v1alpha1

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2022 License: Apache-2.0 Imports: 3 Imported by: 4

Documentation

Overview

Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.

Index

Constants

View Source 
const GroupName = "authentication.concierge.pinniped.dev"

Variables

View Source 
var (
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects.

Functions

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource.

Types

type Condition 

type Condition struct {
	// type of condition in CamelCase or in foo.example.com/CamelCase.
	// ---
	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
	// useful (see .node.status.conditions), the ability to deconflict is important.
	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
	// +kubebuilder:validation:MaxLength=316
	Type string `json:"type"`

	// status of the condition, one of True, False, Unknown.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Enum=True;False;Unknown
	Status ConditionStatus `json:"status"`

	// observedGeneration represents the .metadata.generation that the condition was set based upon.
	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
	// with respect to the current state of the instance.
	// +optional
	// +kubebuilder:validation:Minimum=0
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// lastTransitionTime is the last time the condition transitioned from one status to another.
	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:Type=string
	// +kubebuilder:validation:Format=date-time
	LastTransitionTime metav1.Time `json:"lastTransitionTime"`

	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
	// Producers of specific condition types may define expected values and meanings for this field,
	// and whether the values are considered a guaranteed API.
	// The value should be a CamelCase string.
	// This field may not be empty.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MaxLength=1024
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
	Reason string `json:"reason"`

	// message is a human readable message indicating details about the transition.
	// This may be an empty string.
	// +required
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MaxLength=32768
	Message string `json:"message"`
}

Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.

func (*Condition) DeepCopy 

func (in *Condition) DeepCopy() *Condition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

func (*Condition) DeepCopyInto 

func (in *Condition) DeepCopyInto(out *Condition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConditionStatus 

type ConditionStatus string

ConditionStatus is effectively an enum type for Condition.Status. 

const (
	ConditionTrue    ConditionStatus = "True"
	ConditionFalse   ConditionStatus = "False"
	ConditionUnknown ConditionStatus = "Unknown"
)

These are valid condition statuses. "ConditionTrue" means a resource is in the condition. "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes can't decide if a resource is in the condition or not. In the future, we could add other intermediate conditions, e.g. ConditionDegraded.

type JWTAuthenticator 

type JWTAuthenticator struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec for configuring the authenticator.
	Spec JWTAuthenticatorSpec `json:"spec"`

	// Status of the authenticator.
	Status JWTAuthenticatorStatus `json:"status,omitempty"`
}

JWTAuthenticator describes the configuration of a JWT authenticator.

Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid signature, existence of claims, etc.) and extract the username and groups from the token.

+genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:subresource:status

func (*JWTAuthenticator) DeepCopy 

func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.

func (*JWTAuthenticator) DeepCopyInto 

func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTAuthenticator) DeepCopyObject 

func (in *JWTAuthenticator) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTAuthenticatorList 

type JWTAuthenticatorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []JWTAuthenticator `json:"items"`
}

List of JWTAuthenticator objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*JWTAuthenticatorList) DeepCopy 

func (in *JWTAuthenticatorList) DeepCopy() *JWTAuthenticatorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorList.

func (*JWTAuthenticatorList) DeepCopyInto 

func (in *JWTAuthenticatorList) DeepCopyInto(out *JWTAuthenticatorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTAuthenticatorList) DeepCopyObject 

func (in *JWTAuthenticatorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTAuthenticatorSpec 

type JWTAuthenticatorSpec struct {
	// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
	// also used to validate the "iss" JWT claim.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=`^https://`
	Issuer string `json:"issuer"`

	// Audience is the required value of the "aud" JWT claim.
	// +kubebuilder:validation:MinLength=1
	Audience string `json:"audience"`

	// Claims allows customization of the claims that will be mapped to user identity
	// for Kubernetes access.
	// +optional
	Claims JWTTokenClaims `json:"claims"`

	// TLS configuration for communicating with the OIDC provider.
	// +optional
	TLS *TLSSpec `json:"tls,omitempty"`
}

Spec for configuring a JWT authenticator.

func (*JWTAuthenticatorSpec) DeepCopy 

func (in *JWTAuthenticatorSpec) DeepCopy() *JWTAuthenticatorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorSpec.

func (*JWTAuthenticatorSpec) DeepCopyInto 

func (in *JWTAuthenticatorSpec) DeepCopyInto(out *JWTAuthenticatorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTAuthenticatorStatus 

type JWTAuthenticatorStatus struct {
	// Represents the observations of the authenticator's current state.
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

Status of a JWT authenticator.

func (*JWTAuthenticatorStatus) DeepCopy 

func (in *JWTAuthenticatorStatus) DeepCopy() *JWTAuthenticatorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorStatus.

func (*JWTAuthenticatorStatus) DeepCopyInto 

func (in *JWTAuthenticatorStatus) DeepCopyInto(out *JWTAuthenticatorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTTokenClaims 

type JWTTokenClaims struct {
	// Groups is the name of the claim which should be read to extract the user's
	// group membership from the JWT token. When not specified, it will default to "groups".
	// +optional
	Groups string `json:"groups"`

	// Username is the name of the claim which should be read to extract the
	// username from the JWT token. When not specified, it will default to "username".
	// +optional
	Username string `json:"username"`
}

JWTTokenClaims allows customization of the claims that will be mapped to user identity for Kubernetes access.

func (*JWTTokenClaims) DeepCopy 

func (in *JWTTokenClaims) DeepCopy() *JWTTokenClaims

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTTokenClaims.

func (*JWTTokenClaims) DeepCopyInto 

func (in *JWTTokenClaims) DeepCopyInto(out *JWTTokenClaims)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSSpec 

type TLSSpec struct {
	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
	// +optional
	CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
}

Configuration for configuring TLS on various authenticators.

func (*TLSSpec) DeepCopy 

func (in *TLSSpec) DeepCopy() *TLSSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.

func (*TLSSpec) DeepCopyInto 

func (in *TLSSpec) DeepCopyInto(out *TLSSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookAuthenticator 

type WebhookAuthenticator struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec for configuring the authenticator.
	Spec WebhookAuthenticatorSpec `json:"spec"`

	// Status of the authenticator.
	Status WebhookAuthenticatorStatus `json:"status,omitempty"`
}

WebhookAuthenticator describes the configuration of a webhook authenticator. +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:subresource:status

func (*WebhookAuthenticator) DeepCopy 

func (in *WebhookAuthenticator) DeepCopy() *WebhookAuthenticator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticator.

func (*WebhookAuthenticator) DeepCopyInto 

func (in *WebhookAuthenticator) DeepCopyInto(out *WebhookAuthenticator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WebhookAuthenticator) DeepCopyObject 

func (in *WebhookAuthenticator) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WebhookAuthenticatorList 

type WebhookAuthenticatorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []WebhookAuthenticator `json:"items"`
}

List of WebhookAuthenticator objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*WebhookAuthenticatorList) DeepCopy 

func (in *WebhookAuthenticatorList) DeepCopy() *WebhookAuthenticatorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorList.

func (*WebhookAuthenticatorList) DeepCopyInto 

func (in *WebhookAuthenticatorList) DeepCopyInto(out *WebhookAuthenticatorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WebhookAuthenticatorList) DeepCopyObject 

func (in *WebhookAuthenticatorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WebhookAuthenticatorSpec 

type WebhookAuthenticatorSpec struct {
	// Webhook server endpoint URL.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=`^https://`
	Endpoint string `json:"endpoint"`

	// TLS configuration.
	// +optional
	TLS *TLSSpec `json:"tls,omitempty"`
}

Spec for configuring a webhook authenticator.

func (*WebhookAuthenticatorSpec) DeepCopy 

func (in *WebhookAuthenticatorSpec) DeepCopy() *WebhookAuthenticatorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorSpec.

func (*WebhookAuthenticatorSpec) DeepCopyInto 

func (in *WebhookAuthenticatorSpec) DeepCopyInto(out *WebhookAuthenticatorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookAuthenticatorStatus 

type WebhookAuthenticatorStatus struct {
	// Represents the observations of the authenticator's current state.
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

Status of a webhook authenticator.

func (*WebhookAuthenticatorStatus) DeepCopy 

func (in *WebhookAuthenticatorStatus) DeepCopy() *WebhookAuthenticatorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorStatus.

func (*WebhookAuthenticatorStatus) DeepCopyInto 

func (in *WebhookAuthenticatorStatus) DeepCopyInto(out *WebhookAuthenticatorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.