Documentation ¶
Overview ¶
Package v1alpha1 is the v1alpha1 version of the Pinniped supervisor identity provider (IDP) API.
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type Condition
- type ConditionStatus
- type OIDCAuthorizationConfig
- type OIDCClaims
- type OIDCClient
- type OIDCIdentityProvider
- type OIDCIdentityProviderList
- type OIDCIdentityProviderPhase
- type OIDCIdentityProviderSpec
- type OIDCIdentityProviderStatus
- type TLSSpec
Constants ¶
const GroupName = "idp.supervisor.pinniped.dev"
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource.
Types ¶
type Condition ¶
type Condition struct { // type of condition in CamelCase or in foo.example.com/CamelCase. // --- // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be // useful (see .node.status.conditions), the ability to deconflict is important. // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` // +kubebuilder:validation:MaxLength=316 Type string `json:"type"` // status of the condition, one of True, False, Unknown. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Enum=True;False;Unknown Status ConditionStatus `json:"status"` // observedGeneration represents the .metadata.generation that the condition was set based upon. // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date // with respect to the current state of the instance. // +optional // +kubebuilder:validation:Minimum=0 ObservedGeneration int64 `json:"observedGeneration,omitempty"` // lastTransitionTime is the last time the condition transitioned from one status to another. // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:Type=string // +kubebuilder:validation:Format=date-time LastTransitionTime metav1.Time `json:"lastTransitionTime"` // reason contains a programmatic identifier indicating the reason for the condition's last transition. // Producers of specific condition types may define expected values and meanings for this field, // and whether the values are considered a guaranteed API. // The value should be a CamelCase string. // This field may not be empty. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength=1024 // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` Reason string `json:"reason"` // message is a human readable message indicating details about the transition. // This may be an empty string. // +required // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength=32768 Message string `json:"message"` }
Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.
func (*Condition) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.
func (*Condition) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConditionStatus ¶
type ConditionStatus string
ConditionStatus is effectively an enum type for Condition.Status.
const ( ConditionTrue ConditionStatus = "True" ConditionFalse ConditionStatus = "False" ConditionUnknown ConditionStatus = "Unknown" )
These are valid condition statuses. "ConditionTrue" means a resource is in the condition. "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes can't decide if a resource is in the condition or not. In the future, we could add other intermediate conditions, e.g. ConditionDegraded.
type OIDCAuthorizationConfig ¶
type OIDCAuthorizationConfig struct { // AdditionalScopes are the scopes in addition to "openid" that will be requested as part of the authorization // request flow with an OIDC identity provider. By default only the "openid" scope will be requested. // +optional AdditionalScopes []string `json:"additionalScopes,omitempty"` }
OIDCAuthorizationConfig provides information about how to form the OAuth2 authorization request parameters.
func (*OIDCAuthorizationConfig) DeepCopy ¶
func (in *OIDCAuthorizationConfig) DeepCopy() *OIDCAuthorizationConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCAuthorizationConfig.
func (*OIDCAuthorizationConfig) DeepCopyInto ¶
func (in *OIDCAuthorizationConfig) DeepCopyInto(out *OIDCAuthorizationConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCClaims ¶
type OIDCClaims struct { // Groups provides the name of the token claim that will be used to ascertain the groups to which // an identity belongs. // +optional Groups string `json:"groups"` // Username provides the name of the token claim that will be used to ascertain an identity's // username. // +optional Username string `json:"username"` }
OIDCClaims provides a mapping from upstream claims into identities.
func (*OIDCClaims) DeepCopy ¶
func (in *OIDCClaims) DeepCopy() *OIDCClaims
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClaims.
func (*OIDCClaims) DeepCopyInto ¶
func (in *OIDCClaims) DeepCopyInto(out *OIDCClaims)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCClient ¶
type OIDCClient struct { // SecretName contains the name of a namespace-local Secret object that provides the clientID and // clientSecret for an OIDC client. If only the SecretName is specified in an OIDCClient // struct, then it is expected that the Secret is of type "secrets.pinniped.dev/oidc-client" with keys // "clientID" and "clientSecret". SecretName string `json:"secretName"` }
OIDCClient contains information about an OIDC client (e.g., client ID and client secret).
func (*OIDCClient) DeepCopy ¶
func (in *OIDCClient) DeepCopy() *OIDCClient
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClient.
func (*OIDCClient) DeepCopyInto ¶
func (in *OIDCClient) DeepCopyInto(out *OIDCClient)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCIdentityProvider ¶
type OIDCIdentityProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec for configuring the identity provider. Spec OIDCIdentityProviderSpec `json:"spec"` // Status of the identity provider. Status OIDCIdentityProviderStatus `json:"status,omitempty"` }
OIDCIdentityProvider describes the configuration of an upstream OpenID Connect identity provider. +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-idp;pinniped-idps +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.phase` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:subresource:status
func (*OIDCIdentityProvider) DeepCopy ¶
func (in *OIDCIdentityProvider) DeepCopy() *OIDCIdentityProvider
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProvider.
func (*OIDCIdentityProvider) DeepCopyInto ¶
func (in *OIDCIdentityProvider) DeepCopyInto(out *OIDCIdentityProvider)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OIDCIdentityProvider) DeepCopyObject ¶
func (in *OIDCIdentityProvider) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OIDCIdentityProviderList ¶
type OIDCIdentityProviderList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []OIDCIdentityProvider `json:"items"` }
List of OIDCIdentityProvider objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*OIDCIdentityProviderList) DeepCopy ¶
func (in *OIDCIdentityProviderList) DeepCopy() *OIDCIdentityProviderList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderList.
func (*OIDCIdentityProviderList) DeepCopyInto ¶
func (in *OIDCIdentityProviderList) DeepCopyInto(out *OIDCIdentityProviderList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OIDCIdentityProviderList) DeepCopyObject ¶
func (in *OIDCIdentityProviderList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type OIDCIdentityProviderPhase ¶
type OIDCIdentityProviderPhase string
const ( // PhasePending is the default phase for newly-created OIDCIdentityProvider resources. PhasePending OIDCIdentityProviderPhase = "Pending" // PhaseReady is the phase for an OIDCIdentityProvider resource in a healthy state. PhaseReady OIDCIdentityProviderPhase = "Ready" // PhaseError is the phase for an OIDCIdentityProvider in an unhealthy state. PhaseError OIDCIdentityProviderPhase = "Error" )
type OIDCIdentityProviderSpec ¶
type OIDCIdentityProviderSpec struct { // Issuer is the issuer URL of this OIDC identity provider, i.e., where to fetch // /.well-known/openid-configuration. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:Pattern=`^https://` Issuer string `json:"issuer"` // TLS configuration for discovery/JWKS requests to the issuer. // +optional TLS *TLSSpec `json:"tls,omitempty"` // AuthorizationConfig holds information about how to form the OAuth2 authorization request // parameters to be used with this OIDC identity provider. // +optional AuthorizationConfig OIDCAuthorizationConfig `json:"authorizationConfig,omitempty"` // Claims provides the names of token claims that will be used when inspecting an identity from // this OIDC identity provider. // +optional Claims OIDCClaims `json:"claims"` // OIDCClient contains OIDC client information to be used used with this OIDC identity // provider. Client OIDCClient `json:"client"` }
Spec for configuring an OIDC identity provider.
func (*OIDCIdentityProviderSpec) DeepCopy ¶
func (in *OIDCIdentityProviderSpec) DeepCopy() *OIDCIdentityProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderSpec.
func (*OIDCIdentityProviderSpec) DeepCopyInto ¶
func (in *OIDCIdentityProviderSpec) DeepCopyInto(out *OIDCIdentityProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCIdentityProviderStatus ¶
type OIDCIdentityProviderStatus struct { // Phase summarizes the overall status of the OIDCIdentityProvider. // +kubebuilder:default=Pending // +kubebuilder:validation:Enum=Pending;Ready;Error Phase OIDCIdentityProviderPhase `json:"phase,omitempty"` // Represents the observations of an identity provider's current state. // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` }
Status of an OIDC identity provider.
func (*OIDCIdentityProviderStatus) DeepCopy ¶
func (in *OIDCIdentityProviderStatus) DeepCopy() *OIDCIdentityProviderStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderStatus.
func (*OIDCIdentityProviderStatus) DeepCopyInto ¶
func (in *OIDCIdentityProviderStatus) DeepCopyInto(out *OIDCIdentityProviderStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLSSpec ¶
type TLSSpec struct { // X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted. // +optional CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"` }
Configuration for TLS parameters related to identity provider integration.
func (*TLSSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.
func (*TLSSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.