mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2025-12-23 06:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update docs and change struct name in types_tls.go.tmpl files

Browse Source 
Co-authored-by: Ashish Amarnath <ashish.amarnath@broadcom.com>
This commit is contained in:
Ryan Richard
2024-08-01 16:21:31 -07:00
parent 02e41baa47
commit e0235ed190
102 changed files with 889 additions and 686 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apis/concierge/authentication/v1alpha1/types_tls.go.tmpl
View File

@@ -3,28 +3,30 @@
package v1alpha1
// CABundleSource provides a source for CA bundle used for client-side TLS verification.
type CABundleSource struct {
// Whether the CA bundle is being sourced from a kubernetes secret or a configmap.
// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification.
type CertificateAuthorityDataSourceSpec struct {
// Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap.
// Secrets must be of type kubernetes.io/tls or Opaque.
// For configmaps, the value associated with the key is not expected to be base64 encoded.
// +kubebuilder:validation:Enum=Secret;ConfigMap
Kind string `json:"kind"`
// Name of the secret or configmap from which to read the CA bundle.
// Name is the resource name of the secret or configmap from which to read the CA bundle.
// The referenced secret or configmap must be created in the same namespace where Pinniped Concierge is installed.
// +kubebuilder:validation:MinLength=1
Name string `json:"name"`
// Key within the secret or configmap from which to read the CA bundle.
// Key is the key name within the secret or configmap from which to read the CA bundle.
// The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded
// certificate bundle.
// +kubebuilder:validation:MinLength=1
Key string `json:"key"`
}
// Configuration for configuring TLS on various authenticators.
// TLSSpec provides TLS configuration on various authenticators.
type TLSSpec struct {
// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
// Reference to a CA bundle in a secret or a configmap.
// Any changes to the CA bundle in the secret or configmap will be dynamically reloaded.
// +optional
CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"`
CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"`
}

17
apis/supervisor/idp/v1alpha1/types_tls.go.tmpl
View File

@@ -3,19 +3,19 @@
package v1alpha1
// CABundleSource provides a source for CA bundle used for client-side TLS verification.
type CABundleSource struct {
// Whether the CA bundle is being sourced from a kubernetes secret or a configmap.
// CertificateAuthorityDataSourceSpec provides a source for CA bundle used for client-side TLS verification.
type CertificateAuthorityDataSourceSpec struct {
// Kind configures whether the CA bundle is being sourced from a Kubernetes secret or a configmap.
// Secrets must be of type kubernetes.io/tls or Opaque.
// For configmaps, the value associated with the key is not expected to be base64 encoded.
// +kubebuilder:validation:Enum=Secret;ConfigMap
Kind string `json:"kind"`
// Name of the secret or configmap from which to read the CA bundle.
// Name is the resource name of the secret or configmap from which to read the CA bundle.
// The referenced secret or configmap must be created in the same namespace where Pinniped Supervisor is installed.
// +kubebuilder:validation:MinLength=1
Name string `json:"name"`
// Key within the secret or configmap from which to read the CA bundle.
// Key is the key name within the secret or configmap from which to read the CA bundle.
// The value found at this key in the secret or configmap must not be empty, and must be a valid PEM-encoded
// certificate bundle.
// +kubebuilder:validation:MinLength=1
Key string `json:"key"`
}
@@ -26,6 +26,7 @@ type TLSSpec struct {
// +optional
CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
// Reference to a CA bundle in a secret or a configmap.
// Any changes to the CA bundle in the secret or configmap will be dynamically reloaded.
// +optional
CertificateAuthorityDataSource *CABundleSource `json:"certificateAuthorityDataSource,omitempty"`
CertificateAuthorityDataSource *CertificateAuthorityDataSourceSpec `json:"certificateAuthorityDataSource,omitempty"`
}