v1alpha1

package
v0.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2023 License: Apache-2.0 Imports: 3 Imported by: 4

Documentation

Overview

Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.

Index

Constants

View Source 
const GroupName = "authentication.concierge.pinniped.dev"

Variables

View Source 
var (
	SchemeBuilder runtime.SchemeBuilder

	AddToScheme = localSchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects.

Functions

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource.

Types

type JWTAuthenticator 

type JWTAuthenticator struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec for configuring the authenticator.
	Spec JWTAuthenticatorSpec `json:"spec"`

	// Status of the authenticator.
	Status JWTAuthenticatorStatus `json:"status,omitempty"`
}

JWTAuthenticator describes the configuration of a JWT authenticator.

Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid signature, existence of claims, etc.) and extract the username and groups from the token.

+genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +kubebuilder:printcolumn:name="Audience",type=string,JSONPath=`.spec.audience` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:subresource:status

func (*JWTAuthenticator) DeepCopy 

func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.

func (*JWTAuthenticator) DeepCopyInto 

func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTAuthenticator) DeepCopyObject 

func (in *JWTAuthenticator) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTAuthenticatorList 

type JWTAuthenticatorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []JWTAuthenticator `json:"items"`
}

List of JWTAuthenticator objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*JWTAuthenticatorList) DeepCopy 

func (in *JWTAuthenticatorList) DeepCopy() *JWTAuthenticatorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorList.

func (*JWTAuthenticatorList) DeepCopyInto 

func (in *JWTAuthenticatorList) DeepCopyInto(out *JWTAuthenticatorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*JWTAuthenticatorList) DeepCopyObject 

func (in *JWTAuthenticatorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type JWTAuthenticatorSpec 

type JWTAuthenticatorSpec struct {
	// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
	// also used to validate the "iss" JWT claim.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=`^https://`
	Issuer string `json:"issuer"`

	// Audience is the required value of the "aud" JWT claim.
	// +kubebuilder:validation:MinLength=1
	Audience string `json:"audience"`

	// Claims allows customization of the claims that will be mapped to user identity
	// for Kubernetes access.
	// +optional
	Claims JWTTokenClaims `json:"claims"`

	// TLS configuration for communicating with the OIDC provider.
	// +optional
	TLS *TLSSpec `json:"tls,omitempty"`
}

Spec for configuring a JWT authenticator.

func (*JWTAuthenticatorSpec) DeepCopy 

func (in *JWTAuthenticatorSpec) DeepCopy() *JWTAuthenticatorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorSpec.

func (*JWTAuthenticatorSpec) DeepCopyInto 

func (in *JWTAuthenticatorSpec) DeepCopyInto(out *JWTAuthenticatorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTAuthenticatorStatus 

type JWTAuthenticatorStatus struct {
	// Represents the observations of the authenticator's current state.
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

Status of a JWT authenticator.

func (*JWTAuthenticatorStatus) DeepCopy 

func (in *JWTAuthenticatorStatus) DeepCopy() *JWTAuthenticatorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorStatus.

func (*JWTAuthenticatorStatus) DeepCopyInto 

func (in *JWTAuthenticatorStatus) DeepCopyInto(out *JWTAuthenticatorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JWTTokenClaims 

type JWTTokenClaims struct {
	// Groups is the name of the claim which should be read to extract the user's
	// group membership from the JWT token. When not specified, it will default to "groups".
	// +optional
	Groups string `json:"groups"`

	// Username is the name of the claim which should be read to extract the
	// username from the JWT token. When not specified, it will default to "username".
	// +optional
	Username string `json:"username"`
}

JWTTokenClaims allows customization of the claims that will be mapped to user identity for Kubernetes access.

func (*JWTTokenClaims) DeepCopy 

func (in *JWTTokenClaims) DeepCopy() *JWTTokenClaims

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTTokenClaims.

func (*JWTTokenClaims) DeepCopyInto 

func (in *JWTTokenClaims) DeepCopyInto(out *JWTTokenClaims)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLSSpec 

type TLSSpec struct {
	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
	// +optional
	CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
}

Configuration for configuring TLS on various authenticators.

func (*TLSSpec) DeepCopy 

func (in *TLSSpec) DeepCopy() *TLSSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.

func (*TLSSpec) DeepCopyInto 

func (in *TLSSpec) DeepCopyInto(out *TLSSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookAuthenticator 

type WebhookAuthenticator struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec for configuring the authenticator.
	Spec WebhookAuthenticatorSpec `json:"spec"`

	// Status of the authenticator.
	Status WebhookAuthenticatorStatus `json:"status,omitempty"`
}

WebhookAuthenticator describes the configuration of a webhook authenticator. +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:subresource:status

func (*WebhookAuthenticator) DeepCopy 

func (in *WebhookAuthenticator) DeepCopy() *WebhookAuthenticator

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticator.

func (*WebhookAuthenticator) DeepCopyInto 

func (in *WebhookAuthenticator) DeepCopyInto(out *WebhookAuthenticator)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WebhookAuthenticator) DeepCopyObject 

func (in *WebhookAuthenticator) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WebhookAuthenticatorList 

type WebhookAuthenticatorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []WebhookAuthenticator `json:"items"`
}

List of WebhookAuthenticator objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*WebhookAuthenticatorList) DeepCopy 

func (in *WebhookAuthenticatorList) DeepCopy() *WebhookAuthenticatorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorList.

func (*WebhookAuthenticatorList) DeepCopyInto 

func (in *WebhookAuthenticatorList) DeepCopyInto(out *WebhookAuthenticatorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WebhookAuthenticatorList) DeepCopyObject 

func (in *WebhookAuthenticatorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WebhookAuthenticatorSpec 

type WebhookAuthenticatorSpec struct {
	// Webhook server endpoint URL.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:Pattern=`^https://`
	Endpoint string `json:"endpoint"`

	// TLS configuration.
	// +optional
	TLS *TLSSpec `json:"tls,omitempty"`
}

Spec for configuring a webhook authenticator.

func (*WebhookAuthenticatorSpec) DeepCopy 

func (in *WebhookAuthenticatorSpec) DeepCopy() *WebhookAuthenticatorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorSpec.

func (*WebhookAuthenticatorSpec) DeepCopyInto 

func (in *WebhookAuthenticatorSpec) DeepCopyInto(out *WebhookAuthenticatorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebhookAuthenticatorStatus 

type WebhookAuthenticatorStatus struct {
	// Represents the observations of the authenticator's current state.
	// +patchMergeKey=type
	// +patchStrategy=merge
	// +listType=map
	// +listMapKey=type
	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
}

Status of a webhook authenticator.

func (*WebhookAuthenticatorStatus) DeepCopy 

func (in *WebhookAuthenticatorStatus) DeepCopy() *WebhookAuthenticatorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorStatus.

func (*WebhookAuthenticatorStatus) DeepCopyInto 

func (in *WebhookAuthenticatorStatus) DeepCopyInto(out *WebhookAuthenticatorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.