From e0235ed190f62938e90738f6a22edd8d03730577 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Thu, 1 Aug 2024 16:21:31 -0700 Subject: [PATCH] update docs and change struct name in types_tls.go.tmpl files Co-authored-by: Ashish Amarnath --- .../authentication/v1alpha1/types_tls.go.tmpl | 18 +++++---- .../supervisor/idp/v1alpha1/types_tls.go.tmpl | 17 +++++---- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.24/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.25/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.26/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.27/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.28/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.29/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/1.30/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- ...cierge.pinniped.dev_jwtauthenticators.yaml | 15 +++++--- ...ge.pinniped.dev_webhookauthenticators.yaml | 15 +++++--- ....dev_activedirectoryidentityproviders.yaml | 15 +++++--- ....pinniped.dev_githubidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_ldapidentityproviders.yaml | 15 +++++--- ...or.pinniped.dev_oidcidentityproviders.yaml | 15 +++++--- generated/latest/README.adoc | 38 ++++++++++--------- .../authentication/v1alpha1/types_tls.go | 18 +++++---- .../v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../apis/supervisor/idp/v1alpha1/types_tls.go | 17 +++++---- .../idp/v1alpha1/zz_generated.deepcopy.go | 10 ++--- .../jwtcachefiller/jwtcachefiller_test.go | 4 +- .../webhookcachefiller_test.go | 4 +- .../active_directory_upstream_watcher_test.go | 6 +-- .../github_upstream_watcher_test.go | 8 ++-- .../ldap_upstream_watcher_test.go | 6 +-- .../oidc_upstream_watcher_test.go | 4 +- .../tlsconfigutil/tls_config_util_test.go | 8 ++-- test/integration/concierge_client_test.go | 6 +-- .../concierge_jwtauthenticator_status_test.go | 2 +- ...cierge_webhookauthenticator_status_test.go | 2 +- test/integration/e2e_test.go | 6 +-- test/integration/supervisor_login_test.go | 20 +++++----- 102 files changed, 889 insertions(+), 686 deletions(-) diff --git a/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl b/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl index cc823a05e..883dc7fc7 100644 --- a/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl +++ b/apis/concierge/authentication/v1alpha1/types_tls.go.tmpl @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl b/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl index 19d6d863a..407a5cde5 100644 --- a/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl +++ b/apis/supervisor/idp/v1alpha1/types_tls.go.tmpl @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/deploy/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/deploy/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/deploy/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/deploy/supervisor/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/deploy/supervisor/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/deploy/supervisor/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/deploy/supervisor/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/deploy/supervisor/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/deploy/supervisor/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.24/README.adoc b/generated/1.24/README.adoc index c61e4de01..ef1d03c8b 100644 --- a/generated/1.24/README.adoc +++ b/generated/1.24/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-24-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.24/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.24/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.24/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.24/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.24/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.24/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.24/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.24/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.24/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.24/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.24/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.24/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.24/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.24/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.24/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.24/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.24/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.24/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.24/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.24/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.24/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.24/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.24/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.24/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.24/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.24/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.24/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.24/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.24/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.24/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.24/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.24/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.24/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.24/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.24/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.24/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.24/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.24/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.24/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.24/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.25/README.adoc b/generated/1.25/README.adoc index e876a4f6c..ac3c245ca 100644 --- a/generated/1.25/README.adoc +++ b/generated/1.25/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-25-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.25/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.25/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.25/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.25/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.25/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.25/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.25/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.25/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.25/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.25/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.25/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.25/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.25/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.25/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.25/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.25/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.25/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.25/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.25/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.25/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.25/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.25/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.25/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.25/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.25/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.25/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.25/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.25/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.25/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.25/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.25/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.25/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.25/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.25/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.25/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.25/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.25/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.25/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.25/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.25/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.26/README.adoc b/generated/1.26/README.adoc index 0a22ec4c3..22635e322 100644 --- a/generated/1.26/README.adoc +++ b/generated/1.26/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-26-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.26/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.26/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.26/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.26/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.26/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.26/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.26/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.26/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.26/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.26/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.26/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.26/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.26/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.26/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.26/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.26/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.26/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.26/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.26/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.26/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.26/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.26/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.26/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.26/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.26/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.26/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.26/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.26/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.26/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.26/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.26/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.26/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.26/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.26/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.26/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.26/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.26/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.26/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.26/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.26/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.27/README.adoc b/generated/1.27/README.adoc index 2a1868652..4408cc279 100644 --- a/generated/1.27/README.adoc +++ b/generated/1.27/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-27-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.27/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.27/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.27/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.27/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.27/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.27/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.27/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.27/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.27/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.27/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.27/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.27/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.27/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.27/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.27/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.27/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.27/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.27/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.27/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.27/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.27/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.27/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.27/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.27/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.27/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.27/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.27/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.27/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.27/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.27/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.27/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.27/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.27/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.27/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.27/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.27/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.27/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.27/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.27/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.27/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.28/README.adoc b/generated/1.28/README.adoc index 64f76af36..65ef835b8 100644 --- a/generated/1.28/README.adoc +++ b/generated/1.28/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-28-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.28/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.28/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.28/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.28/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.28/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.28/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.28/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.28/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.28/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.28/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.28/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.28/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.28/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.28/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.28/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.28/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.28/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.28/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.28/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.28/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.28/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.28/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.28/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.28/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.28/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.28/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.28/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.28/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.28/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.28/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.28/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.28/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.28/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.28/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.28/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.28/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.28/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.28/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.28/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.28/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.29/README.adoc b/generated/1.29/README.adoc index a6e8fdf5b..b5ae5e4a4 100644 --- a/generated/1.29/README.adoc +++ b/generated/1.29/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-29-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.29/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.29/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.29/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.29/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.29/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.29/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.29/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.29/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.29/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.29/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.29/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.29/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.29/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.29/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.29/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.29/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.29/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.29/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.29/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.29/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.29/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.29/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.29/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.29/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.29/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.29/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.29/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.29/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.29/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.29/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.29/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.29/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.29/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.29/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.29/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.29/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.29/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.29/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.29/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.29/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.30/README.adoc b/generated/1.30/README.adoc index f91e3138c..0b9021c99 100644 --- a/generated/1.30/README.adoc +++ b/generated/1.30/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/1.30/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/1.30/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/1.30/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/1.30/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.30/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/1.30/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/1.30/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.30/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.30/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/1.30/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/1.30/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/1.30/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/1.30/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/1.30/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/1.30/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/1.30/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/1.30/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml b/generated/1.30/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml index 88a7b3d8b..838f11edf 100644 --- a/generated/1.30/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml +++ b/generated/1.30/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml @@ -96,25 +96,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.30/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml b/generated/1.30/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml index 8576dabbf..0133d62fc 100644 --- a/generated/1.30/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml +++ b/generated/1.30/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml @@ -67,25 +67,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. minLength: 1 type: string diff --git a/generated/1.30/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml b/generated/1.30/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml index 36d7edcd4..dcc1836b6 100644 --- a/generated/1.30/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml +++ b/generated/1.30/crds/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml @@ -171,25 +171,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.30/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml b/generated/1.30/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml index 1a5dea759..669377e7c 100644 --- a/generated/1.30/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml +++ b/generated/1.30/crds/idp.supervisor.pinniped.dev_githubidentityproviders.yaml @@ -226,25 +226,28 @@ spec: be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.30/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml b/generated/1.30/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml index bcd798dba..e1fb91934 100644 --- a/generated/1.30/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml +++ b/generated/1.30/crds/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml @@ -162,25 +162,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/1.30/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml b/generated/1.30/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml index 330984a89..83ae89781 100644 --- a/generated/1.30/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml +++ b/generated/1.30/crds/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml @@ -212,25 +212,28 @@ spec: If omitted, a default set of system roots will be trusted. type: string certificateAuthorityDataSource: - description: Reference to a CA bundle in a secret or a configmap. + description: |- + Reference to a CA bundle in a secret or a configmap. + Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. properties: key: - description: Key within the secret or configmap from which - to read the CA bundle. + description: |- + Key is the key name within the secret or configmap from which to read the CA bundle. + The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + certificate bundle. minLength: 1 type: string kind: description: |- - Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. Secrets must be of type kubernetes.io/tls or Opaque. - For configmaps, the value associated with the key is not expected to be base64 encoded. enum: - Secret - ConfigMap type: string name: description: |- - Name of the secret or configmap from which to read the CA bundle. + Name is the resource name of the secret or configmap from which to read the CA bundle. The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. minLength: 1 type: string diff --git a/generated/latest/README.adoc b/generated/latest/README.adoc index f91e3138c..0b9021c99 100644 --- a/generated/latest/README.adoc +++ b/generated/latest/README.adoc @@ -23,10 +23,10 @@ Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authenticatio -[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -36,12 +36,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -147,7 +148,7 @@ username from the JWT token. When not specified, it will default to "username". [id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-tlsspec"] ==== TLSSpec -Configuration for configuring TLS on various authenticators. +TLSSpec provides TLS configuration on various authenticators. .Appears In: **** @@ -159,7 +160,8 @@ Configuration for configuring TLS on various authenticators. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-concierge-authentication-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== @@ -1668,10 +1670,10 @@ Optional, when empty this defaults to "objectGUID". + |=== -[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-cabundlesource"] -==== CABundleSource +[id="{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec"] +==== CertificateAuthorityDataSourceSpec -CABundleSource provides a source for CA bundle used for client-side TLS verification. +CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. .Appears In: **** @@ -1681,12 +1683,13 @@ CABundleSource provides a source for CA bundle used for client-side TLS verifica [cols="25a,75a", options="header"] |=== | Field | Description -| *`kind`* __string__ | Whether the CA bundle is being sourced from a kubernetes secret or a configmap. + +| *`kind`* __string__ | Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. + Secrets must be of type kubernetes.io/tls or Opaque. + -For configmaps, the value associated with the key is not expected to be base64 encoded. + -| *`name`* __string__ | Name of the secret or configmap from which to read the CA bundle. + +| *`name`* __string__ | Name is the resource name of the secret or configmap from which to read the CA bundle. + The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. + -| *`key`* __string__ | Key within the secret or configmap from which to read the CA bundle. + +| *`key`* __string__ | Key is the key name within the secret or configmap from which to read the CA bundle. + +The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + +certificate bundle. + |=== @@ -2446,7 +2449,8 @@ TLSSpec provides TLS configuration for identity provider integration. |=== | Field | Description | *`certificateAuthorityData`* __string__ | X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. + -| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-cabundlesource[$$CABundleSource$$]__ | Reference to a CA bundle in a secret or a configmap. + +| *`certificateAuthorityDataSource`* __xref:{anchor_prefix}-go-pinniped-dev-generated-1-30-apis-supervisor-idp-v1alpha1-certificateauthoritydatasourcespec[$$CertificateAuthorityDataSourceSpec$$]__ | Reference to a CA bundle in a secret or a configmap. + +Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. + |=== diff --git a/generated/latest/apis/concierge/authentication/v1alpha1/types_tls.go b/generated/latest/apis/concierge/authentication/v1alpha1/types_tls.go index cc823a05e..883dc7fc7 100644 --- a/generated/latest/apis/concierge/authentication/v1alpha1/types_tls.go +++ b/generated/latest/apis/concierge/authentication/v1alpha1/types_tls.go @@ -3,28 +3,30 @@ package v1alpha1 -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } -// Configuration for configuring TLS on various authenticators. +// TLSSpec provides TLS configuration on various authenticators. type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/latest/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go b/generated/latest/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go index 27cbcc844..1e64ee699 100644 --- a/generated/latest/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/generated/latest/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go @@ -14,17 +14,17 @@ import ( ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -156,7 +156,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/generated/latest/apis/supervisor/idp/v1alpha1/types_tls.go b/generated/latest/apis/supervisor/idp/v1alpha1/types_tls.go index 19d6d863a..407a5cde5 100644 --- a/generated/latest/apis/supervisor/idp/v1alpha1/types_tls.go +++ b/generated/latest/apis/supervisor/idp/v1alpha1/types_tls.go @@ -3,19 +3,19 @@ package v1alpha1 - -// CABundleSource provides a source for CA bundle used for client-side TLS verification. -type CABundleSource struct { - // Whether the CA bundle is being sourced from a kubernetes secret or a configmap. +// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification. +type CertificateAuthorityDataSourceSpec struct { + // Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap. // Secrets must be of type kubernetes.io/tls or Opaque. - // For configmaps, the value associated with the key is not expected to be base64 encoded. // +kubebuilder:validation:Enum=Secret;ConfigMap Kind string `json:"kind"` - // Name of the secret or configmap from which to read the CA bundle. + // Name is the resource name of the secret or configmap from which to read the CA bundle. // The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed. // +kubebuilder:validation:MinLength=1 Name string `json:"name"` - // Key within the secret or configmap from which to read the CA bundle. + // Key is the key name within the secret or configmap from which to read the CA bundle. + // The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded + // certificate bundle. // +kubebuilder:validation:MinLength=1 Key string `json:"key"` } @@ -26,6 +26,7 @@ type TLSSpec struct { // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` // Reference to a CA bundle in a secret or a configmap. + // Any changes to the CA bundle in the secret or configmap will be dynamically reloaded. // +optional - CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"` + CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"` } diff --git a/generated/latest/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go b/generated/latest/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go index 41d44d226..395c8f0fb 100644 --- a/generated/latest/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go +++ b/generated/latest/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go @@ -204,17 +204,17 @@ func (in *ActiveDirectoryIdentityProviderUserSearchAttributes) DeepCopy() *Activ } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CABundleSource) DeepCopyInto(out *CABundleSource) { +func (in *CertificateAuthorityDataSourceSpec) DeepCopyInto(out *CertificateAuthorityDataSourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CABundleSource. -func (in *CABundleSource) DeepCopy() *CABundleSource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityDataSourceSpec. +func (in *CertificateAuthorityDataSourceSpec) DeepCopy() *CertificateAuthorityDataSourceSpec { if in == nil { return nil } - out := new(CABundleSource) + out := new(CertificateAuthorityDataSourceSpec) in.DeepCopyInto(out) return out } @@ -818,7 +818,7 @@ func (in *TLSSpec) DeepCopyInto(out *TLSSpec) { *out = *in if in.CertificateAuthorityDataSource != nil { in, out := &in.CertificateAuthorityDataSource, &out.CertificateAuthorityDataSource - *out = new(CABundleSource) + *out = new(CertificateAuthorityDataSourceSpec) **out = **in } return diff --git a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go index bd5ea7c2b..1f9dbd693 100644 --- a/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go +++ b/internal/controller/authenticator/jwtcachefiller/jwtcachefiller_test.go @@ -309,7 +309,7 @@ func TestController(t *testing.T) { Issuer: goodIssuer, Audience: goodAudience, TLS: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "secret-with-ca", Key: "ca.crt", @@ -330,7 +330,7 @@ func TestController(t *testing.T) { Issuer: goodIssuer, Audience: goodAudience, TLS: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: "configmap-with-ca", Key: "ca.crt", diff --git a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go index 35c530240..b75548a3a 100644 --- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go +++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go @@ -155,7 +155,7 @@ func TestController(t *testing.T) { goodWebhookAuthenticatorSpecWithCAFromSecret := authenticationv1alpha1.WebhookAuthenticatorSpec{ Endpoint: goodWebhookDefaultServingCertEndpoint, TLS: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "secret-with-ca", Key: "ca.crt", @@ -175,7 +175,7 @@ func TestController(t *testing.T) { goodWebhookAuthenticatorSpecWithCAFromConfigMap := authenticationv1alpha1.WebhookAuthenticatorSpec{ Endpoint: goodWebhookDefaultServingCertEndpoint, TLS: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: "configmap-with-ca", Key: "ca.crt", diff --git a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go index 320ecbb06..42cee8d20 100644 --- a/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/activedirectoryupstreamwatcher/active_directory_upstream_watcher_test.go @@ -275,7 +275,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) { validUpstreamWithConfigMapCABundleSource := validUpstream.DeepCopy() validUpstreamWithConfigMapCABundleSource.Spec.TLS.CertificateAuthorityData = "" - validUpstreamWithConfigMapCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + validUpstreamWithConfigMapCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caBundleConfigMapName, Key: "ca.crt", @@ -289,7 +289,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) { validUpstreamWithOpaqueSecretCABundleSource := validUpstream.DeepCopy() validUpstreamWithOpaqueSecretCABundleSource.Spec.TLS.CertificateAuthorityData = "" - validUpstreamWithOpaqueSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + validUpstreamWithOpaqueSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caBundleSecretName, Key: "ca.crt", @@ -304,7 +304,7 @@ func TestActiveDirectoryUpstreamWatcherControllerSync(t *testing.T) { validUpstreamWithTLSSecretCABundleSource := validUpstream.DeepCopy() validUpstreamWithTLSSecretCABundleSource.Spec.TLS.CertificateAuthorityData = "" - validUpstreamWithTLSSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + validUpstreamWithTLSSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caBundleSecretName, Key: "ca.crt", diff --git a/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher_test.go b/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher_test.go index 437c5620a..efaae07b8 100644 --- a/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/githubupstreamwatcher/github_upstream_watcher_test.go @@ -894,7 +894,7 @@ func TestController(t *testing.T) { otherIDP := validFilledOutIDP.DeepCopy() otherIDP.Name = "idp-with-tls-in-secret" otherIDP.Spec.GitHubAPI.TLS = &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: goodCABundleSecret.Name, Key: "ca.crt", @@ -906,7 +906,7 @@ func TestController(t *testing.T) { otherIDP := validFilledOutIDP.DeepCopy() otherIDP.Name = "idp-with-tls-in-config-map" otherIDP.Spec.GitHubAPI.TLS = &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: goodCABundleConfigMap.Name, Key: "ca.crt", @@ -975,7 +975,7 @@ func TestController(t *testing.T) { Spec: func() idpv1alpha1.GitHubIdentityProviderSpec { otherSpec := validFilledOutIDP.Spec.DeepCopy() otherSpec.GitHubAPI.TLS = &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: goodCABundleSecret.Name, Key: "ca.crt", @@ -1004,7 +1004,7 @@ func TestController(t *testing.T) { Spec: func() idpv1alpha1.GitHubIdentityProviderSpec { otherSpec := validFilledOutIDP.Spec.DeepCopy() otherSpec.GitHubAPI.TLS = &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: goodCABundleSecret.Name, Key: "ca.crt", diff --git a/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go b/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go index 6fba51ab9..f529e9182 100644 --- a/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/ldapupstreamwatcher/ldap_upstream_watcher_test.go @@ -284,7 +284,7 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) { validUpstreamWithConfigMapCABundleSource := validUpstream.DeepCopy() validUpstreamWithConfigMapCABundleSource.Spec.TLS.CertificateAuthorityData = "" - validUpstreamWithConfigMapCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + validUpstreamWithConfigMapCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caBundleConfigMapName, Key: "ca.crt", @@ -298,7 +298,7 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) { validUpstreamWithOpaqueSecretCABundleSource := validUpstream.DeepCopy() validUpstreamWithOpaqueSecretCABundleSource.Spec.TLS.CertificateAuthorityData = "" - validUpstreamWithOpaqueSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + validUpstreamWithOpaqueSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caBundleSecretName, Key: "ca.crt", @@ -313,7 +313,7 @@ func TestLDAPUpstreamWatcherControllerSync(t *testing.T) { validUpstreamWithTLSSecretCABundleSource := validUpstream.DeepCopy() validUpstreamWithTLSSecretCABundleSource.Spec.TLS.CertificateAuthorityData = "" - validUpstreamWithTLSSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + validUpstreamWithTLSSecretCABundleSource.Spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caBundleSecretName, Key: "ca.crt", diff --git a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go index 57f6481a2..659e25e8c 100644 --- a/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go +++ b/internal/controller/supervisorconfig/oidcupstreamwatcher/oidc_upstream_watcher_test.go @@ -1162,7 +1162,7 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { Spec: idpv1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "ca-bundle-secret", Key: "ca.crt", @@ -1229,7 +1229,7 @@ func TestOIDCUpstreamWatcherControllerSync(t *testing.T) { Spec: idpv1alpha1.OIDCIdentityProviderSpec{ Issuer: testIssuerURL, TLS: &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: "ca-bundle-configmap", Key: "ca.crt", diff --git a/internal/controller/tlsconfigutil/tls_config_util_test.go b/internal/controller/tlsconfigutil/tls_config_util_test.go index 52fbdff87..230432e46 100644 --- a/internal/controller/tlsconfigutil/tls_config_util_test.go +++ b/internal/controller/tlsconfigutil/tls_config_util_test.go @@ -535,7 +535,7 @@ func TestTLSSpecForSupervisor(t *testing.T) { { name: "should return tls spec with certificateAuthorityDataSource", supervisorTLSSpec: &idpv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "awesome-secret", Key: "ca-bundle", @@ -553,7 +553,7 @@ func TestTLSSpecForSupervisor(t *testing.T) { name: "should return tls spec when source has all fields filled", supervisorTLSSpec: &idpv1alpha1.TLSSpec{ CertificateAuthorityData: base64EncodedBundle, - CertificateAuthorityDataSource: &idpv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "awesome-secret", Key: "ca-bundle", @@ -609,7 +609,7 @@ func TestTLSSpecForConcierge(t *testing.T) { { name: "should return tls spec with certificateAuthorityDataSource", conciergeTLSSpec: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "awesome-secret", Key: "ca-bundle", @@ -627,7 +627,7 @@ func TestTLSSpecForConcierge(t *testing.T) { name: "should return tls spec when source has all fields filled", conciergeTLSSpec: &authenticationv1alpha1.TLSSpec{ CertificateAuthorityData: base64EncodedBundle, - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: "awesome-secret", Key: "ca-bundle", diff --git a/test/integration/concierge_client_test.go b/test/integration/concierge_client_test.go index 2d6eb428a..78b3c8ca1 100644 --- a/test/integration/concierge_client_test.go +++ b/test/integration/concierge_client_test.go @@ -83,7 +83,7 @@ func TestClient(t *testing.T) { "tls.key": "", }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -98,7 +98,7 @@ func TestClient(t *testing.T) { "ca.crt": string(TLSCABundle), }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -113,7 +113,7 @@ func TestClient(t *testing.T) { "ca.crt": string(TLSCABundle), }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caConfigmap.Name, Key: "ca.crt", diff --git a/test/integration/concierge_jwtauthenticator_status_test.go b/test/integration/concierge_jwtauthenticator_status_test.go index 09f0d56a2..32471f72e 100644 --- a/test/integration/concierge_jwtauthenticator_status_test.go +++ b/test/integration/concierge_jwtauthenticator_status_test.go @@ -93,7 +93,7 @@ func TestConciergeJWTAuthenticatorWithExternalCABundleStatusIsUpdatedWhenExterna Issuer: env.SupervisorUpstreamOIDC.Issuer, Audience: "does-not-matter", TLS: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: test.caBundleSourceSpecKind, Name: caBundleResourceName, Key: "ca.crt", diff --git a/test/integration/concierge_webhookauthenticator_status_test.go b/test/integration/concierge_webhookauthenticator_status_test.go index 119909f6c..f74549a8d 100644 --- a/test/integration/concierge_webhookauthenticator_status_test.go +++ b/test/integration/concierge_webhookauthenticator_status_test.go @@ -90,7 +90,7 @@ func TestConciergeWebhookAuthenticatorWithExternalCABundleStatusIsUpdatedWhenExt authenticator := testlib.CreateTestWebhookAuthenticator(ctx, t, &authenticationv1alpha1.WebhookAuthenticatorSpec{ Endpoint: env.TestWebhook.Endpoint, TLS: &authenticationv1alpha1.TLSSpec{ - CertificateAuthorityDataSource: &authenticationv1alpha1.CABundleSource{ + CertificateAuthorityDataSource: &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: test.caBundleSourceSpecKind, Name: caBundleResourceName, Key: "ca.crt", diff --git a/test/integration/e2e_test.go b/test/integration/e2e_test.go index 89edb8d84..7732e4da0 100644 --- a/test/integration/e2e_test.go +++ b/test/integration/e2e_test.go @@ -237,7 +237,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { }) jwtAuthnSpec := defaultJWTAuthenticatorSpec.DeepCopy() jwtAuthnSpec.TLS.CertificateAuthorityData = "" - jwtAuthnSpec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CABundleSource{ + jwtAuthnSpec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -339,7 +339,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { }) jwtAuthnSpec := defaultJWTAuthenticatorSpec.DeepCopy() jwtAuthnSpec.TLS.CertificateAuthorityData = "" - jwtAuthnSpec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CABundleSource{ + jwtAuthnSpec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -477,7 +477,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { }) jwtAuthnSpec := defaultJWTAuthenticatorSpec.DeepCopy() jwtAuthnSpec.TLS.CertificateAuthorityData = "" - jwtAuthnSpec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CABundleSource{ + jwtAuthnSpec.TLS.CertificateAuthorityDataSource = &authenticationv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caConfigMap.Name, Key: "ca.crt", diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 8ac9086e8..c5dc0ad60 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -375,7 +375,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": string(caData), }) idpSpec.TLS.CertificateAuthorityData = "" - idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -405,7 +405,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "tls.key": "", }) idpSpec.TLS.CertificateAuthorityData = "" - idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -432,7 +432,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": string(caData), }) idpSpec.TLS.CertificateAuthorityData = "" - idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caConfigMap.Name, Key: "ca.crt", @@ -461,7 +461,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": string(caData), }) idpSpec.TLS.CertificateAuthorityData = "" - idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + idpSpec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -684,7 +684,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": env.SupervisorUpstreamLDAP.CABundle, }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -735,7 +735,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "tls.key": "", }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -784,7 +784,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": env.SupervisorUpstreamLDAP.CABundle, }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caConfigMap.Name, Key: "ca.crt", @@ -1270,7 +1270,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": env.SupervisorUpstreamActiveDirectory.CABundle, }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -1312,7 +1312,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "tls.key": "", }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "Secret", Name: caSecret.Name, Key: "ca.crt", @@ -1352,7 +1352,7 @@ func TestSupervisorLogin_Browser(t *testing.T) { "ca.crt": env.SupervisorUpstreamActiveDirectory.CABundle, }) spec.TLS.CertificateAuthorityData = "" - spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CABundleSource{ + spec.TLS.CertificateAuthorityDataSource = &idpv1alpha1.CertificateAuthorityDataSourceSpec{ Kind: "ConfigMap", Name: caConfigMap.Name, Key: "ca.crt",