1/types_oidcproviderconfig.go

@@ -3,7 +3,10 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
 
 // +kubebuilder:validation:Enum=Success;Duplicate;Invalid
 type OIDCProviderStatus string
@@ -39,11 +42,17 @@ type OIDCProviderConfigStatus struct {
 	// +optional
 	Message string `json:"message,omitempty"`
 
-  // LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
-  // around some undesirable behavior with respect to the empty metav1.Time value (see
-  // https://github.com/kubernetes/kubernetes/issues/86811).
-  // +optional
-  LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+	// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
+	// around some undesirable behavior with respect to the empty metav1.Time value (see
+	// https://github.com/kubernetes/kubernetes/issues/86811).
+	// +optional
+	LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+
+  // JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys
+  // are stored. If it is empty, then the signing/verification keys are either unknown or they don't
+  // exist.
+	// +optional
+	JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"`
 }
 
 // OIDCProviderConfig describes the configuration of an OIDC provider.

generated/1.18/apis/config/v1alpha1/zz_generated.deepcopy.go

@@ -216,6 +216,7 @@ func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus)
 		in, out := &in.LastUpdateTime, &out.LastUpdateTime
 		*out = (*in).DeepCopy()
 	}
+	out.JWKSSecret = in.JWKSSecret
 	return
 }
 

generated/1.18/client/openapi/zz_generated.openapi.go

@@ -431,11 +431,17 @@ func schema_118_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.Referen
 							Ref:         ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
 						},
 					},
+					"jwksSecret": {
+						SchemaProps: spec.SchemaProps{
+							Description: "JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist.",
+							Ref:         ref("k8s.io/api/core/v1.LocalObjectReference"),
+						},
+					},
 				},
 			},
 		},
 		Dependencies: []string{
-			"k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
+			"k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
 	}
 }
 

generated/1.18/crds/config.pinniped.dev_oidcproviderconfigs.yaml

@@ -55,6 +55,17 @@ spec:
           status:
             description: Status of the OIDC provider.
             properties:
+              jwksSecret:
+                description: JWKSSecret holds the name of the secret in which this
+                  OIDC Provider's signing/verification keys are stored. If it is empty,
+                  then the signing/verification keys are either unknown or they don't
+                  exist.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
               lastUpdateTime:
                 description: LastUpdateTime holds the time at which the Status was
                   last updated. It is a pointer to get around some undesirable behavior

generated/1.19/README.adoc

@@ -151,6 +151,7 @@ OIDCProviderConfigStatus is a struct that describes the actual state of an OIDC
 | *`status`* __OIDCProviderStatus__ | Status holds an enum that describes the state of this OIDC Provider. Note that this Status can represent success or failure.
 | *`message`* __string__ | Message provides human-readable details about the Status.
 | *`lastUpdateTime`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#time-v1-meta[$$Time$$]__ | LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get around some undesirable behavior with respect to the empty metav1.Time value (see https://github.com/kubernetes/kubernetes/issues/86811).
+| *`jwksSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#localobjectreference-v1-core[$$LocalObjectReference$$]__ | JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist.
 |===
 
 

generated/1.19/apis/config/v1alpha1/types_oidcproviderconfig.go

@@ -3,7 +3,10 @@
 
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
 
 // +kubebuilder:validation:Enum=Success;Duplicate;Invalid
 type OIDCProviderStatus string
@@ -39,11 +42,17 @@ type OIDCProviderConfigStatus struct {
 	// +optional
 	Message string `json:"message,omitempty"`
 
-  // LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
-  // around some undesirable behavior with respect to the empty metav1.Time value (see
-  // https://github.com/kubernetes/kubernetes/issues/86811).
-  // +optional
-  LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+	// LastUpdateTime holds the time at which the Status was last updated. It is a pointer to get
+	// around some undesirable behavior with respect to the empty metav1.Time value (see
+	// https://github.com/kubernetes/kubernetes/issues/86811).
+	// +optional
+	LastUpdateTime *metav1.Time `json:"lastUpdateTime,omitempty"`
+
+  // JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys
+  // are stored. If it is empty, then the signing/verification keys are either unknown or they don't
+  // exist.
+	// +optional
+	JWKSSecret corev1.LocalObjectReference `json:"jwksSecret,omitempty"`
 }
 
 // OIDCProviderConfig describes the configuration of an OIDC provider.

generated/1.19/apis/config/v1alpha1/zz_generated.deepcopy.go

@@ -216,6 +216,7 @@ func (in *OIDCProviderConfigStatus) DeepCopyInto(out *OIDCProviderConfigStatus)
 		in, out := &in.LastUpdateTime, &out.LastUpdateTime
 		*out = (*in).DeepCopy()
 	}
+	out.JWKSSecret = in.JWKSSecret
 	return
 }
 

generated/1.19/client/openapi/zz_generated.openapi.go

@@ -432,11 +432,17 @@ func schema_119_apis_config_v1alpha1_OIDCProviderConfigStatus(ref common.Referen
 							Ref:         ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"),
 						},
 					},
+					"jwksSecret": {
+						SchemaProps: spec.SchemaProps{
+							Description: "JWKSSecret holds the name of the secret in which this OIDC Provider's signing/verification keys are stored. If it is empty, then the signing/verification keys are either unknown or they don't exist.",
+							Ref:         ref("k8s.io/api/core/v1.LocalObjectReference"),
+						},
+					},
 				},
 			},
 		},
 		Dependencies: []string{
-			"k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
+			"k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
 	}
 }
 

generated/1.19/crds/config.pinniped.dev_oidcproviderconfigs.yaml

@@ -55,6 +55,17 @@ spec:
           status:
             description: Status of the OIDC provider.
             properties:
+              jwksSecret:
+                description: JWKSSecret holds the name of the secret in which this
+                  OIDC Provider's signing/verification keys are stored. If it is empty,
+                  then the signing/verification keys are either unknown or they don't
+                  exist.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
               lastUpdateTime:
                 description: LastUpdateTime holds the time at which the Status was
                   last updated. It is a pointer to get around some undesirable behavior