Documentation ¶
Overview ¶
+k8s:deepcopy-gen=package,register +groupName=identity.unikorn-cloud.org
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type IdentityProviderType
- type OAuth2Client
- type OAuth2ClientList
- type OAuth2ClientSpec
- type OAuth2ClientStatus
- type OAuth2Provider
- type OAuth2ProviderList
- type OAuth2ProviderSpec
- type OAuth2ProviderStatus
- type Organization
- type OrganizationGroup
- type OrganizationList
- type OrganizationProviderGoogleSpec
- type OrganizationProviderOptions
- type OrganizationSpec
- type OrganizationStatus
- type Role
- type RoleList
- type RoleScope
- type RoleSpec
- type RoleStatus
Constants ¶
const ( // GroupName is the Kubernetes API group our resources belong to. GroupName = "identity.unikorn-cloud.org" // GroupVersion is the version of our custom resources. GroupVersion = "v1alpha1" // Group is group/version of our resources. Group = GroupName + "/" + GroupVersion )
Variables ¶
var ( // SchemeGroupVersion defines the GV of our resources. //nolint:gochecknoglobals SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: GroupVersion} // SchemeBuilder creates a mapping between GVK and type. //nolint:gochecknoglobals SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} // AddToScheme adds our GVK to resource mappings to an existing scheme. //nolint:gochecknoglobals AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource maps a resource type to a group resource.
Types ¶
type IdentityProviderType ¶ added in v0.1.3
type IdentityProviderType string
IdentityProviderType defines the type of identity provider, and in turn that defines the required configuration and API interfaces. +kubebuilder:validation:Enum=google;microsoft
const ( GoogleIdentity IdentityProviderType = "google" MicrosoftEntra IdentityProviderType = "microsoft" )
type OAuth2Client ¶
type OAuth2Client struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec OAuth2ClientSpec `json:"spec"` Status OAuth2ClientStatus `json:"status,omitempty"` }
OAuth2Client describes an oauth2 client. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:scope=Namespaced,categories=unikorn +kubebuilder:printcolumn:name="client id",type="string",JSONPath=".spec.id" +kubebuilder:printcolumn:name="redirect uri",type="string",JSONPath=".spec.redirectUri" +kubebuilder:printcolumn:name="age",type="date",JSONPath=".metadata.creationTimestamp"
func (*OAuth2Client) DeepCopy ¶
func (in *OAuth2Client) DeepCopy() *OAuth2Client
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2Client.
func (*OAuth2Client) DeepCopyInto ¶
func (in *OAuth2Client) DeepCopyInto(out *OAuth2Client)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OAuth2Client) DeepCopyObject ¶
func (in *OAuth2Client) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OAuth2ClientList ¶
type OAuth2ClientList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []OAuth2Client `json:"items"` }
OAuth2ClientList is a typed list of frontend clients. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*OAuth2ClientList) DeepCopy ¶
func (in *OAuth2ClientList) DeepCopy() *OAuth2ClientList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientList.
func (*OAuth2ClientList) DeepCopyInto ¶
func (in *OAuth2ClientList) DeepCopyInto(out *OAuth2ClientList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OAuth2ClientList) DeepCopyObject ¶
func (in *OAuth2ClientList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OAuth2ClientSpec ¶
type OAuth2ClientSpec struct { // ID uniquely identifes the client. ID string `json:"id"` // RedirectURI is the URI to pass control back to the client. RedirectURI string `json:"redirectUri"` // LoginURI is a URI to pass control to for login dialogs. LoginURI *string `json:"loginUri,omitempty"` }
OAuth2ClientSpec defines the required configuration for the client.
func (*OAuth2ClientSpec) DeepCopy ¶
func (in *OAuth2ClientSpec) DeepCopy() *OAuth2ClientSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientSpec.
func (*OAuth2ClientSpec) DeepCopyInto ¶
func (in *OAuth2ClientSpec) DeepCopyInto(out *OAuth2ClientSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth2ClientStatus ¶
type OAuth2ClientStatus struct { }
OAuth2ClientStatus defines the status of the client.
func (*OAuth2ClientStatus) DeepCopy ¶
func (in *OAuth2ClientStatus) DeepCopy() *OAuth2ClientStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientStatus.
func (*OAuth2ClientStatus) DeepCopyInto ¶
func (in *OAuth2ClientStatus) DeepCopyInto(out *OAuth2ClientStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth2Provider ¶
type OAuth2Provider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec OAuth2ProviderSpec `json:"spec"` Status OAuth2ProviderStatus `json:"status,omitempty"` }
OAuth2Provider describes an oauth2 provider. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:scope=Namespaced,categories=unikorn +kubebuilder:printcolumn:name="display name",type="string",JSONPath=".spec.displayName" +kubebuilder:printcolumn:name="issuer",type="string",JSONPath=".spec.issuer" +kubebuilder:printcolumn:name="client ID",type="string",JSONPath=".spec.clientID" +kubebuilder:printcolumn:name="age",type="date",JSONPath=".metadata.creationTimestamp"
func (*OAuth2Provider) DeepCopy ¶
func (in *OAuth2Provider) DeepCopy() *OAuth2Provider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2Provider.
func (*OAuth2Provider) DeepCopyInto ¶
func (in *OAuth2Provider) DeepCopyInto(out *OAuth2Provider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OAuth2Provider) DeepCopyObject ¶
func (in *OAuth2Provider) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OAuth2ProviderList ¶
type OAuth2ProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []OAuth2Provider `json:"items"` }
OAuth2ProviderList is a typed list of backend servers. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*OAuth2ProviderList) DeepCopy ¶
func (in *OAuth2ProviderList) DeepCopy() *OAuth2ProviderList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ProviderList.
func (*OAuth2ProviderList) DeepCopyInto ¶
func (in *OAuth2ProviderList) DeepCopyInto(out *OAuth2ProviderList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OAuth2ProviderList) DeepCopyObject ¶
func (in *OAuth2ProviderList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OAuth2ProviderSpec ¶
type OAuth2ProviderSpec struct { // Type defines the interface to use with the provider, specifically // how to retrieve group information for fine-grained RBAC. For certain // global provider types e.g. Google or Microsoft, only a single instance // of that type should be specified, doing otherwise will result in // undefined behaviour. Type IdentityProviderType `json:"type"` // DisplayName is a user readable issuer name. DisplayName string `json:"displayName"` // The issuer is typically provided by the identity provider as an // OIDC discovery endpoint e.g. https://accounts.google.com. // This will be used to verify issued JWTs have the same "iss" claim. Issuer string `json:"issuer"` // ClientID is the assigned client identifier. ClientID string `json:"clientID"` // ClientSecret is created by the IdP for token exchange. ClientSecret *string `json:"clientSecret,omitempty"` }
OAuth2ProviderSpec defines the required configuration for an oauth2 provider.
func (*OAuth2ProviderSpec) DeepCopy ¶
func (in *OAuth2ProviderSpec) DeepCopy() *OAuth2ProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ProviderSpec.
func (*OAuth2ProviderSpec) DeepCopyInto ¶
func (in *OAuth2ProviderSpec) DeepCopyInto(out *OAuth2ProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OAuth2ProviderStatus ¶
type OAuth2ProviderStatus struct { }
OAuth2ProviderStatus defines the status of the server.
func (*OAuth2ProviderStatus) DeepCopy ¶
func (in *OAuth2ProviderStatus) DeepCopy() *OAuth2ProviderStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ProviderStatus.
func (*OAuth2ProviderStatus) DeepCopyInto ¶
func (in *OAuth2ProviderStatus) DeepCopyInto(out *OAuth2ProviderStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Organization ¶ added in v0.1.3
type Organization struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec OrganizationSpec `json:"spec"` Status OrganizationStatus `json:"status,omitempty"` }
Organization describes an identity mapping. The main job of this type is to take an email address identity, extract the domain and use it to resolve an identity provider. It also is the place where users within that domain can be allowed based on groups/claims offered by that identity provider to limit access. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:scope=Namespaced,categories=unikorn +kubebuilder:printcolumn:name="domain",type="string",JSONPath=".spec.domain" +kubebuilder:printcolumn:name="provider",type="string",JSONPath=".spec.providerName" +kubebuilder:printcolumn:name="age",type="date",JSONPath=".metadata.creationTimestamp"
func (*Organization) DeepCopy ¶ added in v0.1.3
func (in *Organization) DeepCopy() *Organization
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Organization.
func (*Organization) DeepCopyInto ¶ added in v0.1.3
func (in *Organization) DeepCopyInto(out *Organization)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Organization) DeepCopyObject ¶ added in v0.1.3
func (in *Organization) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OrganizationGroup ¶ added in v0.1.3
type OrganizationGroup struct { // ID is the a unique, and immutable identifier for the group, the intent // being that resources will belong to a group irrespective of display name // changes. ID string `json:"id"` // Name is the name to display the group as in UIs and other UX // interfaces. This should again be unique within the organization to // avoid ambiguity, but may be changed. Name string `json:"name"` // ProviderName is the name of the group as returned by the provider. // For example a query of https://cloudidentity.googleapis.com/v1/groups/ // will return something like groups/01664s551ax43ok. ProviderGroupName *string `json:"providerGroupName,omitempty"` // Users are a list of user names that are members of the group. Users []string `json:"users,omitempty"` // Roles are a list of roles users of the group inherit. Roles []string `json:"roles,omitempty"` }
func (*OrganizationGroup) DeepCopy ¶ added in v0.1.3
func (in *OrganizationGroup) DeepCopy() *OrganizationGroup
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationGroup.
func (*OrganizationGroup) DeepCopyInto ¶ added in v0.1.3
func (in *OrganizationGroup) DeepCopyInto(out *OrganizationGroup)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OrganizationList ¶ added in v0.1.3
type OrganizationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Organization `json:"items"` }
OrganizationList is a typed list of identity mappings. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*OrganizationList) DeepCopy ¶ added in v0.1.3
func (in *OrganizationList) DeepCopy() *OrganizationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationList.
func (*OrganizationList) DeepCopyInto ¶ added in v0.1.3
func (in *OrganizationList) DeepCopyInto(out *OrganizationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OrganizationList) DeepCopyObject ¶ added in v0.1.3
func (in *OrganizationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OrganizationProviderGoogleSpec ¶ added in v0.1.3
type OrganizationProviderGoogleSpec struct { // CustomerID is retrieved from the "Account Settings > Profile" page on // https://admin.google.com for your organisation and is required to // lookup user groups for fine-grained RBAC. CustomerID string `json:"customerId"` }
func (*OrganizationProviderGoogleSpec) DeepCopy ¶ added in v0.1.3
func (in *OrganizationProviderGoogleSpec) DeepCopy() *OrganizationProviderGoogleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationProviderGoogleSpec.
func (*OrganizationProviderGoogleSpec) DeepCopyInto ¶ added in v0.1.3
func (in *OrganizationProviderGoogleSpec) DeepCopyInto(out *OrganizationProviderGoogleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OrganizationProviderOptions ¶ added in v0.1.3
type OrganizationProviderOptions struct { // If the referenced provider is set to "google" then the following // parameters should be specified. Google *OrganizationProviderGoogleSpec `json:"google,omitempty"` }
func (*OrganizationProviderOptions) DeepCopy ¶ added in v0.1.3
func (in *OrganizationProviderOptions) DeepCopy() *OrganizationProviderOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationProviderOptions.
func (*OrganizationProviderOptions) DeepCopyInto ¶ added in v0.1.3
func (in *OrganizationProviderOptions) DeepCopyInto(out *OrganizationProviderOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OrganizationSpec ¶ added in v0.1.3
type OrganizationSpec struct { // Domain is used by unikorn-identity to map an end-user provided // email address to an identity provider. Domain *string `json:"domain,omitempty"` // ProviderName is the name of an explicit oauth2/oidc provider. // When using a domain mapping. ProviderName *string `json:"providerName,omitempty"` // ProviderOptions is the configuration for a specific provider type. // When using domain mapping. ProviderOptions *OrganizationProviderOptions `json:"providerOptions,omitempty"` // Groups defines the set of groups that are allowed to be mapped // from the identity provider into unikorn. If no groups are specified // then it is assumed all users have access to everything. Groups []OrganizationGroup `json:"groups,omitempty"` }
OrganizationSpec defines the required configuration for the server.
func (*OrganizationSpec) DeepCopy ¶ added in v0.1.3
func (in *OrganizationSpec) DeepCopy() *OrganizationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationSpec.
func (*OrganizationSpec) DeepCopyInto ¶ added in v0.1.3
func (in *OrganizationSpec) DeepCopyInto(out *OrganizationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OrganizationStatus ¶ added in v0.1.3
type OrganizationStatus struct { }
OrganizationStatus defines the status of the server.
func (*OrganizationStatus) DeepCopy ¶ added in v0.1.3
func (in *OrganizationStatus) DeepCopy() *OrganizationStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrganizationStatus.
func (*OrganizationStatus) DeepCopyInto ¶ added in v0.1.3
func (in *OrganizationStatus) DeepCopyInto(out *OrganizationStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Role ¶ added in v0.1.23
type Role struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec RoleSpec `json:"spec"` Status RoleStatus `json:"status,omitempty"` }
Role defines a role type that forms the basis of RBAC. Permissions are applied to arbitrary scopes that are used by individual components to allow or prevent API access. Roles are additive, so effective RBAC permssions should be create from the boolean union for any roles that apply to a user. Roles can optionally be scoped to an organization to allow deep customization of roles and permissions within that organization, for example the system management organization may have an onboarding role that allows basic account creation before handing off to the user. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:scope=Namespaced,categories=unikorn +kubebuilder:printcolumn:name="age",type="date",JSONPath=".metadata.creationTimestamp"
func (*Role) DeepCopy ¶ added in v0.1.23
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role.
func (*Role) DeepCopyInto ¶ added in v0.1.23
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Role) DeepCopyObject ¶ added in v0.1.23
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleList ¶ added in v0.1.23
type RoleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Role `json:"items"` }
+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*RoleList) DeepCopy ¶ added in v0.1.23
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleList.
func (*RoleList) DeepCopyInto ¶ added in v0.1.23
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RoleList) DeepCopyObject ¶ added in v0.1.23
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleScope ¶ added in v0.1.23
type RoleScope struct { // Name is a unique name that applies to the scope. Individual APIs should // coordinate with one another to avoid clashes and privilege escallation. Name string `json:"name"` // Permissions defines a set of CRUD permissions for the scope. // +listType=set Permissions []constants.Permission `json:"permissions,omitempty"` }
func (*RoleScope) DeepCopy ¶ added in v0.1.23
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleScope.
func (*RoleScope) DeepCopyInto ¶ added in v0.1.23
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleSpec ¶ added in v0.1.23
type RoleSpec struct { // IsDefault indicates that all authenticated users are granted // the following scopes regardless of organizational group membership // and typically are required for organization discovery and RBAC functionality // in the first instance. IsDefault bool `json:"isDefault,omitempty"` // Scopes are a list of uniquely named scopes for the role. // +listType=map // +listMapKey=name Scopes []RoleScope `json:"scopes,omitempty"` }
RoleSpec defines the role's requested state.
func (*RoleSpec) DeepCopy ¶ added in v0.1.23
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleSpec.
func (*RoleSpec) DeepCopyInto ¶ added in v0.1.23
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleStatus ¶ added in v0.1.23
type RoleStatus struct { }
RoleStatus defines any role status information.
func (*RoleStatus) DeepCopy ¶ added in v0.1.23
func (in *RoleStatus) DeepCopy() *RoleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleStatus.
func (*RoleStatus) DeepCopyInto ¶ added in v0.1.23
func (in *RoleStatus) DeepCopyInto(out *RoleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.