supervisorconfig

Documentation

Index

• func NewFederationDomainWatcherController(federationDomainsSetter FederationDomainsSetter, apiGroupSuffix string, ...) controllerlib.Controller
• func NewJWKSObserverController(issuerToJWKSSetter IssuerToJWKSMapSetter, ...) controllerlib.Controller
• func NewJWKSWriterController(jwksSecretLabels map[string]string, kubeClient kubernetes.Interface, ...) controllerlib.Controller
• func NewTLSCertObserverController(issuerTLSCertSetter IssuerTLSCertSetter, ...) controllerlib.Controller
• type FederationDomainsSetter
• type IssuerTLSCertSetter
• type IssuerToJWKSMapSetter

Functions

func NewFederationDomainWatcherController

func NewFederationDomainWatcherController(
	federationDomainsSetter FederationDomainsSetter,
	apiGroupSuffix string,
	clock clock.Clock,
	client supervisorclientset.Interface,
	federationDomainInformer configinformers.FederationDomainInformer,
	oidcIdentityProviderInformer idpinformers.OIDCIdentityProviderInformer,
	ldapIdentityProviderInformer idpinformers.LDAPIdentityProviderInformer,
	activeDirectoryIdentityProviderInformer idpinformers.ActiveDirectoryIdentityProviderInformer,
	githubProviderInformer idpinformers.GitHubIdentityProviderInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

NewFederationDomainWatcherController creates a controllerlib.Controller that watches FederationDomain objects and notifies a callback object of the collection of provider configs.

func NewJWKSObserverController

func NewJWKSObserverController(
	issuerToJWKSSetter IssuerToJWKSMapSetter,
	secretInformer corev1informers.SecretInformer,
	federationDomainInformer v1alpha1.FederationDomainInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

Returns a controller which watches all of the FederationDomains and their corresponding Secrets and fills an in-memory cache of the JWKS info for each currently configured issuer. This controller assumes that the informers passed to it are already scoped down to the appropriate namespace. It also assumes that the IssuerToJWKSMapSetter passed to it has an underlying implementation which is thread-safe.

func NewJWKSWriterController

func NewJWKSWriterController(
	jwksSecretLabels map[string]string,
	kubeClient kubernetes.Interface,
	pinnipedClient supervisorclientset.Interface,
	secretInformer corev1informers.SecretInformer,
	federationDomainInformer configinformers.FederationDomainInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

NewJWKSWriterController returns a controllerlib.Controller that ensures a FederationDomain has a corresponding Secret that contains a valid active JWK and JWKS.

func NewTLSCertObserverController

func NewTLSCertObserverController(
	issuerTLSCertSetter IssuerTLSCertSetter,
	defaultTLSCertificateSecretName string,
	secretInformer corev1informers.SecretInformer,
	federationDomainInformer v1alpha1.FederationDomainInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

Types

type FederationDomainsSetter

type FederationDomainsSetter interface {
	SetFederationDomains(federationDomains ...*federationdomainproviders.FederationDomainIssuer)
}

FederationDomainsSetter can be notified of all known valid providers with its SetFederationDomains function. If there are no longer any valid issuers, then it can be called with no arguments. Implementations of this type should be thread-safe to support calls from multiple goroutines.

type IssuerTLSCertSetter

type IssuerTLSCertSetter interface {
	SetIssuerHostToTLSCertMap(issuerHostToTLSCertMap map[string]*tls.Certificate)
	SetDefaultTLSCert(certificate *tls.Certificate)
}

type IssuerToJWKSMapSetter

type IssuerToJWKSMapSetter interface {
	SetIssuerToJWKSMap(
		issuerToJWKSMap map[string]*jose.JSONWebKeySet,
		issuerToActiveJWKMap map[string]*jose.JSONWebKey,
	)
}