Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the hydra v1alpha1 API group +kubebuilder:object:generate=true +groupName=hydra.ory.sh
Index ¶
- Constants
- Variables
- type ConditionStatus
- type GrantType
- type HydraAdmin
- type OAuth2Client
- type OAuth2ClientCondition
- type OAuth2ClientConditionType
- type OAuth2ClientList
- type OAuth2ClientSpec
- type OAuth2ClientStatus
- type ReconciliationError
- type RedirectURI
- type ResponseType
- type StatusCode
- type TokenEndpointAuthMethod
- type TokenLifespans
Constants ¶
View Source
const (
OAuth2ClientConditionReady = "Ready"
)
Variables ¶
View Source
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "hydra.ory.sh", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
This section is empty.
Types ¶
type ConditionStatus ¶ added in v0.0.27
type ConditionStatus string
+kubebuilder:validation:Enum=True;False;Unknown
const ( ConditionTrue ConditionStatus = "True" ConditionFalse ConditionStatus = "False" ConditionUnknown ConditionStatus = "Unknown" )
type GrantType ¶
type GrantType string
GrantType represents an OAuth 2.0 grant type +kubebuilder:validation:Enum=client_credentials;authorization_code;implicit;refresh_token
type HydraAdmin ¶ added in v0.0.5
type HydraAdmin struct {
// +kubebuilder:validation:MaxLength=64
// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
//
// URL is the URL for the hydra instance on
// which to set up the client. This value will override the value
// provided to `--hydra-url`
URL string `json:"url,omitempty"`
// +kubebuilder:validation:Maximum=65535
//
// Port is the port for the hydra instance on
// which to set up the client. This value will override the value
// provided to `--hydra-port`
Port int `json:"port,omitempty"`
// +kubebuilder:validation:Pattern=(^$|^/.*)
//
// Endpoint is the endpoint for the hydra instance on which
// to set up the client. This value will override the value
// provided to `--endpoint` (defaults to `"/clients"` in the
// application)
Endpoint string `json:"endpoint,omitempty"`
// +kubebuilder:validation:Pattern=(^$|https?|off)
//
// ForwardedProto overrides the `--forwarded-proto` flag. The
// value "off" will force this to be off even if
// `--forwarded-proto` is specified
ForwardedProto string `json:"forwardedProto,omitempty"`
}
HydraAdmin defines the desired hydra admin instance to use for OAuth2Client
func (*HydraAdmin) DeepCopy ¶ added in v0.0.5
func (in *HydraAdmin) DeepCopy() *HydraAdmin
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HydraAdmin.
func (*HydraAdmin) DeepCopyInto ¶ added in v0.0.5
func (in *HydraAdmin) DeepCopyInto(out *HydraAdmin)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth2Client ¶
type OAuth2Client struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec OAuth2ClientSpec `json:"spec,omitempty"`
Status OAuth2ClientStatus `json:"status,omitempty"`
}
OAuth2Client is the Schema for the oauth2clients API
func (*OAuth2Client) DeepCopy ¶
func (in *OAuth2Client) DeepCopy() *OAuth2Client
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2Client.
func (*OAuth2Client) DeepCopyInto ¶
func (in *OAuth2Client) DeepCopyInto(out *OAuth2Client)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OAuth2Client) DeepCopyObject ¶
func (in *OAuth2Client) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OAuth2ClientCondition ¶ added in v0.0.27
type OAuth2ClientCondition struct {
Type OAuth2ClientConditionType `json:"type"`
Status ConditionStatus `json:"status"`
}
OAuth2ClientCondition contains condition information for an OAuth2Client
func (*OAuth2ClientCondition) DeepCopy ¶ added in v0.0.27
func (in *OAuth2ClientCondition) DeepCopy() *OAuth2ClientCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientCondition.
func (*OAuth2ClientCondition) DeepCopyInto ¶ added in v0.0.27
func (in *OAuth2ClientCondition) DeepCopyInto(out *OAuth2ClientCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth2ClientConditionType ¶ added in v0.0.27
type OAuth2ClientConditionType string
type OAuth2ClientList ¶
type OAuth2ClientList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OAuth2Client `json:"items"`
}
OAuth2ClientList contains a list of OAuth2Client
func (*OAuth2ClientList) DeepCopy ¶
func (in *OAuth2ClientList) DeepCopy() *OAuth2ClientList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientList.
func (*OAuth2ClientList) DeepCopyInto ¶
func (in *OAuth2ClientList) DeepCopyInto(out *OAuth2ClientList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OAuth2ClientList) DeepCopyObject ¶
func (in *OAuth2ClientList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OAuth2ClientSpec ¶
type OAuth2ClientSpec struct {
// ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
ClientName string `json:"clientName,omitempty"`
// +kubebuilder:validation:MaxItems=4
// +kubebuilder:validation:MinItems=1
//
// GrantTypes is an array of grant types the client is allowed to use.
GrantTypes []GrantType `json:"grantTypes"`
// +kubebuilder:validation:MaxItems=3
// +kubebuilder:validation:MinItems=1
//
// ResponseTypes is an array of the OAuth 2.0 response type strings that the client can
// use at the authorization endpoint.
ResponseTypes []ResponseType `json:"responseTypes,omitempty"`
// RedirectURIs is an array of the redirect URIs allowed for the application
RedirectURIs []RedirectURI `json:"redirectUris,omitempty"`
// PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
PostLogoutRedirectURIs []RedirectURI `json:"postLogoutRedirectUris,omitempty"`
// AllowedCorsOrigins is an array of allowed CORS origins
AllowedCorsOrigins []RedirectURI `json:"allowedCorsOrigins,omitempty"`
// Audience is a whitelist defining the audiences this client is allowed to request tokens for
Audience []string `json:"audience,omitempty"`
// +kubebuilder:validation:Pattern=([a-zA-Z0-9\.\*]+\s?)*
// +kubebuilder:deprecatedversion:warning="Property scope is deprecated. Use scopeArray instead."
//
// Scope is a string containing a space-separated list of scope values (as
// described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
// can use when requesting access tokens.
// Use scopeArray instead.
Scope string `json:"scope,omitempty"`
// Scope is an array of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
// that the client can use when requesting access tokens.
ScopeArray []string `json:"scopeArray,omitempty"`
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:Pattern=[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
//
// SecretName points to the K8s secret that contains this client's ID and password
SecretName string `json:"secretName"`
// SkipConsent skips the consent screen for this client.
// +kubebuilder:validation:type=bool
// +kubebuilder:default=false
SkipConsent bool `json:"skipConsent,omitempty"`
// HydraAdmin is the optional configuration to use for managing
// this client
HydraAdmin HydraAdmin `json:"hydraAdmin,omitempty"`
// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
//
// Indication which authentication method shoud be used for the token endpoint
TokenEndpointAuthMethod TokenEndpointAuthMethod `json:"tokenEndpointAuthMethod,omitempty"`
// TokenLifespans is the configuration to use for managing different token lifespans
// depending on the used grant type.
TokenLifespans TokenLifespans `json:"tokenLifespans,omitempty"`
// +kubebuilder:validation:Type=object
// +nullable
// +optional
//
// Metadata is arbitrary data
Metadata apiextensionsv1.JSON `json:"metadata,omitempty"`
// +kubebuilder:validation:type=string
// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
//
// JwksUri Define the URL where the JSON Web Key Set should be fetched from when performing the private_key_jwt client authentication method.
JwksUri string `json:"jwksUri,omitempty"`
// +kubebuilder:validation:type=bool
// +kubebuilder:default=false
//
// FrontChannelLogoutSessionRequired Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used
FrontChannelLogoutSessionRequired bool `json:"frontChannelLogoutSessionRequired,omitempty"`
// +kubebuilder:validation:type=string
// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
//
// FrontChannelLogoutURI RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be
FrontChannelLogoutURI string `json:"frontChannelLogoutURI,omitempty"`
// +kubebuilder:validation:type=bool
// +kubebuilder:default=false
//
// BackChannelLogoutSessionRequired Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false.
BackChannelLogoutSessionRequired bool `json:"backChannelLogoutSessionRequired,omitempty"`
// +kubebuilder:validation:type=string
// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
//
// BackChannelLogoutURI RP URL that will cause the RP to log itself out when sent a Logout Token by the OP
BackChannelLogoutURI string `json:"backChannelLogoutURI,omitempty"`
}
OAuth2ClientSpec defines the desired state of OAuth2Client
func (*OAuth2ClientSpec) DeepCopy ¶
func (in *OAuth2ClientSpec) DeepCopy() *OAuth2ClientSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientSpec.
func (*OAuth2ClientSpec) DeepCopyInto ¶
func (in *OAuth2ClientSpec) DeepCopyInto(out *OAuth2ClientSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth2ClientStatus ¶
type OAuth2ClientStatus struct {
// ObservedGeneration represents the most recent generation observed by the daemon set controller.
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
ReconciliationError ReconciliationError `json:"reconciliationError,omitempty"`
Conditions []OAuth2ClientCondition `json:"conditions,omitempty"`
}
OAuth2ClientStatus defines the observed state of OAuth2Client
func (*OAuth2ClientStatus) DeepCopy ¶
func (in *OAuth2ClientStatus) DeepCopy() *OAuth2ClientStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientStatus.
func (*OAuth2ClientStatus) DeepCopyInto ¶
func (in *OAuth2ClientStatus) DeepCopyInto(out *OAuth2ClientStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ReconciliationError ¶ added in v0.0.4
type ReconciliationError struct {
// Code is the status code of the reconciliation error
Code StatusCode `json:"statusCode,omitempty"`
// Description is the description of the reconciliation error
Description string `json:"description,omitempty"`
}
ReconciliationError represents an error that occurred during the reconciliation process
func (*ReconciliationError) DeepCopy ¶ added in v0.0.4
func (in *ReconciliationError) DeepCopy() *ReconciliationError
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReconciliationError.
func (*ReconciliationError) DeepCopyInto ¶ added in v0.0.4
func (in *ReconciliationError) DeepCopyInto(out *ReconciliationError)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RedirectURI ¶ added in v0.0.5
type RedirectURI string
RedirectURI represents a redirect URI for the client +kubebuilder:validation:Pattern=`\w+:/?/?[^\s]+`
type ResponseType ¶
type ResponseType string
ResponseType represents an OAuth 2.0 response type strings +kubebuilder:validation:Enum=id_token;code;token;code token;code id_token;id_token token;code id_token token
type StatusCode ¶ added in v0.0.4
type StatusCode string
const ( StatusRegistrationFailed StatusCode = "CLIENT_REGISTRATION_FAILED" StatusCreateSecretFailed StatusCode = "SECRET_CREATION_FAILED" StatusUpdateFailed StatusCode = "CLIENT_UPDATE_FAILED" StatusInvalidSecret StatusCode = "INVALID_SECRET" StatusInvalidHydraAddress StatusCode = "INVALID_HYDRA_ADDRESS" )
type TokenEndpointAuthMethod ¶ added in v0.0.6
type TokenEndpointAuthMethod string
TokenEndpointAuthMethod represents an authentication method for token endpoint +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
type TokenLifespans ¶ added in v0.0.34
type TokenLifespans struct {
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// AuthorizationCodeGrantAccessTokenLifespan is the access token lifespan
// issued on an authorization_code grant.
AuthorizationCodeGrantAccessTokenLifespan string `json:"authorization_code_grant_access_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// AuthorizationCodeGrantIdTokenLifespan is the id token lifespan
// issued on an authorization_code grant.
AuthorizationCodeGrantIdTokenLifespan string `json:"authorization_code_grant_id_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// AuthorizationCodeGrantRefreshTokenLifespan is the refresh token lifespan
// issued on an authorization_code grant.
AuthorizationCodeGrantRefreshTokenLifespan string `json:"authorization_code_grant_refresh_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// AuthorizationCodeGrantRefreshTokenLifespan is the access token lifespan
// issued on a client_credentials grant.
ClientCredentialsGrantAccessTokenLifespan string `json:"client_credentials_grant_access_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// ImplicitGrantAccessTokenLifespan is the access token lifespan
// issued on an implicit grant.
ImplicitGrantAccessTokenLifespan string `json:"implicit_grant_access_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// ImplicitGrantIdTokenLifespan is the id token lifespan
// issued on an implicit grant.
ImplicitGrantIdTokenLifespan string `json:"implicit_grant_id_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// JwtBearerGrantAccessTokenLifespan is the access token lifespan
// issued on a jwt_bearer grant.
JwtBearerGrantAccessTokenLifespan string `json:"jwt_bearer_grant_access_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// RefreshTokenGrantAccessTokenLifespan is the access token lifespan
// issued on a refresh_token grant.
RefreshTokenGrantAccessTokenLifespan string `json:"refresh_token_grant_access_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// RefreshTokenGrantIdTokenLifespan is the id token lifespan
// issued on a refresh_token grant.
RefreshTokenGrantIdTokenLifespan string `json:"refresh_token_grant_id_token_lifespan,omitempty"`
// +kubebuilder:validation:Pattern=[0-9]+(ns|us|ms|s|m|h)
//
// RefreshTokenGrantRefreshTokenLifespan is the refresh token lifespan
// issued on a refresh_token grant.
RefreshTokenGrantRefreshTokenLifespan string `json:"refresh_token_grant_refresh_token_lifespan,omitempty"`
}
TokenLifespans defines the desired token durations by grant type for OAuth2Client
func (*TokenLifespans) DeepCopy ¶ added in v0.0.34
func (in *TokenLifespans) DeepCopy() *TokenLifespans
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenLifespans.
func (*TokenLifespans) DeepCopyInto ¶ added in v0.0.34
func (in *TokenLifespans) DeepCopyInto(out *TokenLifespans)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Click to show internal directories.
Click to hide internal directories.