Rename login API to login.concierge.pinniped.dev.

This is the first of a few related changes that re-organize our API after the big recent changes that introduced the supervisor component.

Signed-off-by: Matt Moyer <moyerm@vmware.com>

apis/concierge/login/doc.go.tmpl

@@ -0,0 +1,8 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:deepcopy-gen=package
+// +groupName=login.concierge.pinniped.dev
+
+// Package login is the internal version of the Pinniped login API.
+package login

apis/concierge/login/register.go.tmpl

@@ -0,0 +1,38 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package login
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const GroupName = "login.concierge.pinniped.dev"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind.
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns back a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&TokenCredentialRequest{},
+		&TokenCredentialRequestList{},
+	)
+	return nil
+}

apis/concierge/login/types_clustercred.go.tmpl

@@ -0,0 +1,21 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package login
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// ClusterCredential is a credential (token or certificate) which is valid on the Kubernetes cluster.
+type ClusterCredential struct {
+	// ExpirationTimestamp indicates a time when the provided credentials expire.
+	ExpirationTimestamp metav1.Time
+
+	// Token is a bearer token used by the client for request authentication.
+	Token string
+
+	// PEM-encoded client TLS certificates (including intermediates, if any).
+	ClientCertificateData string
+
+	// PEM-encoded private key for the above certificate.
+	ClientKeyData string
+}

apis/concierge/login/types_token.go.tmpl

@@ -0,0 +1,48 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package login
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type TokenCredentialRequestSpec struct {
+	// Bearer token supplied with the credential request.
+	Token string
+
+	// Reference to an identity provider which can fulfill this credential request.
+	IdentityProvider corev1.TypedLocalObjectReference
+}
+
+type TokenCredentialRequestStatus struct {
+	// A ClusterCredential will be returned for a successful credential request.
+	// +optional
+	Credential *ClusterCredential
+
+	// An error message will be returned for an unsuccessful credential request.
+	// +optional
+	Message *string
+}
+
+// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type TokenCredentialRequest struct {
+	metav1.TypeMeta
+	metav1.ObjectMeta
+
+	Spec   TokenCredentialRequestSpec
+	Status TokenCredentialRequestStatus
+}
+
+// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type TokenCredentialRequestList struct {
+	metav1.TypeMeta
+	metav1.ListMeta
+
+	// Items is a list of TokenCredentialRequest
+	Items []TokenCredentialRequest
+}

apis/concierge/login/v1alpha1/conversion.go.tmpl

@@ -0,0 +1,4 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1

apis/concierge/login/v1alpha1/defaults.go.tmpl

@@ -0,0 +1,12 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+func addDefaultingFuncs(scheme *runtime.Scheme) error {
+	return RegisterDefaults(scheme)
+}

apis/concierge/login/v1alpha1/doc.go.tmpl

@@ -0,0 +1,11 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +k8s:conversion-gen=go.pinniped.dev/GENERATED_PKG/apis/concierge/login
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=login.concierge.pinniped.dev
+
+// Package v1alpha1 is the v1alpha1 version of the Pinniped login API.
+package v1alpha1

apis/concierge/login/v1alpha1/register.go.tmpl

@@ -0,0 +1,43 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const GroupName = "login.concierge.pinniped.dev"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
+
+var (
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
+}
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&TokenCredentialRequest{},
+		&TokenCredentialRequestList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}

apis/concierge/login/v1alpha1/types_clustercred.go.tmpl

@@ -0,0 +1,22 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+// ClusterCredential is the cluster-specific credential returned on a successful credential request. It
+// contains either a valid bearer token or a valid TLS certificate and corresponding private key for the cluster.
+type ClusterCredential struct {
+	// ExpirationTimestamp indicates a time when the provided credentials expire.
+	ExpirationTimestamp metav1.Time `json:"expirationTimestamp,omitempty"`
+
+	// Token is a bearer token used by the client for request authentication.
+	Token string `json:"token,omitempty"`
+
+	// PEM-encoded client TLS certificates (including intermediates, if any).
+	ClientCertificateData string `json:"clientCertificateData,omitempty"`
+
+	// PEM-encoded private key for the above certificate.
+	ClientKeyData string `json:"clientKeyData,omitempty"`
+}

apis/concierge/login/v1alpha1/types_token.go.tmpl

@@ -0,0 +1,49 @@
+// Copyright 2020 the Pinniped contributors. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// TokenCredentialRequestSpec is the specification of a TokenCredentialRequest, expected on requests to the Pinniped API.
+type TokenCredentialRequestSpec struct {
+	// Bearer token supplied with the credential request.
+	Token string `json:"token,omitempty"`
+
+	// Reference to an identity provider which can fulfill this credential request.
+	IdentityProvider corev1.TypedLocalObjectReference `json:"identityProvider"`
+}
+
+// TokenCredentialRequestStatus is the status of a TokenCredentialRequest, returned on responses to the Pinniped API.
+type TokenCredentialRequestStatus struct {
+	// A Credential will be returned for a successful credential request.
+	// +optional
+	Credential *ClusterCredential `json:"credential,omitempty"`
+
+	// An error message will be returned for an unsuccessful credential request.
+	// +optional
+	Message *string `json:"message,omitempty"`
+}
+
+// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type TokenCredentialRequest struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TokenCredentialRequestSpec   `json:"spec,omitempty"`
+	Status TokenCredentialRequestStatus `json:"status,omitempty"`
+}
+
+// TokenCredentialRequestList is a list of TokenCredentialRequest objects.
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+type TokenCredentialRequestList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []TokenCredentialRequest `json:"items"`
+}