mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-02-02 11:02:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v0.21.0
Branches Tags
mirrors:main mirrors:dependabot/docker/dockerfiles/eks-deployer/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/eks-deployer/ci/amazon/aws-cli-2.33.12 mirrors:dependabot/docker/dockerfiles/crane/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/integration-test-runner-beta/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/deployment-yaml-formatter/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/integration-test-runner/ci/mikefarah/yq-4.52.2 mirrors:pinny/bump-deps mirrors:dependabot/docker/dockerfiles/k8s-app-deployer/ci/google/cloud-sdk-554.0.0-slim mirrors:dependabot/docker/dockerfiles/integration-test-runner-beta/ci/google/cloud-sdk-554.0.0-slim mirrors:dependabot/docker/dockerfiles/integration-test-runner/ci/google/cloud-sdk-554.0.0-slim mirrors:ci mirrors:jtc/freeze-k8s-utils mirrors:jtc/add-a-bunch-of-groups mirrors:poc/AuditEventFrom_replacement mirrors:jtc/bump-to-k8s-0-34-0 mirrors:move_ci mirrors:upgrade_linter_may_2025 mirrors:jtc/bump-to-k8s-1-32-libs mirrors:jtc/backfill-test mirrors:jtc/warn-when-tokens-are-large mirrors:jtc/externally-configured-serving-certs mirrors:jtc/use-soft-memory-limit-1103 mirrors:poc/session_length mirrors:jtc/propose-opt-out-of-self-signed-cas mirrors:poc/kube_csr_api mirrors:release-0.12 mirrors:poc/client-side-logout mirrors:release-0.4
mirrors:v0.44.0 mirrors:v0.43.0 mirrors:v0.42.0 mirrors:v0.41.0 mirrors:v0.40.0 mirrors:v0.39.0 mirrors:v0.38.0 mirrors:v0.37.0 mirrors:v0.36.0 mirrors:v0.35.0 mirrors:v0.34.0 mirrors:v0.33.0 mirrors:v0.32.0 mirrors:v0.31.0 mirrors:v0.30.0 mirrors:v0.29.0 mirrors:v0.28.0 mirrors:v0.27.0 mirrors:v0.26.0 mirrors:v0.25.0 mirrors:v0.24.0 mirrors:v0.23.0 mirrors:v0.22.0 mirrors:v0.21.0 mirrors:v0.20.0 mirrors:v0.19.0 mirrors:v0.18.0 mirrors:v0.17.0 mirrors:v0.16.0 mirrors:v0.15.0 mirrors:v0.12.1 mirrors:v0.14.0 mirrors:v0.13.0 mirrors:v0.12.0 mirrors:v0.11.0 mirrors:v0.10.0 mirrors:v0.4.4 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.4.3 mirrors:v0.8.0 mirrors:v0.4.2 mirrors:v0.7.0 mirrors:v0.6.0 mirrors:v0.5.0 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.0 mirrors:v0.2.0 mirrors:v0.1.0
..
compare: mirrors:v0.23.0
Branches Tags
mirrors:dependabot/docker/dockerfiles/eks-deployer/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/eks-deployer/ci/amazon/aws-cli-2.33.12 mirrors:dependabot/docker/dockerfiles/crane/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/integration-test-runner-beta/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/deployment-yaml-formatter/ci/mikefarah/yq-4.52.2 mirrors:dependabot/docker/dockerfiles/integration-test-runner/ci/mikefarah/yq-4.52.2 mirrors:main mirrors:pinny/bump-deps mirrors:dependabot/docker/dockerfiles/k8s-app-deployer/ci/google/cloud-sdk-554.0.0-slim mirrors:dependabot/docker/dockerfiles/integration-test-runner-beta/ci/google/cloud-sdk-554.0.0-slim mirrors:dependabot/docker/dockerfiles/integration-test-runner/ci/google/cloud-sdk-554.0.0-slim mirrors:ci mirrors:jtc/freeze-k8s-utils mirrors:jtc/add-a-bunch-of-groups mirrors:poc/AuditEventFrom_replacement mirrors:jtc/bump-to-k8s-0-34-0 mirrors:move_ci mirrors:upgrade_linter_may_2025 mirrors:jtc/bump-to-k8s-1-32-libs mirrors:jtc/backfill-test mirrors:jtc/warn-when-tokens-are-large mirrors:jtc/externally-configured-serving-certs mirrors:jtc/use-soft-memory-limit-1103 mirrors:poc/session_length mirrors:jtc/propose-opt-out-of-self-signed-cas mirrors:poc/kube_csr_api mirrors:release-0.12 mirrors:poc/client-side-logout mirrors:release-0.4
mirrors:v0.44.0 mirrors:v0.43.0 mirrors:v0.42.0 mirrors:v0.41.0 mirrors:v0.40.0 mirrors:v0.39.0 mirrors:v0.38.0 mirrors:v0.37.0 mirrors:v0.36.0 mirrors:v0.35.0 mirrors:v0.34.0 mirrors:v0.33.0 mirrors:v0.32.0 mirrors:v0.31.0 mirrors:v0.30.0 mirrors:v0.29.0 mirrors:v0.28.0 mirrors:v0.27.0 mirrors:v0.26.0 mirrors:v0.25.0 mirrors:v0.24.0 mirrors:v0.23.0 mirrors:v0.22.0 mirrors:v0.21.0 mirrors:v0.20.0 mirrors:v0.19.0 mirrors:v0.18.0 mirrors:v0.17.0 mirrors:v0.16.0 mirrors:v0.15.0 mirrors:v0.12.1 mirrors:v0.14.0 mirrors:v0.13.0 mirrors:v0.12.0 mirrors:v0.11.0 mirrors:v0.10.0 mirrors:v0.4.4 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.4.3 mirrors:v0.8.0 mirrors:v0.4.2 mirrors:v0.7.0 mirrors:v0.6.0 mirrors:v0.5.0 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.0 mirrors:v0.2.0 mirrors:v0.1.0

77 Commits
v0.21.0 ... v0.23.0

Author SHA1 Message Date
Ryan Richard
b4f5be1332 Merge pull request #1471 from vmware-tanzu/doc_updates 
Clarify audience value in Concierge-only auth doc, and other doc updates
 2023-04-04 08:34:45 -07:00
Ryan Richard
eb4254b1c2 Update team members on website 2023-04-03 16:54:10 -07:00
Ryan Richard
19b60fe563 Clarify audience value in Concierge-only auth doc, and other doc updates 
Also renamed a couple of integration test files to make their names
more clear.
 2023-04-03 16:54:10 -07:00
Ryan Richard
985260dcea Merge pull request #1470 from vmware-tanzu/fix_int_tests_for_1.27_prerelease 
Fix integration tests to pass with Kube 1.27/1.28 pre-release builds
 2023-04-03 15:21:02 -07:00
Ryan Richard
7cd16b179c Fix integration tests to pass with Kube 1.27/1.28 pre-release builds 
Fix test failures that occurred in the k8s-main integration test CI job
when using Kube 1.27 and 1.28 pre-release builds.
 2023-04-03 14:16:47 -07:00
Ben Petersen
64263fdb0a Merge pull request #1469 from vmware-tanzu/fix_typo_for_go1.19 
Fix typo that prevented compiling with Go 1.19
 2023-04-03 16:38:59 -04:00
Ryan Richard
a04129548f Increase some test timeouts that failed once on Kind jobs in CI 2023-04-03 11:46:11 -07:00
Ryan Richard
f7fac330f5 Fix typo that prevented compiling with Go 1.19 2023-04-03 11:46:11 -07:00
Ryan Richard
6ae3c0a9c3 Merge pull request #1453 from jamieklassen/patch-1 
use apiGroup without version in webapp auth howto
 2023-04-03 11:08:20 -07:00
Joshua Casey
84e2f27249 Merge pull request #1468 from vmware-tanzu/update_logr_dep 
Upgrade dep github.com/go-logr/logr@v1.2.3 to v1.2.4
 2023-03-31 13:38:10 -05:00
Ryan Richard
f99ca61bba Upgrade dep github.com/go-logr/logr@v1.2.3 to v1.2.4 2023-03-31 10:23:58 -07:00
Joshua Casey
7d394658cc Merge pull request #1466 from vmware-tanzu/get_kubeconfig_discover_username_group_scopes 
`pinniped get kubeconfig` discovers support for username/groups scopes
 2023-03-30 14:47:56 -05:00
Ryan Richard
d659b90e19 pinniped get kubeconfig discovers support for username/groups scopes 2023-03-30 11:52:53 -07:00
Joshua Casey
bd56eebb8a Merge pull request #1465 from vmware-tanzu/jtc/bump-deps 
Bump dependencies to latest
 2023-03-29 10:56:22 -05:00
Ryan Richard
2ba378904d Bump dependencies to latest 
Signed-off-by: Joshua T Casey <caseyj@vmware.com>
 2023-03-28 15:15:27 -05:00
Joshua Casey
1ebc8e8b2e Merge pull request #1463 from vmware-tanzu/jtc/bump-deps 
Bump Dependencies
 2023-03-20 21:06:06 -05:00
Joshua Casey
1699a9995e Update generated K8s API files 2023-03-20 18:44:48 -05:00
Joshua Casey
255f51f75b Bump all golang dependencies 2023-03-20 14:31:59 -05:00
Joshua Casey
5928e05d9e Merge pull request #1436 from vmware-tanzu/jtc/bump-deps 
Bump k8s.io dependencies, and add support for Go1.20 TLS error messages
 2023-03-16 16:01:28 -05:00
Joshua Casey
fc0f9d959a Bump golangci-lint to 1.51.2 and fix lint issues 2023-03-16 14:55:37 -05:00
Jamie Klassen
6ee05611a1 use apiGroup without version in webapp auth howto 2023-03-16 15:51:17 -04:00
Joshua Casey
a783a5d6b2 Bump to golang 1.20.2 2023-03-16 09:42:15 -05:00
Joshua Casey
72d537f8b4 Bump all golang deps 2023-03-16 09:42:15 -05:00
Joshua Casey
1c8ab72f4f Update test asserts for Golang 1.19 and 1.20 TLS error messages 2023-03-07 12:25:10 -06:00
Joshua Casey
daf4be03ce Update generated kubernetes API files 2023-03-05 22:12:54 -06:00
Joshua Casey
7d48fad385 Bump k8s.io deps to 0.26.2 2023-03-05 22:12:54 -06:00
Joshua Casey
0aa4892353 Merge pull request #1435 from vmware-tanzu/jtc/add-update-go-mod 
Add helper script to give you all the commands to update all go mod dependencies
 2023-03-05 22:11:43 -06:00
Joshua Casey
947b4fd579 Add helper script to give you all the commands to update all go mod dependencies 2023-03-02 08:47:57 -06:00
Joshua Casey
205559b4f3 Merge pull request #1420 from vmware-tanzu/jtc/bump-deps 
Bump all direct go dependencies, and use go 1.20.1 in the Docker images
 2023-03-01 16:14:59 -06:00
Joshua Casey
2bd24f674a Bump golang in Dockerfiles to 1.20.1 2023-02-27 14:16:49 -06:00
Joshua Casey
8b8af49651 Bump all direct go dependencies 2023-02-27 14:16:49 -06:00
Ryan Richard
60d12d88ac Merge pull request #1387 from vmware-tanzu/jtc/bump-to-golang-1.19-semantics 
Bump to golang 1.18 semantics
 2023-01-31 10:23:24 -08:00
Joshua Casey
77041760cc Ignore lint issues for deprecated Pool.Subjects() 
- 4aa1efed48/src/crypto/x509/cert_pool.go (L243-L244)
 2023-01-31 10:10:44 -06:00
Joshua Casey
b9c8e359ab Use sync/atomic instead of go.uber.org/atomic 2023-01-31 10:10:44 -06:00
Joshua Casey
24cf7c5bcd Remove internal/psets in favor of k8s.io/apimachinery/pkg/util/sets 2023-01-31 10:10:44 -06:00
Joshua Casey
0d4a4fd2bf Bump to go 1.18 semantics 2023-01-31 10:09:55 -06:00
Joshua Casey
d0784eaed2 Merge pull request #1395 from vmware-tanzu/cli_help_messages 
Unhide login subcommand and improve several command help messages
 2023-01-29 21:16:59 -06:00
Ryan Richard
2d3e53e6ac Increase timeouts in supervisor_oidcclientsecret_test.go 
They were too short after enabling the race detector for integration
tests in CI.
 2023-01-27 14:23:04 -08:00
Ryan Richard
7a74ca9f57 Unhide login subcommand and improve several command help messages 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-27 13:34:04 -08:00
Joshua Casey
d9e79eac9d Merge pull request #1391 from vmware-tanzu/dependabot/go_modules/k8s.io/klog/v2-2.90.0 
Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0
 2023-01-27 10:36:19 -06:00
Joshua Casey
adcfedff68 Merge pull request #1394 from vmware-tanzu/jtc/add-no-cookie-banner-183755195 
Website now displays that it does not use cookies
 2023-01-27 10:35:14 -06:00
Joshua Casey
6d39b81b8f Website now displays that it does not use cookies. 
[#183755195]

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-01-26 17:09:57 -06:00
dependabot[bot]
efeb9a9de0 Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.80.1 to 2.90.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.80.1...v2.90.0)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 09:02:36 -06:00
Joshua Casey
d2afdfaf9a Merge pull request #1389 from vmware-tanzu/error_assertions 
Accept both old and new cert error strings on MacOS in test assertions
 2023-01-24 15:06:40 -06:00
Ryan Richard
bd9d6fab27 Merge branch 'main' into error_assertions 2023-01-24 09:34:19 -08:00
Joshua Casey
5756c56497 Merge pull request #1388 from vmware-tanzu/jtc/add-presentation-to-website-183914671 
Add 'Sharing is NOT Caring video presentation to website'
 2023-01-22 18:04:13 -06:00
Ryan Richard
c6e4133c5e Accept both old and new cert error strings on MacOS in test assertions 
Used this as an opportunity to refactor how some tests were
making assertions about error strings.

New test helpers make it easy for an error string to be expected as an
exact string, as a string built using sprintf, as a regexp, or as a
string built to include the platform-specific x509 error string.

All of these helpers can be used in a single `wantErr` field of a test
table. They can be used for both unit tests and integration tests.

Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-20 15:01:36 -08:00
Joshua Casey
5005f94ebb Standardize video resource attribution and dates 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-01-20 12:14:00 -06:00
Joshua Casey
15d700a41c Add video to website resources - 'Sharing is NOT Caring' 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-01-20 12:13:54 -06:00
Pinny
044cbd0325 Updated versions in docs for v0.22.0 release 2023-01-20 05:17:45 +00:00
Ryan Richard
e6a18978d1 Merge pull request #1385 from vmware-tanzu/update_kube_deps_0.26.1 
Update Kube deps to 0.26.1
 2023-01-19 15:48:41 -08:00
Ryan Richard
14858a6db3 Increase lint timeout to 20m for CI 2023-01-19 14:41:42 -08:00
Ryan Richard
8cad5ea3c9 Update Kube deps to 0.26.1 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-19 14:03:37 -08:00
Ryan Richard
0ffd01d993 Merge pull request #1372 from vmware-tanzu/jtc/support-k8s-0.26-and-bump-generated-code 
bump k8s deps to 0.26 and bump generated code to include 1.26
 2023-01-19 13:47:12 -08:00
Ryan Richard
23f6dd44a0 Use Go 1.19 for fips builds 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-18 16:00:16 -08:00
Ryan Richard
7ff3b3d9cb Code changes to support Kube 0.26 deps 2023-01-18 14:39:22 -08:00
Joshua Casey
a430f4b730 Bump K8s deps to 0.26 and add codegen for 0.26 2023-01-18 13:41:06 -08:00
Joshua Casey
585adc96d8 Bump generated files for K8s 1.22, 1.23, 1.24, 1.25 2023-01-18 13:38:36 -08:00
Ryan Richard
3b46547efc add hack/update-copyright-year.sh 2023-01-18 13:36:23 -08:00
Ryan Richard
53f56f328b Merge pull request #1371 from vmware-tanzu/jtc/bump-deps-except-k8s 
Bump Golang and Deps (except K8s)
 2023-01-18 09:19:27 -08:00
Ryan Richard
9aafff78f1 bump two more direct deps 2023-01-18 08:26:55 -08:00
Joshua Casey
a49e48c6f7 Bump FIPS Golang to 1.18.10b7 
Resolves #1367
 2023-01-17 21:20:50 -06:00
Joshua Casey
6926c1ab64 Bump Golang to 1.19.5 
Resolves #1368
 2023-01-17 21:20:37 -06:00
Joshua Casey
f9e2212882 Bump all deps except K8s 
Resolves:
- #1360
- #1361
- #1362
- #1363
- #1364
- #1365
 2023-01-17 21:11:39 -06:00
Joshua Casey
95d35a174d Merge pull request #1294 from vmware-tanzu/additional_claim_mapping 
Add `spec.claims.additionalClaimMappings` to OIDCIdentityProvider
 2023-01-17 20:48:58 -06:00
Ryan Richard
2f9b8b105d update copyright to 2023 in files changed by this PR 2023-01-17 15:54:16 -08:00
Ryan Richard
3d20fa79a7 Two more integration tests for additionalClaimMappings 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-17 15:36:39 -08:00
Ryan Richard
74c3156059 Assert more cluster-scoped ID token claims in supervisor_login_test.go 2023-01-17 13:10:51 -08:00
Joshua Casey
6156fdf175 Expect complex subclaims of additionalClaims to have type interface{} 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2023-01-17 13:27:40 -06:00
Joshua Casey
f494c61790 additionalClaims claim should not be present when no sub claims are expected 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-17 11:58:08 -06:00
Ryan Richard
2633d72ce2 Change some test variable names related to additional claims 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-13 14:59:59 -08:00
Joshua Casey
a94bbe70c7 Add integration test to verify that additionalClaims are present in an ID Token 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-13 14:59:59 -08:00
Joshua Casey
9acc456fd7 Update token_handler_test to check additionalClaims for bools, numbers, and slices 
Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
Co-authored-by: Benjamin A. Petersen <ben@benjaminapetersen.me>
 2023-01-13 14:59:59 -08:00
Ryan Richard
8ff6ef32e9 Allow additional claims to map into an ID token issued by the supervisor 
- Specify mappings on OIDCIdentityProvider.spec.claims.additionalClaimMappings
- Advertise additionalClaims in the OIDC discovery endpoint under claims_supported

Co-authored-by: Ryan Richard <richardry@vmware.com>
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-13 14:59:50 -08:00
Joshua Casey
f4c9202f49 Merge pull request #1369 from vmware-tanzu/kube_cert_agent_reduce_memory 
Reduce memory consumption of pinniped-concierge-kube-cert-agent binary
 2023-01-13 14:26:39 -06:00
Ryan Richard
bc7ffd37a6 Reduce memory consumption of pinniped-concierge-kube-cert-agent binary 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2023-01-13 11:07:42 -08:00
Pinny
f691baec74 Updated versions in docs for v0.21.0 release 2022-12-21 13:12:06 +00:00
1583 changed files with 39178 additions and 2408 deletions
Expand all files Collapse all files

6
.github/dependabot.yml vendored
View File

@@ -8,6 +8,12 @@ updates:
schedule:
interval: "daily"
- package-ecosystem: "gomod"
open-pull-requests-limit: 2
directory: "/hack/update-go-mod"
schedule:
interval: "daily"
- package-ecosystem: "docker"
directory: "/"
schedule:

4
Dockerfile
View File

@@ -1,9 +1,9 @@
# syntax=docker/dockerfile:1
# Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
# Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
FROM golang:1.19.4 as build-env
FROM golang:1.20.2 as build-env
WORKDIR /work
COPY . .

6
MAINTAINERS.md
View File

@@ -16,9 +16,3 @@
| Matt Moyer | [mattmoyer](https://github.com/mattmoyer) |
| Mo Khan | [enj](https://github.com/enj) |
| Pablo Schuhmacher | [pabloschuhmacher](https://github.com/pabloschuhmacher) |
## Pinniped Community Management
| Community Manager | GitHub ID |
|-------------------|---------------------------------------|
| Nigel Brown | [pnbrown](https://github.com/pnbrown) |

13
apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go.tmpl
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
@@ -138,6 +138,17 @@ type OIDCClaims struct {
// the ID token.
// +optional
Username string `json:"username"`
// AdditionalClaimMappings allows for additional arbitrary upstream claim values to be mapped into the
// "additionalClaims" claim of the ID tokens generated by the Supervisor. This should be specified as a map of
// new claim names as the keys, and upstream claim names as the values. These new claim names will be nested
// under the top-level "additionalClaims" claim in ID tokens generated by the Supervisor when this
// OIDCIdentityProvider was used for user authentication. These claims will be made available to all clients.
// This feature is not required to use the Supervisor to provide authentication for Kubernetes clusters, but can be
// used when using the Supervisor for other authentication purposes. When this map is empty or the upstream claims
// are not available, the "additionalClaims" claim will be excluded from the ID tokens generated by the Supervisor.
// +optional
AdditionalClaimMappings map[string]string `json:"additionalClaimMappings,omitempty"`
}
// OIDCClient contains information about an OIDC client (e.g., client ID and client

6
apis/supervisor/oidc/types_supervisor_oidc.go.tmpl
View File

@@ -1,4 +1,4 @@
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package oidc
@@ -40,6 +40,10 @@ const (
// group names which were mapped from the upstream identity provider.
IDTokenClaimGroups = "groups"
// IDTokenClaimAdditionalClaims is the top level claim used to hold additional claims in the downstream ID
// token, if any claims are present.
IDTokenClaimAdditionalClaims = "additionalClaims"
// GrantTypeAuthorizationCode is the name of the grant type for authorization code flows defined by the OIDC spec.
GrantTypeAuthorizationCode = "authorization_code"

21
cmd/pinniped-concierge-kube-cert-agent/main.go
View File

@@ -1,4 +1,4 @@
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package main is the combined entrypoint for the Pinniped "kube-cert-agent" component.
@@ -13,8 +13,23 @@ import (
"os"
"time"
// this side effect import ensures that we use fipsonly crypto in fips_strict mode.
_ "go.pinniped.dev/internal/crypto/ptls"
// This side effect import ensures that we use fipsonly crypto during TLS in fips_strict mode.
//
// Commenting this out because it causes the runtime memory consumption of this binary to increase
// from ~1 MB to ~8 MB (as measured when running the sleep subcommand). This binary does not use TLS,
// so it should not be needed. If this binary is ever changed to make use of TLS client and/or server
// code, then we should bring this import back to support the use of the ptls library for client and
// server code, and we should also increase the memory limits on the kube cert agent deployment (as
// decided by the kube cert agent controller in the Concierge).
//
//nolint:godot // This is not sentence, it is a commented out line of import code.
// _ "go.pinniped.dev/internal/crypto/ptls"
// This side effect imports cgo so that runtime/cgo gets linked, when in fips_strict mode.
// Without this line, the binary will exit 133 upon startup in fips_strict mode.
// It also enables fipsonly tls mode, just to be absolutely sure that the fips code is enabled,
// even though it shouldn't be used currently by this binary.
_ "go.pinniped.dev/internal/crypto/fips"
)
//nolint:gochecknoglobals // these are swapped during unit tests.

4
cmd/pinniped-server/main.go
View File

@@ -1,4 +1,4 @@
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Package main is the combined entrypoint for all Pinniped server components.
@@ -14,8 +14,8 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
// this side effect import ensures that we use fipsonly crypto in fips_strict mode.
concierge "go.pinniped.dev/internal/concierge/server"
// this side effect import ensures that we use fipsonly crypto in fips_strict mode.
_ "go.pinniped.dev/internal/crypto/ptls"
lua "go.pinniped.dev/internal/localuserauthenticator"
"go.pinniped.dev/internal/plog"

22
cmd/pinniped/cmd/alpha.go
View File

@@ -1,22 +0,0 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
import (
"github.com/spf13/cobra"
)
//nolint:gochecknoglobals
var alphaCmd = &cobra.Command{
Use: "alpha",
Short: "alpha",
Long: "alpha subcommands (syntax or flags are still subject to change)",
SilenceUsage: true, // do not print usage message when commands fail
Hidden: true,
}
//nolint:gochecknoinits
func init() {
rootCmd.AddCommand(alphaCmd)
}

4
cmd/pinniped/cmd/generate_markdown_help.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -24,7 +24,7 @@ func generateMarkdownHelpCommand() *cobra.Command {
Args: cobra.NoArgs,
Use: "generate-markdown-help",
Short: "Generate markdown help for the current set of non-hidden CLI commands",
SilenceUsage: true,
SilenceUsage: true, // do not print usage message when commands fail
Hidden: true,
RunE: runGenerateMarkdownHelp,
}

8
cmd/pinniped/cmd/get.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -8,7 +8,11 @@ import (
)
//nolint:gochecknoglobals
var getCmd = &cobra.Command{Use: "get", Short: "get"}
var getCmd = &cobra.Command{
Use: "get",
Short: "Gets one of [kubeconfig]",
SilenceUsage: true, // Do not print usage message when commands fail.
}
//nolint:gochecknoinits
func init() {

98
cmd/pinniped/cmd/kubeconfig.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -23,6 +23,7 @@ import (
_ "k8s.io/client-go/plugin/pkg/client/auth" // Adds handlers for various dynamic auth plugins in client-go
"k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"k8s.io/utils/strings/slices"
conciergev1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/authentication/v1alpha1"
configv1alpha1 "go.pinniped.dev/generated/latest/apis/concierge/config/v1alpha1"
@@ -97,13 +98,18 @@ type getKubeconfigParams struct {
installHint string
}
type discoveryResponseScopesSupported struct {
// Same as ScopesSupported in the Supervisor's discovery handler's struct.
ScopesSupported []string `json:"scopes_supported"`
}
func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
var (
cmd = &cobra.Command{
Args: cobra.NoArgs,
Use: "kubeconfig",
Short: "Generate a Pinniped-based kubeconfig for a cluster",
SilenceUsage: true,
SilenceUsage: true, // do not print usage message when commands fail
}
flags getKubeconfigParams
namespace string // unused now
@@ -232,11 +238,9 @@ func runGetKubeconfig(ctx context.Context, out io.Writer, deps kubeconfigDeps, f
cluster.CertificateAuthorityData = flags.concierge.caBundle
}
// If there is an issuer, and if any upstream IDP flags are not already set, then try to discover Supervisor upstream IDP details.
// When all the upstream IDP flags are set by the user, then skip discovery and don't validate their input. Maybe they know something
// that we can't know, like the name of an IDP that they are going to define in the future.
if len(flags.oidc.issuer) > 0 && (flags.oidc.upstreamIDPType == "" || flags.oidc.upstreamIDPName == "" || flags.oidc.upstreamIDPFlow == "") {
if err := discoverSupervisorUpstreamIDP(ctx, &flags, deps.log); err != nil {
if len(flags.oidc.issuer) > 0 {
err = pinnipedSupervisorDiscovery(ctx, &flags, deps.log)
if err != nil {
return err
}
}
@@ -720,6 +724,7 @@ func validateKubeconfig(ctx context.Context, flags getKubeconfigParams, kubeconf
func countCACerts(pemData []byte) int {
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(pemData)
//nolint:staticcheck // since we're not using .Subjects() to access the system pool
return len(pool.Subjects())
}
@@ -732,21 +737,75 @@ func hasPendingStrategy(credentialIssuer *configv1alpha1.CredentialIssuer) bool
return false
}
func discoverSupervisorUpstreamIDP(ctx context.Context, flags *getKubeconfigParams, log plog.MinLogger) error {
httpClient, err := newDiscoveryHTTPClient(flags.oidc.caBundle)
func pinnipedSupervisorDiscovery(ctx context.Context, flags *getKubeconfigParams, log plog.MinLogger) error {
// Make a client suitable for calling the provider, which may or may not be a Pinniped Supervisor.
oidcProviderHTTPClient, err := newDiscoveryHTTPClient(flags.oidc.caBundle)
if err != nil {
return err
}
pinnipedIDPsEndpoint, err := discoverIDPsDiscoveryEndpointURL(ctx, flags.oidc.issuer, httpClient)
// Call the provider's discovery endpoint, but don't parse the results yet.
discoveredProvider, err := discoverOIDCProvider(ctx, flags.oidc.issuer, oidcProviderHTTPClient)
if err != nil {
return err
}
// Parse the discovery response to find the Supervisor IDP discovery endpoint.
pinnipedIDPsEndpoint, err := discoverIDPsDiscoveryEndpointURL(discoveredProvider)
if err != nil {
return err
}
if pinnipedIDPsEndpoint == "" {
// The issuer is not advertising itself as a Pinniped Supervisor which supports upstream IDP discovery.
// Since this field is not present, then assume that the provider is not a Pinniped Supervisor. This field
// was added to the discovery response in v0.9.0, which is so long ago that we can assume there are no such
// old Supervisors in the wild which need to work with this CLI command anymore. Since the issuer is not a
// Supervisor, then there is no need to do the rest of the Supervisor-specific business logic below related
// to username/groups scopes or IDP types/names/flows.
return nil
}
// Now that we know that the provider is a Supervisor, perform an additional check based on its response.
// The username and groups scopes were added to the Supervisor in v0.20.0, and were also added to the
// "scopes_supported" field in the discovery response in that same version. If this CLI command is talking
// to an older Supervisor, then remove the username and groups scopes from the list of requested scopes
// since they will certainly cause an error from the old Supervisor during authentication.
supervisorSupportsBothUsernameAndGroupsScopes, err := discoverScopesSupportedIncludesBothUsernameAndGroups(discoveredProvider)
if err != nil {
return err
}
if !supervisorSupportsBothUsernameAndGroupsScopes {
flags.oidc.scopes = slices.Filter(nil, flags.oidc.scopes, func(scope string) bool {
if scope == oidcapi.ScopeUsername || scope == oidcapi.ScopeGroups {
log.Info("removed scope from --oidc-scopes list because it is not supported by this Supervisor", "scope", scope)
return false // Remove username and groups scopes if there were present in the flags.
}
return true // Keep any other scopes in the flag list.
})
}
// If any upstream IDP flags are not already set, then try to discover Supervisor upstream IDP details.
// When all the upstream IDP flags are set by the user, then skip discovery and don't validate their input.
// Maybe they know something that we can't know, like the name of an IDP that they are going to define in the
// future.
if flags.oidc.upstreamIDPType == "" || flags.oidc.upstreamIDPName == "" || flags.oidc.upstreamIDPFlow == "" {
if err := discoverSupervisorUpstreamIDP(ctx, pinnipedIDPsEndpoint, oidcProviderHTTPClient, flags, log); err != nil {
return err
}
}
return nil
}
func discoverOIDCProvider(ctx context.Context, issuer string, httpClient *http.Client) (*coreosoidc.Provider, error) {
discoveredProvider, err := coreosoidc.NewProvider(coreosoidc.ClientContext(ctx, httpClient), issuer)
if err != nil {
return nil, fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err)
}
return discoveredProvider, nil
}
func discoverSupervisorUpstreamIDP(ctx context.Context, pinnipedIDPsEndpoint string, httpClient *http.Client, flags *getKubeconfigParams, log plog.MinLogger) error {
discoveredUpstreamIDPs, err := discoverAllAvailableSupervisorUpstreamIDPs(ctx, pinnipedIDPsEndpoint, httpClient)
if err != nil {
return err
@@ -786,21 +845,24 @@ func newDiscoveryHTTPClient(caBundleFlag caBundleFlag) (*http.Client, error) {
return phttp.Default(rootCAs), nil
}
func discoverIDPsDiscoveryEndpointURL(ctx context.Context, issuer string, httpClient *http.Client) (string, error) {
discoveredProvider, err := coreosoidc.NewProvider(coreosoidc.ClientContext(ctx, httpClient), issuer)
if err != nil {
return "", fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err)
}
func discoverIDPsDiscoveryEndpointURL(discoveredProvider *coreosoidc.Provider) (string, error) {
var body idpdiscoveryv1alpha1.OIDCDiscoveryResponse
err = discoveredProvider.Claims(&body)
err := discoveredProvider.Claims(&body)
if err != nil {
return "", fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err)
}
return body.SupervisorDiscovery.PinnipedIDPsEndpoint, nil
}
func discoverScopesSupportedIncludesBothUsernameAndGroups(discoveredProvider *coreosoidc.Provider) (bool, error) {
var body discoveryResponseScopesSupported
err := discoveredProvider.Claims(&body)
if err != nil {
return false, fmt.Errorf("while fetching OIDC discovery data from issuer: %w", err)
}
return slices.Contains(body.ScopesSupported, oidcapi.ScopeUsername) && slices.Contains(body.ScopesSupported, oidcapi.ScopeGroups), nil
}
func discoverAllAvailableSupervisorUpstreamIDPs(ctx context.Context, pinnipedIDPsEndpoint string, httpClient *http.Client) ([]idpdiscoveryv1alpha1.PinnipedIDP, error) {
request, err := http.NewRequestWithContext(ctx, http.MethodGet, pinnipedIDPsEndpoint, nil)
if err != nil {

717
cmd/pinniped/cmd/kubeconfig_test.go
View File

File diff suppressed because it is too large Load Diff

22
cmd/pinniped/cmd/login.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -7,15 +7,27 @@ import (
"github.com/spf13/cobra"
clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
"k8s.io/client-go/tools/auth/exec"
"go.pinniped.dev/internal/here"
)
//nolint:gochecknoglobals
var loginCmd = &cobra.Command{
Use: "login",
Short: "login",
Long: "Login to a Pinniped server",
Use: "login",
Short: "Authenticates with one of [oidc, static]",
Long: here.Doc(
`Authenticates with one of [oidc, static]
Use "pinniped get kubeconfig" to generate a kubeconfig file which will include
one of these login subcommands in its configuration. The oidc and static
subcommands are not meant to be invoked directly by a user.
The oidc and static subcommands are Kubernetes client-go credential plugins
which are meant to be configured inside a kubeconfig file. (See the Kubernetes
authentication documentation for more information about client-go credential
plugins.)`,
),
SilenceUsage: true, // Do not print usage message when commands fail.
Hidden: true, // These commands are not really meant to be used directly by users, so it's confusing to have them discoverable.
}
//nolint:gochecknoinits

22
cmd/pinniped/cmd/login_oidc.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -23,6 +23,7 @@ import (
oidcapi "go.pinniped.dev/generated/latest/apis/supervisor/oidc"
"go.pinniped.dev/internal/execcredcache"
"go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/net/phttp"
"go.pinniped.dev/internal/plog"
"go.pinniped.dev/pkg/conciergeclient"
@@ -88,10 +89,21 @@ type oidcLoginFlags struct {
func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command {
var (
cmd = &cobra.Command{
Args: cobra.NoArgs,
Use: "oidc --issuer ISSUER",
Short: "Login using an OpenID Connect provider",
SilenceUsage: true,
Args: cobra.NoArgs,
Use: "oidc --issuer ISSUER",
Short: "Login using an OpenID Connect provider",
Long: here.Doc(
`Login using an OpenID Connect provider
Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this
login command in its configuration. This login command is not meant to be
invoked directly by a user.
This login command is a Kubernetes client-go credential plugin which is meant to
be configured inside a kubeconfig file. (See the Kubernetes authentication
documentation for more information about client-go credential plugins.)`,
),
SilenceUsage: true, // do not print usage message when commands fail
}
flags oidcLoginFlags
conciergeNamespace string // unused now

22
cmd/pinniped/cmd/login_oidc_test.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -62,6 +62,14 @@ func TestLoginOIDCCommand(t *testing.T) {
wantStdout: here.Doc(`
Login using an OpenID Connect provider
Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this
login command in its configuration. This login command is not meant to be
invoked directly by a user.
This login command is a Kubernetes client-go credential plugin which is meant to
be configured inside a kubeconfig file. (See the Kubernetes authentication
documentation for more information about client-go credential plugins.)
Usage:
oidc --issuer ISSUER [flags]
@@ -483,8 +491,8 @@ func TestLoginOIDCCommand(t *testing.T) {
wantOptionsCount: 4,
wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"expirationTimestamp":"3020-10-12T13:14:15Z","token":"test-id-token"}}` + "\n",
wantLogs: []string{
nowStr + ` pinniped-login cmd/login_oidc.go:231 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`,
nowStr + ` pinniped-login cmd/login_oidc.go:251 No concierge configured, skipping token credential exchange`,
nowStr + ` pinniped-login cmd/login_oidc.go:243 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`,
nowStr + ` pinniped-login cmd/login_oidc.go:263 No concierge configured, skipping token credential exchange`,
},
},
{
@@ -513,10 +521,10 @@ func TestLoginOIDCCommand(t *testing.T) {
wantOptionsCount: 11,
wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"token":"exchanged-token"}}` + "\n",
wantLogs: []string{
nowStr + ` pinniped-login cmd/login_oidc.go:231 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`,
nowStr + ` pinniped-login cmd/login_oidc.go:241 Exchanging token for cluster credential {"endpoint": "https://127.0.0.1:1234/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`,
nowStr + ` pinniped-login cmd/login_oidc.go:249 Successfully exchanged token for cluster credential.`,
nowStr + ` pinniped-login cmd/login_oidc.go:256 caching cluster credential for future use.`,
nowStr + ` pinniped-login cmd/login_oidc.go:243 Performing OIDC login {"issuer": "test-issuer", "client id": "test-client-id"}`,
nowStr + ` pinniped-login cmd/login_oidc.go:253 Exchanging token for cluster credential {"endpoint": "https://127.0.0.1:1234/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`,
nowStr + ` pinniped-login cmd/login_oidc.go:261 Successfully exchanged token for cluster credential.`,
nowStr + ` pinniped-login cmd/login_oidc.go:268 caching cluster credential for future use.`,
},
},
}

22
cmd/pinniped/cmd/login_static.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -16,6 +16,7 @@ import (
"go.pinniped.dev/internal/execcredcache"
"go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/plog"
"go.pinniped.dev/pkg/conciergeclient"
"go.pinniped.dev/pkg/oidcclient/oidctypes"
@@ -55,10 +56,21 @@ type staticLoginParams struct {
func staticLoginCommand(deps staticLoginDeps) *cobra.Command {
var (
cmd = &cobra.Command{
Args: cobra.NoArgs,
Use: "static [--token TOKEN] [--token-env TOKEN_NAME]",
Short: "Login using a static token",
SilenceUsage: true,
Args: cobra.NoArgs,
Use: "static [--token TOKEN] [--token-env TOKEN_NAME]",
Short: "Login using a static token",
Long: here.Doc(
`Login using a static token
Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this
login command in its configuration. This login command is not meant to be
invoked directly by a user.
This login command is a Kubernetes client-go credential plugin which is meant to
be configured inside a kubeconfig file. (See the Kubernetes authentication
documentation for more information about client-go credential plugins.)`,
),
SilenceUsage: true, // do not print usage message when commands fail
}
flags staticLoginParams
conciergeNamespace string // unused now

12
cmd/pinniped/cmd/login_static_test.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -56,6 +56,14 @@ func TestLoginStaticCommand(t *testing.T) {
wantStdout: here.Doc(`
Login using a static token
Use "pinniped get kubeconfig" to generate a kubeconfig file which includes this
login command in its configuration. This login command is not meant to be
invoked directly by a user.
This login command is a Kubernetes client-go credential plugin which is meant to
be configured inside a kubeconfig file. (See the Kubernetes authentication
documentation for more information about client-go credential plugins.)
Usage:
static [--token TOKEN] [--token-env TOKEN_NAME] [flags]
@@ -140,7 +148,7 @@ func TestLoginStaticCommand(t *testing.T) {
Error: could not complete Concierge credential exchange: some concierge error
`),
wantLogs: []string{
nowStr + ` pinniped-login cmd/login_static.go:147 exchanging static token for cluster credential {"endpoint": "https://127.0.0.1/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`,
nowStr + ` pinniped-login cmd/login_static.go:159 exchanging static token for cluster credential {"endpoint": "https://127.0.0.1/", "authenticator type": "webhook", "authenticator name": "test-authenticator"}`,
},
},
{

12
cmd/pinniped/cmd/root.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -8,14 +8,18 @@ import (
"github.com/spf13/cobra"
"go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/plog"
)
//nolint:gochecknoglobals
var rootCmd = &cobra.Command{
Use: "pinniped",
Short: "pinniped",
Long: "pinniped is the client-side binary for use with Pinniped-enabled Kubernetes clusters.",
Use: "pinniped",
Long: here.Doc(
`The Pinniped CLI is the client-side binary for use with Pinniped-enabled Kubernetes clusters
Find more information at: https://pinniped.dev`,
),
SilenceUsage: true, // do not print usage message when commands fail
}

4
cmd/pinniped/cmd/whoami.go
View File

@@ -1,4 +1,4 @@
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -48,7 +48,7 @@ func newWhoamiCommand(getClientset getConciergeClientsetFunc) *cobra.Command {
Args: cobra.NoArgs, // do not accept positional arguments for this command
Use: "whoami",
Short: "Print information about the current user",
SilenceUsage: true,
SilenceUsage: true, // do not print usage message when commands fail
}
flags := &whoamiFlags{}

18
deploy/supervisor/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml
View File

@@ -185,6 +185,24 @@ spec:
description: Claims provides the names of token claims that will be
used when inspecting an identity from this OIDC identity provider.
properties:
additionalClaimMappings:
additionalProperties:
type: string
description: AdditionalClaimMappings allows for additional arbitrary
upstream claim values to be mapped into the "additionalClaims"
claim of the ID tokens generated by the Supervisor. This should
be specified as a map of new claim names as the keys, and upstream
claim names as the values. These new claim names will be nested
under the top-level "additionalClaims" claim in ID tokens generated
by the Supervisor when this OIDCIdentityProvider was used for
user authentication. These claims will be made available to
all clients. This feature is not required to use the Supervisor
to provide authentication for Kubernetes clusters, but can be
used when using the Supervisor for other authentication purposes.
When this map is empty or the upstream claims are not available,
the "additionalClaims" claim will be excluded from the ID tokens
generated by the Supervisor.
type: object
groups:
description: Groups provides the name of the ID token claim or
userinfo endpoint response claim that will be used to ascertain

1
generated/1.17/README.adoc generated
View File

@@ -1391,6 +1391,7 @@ OIDCClaims provides a mapping from upstream claims into identities.
| Field | Description
| *`groups`* __string__ | Groups provides the name of the ID token claim or userinfo endpoint response claim that will be used to ascertain the groups to which an identity belongs. By default, the identities will not include any group memberships when this setting is not configured.
| *`username`* __string__ | Username provides the name of the ID token claim or userinfo endpoint response claim that will be used to ascertain an identity's username. When not set, the username will be an automatically constructed unique string which will include the issuer URL of your OIDC provider along with the value of the "sub" (subject) claim from the ID token.
| *`additionalClaimMappings`* __object (keys:string, values:string)__ | AdditionalClaimMappings allows for additional arbitrary upstream claim values to be mapped into the "additionalClaims" claim of the ID tokens generated by the Supervisor. This should be specified as a map of new claim names as the keys, and upstream claim names as the values. These new claim names will be nested under the top-level "additionalClaims" claim in ID tokens generated by the Supervisor when this OIDCIdentityProvider was used for user authentication. These claims will be made available to all clients. This feature is not required to use the Supervisor to provide authentication for Kubernetes clusters, but can be used when using the Supervisor for other authentication purposes. When this map is empty or the upstream claims are not available, the "additionalClaims" claim will be excluded from the ID tokens generated by the Supervisor.
|===

2
generated/1.17/apis/concierge/authentication/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/config/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.conversion.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by conversion-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/identity/v1alpha1/zz_generated.defaults.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by defaulter-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/identity/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/login/v1alpha1/zz_generated.conversion.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by conversion-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/login/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/login/v1alpha1/zz_generated.defaults.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by defaulter-gen. DO NOT EDIT.

2
generated/1.17/apis/concierge/login/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/supervisor/clientsecret/v1alpha1/zz_generated.conversion.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by conversion-gen. DO NOT EDIT.

2
generated/1.17/apis/supervisor/clientsecret/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/supervisor/clientsecret/v1alpha1/zz_generated.defaults.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by defaulter-gen. DO NOT EDIT.

2
generated/1.17/apis/supervisor/clientsecret/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

2
generated/1.17/apis/supervisor/config/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.

13
generated/1.17/apis/supervisor/idp/v1alpha1/types_oidcidentityprovider.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package v1alpha1
@@ -138,6 +138,17 @@ type OIDCClaims struct {
// the ID token.
// +optional
Username string `json:"username"`
// AdditionalClaimMappings allows for additional arbitrary upstream claim values to be mapped into the
// "additionalClaims" claim of the ID tokens generated by the Supervisor. This should be specified as a map of
// new claim names as the keys, and upstream claim names as the values. These new claim names will be nested
// under the top-level "additionalClaims" claim in ID tokens generated by the Supervisor when this
// OIDCIdentityProvider was used for user authentication. These claims will be made available to all clients.
// This feature is not required to use the Supervisor to provide authentication for Kubernetes clusters, but can be
// used when using the Supervisor for other authentication purposes. When this map is empty or the upstream claims
// are not available, the "additionalClaims" claim will be excluded from the ID tokens generated by the Supervisor.
// +optional
AdditionalClaimMappings map[string]string `json:"additionalClaimMappings,omitempty"`
}
// OIDCClient contains information about an OIDC client (e.g., client ID and client

11
generated/1.17/apis/supervisor/idp/v1alpha1/zz_generated.deepcopy.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by deepcopy-gen. DO NOT EDIT.
@@ -438,6 +438,13 @@ func (in *OIDCAuthorizationConfig) DeepCopy() *OIDCAuthorizationConfig {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OIDCClaims) DeepCopyInto(out *OIDCClaims) {
*out = *in
if in.AdditionalClaimMappings != nil {
in, out := &in.AdditionalClaimMappings, &out.AdditionalClaimMappings
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
@@ -537,7 +544,7 @@ func (in *OIDCIdentityProviderSpec) DeepCopyInto(out *OIDCIdentityProviderSpec)
**out = **in
}
in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig)
out.Claims = in.Claims
in.Claims.DeepCopyInto(&out.Claims)
out.Client = in.Client
return
}

6
generated/1.17/apis/supervisor/oidc/types_supervisor_oidc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package oidc
@@ -40,6 +40,10 @@ const (
// group names which were mapped from the upstream identity provider.
IDTokenClaimGroups = "groups"
// IDTokenClaimAdditionalClaims is the top level claim used to hold additional claims in the downstream ID
// token, if any claims are present.
IDTokenClaimAdditionalClaims = "additionalClaims"
// GrantTypeAuthorizationCode is the name of the grant type for authorization code flows defined by the OIDC spec.
GrantTypeAuthorizationCode = "authorization_code"

2
generated/1.17/client/concierge/clientset/versioned/clientset.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/fake/clientset_generated.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/fake/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/fake/register.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/scheme/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/scheme/register.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/generated_expansion.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/fake/fake_whoamirequest.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/identity_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/identity/v1alpha1/whoamirequest.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/generated_expansion.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/authentication/interface.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/config/interface.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/factory.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/generic.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/informers/externalversions/internalinterfaces/factory_interfaces.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by informer-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/listers/authentication/v1alpha1/expansion_generated.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by lister-gen. DO NOT EDIT.

2
generated/1.17/client/concierge/openapi/zz_generated.openapi.go generated
View File

@@ -1,7 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by openapi-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/clientset.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/fake/clientset_generated.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/fake/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/fake/register.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/scheme/doc.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/scheme/register.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

2
generated/1.17/client/supervisor/clientset/versioned/typed/clientsecret/v1alpha1/clientsecret_client.go generated
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
// Code generated by client-gen. DO NOT EDIT.

Some files were not shown because too many files have changed in this diff Show More