github/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-03-20 02:20:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:v0.6.0
Branches Tags
github:main github:dependabot/docker/dockerfiles/eks-deployer/ci/amazon/aws-cli-2.34.13 github:pinny/bump-deps github:dependabot/go_modules/google.golang.org/grpc-1.79.3 github:dependabot/docker/dockerfiles/integration-test-runner-beta/ci/google/cloud-sdk-561.0.0-slim github:dependabot/docker/dockerfiles/integration-test-runner/ci/google/cloud-sdk-561.0.0-slim github:dependabot/docker/dockerfiles/k8s-app-deployer/ci/google/cloud-sdk-561.0.0-slim github:dependabot/docker/dockerfiles/code-coverage-uploader/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/deployment-yaml-formatter/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/gh-cli/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/pool-trigger-resource/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/test-forward-proxy/ci/debian-13.4-slim github:ci github:jtc/add-a-bunch-of-groups github:jtc/bump-to-k8s-0-34-0 github:jtc/bump-to-k8s-1-32-libs github:jtc/backfill-test github:jtc/warn-when-tokens-are-large github:jtc/externally-configured-serving-certs github:poc/session_length github:jtc/propose-opt-out-of-self-signed-cas github:poc/kube_csr_api github:release-0.12 github:poc/client-side-logout github:release-0.4
github:v0.44.0 github:v0.43.0 github:v0.42.0 github:v0.41.0 github:v0.40.0 github:v0.39.0 github:v0.38.0 github:v0.37.0 github:v0.36.0 github:v0.35.0 github:v0.34.0 github:v0.33.0 github:v0.32.0 github:v0.31.0 github:v0.30.0 github:v0.29.0 github:v0.28.0 github:v0.27.0 github:v0.26.0 github:v0.25.0 github:v0.24.0 github:v0.23.0 github:v0.22.0 github:v0.21.0 github:v0.20.0 github:v0.19.0 github:v0.18.0 github:v0.17.0 github:v0.16.0 github:v0.15.0 github:v0.12.1 github:v0.14.0 github:v0.13.0 github:v0.12.0 github:v0.11.0 github:v0.10.0 github:v0.4.4 github:v0.9.2 github:v0.9.1 github:v0.9.0 github:v0.4.3 github:v0.8.0 github:v0.4.2 github:v0.7.0 github:v0.6.0 github:v0.5.0 github:v0.4.1 github:v0.4.0 github:v0.3.0 github:v0.2.0 github:v0.1.0
..
compare: github:v0.4.3
Branches Tags
github:dependabot/docker/dockerfiles/eks-deployer/ci/amazon/aws-cli-2.34.13 github:pinny/bump-deps github:dependabot/go_modules/google.golang.org/grpc-1.79.3 github:dependabot/docker/dockerfiles/integration-test-runner-beta/ci/google/cloud-sdk-561.0.0-slim github:dependabot/docker/dockerfiles/integration-test-runner/ci/google/cloud-sdk-561.0.0-slim github:dependabot/docker/dockerfiles/k8s-app-deployer/ci/google/cloud-sdk-561.0.0-slim github:dependabot/docker/dockerfiles/code-coverage-uploader/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/deployment-yaml-formatter/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/gh-cli/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/pool-trigger-resource/ci/debian-13.4-slim github:dependabot/docker/dockerfiles/test-forward-proxy/ci/debian-13.4-slim github:ci github:main github:jtc/add-a-bunch-of-groups github:jtc/bump-to-k8s-0-34-0 github:jtc/bump-to-k8s-1-32-libs github:jtc/backfill-test github:jtc/warn-when-tokens-are-large github:jtc/externally-configured-serving-certs github:poc/session_length github:jtc/propose-opt-out-of-self-signed-cas github:poc/kube_csr_api github:release-0.12 github:poc/client-side-logout github:release-0.4
github:v0.44.0 github:v0.43.0 github:v0.42.0 github:v0.41.0 github:v0.40.0 github:v0.39.0 github:v0.38.0 github:v0.37.0 github:v0.36.0 github:v0.35.0 github:v0.34.0 github:v0.33.0 github:v0.32.0 github:v0.31.0 github:v0.30.0 github:v0.29.0 github:v0.28.0 github:v0.27.0 github:v0.26.0 github:v0.25.0 github:v0.24.0 github:v0.23.0 github:v0.22.0 github:v0.21.0 github:v0.20.0 github:v0.19.0 github:v0.18.0 github:v0.17.0 github:v0.16.0 github:v0.15.0 github:v0.12.1 github:v0.14.0 github:v0.13.0 github:v0.12.0 github:v0.11.0 github:v0.10.0 github:v0.4.4 github:v0.9.2 github:v0.9.1 github:v0.9.0 github:v0.4.3 github:v0.8.0 github:v0.4.2 github:v0.7.0 github:v0.6.0 github:v0.5.0 github:v0.4.1 github:v0.4.0 github:v0.3.0 github:v0.2.0 github:v0.1.0

14 Commits
v0.6.0 ... v0.4.3

Author SHA1 Message Date
Matt Moyer
2941f3f3ef Merge pull request #641 from vmware-tanzu/prerelease-0.4.3 
Backports and dependency upgrades for v0.4.3
 2021-05-25 17:01:07 -05:00
Matt Moyer
98fb4be58f Change access token storage TTL to match refresh. 
This is a partial cherry-pick of 5240f5e84a. The token expirations are unchanged, but the garbage collection lifetime is now matched to avoid garbage collection breaking the refresh flow.

This is a backport to fix https://github.com/vmware-tanzu/pinniped/issues/601 on the v0.4.x release line.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-25 16:48:28 -05:00
Matt Moyer
d0ec582334 Upgrade Go from 1.15.11 to 1.15.12. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-25 16:45:12 -05:00
Matt Moyer
e9099bdcf9 Upgrade Kubernetes library dependencies from v1.20.6 to v1.20.7. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-05-25 16:30:36 -05:00
Matt Moyer
ff3f5e2444 Merge pull request #582 from vmware-tanzu/prerelease-v0.4.2 
Adjust "/bin/killall sleep" in new test to be less flaky in CI.
 2021-04-22 13:08:31 -07:00
Matt Moyer
5290aac66f Adjust "/bin/killall sleep" in new test to be less flaky in CI. 
Sometimes the container runtime detects the exiting PID 1 very quickly and shuts down the entire container while the `killall` process is still running.
When this happens, we see it as exit code 137 (SIGKILL).

This never failed for me in Kind locally, but fails pretty often in CI (probably due to timing differences).

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-22 14:51:55 -05:00
Matt Moyer
4927f1c1ad Merge pull request #581 from vmware-tanzu/prerelease-v0.4.2 
Fix some small issues from #580 discovered in CI
 2021-04-22 10:01:07 -07:00
Matt Moyer
e85bcca45f Revert changes to generated 1.20 go.mod. 
This causes a CI failure because I modified the generated directory manually. These versions don't really matter because they will be overridden by the parent go.mod file anyway.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-22 11:51:52 -05:00
Matt Moyer
c1b1082c55 Fix some minor linter style warnings. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-22 11:47:05 -05:00
Matt Moyer
425e53a26b Merge pull request #580 from vmware-tanzu/prerelease-v0.4.2 
Bug fixes and dependency bumps for v0.4.x release branch.
 2021-04-22 09:11:08 -07:00
Matt Moyer
23cd53faeb In kube-cert-agent deleter controller, clean up pods that are stuck in terminal states. 
This change adjusts the kube-cert-agent "deleter" controller to also delete pods that are unusable because they are no longer "Running".

This should make the Concierge recover from scenarios where clusters are suspended and resumed, as well as other edge cases where the `sleep` process in the agent pod exits for some reason.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-21 17:00:20 -05:00
Matt Moyer
24c8bdef44 Add a test to verify that the kube-cert-agent recovers when a pod becomes unhealthy. 
This required some small adjustments to the produciton code to make it more feasible to test.

The new test takes an existing agent pod and terminates the `sleep` process, causing the pod to go into an `Error` status.
The agent controllers _should_ respond to this by deleting and recreating that failed pod, but the current code just gets stuck.

This is meant to replicate the situation when a cluster is suspended and resumed, which also causes the agent pod to be in this terminal error state.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-21 16:48:00 -05:00
Matt Moyer
4375c01afb Upgrade Debian base image from 10.7 to 10.9 and Go from 1.15.6 to 1.15.11. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-21 10:50:07 -05:00
Matt Moyer
91bf179b39 Upgrade Kubernetes library dependencies from v1.20.1 to v1.20.6. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2021-04-21 10:20:32 -05:00
328 changed files with 3443 additions and 7258 deletions
Expand all files Collapse all files

13
.dockerignore
View File

@@ -1,13 +0,0 @@
./.*
./*.md
./*.yaml
./apis
./deploy
./Dockerfile
./generated/1.1*
./hack/lib/tilt/
./internal/mocks
./LICENSE
./site/
./test
**/*_test.go

13
.github/codecov.yml vendored
View File

@@ -1,13 +0,0 @@
codecov:
strict_yaml_branch: main
require_ci_to_pass: no
notify:
wait_for_ci: no
coverage:
status:
project:
default:
informational: true
patch:
default:
informational: true

4
.pre-commit-hooks.yaml Normal file
View File

@@ -0,0 +1,4 @@
- id: validate-copyright-year
name: Validate copyright year
entry: hack/check-copyright-year.sh
language: script

13
CONTRIBUTING.md
View File

@@ -10,15 +10,22 @@ Please see the [Code of Conduct](./CODE_OF_CONDUCT.md).
Learn about the [scope](https://pinniped.dev/docs/scope/) of the project.
## Community Meetings
## Meeting with the Maintainers
Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community. Please join us during our online community meetings, occuring every first and third Thursday of the month at 9AM PT / 12PM PT. Use [this Zoom Link](https://vmware.zoom.us/j/93798188973?pwd=T3pIMWxReEQvcWljNm1admRoZTFSZz09) to attend and add any agenda items you wish to discuss to [the notes document](https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ?view). Join our [Google Group](https://groups.google.com/u/1/g/project-pinniped) to receive invites to this meeting.
The maintainers aspire to hold a video conference every other week with the Pinniped community.
Any community member may request to add topics to the agenda by contacting a [maintainer](MAINTAINERS.md)
in advance, or by attending and raising the topic during time remaining after the agenda is covered.
Typical agenda items include topics regarding the roadmap, feature requests, bug reports, pull requests, etc.
A [public document](https://docs.google.com/document/d/1qYA35wZV-6bxcH5375vOnIGkNBo7e4OROgsV4Sj8WjQ)
tracks the agendas and notes for these meetings.
These meetings are currently scheduled for the first and third Thursday mornings of each month
at 9 AM Pacific Time, using this [Zoom meeting](https://VMware.zoom.us/j/94638309756?pwd=V3NvRXJIdDg5QVc0TUdFM2dYRzgrUT09).
If the meeting day falls on a US holiday, please consider that occurrence of the meeting to be canceled.
## Discussion
Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub [Discussions](https://github.com/vmware-tanzu/pinniped/discussions) tab at the top of this page or reach out in Kubernetes Slack Workspace within the [#pinniped channel](https://kubernetes.slack.com/archives/C01BW364RJA).
Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub [Discussions](https://github.com/vmware-tanzu/pinniped/discussions) tab at the top of this page.
## Issues

53
Dockerfile
View File

@@ -1,41 +1,36 @@
# syntax = docker/dockerfile:1.0-experimental
# Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
FROM golang:1.15.8 as build-env
FROM golang:1.15.12 as build-env
WORKDIR /work
COPY . .
ARG GOPROXY
# Get dependencies first so they can be cached as a layer
COPY go.* ./
COPY generated/1.20/apis/go.* ./generated/1.20/apis/
COPY generated/1.20/client/go.* ./generated/1.20/client/
RUN go mod download
# Copy only the production source code to avoid cache misses when editing other files
COPY generated ./generated
COPY cmd ./cmd
COPY pkg ./pkg
COPY internal ./internal
COPY hack ./hack
# Build the executable binary (CGO_ENABLED=0 means static linking)
# Pass in GOCACHE (build cache) and GOMODCACHE (module cache) so they
# can be re-used between image builds.
RUN \
--mount=type=cache,target=/cache/gocache \
--mount=type=cache,target=/cache/gomodcache \
mkdir out && \
GOCACHE=/cache/gocache \
GOMODCACHE=/cache/gomodcache \
CGO_ENABLED=0 \
GOOS=linux \
GOARCH=amd64 \
go build -v -ldflags "$(hack/get-ldflags.sh)" -o out \
./cmd/pinniped-concierge/... \
./cmd/pinniped-supervisor/... \
./cmd/local-user-authenticator/...
RUN mkdir out \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-concierge/... \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "$(hack/get-ldflags.sh)" -o out ./cmd/pinniped-supervisor/... \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o out ./cmd/local-user-authenticator/...
# Use a Debian slim image to grab a reasonable default CA bundle.
FROM debian:10.8-slim AS get-ca-bundle-env
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/* /var/cache/debconf/*
# Use a runtime image based on Debian slim
FROM debian:10.9-slim
RUN apt-get update && apt-get install -y ca-certificates procps && rm -rf /var/lib/apt/lists/*
# Use a runtime image based on Debian slim.
FROM debian:10.8-slim
COPY --from=get-ca-bundle-env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
# Copy the binaries from the build-env stage.
COPY --from=build-env /work/out/ /usr/local/bin/
# Copy the binaries from the build-env stage
COPY --from=build-env /work/out/pinniped-concierge /usr/local/bin/pinniped-concierge
COPY --from=build-env /work/out/pinniped-supervisor /usr/local/bin/pinniped-supervisor
COPY --from=build-env /work/out/local-user-authenticator /usr/local/bin/local-user-authenticator
# Document the ports
EXPOSE 8080 8443

8
README.md
View File

@@ -47,15 +47,9 @@ To learn more, see [architecture](https://pinniped.dev/docs/architecture/).
Care to kick the tires? It's easy to [install and try Pinniped](https://pinniped.dev/docs/demo/).
## Community Meetings
Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community. Please join us during our online community meetings, occuring every first and third Thursday of the month at 9AM PT / 12PM PT. Use [this Zoom Link](https://vmware.zoom.us/j/93798188973?pwd=T3pIMWxReEQvcWljNm1admRoZTFSZz09) to attend and add any agenda items you wish to discuss to [the notes document](https://hackmd.io/rd_kVJhjQfOvfAWzK8A3tQ?view). Join our [Google Group](https://groups.google.com/u/1/g/project-pinniped) to receive invites to this meeting.
If the meeting day falls on a US holiday, please consider that occurrence of the meeting to be canceled.
## Discussion
Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub [Discussions](https://github.com/vmware-tanzu/pinniped/discussions) tab at the top of this page or reach out in Kubernetes Slack Workspace within the [#pinniped channel](https://kubernetes.slack.com/archives/C01BW364RJA).
Got a question, comment, or idea? Please don't hesitate to reach out via the GitHub [Discussions](https://github.com/vmware-tanzu/pinniped/discussions) tab at the top of this page.
## Contributions

100
SECURITY.md
View File

@@ -1,92 +1,12 @@
# Security Release Process
# Reporting a Vulnerability
Pinniped provides identity services for Kubernetes clusters. The community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues.
Pinniped development is sponsored by VMware, and the Pinniped team encourages users
who become aware of a security vulnerability in Pinniped to report any potential
vulnerabilities found to security@vmware.com. If possible, please include a description
of the effects of the vulnerability, reproduction steps, and a description of in which
version of Pinniped or its dependencies the vulnerability was discovered.
The use of encrypted email is encouraged. The public PGP key can be found at https://kb.vmware.com/kb/1055.
## Supported Versions
As of right now, only the latest version of Pinniped is supported.
## Reporting a Vulnerability - Private Disclosure Process
Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Pinniped privately, to minimize attacks against current users of Pinniped before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project.
If you know of a publicly disclosed security vulnerability for Pinniped, please **IMMEDIATELY** contact the VMware Security Team (security@vmware.com). The use of encrypted email is encouraged. The public PGP key can be found at https://kb.vmware.com/kb/1055.
**IMPORTANT: Do not file public issues on GitHub for security vulnerabilities**
To report a vulnerability or a security-related issue, please contact the VMware email address with the details of the vulnerability. The email will be fielded by the VMware Security Team and then shared with the Pinniped maintainers who have committer and release permissions. Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. Do not report non-security-impacting bugs through this channel. Use [GitHub issues](https://github.com/vmware-tanzu/pinniped/issues/new/choose) instead.
## Proposed Email Content
Provide a descriptive subject line and in the body of the email include the following information:
* Basic identity information, such as your name and your affiliation or company.
* Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and logs are all helpful to us).
* Description of the effects of the vulnerability on Pinniped and the related hardware and software configurations, so that the VMware Security Team can reproduce it.
* How the vulnerability affects Pinniped usage and an estimation of the attack surface, if there is one.
* List other projects or dependencies that were used in conjunction with Pinniped to produce the vulnerability.
## When to report a vulnerability
* When you think Pinniped has a potential security vulnerability.
* When you suspect a potential vulnerability but you are unsure that it impacts Pinniped.
* When you know of or suspect a potential vulnerability on another project that is used by Pinniped.
## Patch, Release, and Disclosure
The VMware Security Team will respond to vulnerability reports as follows:
1. The Security Team will investigate the vulnerability and determine its effects and criticality.
2. If the issue is not deemed to be a vulnerability, the Security Team will follow up with a detailed reason for rejection.
3. The Security Team will initiate a conversation with the reporter within 3 business days.
4. If a vulnerability is acknowledged and the timeline for a fix is determined, the Security Team will work on a plan to communicate with the appropriate community, including identifying mitigating steps that affected users can take to protect themselves until the fix is rolled out.
5. The Security Team will also create a [CVSS](https://www.first.org/cvss/specification-document) using the [CVSS Calculator](https://www.first.org/cvss/calculator/3.0). The Security Team makes the final call on the calculated CVSS; it is better to move quickly than making the CVSS perfect. Issues may also be reported to [Mitre](https://cve.mitre.org/) using this [scoring calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). The CVE will initially be set to private.
6. The Security Team will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix.
7. The Security Team will provide early disclosure of the vulnerability by emailing the [Pinniped Distributors](https://groups.google.com/g/project-pinniped-distributors) mailing list. Distributors can initially plan for the vulnerability patch ahead of the fix, and later can test the fix and provide feedback to the Pinniped team. See the section **Early Disclosure to Pinniped Distributors List** for details about how to join this mailing list.
8. A public disclosure date is negotiated by the VMware SecurityTeam, the bug submitter, and the distributors list. We prefer to fully disclose the bug as soon as possible once a user mitigation or patch is available. It is reasonable to delay disclosure when the bug or the fix is not yet fully understood, the solution is not well-tested, or for distributor coordination. The timeframe for disclosure is from immediate (especially if its already publicly known) to a few weeks. For a critical vulnerability with a straightforward mitigation, we expect the report date for the public disclosure date to be on the order of 14 business days. The VMware Security Team holds the final say when setting a public disclosure date.
9. Once the fix is confirmed, the Security Team will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. Upon release of the patched version of Pinniped, we will follow the **Public Disclosure Process**.
## Public Disclosure Process
The Security Team publishes a [public advisory](https://github.com/vmware-tanzu/pinniped/security/advisories) to the Pinniped community via GitHub. In most cases, additional communication via Slack, Twitter, mailing lists, blog and other channels will assist in educating Pinniped users and rolling out the patched release to affected users.
The Security Team will also publish any mitigating steps users can take until the fix can be applied to their Pinniped instances. Pinniped distributors will handle creating and publishing their own security advisories.
## Mailing lists
* Use security@vmware.com to report security concerns to the VMware Security Team, who uses the list to privately discuss security issues and fixes prior to disclosure. The use of encrypted email is encouraged. The public PGP key can be found at https://kb.vmware.com/kb/1055.
* Join the [Pinniped Distributors](https://groups.google.com/g/project-pinniped-distributors) mailing list for early private information and vulnerability disclosure. Early disclosure may include mitigating steps and additional information on security patch releases. See below for information on how Pinniped distributors or vendors can apply to join this list.
## Early Disclosure to Pinniped Distributors List
The private list is intended to be used primarily to provide actionable information to multiple distributor projects at once. This list is not intended to inform individuals about security issues.
## Membership Criteria
To be eligible to join the [Pinniped Distributors](https://groups.google.com/g/project-pinniped-distributors) mailing list, you should:
1. Be an active distributor of Pinniped.
2. Have a user base that is not limited to your own organization.
3. Have a publicly verifiable track record up to the present day of fixing security issues.
4. Not be a downstream or rebuild of another distributor.
5. Be a participant and active contributor in the Pinniped community.
6. Accept the Embargo Policy that is outlined below.
7. Have someone who is already on the list vouch for the person requesting membership on behalf of your distribution.
**The terms and conditions of the Embargo Policy apply to all members of this mailing list. A request for membership represents your acceptance to the terms and conditions of the Embargo Policy.**
## Embargo Policy
The information that members receive on the Pinniped Distributors mailing list must not be made public, shared, or even hinted at anywhere beyond those who need to know within your specific team, unless you receive explicit approval to do so from the VMware Security Team. This remains true until the public disclosure date/time agreed upon by the list. Members of the list and others cannot use the information for any reason other than to get the issue fixed for your respective distribution's users.
Before you share any information from the list with members of your team who are required to fix the issue, these team members must agree to the same terms, and only be provided with information on a need-to-know basis.
In the unfortunate event that you share information beyond what is permitted by this policy, you must urgently inform the VMware Security Team (security@vmware.com) of exactly what information was leaked and to whom. If you continue to leak information and break the policy outlined here, you will be permanently removed from the list.
## Requesting to Join
Send new membership requests to https://groups.google.com/g/project-pinniped-distributors. In the body of your request please specify how you qualify for membership and fulfill each criterion listed in the Membership Criteria section above.
## Confidentiality, integrity and availability
We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. The VMware Security Team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner.
The Pinniped team hopes that users encountering a new vulnerability will contact
us privately as it is in the best interests of our users that the Pinniped team has
an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge.

4
apis/concierge/authentication/v1alpha1/types_jwt.go.tmpl
View File

@@ -57,11 +57,9 @@ type JWTTokenClaims struct {
// signature, existence of claims, etc.) and extract the username and groups from the token.
//
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
// +kubebuilder:subresource:status
type JWTAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

4
apis/concierge/authentication/v1alpha1/types_webhook.go.tmpl
View File

@@ -29,11 +29,9 @@ type WebhookAuthenticatorSpec struct {
// WebhookAuthenticator describes the configuration of a webhook authenticator.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
// +kubebuilder:subresource:status
type WebhookAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

5
apis/concierge/config/v1alpha1/types_credentialissuer.go.tmpl
View File

@@ -67,16 +67,13 @@ type CredentialIssuerStrategy struct {
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped,scope=Cluster
// +kubebuilder:subresource:status
// +kubebuilder:resource:categories=pinniped
type CredentialIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
// +optional
Status CredentialIssuerStatus `json:"status"`
}

1
apis/concierge/login/types_token.go.tmpl
View File

@@ -27,6 +27,7 @@ type TokenCredentialRequestStatus struct {
}
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type TokenCredentialRequest struct {
metav1.TypeMeta

1
apis/concierge/login/v1alpha1/types_token.go.tmpl
View File

@@ -30,7 +30,6 @@ type TokenCredentialRequestStatus struct {
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type TokenCredentialRequest struct {
metav1.TypeMeta `json:",inline"`

1
apis/supervisor/config/v1alpha1/types_federationdomain.go.tmpl
View File

@@ -109,7 +109,6 @@ type FederationDomainStatus struct {
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped
// +kubebuilder:subresource:status
type FederationDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

19
cmd/pinniped-supervisor/main.go
View File

@@ -37,7 +37,6 @@ import (
"go.pinniped.dev/internal/controllerlib"
"go.pinniped.dev/internal/deploymentref"
"go.pinniped.dev/internal/downward"
"go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/kubeclient"
"go.pinniped.dev/internal/oidc/jwks"
"go.pinniped.dev/internal/oidc/provider"
@@ -175,8 +174,8 @@ func startControllers(
secretCache.SetTokenHMACKey(federationDomainIssuer, symmetricKey)
},
),
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.TokenSigningKey
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.TokenSigningKey
},
kubeClient,
pinnipedClient,
@@ -198,8 +197,8 @@ func startControllers(
secretCache.SetStateEncoderHashKey(federationDomainIssuer, symmetricKey)
},
),
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.StateSigningKey
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.StateSigningKey
},
kubeClient,
pinnipedClient,
@@ -221,8 +220,8 @@ func startControllers(
secretCache.SetStateEncoderBlockKey(federationDomainIssuer, symmetricKey)
},
),
func(fd *configv1alpha1.FederationDomainStatus) *corev1.LocalObjectReference {
return &fd.Secrets.StateEncryptionKey
func(fd *configv1alpha1.FederationDomain) *corev1.LocalObjectReference {
return &fd.Status.Secrets.StateEncryptionKey
},
kubeClient,
pinnipedClient,
@@ -259,15 +258,13 @@ func run(podInfo *downward.PodInfo, cfg *supervisor.Config) error {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// TODO remove code that relies on supervisorDeployment directly
dref, supervisorDeployment, err := deploymentref.New(podInfo)
if err != nil {
return fmt.Errorf("cannot create deployment ref: %w", err)
}
client, err := kubeclient.New(
dref,
kubeclient.WithMiddleware(groupsuffix.New(*cfg.APIGroupSuffix)),
)
client, err := kubeclient.New(dref)
if err != nil {
return fmt.Errorf("cannot create k8s client: %w", err)
}

6
cmd/pinniped/cmd/cobra_util.go
View File

@@ -22,9 +22,3 @@ func mustMarkHidden(cmd *cobra.Command, flags ...string) {
}
}
}
func mustMarkDeprecated(cmd *cobra.Command, flag, usageMessage string) {
if err := cmd.Flags().MarkDeprecated(flag, usageMessage); err != nil {
panic(err)
}
}

136
cmd/pinniped/cmd/deprecated.go Normal file
View File

@@ -0,0 +1,136 @@
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
import (
"encoding/base64"
"fmt"
"os"
"github.com/spf13/cobra"
"go.pinniped.dev/internal/here"
"go.pinniped.dev/internal/plog"
)
//nolint: gochecknoinits
func init() {
rootCmd.AddCommand(legacyGetKubeconfigCommand(kubeconfigRealDeps()))
rootCmd.AddCommand(legacyExchangeTokenCommand(staticLoginRealDeps()))
}
func legacyGetKubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
var (
cmd = &cobra.Command{
Hidden: true,
Deprecated: "Please use `pinniped get kubeconfig` instead.",
Args: cobra.NoArgs, // do not accept positional arguments for this command
Use: "get-kubeconfig",
Short: "Print a kubeconfig for authenticating into a cluster via Pinniped",
Long: here.Doc(`
Print a kubeconfig for authenticating into a cluster via Pinniped.
Requires admin-like access to the cluster using the current
kubeconfig context in order to access Pinniped's metadata.
The current kubeconfig is found similar to how kubectl finds it:
using the value of the --kubeconfig option, or if that is not
specified then from the value of the KUBECONFIG environment
variable, or if that is not specified then it defaults to
.kube/config in your home directory.
Prints a kubeconfig which is suitable to access the cluster using
Pinniped as the authentication mechanism. This kubeconfig output
can be saved to a file and used with future kubectl commands, e.g.:
pinniped get-kubeconfig --token $MY_TOKEN > $HOME/mycluster-kubeconfig
kubectl --kubeconfig $HOME/mycluster-kubeconfig get pods
`),
}
token string
kubeconfig string
contextOverride string
namespace string
authenticatorType string
authenticatorName string
)
cmd.Flags().StringVar(&token, "token", "", "Credential to include in the resulting kubeconfig output (Required)")
cmd.Flags().StringVar(&kubeconfig, "kubeconfig", "", "Path to the kubeconfig file")
cmd.Flags().StringVar(&contextOverride, "kubeconfig-context", "", "Kubeconfig context override")
cmd.Flags().StringVar(&namespace, "pinniped-namespace", "pinniped-concierge", "Namespace in which Pinniped was installed")
cmd.Flags().StringVar(&authenticatorType, "authenticator-type", "", "Authenticator type (e.g., 'webhook', 'jwt')")
cmd.Flags().StringVar(&authenticatorName, "authenticator-name", "", "Authenticator name")
mustMarkRequired(cmd, "token")
plog.RemoveKlogGlobalFlags()
cmd.RunE = func(cmd *cobra.Command, args []string) error {
return runGetKubeconfig(cmd.OutOrStdout(), deps, getKubeconfigParams{
kubeconfigPath: kubeconfig,
kubeconfigContextOverride: contextOverride,
staticToken: token,
concierge: getKubeconfigConciergeParams{
namespace: namespace,
authenticatorName: authenticatorName,
authenticatorType: authenticatorType,
},
})
}
return cmd
}
func legacyExchangeTokenCommand(deps staticLoginDeps) *cobra.Command {
cmd := &cobra.Command{
Hidden: true,
Deprecated: "Please use `pinniped login static` instead.",
Args: cobra.NoArgs, // do not accept positional arguments for this command
Use: "exchange-credential",
Short: "Exchange a credential for a cluster-specific access credential",
Long: here.Doc(`
Exchange a credential which proves your identity for a time-limited,
cluster-specific access credential.
Designed to be conveniently used as an credential plugin for kubectl.
See the help message for 'pinniped get-kubeconfig' for more
information about setting up a kubeconfig file using Pinniped.
Requires all of the following environment variables, which are
typically set in the kubeconfig:
- PINNIPED_TOKEN: the token to send to Pinniped for exchange
- PINNIPED_NAMESPACE: the namespace of the authenticator to authenticate
against
- PINNIPED_AUTHENTICATOR_TYPE: the type of authenticator to authenticate
against (e.g., "webhook", "jwt")
- PINNIPED_AUTHENTICATOR_NAME: the name of the authenticator to authenticate
against
- PINNIPED_CA_BUNDLE: the CA bundle to trust when calling
Pinniped's HTTPS endpoint
- PINNIPED_K8S_API_ENDPOINT: the URL for the Pinniped credential
exchange API
For more information about credential plugins in general, see
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
`),
}
plog.RemoveKlogGlobalFlags()
cmd.RunE = func(cmd *cobra.Command, args []string) error {
// Make a little helper to grab OS environment variables and keep a list that were missing.
var missing []string
getEnv := func(name string) string {
value, ok := os.LookupEnv(name)
if !ok {
missing = append(missing, name)
}
return value
}
flags := staticLoginParams{
staticToken: getEnv("PINNIPED_TOKEN"),
conciergeEnabled: true,
conciergeNamespace: getEnv("PINNIPED_NAMESPACE"),
conciergeAuthenticatorType: getEnv("PINNIPED_AUTHENTICATOR_TYPE"),
conciergeAuthenticatorName: getEnv("PINNIPED_AUTHENTICATOR_NAME"),
conciergeEndpoint: getEnv("PINNIPED_K8S_API_ENDPOINT"),
conciergeCABundle: base64.StdEncoding.EncodeToString([]byte(getEnv("PINNIPED_CA_BUNDLE"))),
}
if len(missing) > 0 {
return fmt.Errorf("failed to get credential: required environment variable(s) not set: %v", missing)
}
return runStaticLogin(cmd.OutOrStdout(), deps, flags)
}
return cmd
}

55
cmd/pinniped/cmd/kubeconfig.go
View File

@@ -15,7 +15,7 @@ import (
"strings"
"time"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/coreos/go-oidc"
"github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
@@ -26,27 +26,23 @@ import (
conciergev1alpha1 "go.pinniped.dev/generated/1.20/apis/concierge/authentication/v1alpha1"
conciergeclientset "go.pinniped.dev/generated/1.20/client/concierge/clientset/versioned"
"go.pinniped.dev/internal/groupsuffix"
"go.pinniped.dev/internal/kubeclient"
)
type kubeconfigDeps struct {
getPathToSelf func() (string, error)
getClientset func(clientConfig clientcmd.ClientConfig, apiGroupSuffix string) (conciergeclientset.Interface, error)
getClientset func(clientcmd.ClientConfig) (conciergeclientset.Interface, error)
}
func kubeconfigRealDeps() kubeconfigDeps {
return kubeconfigDeps{
getPathToSelf: os.Executable,
getClientset: func(clientConfig clientcmd.ClientConfig, apiGroupSuffix string) (conciergeclientset.Interface, error) {
getClientset: func(clientConfig clientcmd.ClientConfig) (conciergeclientset.Interface, error) {
restConfig, err := clientConfig.ClientConfig()
if err != nil {
return nil, err
}
client, err := kubeclient.New(
kubeclient.WithConfig(restConfig),
kubeclient.WithMiddleware(groupsuffix.New(apiGroupSuffix)),
)
client, err := kubeclient.New(kubeclient.WithConfig(restConfig))
if err != nil {
return nil, err
}
@@ -74,9 +70,9 @@ type getKubeconfigOIDCParams struct {
type getKubeconfigConciergeParams struct {
disabled bool
namespace string
authenticatorName string
authenticatorType string
apiGroupSuffix string
}
type getKubeconfigParams struct {
@@ -90,14 +86,13 @@ type getKubeconfigParams struct {
func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
var (
cmd = &cobra.Command{
cmd = cobra.Command{
Args: cobra.NoArgs,
Use: "kubeconfig",
Short: "Generate a Pinniped-based kubeconfig for a cluster",
SilenceUsage: true,
}
flags getKubeconfigParams
namespace string // unused now
flags getKubeconfigParams
)
f := cmd.Flags()
@@ -105,10 +100,9 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
f.StringVar(&flags.staticTokenEnvName, "static-token-env", "", "Instead of doing an OIDC-based login, read a static token from the environment")
f.BoolVar(&flags.concierge.disabled, "no-concierge", false, "Generate a configuration which does not use the concierge, but sends the credential to the cluster directly")
f.StringVar(&namespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
f.StringVar(&flags.concierge.namespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
f.StringVar(&flags.concierge.authenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt') (default: autodiscover)")
f.StringVar(&flags.concierge.authenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name (default: autodiscover)")
f.StringVar(&flags.concierge.apiGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix")
f.StringVar(&flags.oidc.issuer, "oidc-issuer", "", "OpenID Connect issuer URL (default: autodiscover)")
f.StringVar(&flags.oidc.clientID, "oidc-client-id", "pinniped-cli", "OpenID Connect client ID (default: autodiscover)")
@@ -122,22 +116,14 @@ func kubeconfigCommand(deps kubeconfigDeps) *cobra.Command {
f.StringVar(&flags.kubeconfigPath, "kubeconfig", os.Getenv("KUBECONFIG"), "Path to kubeconfig file")
f.StringVar(&flags.kubeconfigContextOverride, "kubeconfig-context", "", "Kubeconfig context name (default: current active context)")
mustMarkHidden(cmd, "oidc-debug-session-cache")
mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
mustMarkHidden(cmd, "concierge-namespace")
mustMarkHidden(&cmd, "oidc-debug-session-cache")
cmd.RunE = func(cmd *cobra.Command, args []string) error { return runGetKubeconfig(cmd.OutOrStdout(), deps, flags) }
return cmd
return &cmd
}
//nolint:funlen
func runGetKubeconfig(out io.Writer, deps kubeconfigDeps, flags getKubeconfigParams) error {
// Validate api group suffix and immediately return an error if it is invalid.
if err := groupsuffix.Validate(flags.concierge.apiGroupSuffix); err != nil {
return fmt.Errorf("invalid api group suffix: %w", err)
}
execConfig := clientcmdapi.ExecConfig{
APIVersion: clientauthenticationv1beta1.SchemeGroupVersion.String(),
Args: []string{},
@@ -165,7 +151,7 @@ func runGetKubeconfig(out io.Writer, deps kubeconfigDeps, flags getKubeconfigPar
if err != nil {
return fmt.Errorf("could not load --kubeconfig/--kubeconfig-context: %w", err)
}
clientset, err := deps.getClientset(clientConfig, flags.concierge.apiGroupSuffix)
clientset, err := deps.getClientset(clientConfig)
if err != nil {
return fmt.Errorf("could not configure Kubernetes client: %w", err)
}
@@ -173,6 +159,7 @@ func runGetKubeconfig(out io.Writer, deps kubeconfigDeps, flags getKubeconfigPar
if !flags.concierge.disabled {
authenticator, err := lookupAuthenticator(
clientset,
flags.concierge.namespace,
flags.concierge.authenticatorType,
flags.concierge.authenticatorName,
)
@@ -262,7 +249,7 @@ func configureConcierge(authenticator metav1.Object, flags *getKubeconfigParams,
if *oidcCABundle == "" && auth.Spec.TLS != nil && auth.Spec.TLS.CertificateAuthorityData != "" {
decoded, err := base64.StdEncoding.DecodeString(auth.Spec.TLS.CertificateAuthorityData)
if err != nil {
return fmt.Errorf("tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator %s has invalid spec.tls.certificateAuthorityData: %w", auth.Name, err)
return fmt.Errorf("tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator %s/%s has invalid spec.tls.certificateAuthorityData: %w", auth.Namespace, auth.Name, err)
}
*oidcCABundle = string(decoded)
}
@@ -271,7 +258,7 @@ func configureConcierge(authenticator metav1.Object, flags *getKubeconfigParams,
// Append the flags to configure the Concierge credential exchange at runtime.
execConfig.Args = append(execConfig.Args,
"--enable-concierge",
"--concierge-api-group-suffix="+flags.concierge.apiGroupSuffix,
"--concierge-namespace="+flags.concierge.namespace,
"--concierge-authenticator-name="+flags.concierge.authenticatorName,
"--concierge-authenticator-type="+flags.concierge.authenticatorType,
"--concierge-endpoint="+v1Cluster.Server,
@@ -307,7 +294,7 @@ func newExecKubeconfig(cluster *clientcmdapi.Cluster, execConfig *clientcmdapi.E
}
}
func lookupAuthenticator(clientset conciergeclientset.Interface, authType, authName string) (metav1.Object, error) {
func lookupAuthenticator(clientset conciergeclientset.Interface, namespace, authType, authName string) (metav1.Object, error) {
ctx, cancelFunc := context.WithTimeout(context.Background(), time.Second*20)
defer cancelFunc()
@@ -315,9 +302,9 @@ func lookupAuthenticator(clientset conciergeclientset.Interface, authType, authN
if authName != "" && authType != "" {
switch strings.ToLower(authType) {
case "webhook":
return clientset.AuthenticationV1alpha1().WebhookAuthenticators().Get(ctx, authName, metav1.GetOptions{})
return clientset.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Get(ctx, authName, metav1.GetOptions{})
case "jwt":
return clientset.AuthenticationV1alpha1().JWTAuthenticators().Get(ctx, authName, metav1.GetOptions{})
return clientset.AuthenticationV1alpha1().JWTAuthenticators(namespace).Get(ctx, authName, metav1.GetOptions{})
default:
return nil, fmt.Errorf(`invalid authenticator type %q, supported values are "webhook" and "jwt"`, authType)
}
@@ -325,11 +312,11 @@ func lookupAuthenticator(clientset conciergeclientset.Interface, authType, authN
// Otherwise list all the available authenticators and hope there's just a single one.
jwtAuths, err := clientset.AuthenticationV1alpha1().JWTAuthenticators().List(ctx, metav1.ListOptions{})
jwtAuths, err := clientset.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(ctx, metav1.ListOptions{})
if err != nil {
return nil, fmt.Errorf("failed to list JWTAuthenticator objects for autodiscovery: %w", err)
}
webhooks, err := clientset.AuthenticationV1alpha1().WebhookAuthenticators().List(ctx, metav1.ListOptions{})
webhooks, err := clientset.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(ctx, metav1.ListOptions{})
if err != nil {
return nil, fmt.Errorf("failed to list WebhookAuthenticator objects for autodiscovery: %w", err)
}
@@ -342,10 +329,10 @@ func lookupAuthenticator(clientset conciergeclientset.Interface, authType, authN
results = append(results, &webhooks.Items[i])
}
if len(results) == 0 {
return nil, fmt.Errorf("no authenticators were found")
return nil, fmt.Errorf("no authenticators were found in namespace %q (try setting --concierge-namespace)", namespace)
}
if len(results) > 1 {
return nil, fmt.Errorf("multiple authenticators were found, so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified")
return nil, fmt.Errorf("multiple authenticators were found in namespace %q, so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified", namespace)
}
return results[0], nil
}

64
cmd/pinniped/cmd/kubeconfig_test.go
View File

@@ -46,7 +46,6 @@ func TestGetKubeconfig(t *testing.T) {
wantStdout string
wantStderr string
wantOptionsCount int
wantAPIGroupSuffix string
}{
{
name: "help flag passed",
@@ -58,9 +57,9 @@ func TestGetKubeconfig(t *testing.T) {
kubeconfig [flags]
Flags:
--concierge-api-group-suffix string Concierge API group suffix (default "pinniped.dev")
--concierge-authenticator-name string Concierge authenticator name (default: autodiscover)
--concierge-authenticator-type string Concierge authenticator type (e.g., 'webhook', 'jwt') (default: autodiscover)
--concierge-namespace string Namespace in which the concierge was installed (default "pinniped-concierge")
-h, --help help for kubeconfig
--kubeconfig string Path to kubeconfig file
--kubeconfig-context string Kubeconfig context name (default: current active context)
@@ -209,32 +208,34 @@ func TestGetKubeconfig(t *testing.T) {
},
wantError: true,
wantStderr: here.Doc(`
Error: no authenticators were found
Error: no authenticators were found in namespace "pinniped-concierge" (try setting --concierge-namespace)
`),
},
{
name: "fail to autodetect authenticator, multiple found",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-namespace", "test-namespace",
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-1"}},
&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-2"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-3"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-4"}},
&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-1", Namespace: "test-namespace"}},
&conciergev1alpha1.JWTAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-2", Namespace: "test-namespace"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-3", Namespace: "test-namespace"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator-4", Namespace: "test-namespace"}},
},
wantError: true,
wantStderr: here.Doc(`
Error: multiple authenticators were found, so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified
Error: multiple authenticators were found in namespace "test-namespace", so the --concierge-authenticator-type/--concierge-authenticator-name flags must be specified
`),
},
{
name: "autodetect webhook authenticator, missing --oidc-issuer",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-namespace", "test-namespace",
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
},
wantError: true,
wantStderr: here.Doc(`
@@ -245,10 +246,11 @@ func TestGetKubeconfig(t *testing.T) {
name: "autodetect JWT authenticator, invalid TLS bundle",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-namespace", "test-namespace",
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"},
ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"},
Spec: conciergev1alpha1.JWTAuthenticatorSpec{
TLS: &conciergev1alpha1.TLSSpec{
CertificateAuthorityData: "invalid-base64",
@@ -258,42 +260,34 @@ func TestGetKubeconfig(t *testing.T) {
},
wantError: true,
wantStderr: here.Doc(`
Error: tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator test-authenticator has invalid spec.tls.certificateAuthorityData: illegal base64 data at input byte 7
Error: tried to autodiscover --oidc-ca-bundle, but JWTAuthenticator test-namespace/test-authenticator has invalid spec.tls.certificateAuthorityData: illegal base64 data at input byte 7
`),
},
{
name: "invalid static token flags",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-namespace", "test-namespace",
"--static-token", "test-token",
"--static-token-env", "TEST_TOKEN",
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
},
wantError: true,
wantStderr: here.Doc(`
Error: only one of --static-token and --static-token-env can be specified
`),
},
{
name: "invalid api group suffix",
args: []string{
"--concierge-api-group-suffix", ".starts.with.dot",
},
wantError: true,
wantStderr: here.Doc(`
Error: invalid api group suffix: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
`),
},
{
name: "valid static token",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-namespace", "test-namespace",
"--static-token", "test-token",
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
},
wantStdout: here.Doc(`
apiVersion: v1
@@ -319,7 +313,7 @@ func TestGetKubeconfig(t *testing.T) {
- login
- static
- --enable-concierge
- --concierge-api-group-suffix=pinniped.dev
- --concierge-namespace=test-namespace
- --concierge-authenticator-name=test-authenticator
- --concierge-authenticator-type=webhook
- --concierge-endpoint=https://fake-server-url-value
@@ -334,10 +328,11 @@ func TestGetKubeconfig(t *testing.T) {
name: "valid static token from env var",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-namespace", "test-namespace",
"--static-token-env", "TEST_TOKEN",
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"}},
&conciergev1alpha1.WebhookAuthenticator{ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "test-namespace"}},
},
wantStdout: here.Doc(`
apiVersion: v1
@@ -363,7 +358,7 @@ func TestGetKubeconfig(t *testing.T) {
- login
- static
- --enable-concierge
- --concierge-api-group-suffix=pinniped.dev
- --concierge-namespace=test-namespace
- --concierge-authenticator-name=test-authenticator
- --concierge-authenticator-type=webhook
- --concierge-endpoint=https://fake-server-url-value
@@ -381,7 +376,7 @@ func TestGetKubeconfig(t *testing.T) {
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.JWTAuthenticator{
ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"},
ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "pinniped-concierge"},
Spec: conciergev1alpha1.JWTAuthenticatorSpec{
Issuer: "https://example.com/issuer",
Audience: "test-audience",
@@ -415,7 +410,7 @@ func TestGetKubeconfig(t *testing.T) {
- login
- oidc
- --enable-concierge
- --concierge-api-group-suffix=pinniped.dev
- --concierge-namespace=pinniped-concierge
- --concierge-authenticator-name=test-authenticator
- --concierge-authenticator-type=jwt
- --concierge-endpoint=https://fake-server-url-value
@@ -434,7 +429,6 @@ func TestGetKubeconfig(t *testing.T) {
name: "autodetect nothing, set a bunch of options",
args: []string{
"--kubeconfig", "./testdata/kubeconfig.yaml",
"--concierge-api-group-suffix", "tuna.io",
"--concierge-authenticator-type", "webhook",
"--concierge-authenticator-name", "test-authenticator",
"--oidc-issuer", "https://example.com/issuer",
@@ -447,7 +441,7 @@ func TestGetKubeconfig(t *testing.T) {
},
conciergeObjects: []runtime.Object{
&conciergev1alpha1.WebhookAuthenticator{
ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator"},
ObjectMeta: metav1.ObjectMeta{Name: "test-authenticator", Namespace: "pinniped-concierge"},
},
},
wantStdout: here.Docf(`
@@ -474,7 +468,7 @@ func TestGetKubeconfig(t *testing.T) {
- login
- oidc
- --enable-concierge
- --concierge-api-group-suffix=tuna.io
- --concierge-namespace=pinniped-concierge
- --concierge-authenticator-name=test-authenticator
- --concierge-authenticator-type=webhook
- --concierge-endpoint=https://fake-server-url-value
@@ -492,7 +486,6 @@ func TestGetKubeconfig(t *testing.T) {
env: []
provideClusterInfo: true
`, base64.StdEncoding.EncodeToString(testCA.Bundle())),
wantAPIGroupSuffix: "tuna.io",
},
}
for _, tt := range tests {
@@ -505,12 +498,7 @@ func TestGetKubeconfig(t *testing.T) {
}
return ".../path/to/pinniped", nil
},
getClientset: func(clientConfig clientcmd.ClientConfig, apiGroupSuffix string) (conciergeclientset.Interface, error) {
if tt.wantAPIGroupSuffix == "" {
require.Equal(t, "pinniped.dev", apiGroupSuffix) // "pinniped.dev" = api group suffix default
} else {
require.Equal(t, tt.wantAPIGroupSuffix, apiGroupSuffix)
}
getClientset: func(clientConfig clientcmd.ClientConfig) (conciergeclientset.Interface, error) {
if tt.getClientsetErr != nil {
return nil, tt.getClientsetErr
}

26
cmd/pinniped/cmd/login_oidc.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -16,7 +16,7 @@ import (
"path/filepath"
"time"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/coreos/go-oidc"
"github.com/spf13/cobra"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
@@ -59,23 +59,22 @@ type oidcLoginFlags struct {
debugSessionCache bool
requestAudience string
conciergeEnabled bool
conciergeNamespace string
conciergeAuthenticatorType string
conciergeAuthenticatorName string
conciergeEndpoint string
conciergeCABundle string
conciergeAPIGroupSuffix string
}
func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command {
var (
cmd = &cobra.Command{
cmd = cobra.Command{
Args: cobra.NoArgs,
Use: "oidc --issuer ISSUER",
Short: "Login using an OpenID Connect provider",
SilenceUsage: true,
}
flags oidcLoginFlags
conciergeNamespace string // unused now
flags oidcLoginFlags
)
cmd.Flags().StringVar(&flags.issuer, "issuer", "", "OpenID Connect issuer URL")
cmd.Flags().StringVar(&flags.clientID, "client-id", "pinniped-cli", "OpenID Connect client ID")
@@ -88,21 +87,16 @@ func oidcLoginCommand(deps oidcLoginCommandDeps) *cobra.Command {
cmd.Flags().BoolVar(&flags.debugSessionCache, "debug-session-cache", false, "Print debug logs related to the session cache")
cmd.Flags().StringVar(&flags.requestAudience, "request-audience", "", "Request a token with an alternate audience using RFC8693 token exchange")
cmd.Flags().BoolVar(&flags.conciergeEnabled, "enable-concierge", false, "Exchange the OIDC ID token with the Pinniped concierge during login")
cmd.Flags().StringVar(&conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
cmd.Flags().StringVar(&flags.conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
cmd.Flags().StringVar(&flags.conciergeAuthenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt')")
cmd.Flags().StringVar(&flags.conciergeAuthenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name")
cmd.Flags().StringVar(&flags.conciergeEndpoint, "concierge-endpoint", "", "API base for the Pinniped concierge endpoint")
cmd.Flags().StringVar(&flags.conciergeCABundle, "concierge-ca-bundle-data", "", "CA bundle to use when connecting to the concierge")
cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix")
mustMarkHidden(cmd, "debug-session-cache")
mustMarkRequired(cmd, "issuer")
mustMarkHidden(&cmd, "debug-session-cache")
mustMarkRequired(&cmd, "issuer")
cmd.RunE = func(cmd *cobra.Command, args []string) error { return runOIDCLogin(cmd, deps, flags) }
mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
mustMarkHidden(cmd, "concierge-namespace")
return cmd
return &cmd
}
func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLoginFlags) error {
@@ -137,10 +131,10 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
if flags.conciergeEnabled {
var err error
concierge, err = conciergeclient.New(
conciergeclient.WithNamespace(flags.conciergeNamespace),
conciergeclient.WithEndpoint(flags.conciergeEndpoint),
conciergeclient.WithBase64CABundle(flags.conciergeCABundle),
conciergeclient.WithAuthenticator(flags.conciergeAuthenticatorType, flags.conciergeAuthenticatorName),
conciergeclient.WithAPIGroupSuffix(flags.conciergeAPIGroupSuffix),
)
if err != nil {
return fmt.Errorf("invalid concierge parameters: %w", err)

21
cmd/pinniped/cmd/login_oidc_test.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -60,11 +60,11 @@ func TestLoginOIDCCommand(t *testing.T) {
--ca-bundle strings Path to TLS certificate authority bundle (PEM format, optional, can be repeated)
--ca-bundle-data strings Base64 endcoded TLS certificate authority bundle (base64 encoded PEM format, optional, can be repeated)
--client-id string OpenID Connect client ID (default "pinniped-cli")
--concierge-api-group-suffix string Concierge API group suffix (default "pinniped.dev")
--concierge-authenticator-name string Concierge authenticator name
--concierge-authenticator-type string Concierge authenticator type (e.g., 'webhook', 'jwt')
--concierge-ca-bundle-data string CA bundle to use when connecting to the concierge
--concierge-endpoint string API base for the Pinniped concierge endpoint
--concierge-namespace string Namespace in which the concierge was installed (default "pinniped-concierge")
--enable-concierge Exchange the OIDC ID token with the Pinniped concierge during login
-h, --help help for oidc
--issuer string OpenID Connect issuer URL
@@ -119,21 +119,6 @@ func TestLoginOIDCCommand(t *testing.T) {
Error: could not read --ca-bundle-data: illegal base64 data at input byte 7
`),
},
{
name: "invalid api group suffix",
args: []string{
"--issuer", "test-issuer",
"--enable-concierge",
"--concierge-api-group-suffix", ".starts.with.dot",
"--concierge-authenticator-type", "jwt",
"--concierge-authenticator-name", "test-authenticator",
"--concierge-endpoint", "https://127.0.0.1:1234/",
},
wantError: true,
wantStderr: here.Doc(`
Error: invalid concierge parameters: invalid api group suffix: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
`),
},
{
name: "login error",
args: []string{
@@ -185,11 +170,11 @@ func TestLoginOIDCCommand(t *testing.T) {
"--ca-bundle-data", base64.StdEncoding.EncodeToString(testCA.Bundle()),
"--ca-bundle", testCABundlePath,
"--enable-concierge",
"--concierge-namespace", "test-namespace",
"--concierge-authenticator-type", "webhook",
"--concierge-authenticator-name", "test-authenticator",
"--concierge-endpoint", "https://127.0.0.1:1234/",
"--concierge-ca-bundle-data", base64.StdEncoding.EncodeToString(testCA.Bundle()),
"--concierge-api-group-suffix", "some.suffix.com",
},
wantOptionsCount: 7,
wantStdout: `{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{},"status":{"token":"exchanged-token"}}` + "\n",

20
cmd/pinniped/cmd/login_static.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -41,39 +41,33 @@ type staticLoginParams struct {
staticToken string
staticTokenEnvName string
conciergeEnabled bool
conciergeNamespace string
conciergeAuthenticatorType string
conciergeAuthenticatorName string
conciergeEndpoint string
conciergeCABundle string
conciergeAPIGroupSuffix string
}
func staticLoginCommand(deps staticLoginDeps) *cobra.Command {
var (
cmd = &cobra.Command{
cmd = cobra.Command{
Args: cobra.NoArgs,
Use: "static [--token TOKEN] [--token-env TOKEN_NAME]",
Short: "Login using a static token",
SilenceUsage: true,
}
flags staticLoginParams
conciergeNamespace string // unused now
flags staticLoginParams
)
cmd.Flags().StringVar(&flags.staticToken, "token", "", "Static token to present during login")
cmd.Flags().StringVar(&flags.staticTokenEnvName, "token-env", "", "Environment variable containing a static token")
cmd.Flags().BoolVar(&flags.conciergeEnabled, "enable-concierge", false, "Exchange the token with the Pinniped concierge during login")
cmd.Flags().StringVar(&conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
cmd.Flags().StringVar(&flags.conciergeNamespace, "concierge-namespace", "pinniped-concierge", "Namespace in which the concierge was installed")
cmd.Flags().StringVar(&flags.conciergeAuthenticatorType, "concierge-authenticator-type", "", "Concierge authenticator type (e.g., 'webhook', 'jwt')")
cmd.Flags().StringVar(&flags.conciergeAuthenticatorName, "concierge-authenticator-name", "", "Concierge authenticator name")
cmd.Flags().StringVar(&flags.conciergeEndpoint, "concierge-endpoint", "", "API base for the Pinniped concierge endpoint")
cmd.Flags().StringVar(&flags.conciergeCABundle, "concierge-ca-bundle-data", "", "CA bundle to use when connecting to the concierge")
cmd.Flags().StringVar(&flags.conciergeAPIGroupSuffix, "concierge-api-group-suffix", "pinniped.dev", "Concierge API group suffix")
cmd.RunE = func(cmd *cobra.Command, args []string) error { return runStaticLogin(cmd.OutOrStdout(), deps, flags) }
mustMarkDeprecated(cmd, "concierge-namespace", "not needed anymore")
mustMarkHidden(cmd, "concierge-namespace")
return cmd
return &cmd
}
func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams) error {
@@ -85,10 +79,10 @@ func runStaticLogin(out io.Writer, deps staticLoginDeps, flags staticLoginParams
if flags.conciergeEnabled {
var err error
concierge, err = conciergeclient.New(
conciergeclient.WithNamespace(flags.conciergeNamespace),
conciergeclient.WithEndpoint(flags.conciergeEndpoint),
conciergeclient.WithBase64CABundle(flags.conciergeCABundle),
conciergeclient.WithAuthenticator(flags.conciergeAuthenticatorType, flags.conciergeAuthenticatorName),
conciergeclient.WithAPIGroupSuffix(flags.conciergeAPIGroupSuffix),
)
if err != nil {
return fmt.Errorf("invalid concierge parameters: %w", err)

19
cmd/pinniped/cmd/login_static_test.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -51,11 +51,11 @@ func TestLoginStaticCommand(t *testing.T) {
static [--token TOKEN] [--token-env TOKEN_NAME] [flags]
Flags:
--concierge-api-group-suffix string Concierge API group suffix (default "pinniped.dev")
--concierge-authenticator-name string Concierge authenticator name
--concierge-authenticator-type string Concierge authenticator type (e.g., 'webhook', 'jwt')
--concierge-ca-bundle-data string CA bundle to use when connecting to the concierge
--concierge-endpoint string API base for the Pinniped concierge endpoint
--concierge-namespace string Namespace in which the concierge was installed (default "pinniped-concierge")
--enable-concierge Exchange the token with the Pinniped concierge during login
-h, --help help for static
--token string Static token to present during login
@@ -129,21 +129,6 @@ func TestLoginStaticCommand(t *testing.T) {
Error: could not complete concierge credential exchange: some concierge error
`),
},
{
name: "invalid api group suffix",
args: []string{
"--token", "test-token",
"--enable-concierge",
"--concierge-api-group-suffix", ".starts.with.dot",
"--concierge-authenticator-type", "jwt",
"--concierge-authenticator-name", "test-authenticator",
"--concierge-endpoint", "https://127.0.0.1:1234/",
},
wantError: true,
wantStderr: here.Doc(`
Error: invalid concierge parameters: invalid api group suffix: a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
`),
},
{
name: "static token success",
args: []string{

10
cmd/pinniped/cmd/root.go
View File

@@ -1,4 +1,4 @@
// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package cmd
@@ -7,8 +7,6 @@ import (
"os"
"github.com/spf13/cobra"
"go.pinniped.dev/internal/plog"
)
//nolint: gochecknoglobals
@@ -19,12 +17,6 @@ var rootCmd = &cobra.Command{
SilenceUsage: true, // do not print usage message when commands fail
}
//nolint: gochecknoinits
func init() {
// We don't want klog flags showing up in our CLI.
plog.RemoveKlogGlobalFlags()
}
// Execute adds all child commands to the root command and sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {

8
deploy/concierge/README.md
View File

@@ -10,17 +10,17 @@ for details.
## Installing the Latest Version with Default Options
```bash
kubectl apply -f https://get.pinniped.dev/latest/install-pinniped-concierge.yaml
kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/$(curl https://api.github.com/repos/vmware-tanzu/pinniped/releases/latest -s | jq .name -r)/install-pinniped-concierge.yaml
```
## Installing a Specific Version with Default Options
## Installing an Older Version with Default Options
Choose your preferred [release](https://github.com/vmware-tanzu/pinniped/releases) version number
and use it to replace the version number in the URL below.
```bash
# Replace v0.4.1 with your preferred version in the URL below
kubectl apply -f https://get.pinniped.dev/v0.4.1/install-pinniped-concierge.yaml
# Replace v0.2.0 with your preferred version in the URL below
kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/v0.2.0/install-pinniped-concierge.yaml
```
## Installing with Custom Options

5
deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
View File

@@ -18,7 +18,7 @@ spec:
listKind: JWTAuthenticatorList
plural: jwtauthenticators
singular: jwtauthenticator
scope: Cluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.issuer
@@ -161,8 +161,7 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
subresources: {}
status:
acceptedNames:
kind: ""

5
deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
View File

@@ -18,7 +18,7 @@ spec:
listKind: WebhookAuthenticatorList
plural: webhookauthenticators
singular: webhookauthenticator
scope: Cluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.endpoint
@@ -137,8 +137,7 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
subresources: {}
status:
acceptedNames:
kind: ""

6
deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
View File

@@ -16,7 +16,7 @@ spec:
listKind: CredentialIssuerList
plural: credentialissuers
singular: credentialissuer
scope: Cluster
scope: Namespaced
versions:
- name: v1alpha1
schema:
@@ -98,11 +98,11 @@ spec:
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

11
deploy/concierge/deployment.yaml
View File

@@ -3,7 +3,7 @@
#@ load("@ytt:data", "data")
#@ load("@ytt:json", "json")
#@ load("helpers.lib.yaml", "defaultLabel", "labels", "namespace", "defaultResourceName", "defaultResourceNameWithSuffix", "getAndValidateLogLevel", "pinnipedDevAPIGroupWithPrefix")
#@ load("helpers.lib.yaml", "defaultLabel", "labels", "namespace", "defaultResourceName", "defaultResourceNameWithSuffix", "getAndValidateLogLevel")
#@ if not data.values.into_namespace:
---
@@ -37,7 +37,6 @@ data:
servingCertificate:
durationSeconds: (@= str(data.values.api_serving_certificate_duration_seconds) @)
renewBeforeSeconds: (@= str(data.values.api_serving_certificate_renew_before_seconds) @)
apiGroupSuffix: (@= data.values.api_group_suffix @)
names:
servingCertificateSecret: (@= defaultResourceNameWithSuffix("api-tls-serving-certificate") @)
credentialIssuer: (@= defaultResourceNameWithSuffix("config") @)
@@ -91,8 +90,8 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ""
spec:
securityContext:
runAsUser: #@ data.values.run_as_user
runAsGroup: #@ data.values.run_as_group
runAsUser: 1001
runAsGroup: 1001
serviceAccountName: #@ defaultResourceName()
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
imagePullSecrets:
@@ -192,11 +191,11 @@ spec:
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: #@ pinnipedDevAPIGroupWithPrefix("v1alpha1.login.concierge")
name: v1alpha1.login.concierge.pinniped.dev
labels: #@ labels()
spec:
version: v1alpha1
group: #@ pinnipedDevAPIGroupWithPrefix("login.concierge")
group: login.concierge.pinniped.dev
groupPriorityMinimum: 2500
versionPriority: 10
#! caBundle: Do not include this key here. Starts out null, will be updated/owned by the golang code.

6
deploy/concierge/helpers.lib.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
@@ -12,10 +12,6 @@
#@ return data.values.app_name + "-" + suffix
#@ end
#@ def pinnipedDevAPIGroupWithPrefix(prefix):
#@ return prefix + "." + data.values.api_group_suffix
#@ end
#@ def namespace():
#@ if data.values.into_namespace:
#@ return data.values.into_namespace

25
deploy/concierge/rbac.yaml
View File

@@ -2,7 +2,7 @@
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
#@ load("helpers.lib.yaml", "labels", "namespace", "defaultResourceName", "defaultResourceNameWithSuffix", "pinnipedDevAPIGroupWithPrefix")
#@ load("helpers.lib.yaml", "labels", "namespace", "defaultResourceName", "defaultResourceNameWithSuffix")
#! Give permission to various cluster-scoped objects
---
@@ -17,13 +17,10 @@ rules:
verbs: [ get, list, watch ]
- apiGroups: [ apiregistration.k8s.io ]
resources: [ apiservices ]
verbs: [ get, list, patch, update, watch ]
verbs: [ create, get, list, patch, update, watch ]
- apiGroups: [ admissionregistration.k8s.io ]
resources: [ validatingwebhookconfigurations, mutatingwebhookconfigurations ]
verbs: [ get, list, watch ]
- apiGroups: [ flowcontrol.apiserver.k8s.io ]
resources: [ flowschemas, prioritylevelconfigurations ]
verbs: [ get, list, watch ]
- apiGroups: [ policy ]
resources: [ podsecuritypolicies ]
verbs: [ use ]
@@ -31,18 +28,6 @@ rules:
resources: [ securitycontextconstraints ]
verbs: [ use ]
resourceNames: [ nonroot ]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
resources: [ credentialissuers ]
verbs: [ get, list, watch, create ]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
resources: [ credentialissuers/status ]
verbs: [get, patch, update]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
resources: [ jwtauthenticators, webhookauthenticators ]
verbs: [ get, list, watch ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@@ -81,6 +66,9 @@ rules:
- apiGroups: [ "" ]
resources: [ pods/exec ]
verbs: [ create ]
- apiGroups: [ config.concierge.pinniped.dev, authentication.concierge.pinniped.dev ]
resources: [ "*" ]
verbs: [ create, get, list, update, watch ]
- apiGroups: [apps]
resources: [replicasets,deployments]
verbs: [get]
@@ -136,8 +124,7 @@ metadata:
name: #@ defaultResourceNameWithSuffix("create-token-credential-requests")
labels: #@ labels()
rules:
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("login.concierge")
- apiGroups: [ login.concierge.pinniped.dev ]
resources: [ tokencredentialrequests ]
verbs: [ create ]
---

11
deploy/concierge/values.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@data/values
@@ -54,12 +54,3 @@ api_serving_certificate_renew_before_seconds: 2160000
#! Specify the verbosity of logging: info ("nice to know" information), debug (developer
#! information), trace (timing information), all (kitchen sink).
log_level: #! By default, when this value is left unset, only warnings and errors are printed. There is no way to suppress warning and error logs.
run_as_user: 1001 #! run_as_user specifies the user ID that will own the local-user-authenticator process
run_as_group: 1001 #! run_as_group specifies the group ID that will own the local-user-authenticator process
#! Specify the API group suffix for all Pinniped API groups. By default, this is set to
#! pinniped.dev, so Pinniped API groups will look like foo.pinniped.dev,
#! authentication.concierge.pinniped.dev, etc. As an example, if this is set to tuna.io, then
#! Pinniped API groups will look like foo.tuna.io. authentication.concierge.tuna.io, etc.
api_group_suffix: pinniped.dev

14
deploy/concierge/z0_crd_overlay.yaml
View File

@@ -1,33 +1,23 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:overlay", "overlay")
#@ load("helpers.lib.yaml", "labels", "pinnipedDevAPIGroupWithPrefix")
#@ load("@ytt:data", "data")
#@ load("helpers.lib.yaml", "labels")
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"credentialissuers.config.concierge.pinniped.dev"}}), expects=1
---
metadata:
#@overlay/match missing_ok=True
labels: #@ labels()
name: #@ pinnipedDevAPIGroupWithPrefix("credentialissuers.config.concierge")
spec:
group: #@ pinnipedDevAPIGroupWithPrefix("config.concierge")
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"webhookauthenticators.authentication.concierge.pinniped.dev"}}), expects=1
---
metadata:
#@overlay/match missing_ok=True
labels: #@ labels()
name: #@ pinnipedDevAPIGroupWithPrefix("webhookauthenticators.authentication.concierge")
spec:
group: #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"jwtauthenticators.authentication.concierge.pinniped.dev"}}), expects=1
---
metadata:
#@overlay/match missing_ok=True
labels: #@ labels()
name: #@ pinnipedDevAPIGroupWithPrefix("jwtauthenticators.authentication.concierge")
spec:
group: #@ pinnipedDevAPIGroupWithPrefix("authentication.concierge")

8
deploy/local-user-authenticator/README.md
View File

@@ -15,17 +15,17 @@ User accounts can be created and edited dynamically using `kubectl` commands (se
## Installing the Latest Version with Default Options
```bash
kubectl apply -f https://get.pinniped.dev/latest/install-local-user-authenticator.yaml
kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/latest/download/install-local-user-authenticator.yaml
```
## Installing a Specific Version with Default Options
## Installing an Older Version with Default Options
Choose your preferred [release](https://github.com/vmware-tanzu/pinniped/releases) version number
and use it to replace the version number in the URL below.
```bash
# Replace v0.4.1 with your preferred version in the URL below
kubectl apply -f https://get.pinniped.dev/v0.4.1/install-local-user-authenticator.yaml
# Replace v0.2.0 with your preferred version in the URL below
kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/v0.2.0/install-local-user-authenticator.yaml
```
## Installing with Custom Options

6
deploy/local-user-authenticator/deployment.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
@@ -48,8 +48,8 @@ spec:
app: local-user-authenticator
spec:
securityContext:
runAsUser: #@ data.values.run_as_user
runAsGroup: #@ data.values.run_as_group
runAsUser: 1001
runAsGroup: 1001
serviceAccountName: local-user-authenticator
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
imagePullSecrets:

5
deploy/local-user-authenticator/values.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@data/values
@@ -14,6 +14,3 @@ image_tag: latest
#! Typically the value would be the output of: kubectl create secret docker-registry x --docker-server=https://example.io --docker-username="USERNAME" --docker-password="PASSWORD" --dry-run=client -o json | jq -r '.data[".dockerconfigjson"]'
#! Optional.
image_pull_dockerconfigjson: #! e.g. {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}
run_as_user: 1001 #! run_as_user specifies the user ID that will own the local-user-authenticator process
run_as_group: 1001 #! run_as_group specifies the group ID that will own the local-user-authenticator process

8
deploy/supervisor/README.md
View File

@@ -8,17 +8,17 @@ It can be deployed when those features are needed.
## Installing the Latest Version with Default Options
```bash
kubectl apply -f https://get.pinniped.dev/latest/install-pinniped-supervisor.yaml
kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/latest/download/install-pinniped-supervisor.yaml
```
## Installing a Specific Version with Default Options
## Installing an Older Version with Default Options
Choose your preferred [release](https://github.com/vmware-tanzu/pinniped/releases) version number
and use it to replace the version number in the URL below.
```bash
# Replace v0.4.1 with your preferred version in the URL below
kubectl apply -f https://get.pinniped.dev/v0.4.1/install-pinniped-supervisor.yaml
# Replace v0.3.0 with your preferred version in the URL below
kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/v0.3.0/install-pinniped-supervisor.yaml
```
## Installing with Custom Options

2
deploy/supervisor/config.supervisor.pinniped.dev_federationdomains.yaml
View File

@@ -150,8 +150,6 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

7
deploy/supervisor/deployment.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
@@ -30,7 +30,6 @@ metadata:
data:
#@yaml/text-templated-strings
pinniped.yaml: |
apiGroupSuffix: (@= data.values.api_group_suffix @)
names:
defaultTLSCertificateSecret: (@= defaultResourceNameWithSuffix("default-tls-certificate") @)
labels: (@= json.encode(labels()).rstrip() @)
@@ -65,8 +64,8 @@ spec:
labels: #@ defaultLabel()
spec:
securityContext:
runAsUser: #@ data.values.run_as_user
runAsGroup: #@ data.values.run_as_group
runAsUser: 1001
runAsGroup: 1001
serviceAccountName: #@ defaultResourceName()
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
imagePullSecrets:

6
deploy/supervisor/helpers.lib.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
@@ -12,10 +12,6 @@
#@ return data.values.app_name + "-" + suffix
#@ end
#@ def pinnipedDevAPIGroupWithPrefix(prefix):
#@ return prefix + "." + data.values.api_group_suffix
#@ end
#@ def namespace():
#@ if data.values.into_namespace:
#@ return data.values.into_namespace

19
deploy/supervisor/rbac.yaml
View File

@@ -1,8 +1,8 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
#@ load("helpers.lib.yaml", "labels", "namespace", "defaultResourceName", "defaultResourceNameWithSuffix", "pinnipedDevAPIGroupWithPrefix")
#@ load("helpers.lib.yaml", "labels", "namespace", "defaultResourceName", "defaultResourceNameWithSuffix")
#! Give permission to various objects within the app's own namespace
---
@@ -16,20 +16,13 @@ rules:
- apiGroups: [""]
resources: [secrets]
verbs: [create, get, list, patch, update, watch, delete]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
- apiGroups: [config.supervisor.pinniped.dev]
resources: [federationdomains]
verbs: [get, list, watch]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
resources: [federationdomains/status]
verbs: [get, patch, update]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
verbs: [update, get, list, watch]
- apiGroups: [idp.supervisor.pinniped.dev]
resources: [oidcidentityproviders]
verbs: [get, list, watch]
- apiGroups:
- #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")
- apiGroups: [idp.supervisor.pinniped.dev]
resources: [oidcidentityproviders/status]
verbs: [get, patch, update]
#! We want to be able to read pods/replicasets/deployment so we can learn who our deployment is to set

11
deploy/supervisor/values.yaml
View File

@@ -1,4 +1,4 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@data/values
@@ -56,12 +56,3 @@ service_loadbalancer_ip: #! e.g. 1.2.3.4
#! Specify the verbosity of logging: info ("nice to know" information), debug (developer
#! information), trace (timing information), all (kitchen sink).
log_level: #! By default, when this value is left unset, only warnings and errors are printed. There is no way to suppress warning and error logs.
run_as_user: 1001 #! run_as_user specifies the user ID that will own the local-user-authenticator process
run_as_group: 1001 #! run_as_group specifies the group ID that will own the local-user-authenticator process
#! Specify the API group suffix for all Pinniped API groups. By default, this is set to
#! pinniped.dev, so Pinniped API groups will look like foo.pinniped.dev,
#! authentication.concierge.pinniped.dev, etc. As an example, if this is set to tuna.io, then
#! Pinniped API groups will look like foo.tuna.io. authentication.concierge.tuna.io, etc.
api_group_suffix: pinniped.dev

11
deploy/supervisor/z0_crd_overlay.yaml
View File

@@ -1,24 +1,17 @@
#! Copyright 2020-2021 the Pinniped contributors. All Rights Reserved.
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:overlay", "overlay")
#@ load("helpers.lib.yaml", "labels", "pinnipedDevAPIGroupWithPrefix")
#@ load("@ytt:data", "data")
#@ load("helpers.lib.yaml", "labels")
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"federationdomains.config.supervisor.pinniped.dev"}}), expects=1
---
metadata:
#@overlay/match missing_ok=True
labels: #@ labels()
name: #@ pinnipedDevAPIGroupWithPrefix("federationdomains.config.supervisor")
spec:
group: #@ pinnipedDevAPIGroupWithPrefix("config.supervisor")
#@overlay/match by=overlay.subset({"kind": "CustomResourceDefinition", "metadata":{"name":"oidcidentityproviders.idp.supervisor.pinniped.dev"}}), expects=1
---
metadata:
#@overlay/match missing_ok=True
labels: #@ labels()
name: #@ pinnipedDevAPIGroupWithPrefix("oidcidentityproviders.idp.supervisor")
spec:
group: #@ pinnipedDevAPIGroupWithPrefix("idp.supervisor")

4
generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go generated
View File

@@ -57,11 +57,9 @@ type JWTTokenClaims struct {
// signature, existence of claims, etc.) and extract the username and groups from the token.
//
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
// +kubebuilder:subresource:status
type JWTAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

4
generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go generated
View File

@@ -29,11 +29,9 @@ type WebhookAuthenticatorSpec struct {
// WebhookAuthenticator describes the configuration of a webhook authenticator.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
// +kubebuilder:subresource:status
type WebhookAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

5
generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -67,16 +67,13 @@ type CredentialIssuerStrategy struct {
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped,scope=Cluster
// +kubebuilder:subresource:status
// +kubebuilder:resource:categories=pinniped
type CredentialIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
// +optional
Status CredentialIssuerStatus `json:"status"`
}

1
generated/1.17/apis/concierge/login/types_token.go generated
View File

@@ -27,6 +27,7 @@ type TokenCredentialRequestStatus struct {
}
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type TokenCredentialRequest struct {
metav1.TypeMeta

1
generated/1.17/apis/concierge/login/v1alpha1/types_token.go generated
View File

@@ -30,7 +30,6 @@ type TokenCredentialRequestStatus struct {
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type TokenCredentialRequest struct {
metav1.TypeMeta `json:",inline"`

1
generated/1.17/apis/supervisor/config/v1alpha1/types_federationdomain.go generated
View File

@@ -109,7 +109,6 @@ type FederationDomainStatus struct {
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped
// +kubebuilder:subresource:status
type FederationDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

8
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go generated
View File

@@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
restClient rest.Interface
}
func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
return newJWTAuthenticators(c)
func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
return newJWTAuthenticators(c, namespace)
}
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
return newWebhookAuthenticators(c)
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
return newWebhookAuthenticators(c, namespace)
}
// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.

8
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go generated
View File

@@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
*testing.Fake
}
func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
return &FakeJWTAuthenticators{c}
func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
return &FakeJWTAuthenticators{c, namespace}
}
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
return &FakeWebhookAuthenticators{c}
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
return &FakeWebhookAuthenticators{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate

27
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go generated
View File

@@ -18,6 +18,7 @@ import (
// FakeJWTAuthenticators implements JWTAuthenticatorInterface
type FakeJWTAuthenticators struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@@ -27,7 +28,8 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
// Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -37,7 +39,8 @@ func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result
// List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
if obj == nil {
return nil, err
}
@@ -58,13 +61,15 @@ func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTA
// Watch returns a watch.Interface that watches the requested jWTAuthenticators.
func (c *FakeJWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
}
// Create takes the representation of a jWTAuthenticator and creates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -74,7 +79,8 @@ func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticat
// Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -85,7 +91,8 @@ func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticat
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -95,13 +102,14 @@ func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthe
// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
func (c *FakeJWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOptions)
action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
return err
@@ -110,7 +118,8 @@ func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
// Patch applies the patch and returns the patched jWTAuthenticator.
func (c *FakeJWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}

27
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go generated
View File

@@ -18,6 +18,7 @@ import (
// FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
type FakeWebhookAuthenticators struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@@ -27,7 +28,8 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -37,7 +39,8 @@ func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (res
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
if obj == nil {
return nil, err
}
@@ -58,13 +61,15 @@ func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
func (c *FakeWebhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
}
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -74,7 +79,8 @@ func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.Webhoo
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -85,7 +91,8 @@ func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.Webhoo
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -95,13 +102,14 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *FakeWebhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOptions)
action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
return err
@@ -110,7 +118,8 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions,
// Patch applies the patch and returns the patched webhookAuthenticator.
func (c *FakeWebhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}

15
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -19,7 +19,7 @@ import (
// JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
// A group's client should implement this interface.
type JWTAuthenticatorsGetter interface {
JWTAuthenticators() JWTAuthenticatorInterface
JWTAuthenticators(namespace string) JWTAuthenticatorInterface
}
// JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@@ -39,12 +39,14 @@ type JWTAuthenticatorInterface interface {
// jWTAuthenticators implements JWTAuthenticatorInterface
type jWTAuthenticators struct {
client rest.Interface
ns string
}
// newJWTAuthenticators returns a JWTAuthenticators
func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
return &jWTAuthenticators{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -52,6 +54,7 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
func (c *jWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Get().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -68,6 +71,7 @@ func (c *jWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthe
}
result = &v1alpha1.JWTAuthenticatorList{}
err = c.client.Get().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -84,6 +88,7 @@ func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error)
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -94,6 +99,7 @@ func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error)
func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Post().
Namespace(c.ns).
Resource("jwtauthenticators").
Body(jWTAuthenticator).
Do().
@@ -105,6 +111,7 @@ func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator)
func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(jWTAuthenticator.Name).
Body(jWTAuthenticator).
@@ -119,6 +126,7 @@ func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator)
func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(jWTAuthenticator.Name).
SubResource("status").
@@ -131,6 +139,7 @@ func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthentic
// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
func (c *jWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(name).
Body(options).
@@ -145,6 +154,7 @@ func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOpti
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
@@ -157,6 +167,7 @@ func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOpti
func (c *jWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("jwtauthenticators").
SubResource(subresources...).
Name(name).

15
generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -19,7 +19,7 @@ import (
// WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
// A group's client should implement this interface.
type WebhookAuthenticatorsGetter interface {
WebhookAuthenticators() WebhookAuthenticatorInterface
WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
}
// WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@@ -39,12 +39,14 @@ type WebhookAuthenticatorInterface interface {
// webhookAuthenticators implements WebhookAuthenticatorInterface
type webhookAuthenticators struct {
client rest.Interface
ns string
}
// newWebhookAuthenticators returns a WebhookAuthenticators
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
return &webhookAuthenticators{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -52,6 +54,7 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthentic
func (c *webhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -68,6 +71,7 @@ func (c *webhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.Webh
}
result = &v1alpha1.WebhookAuthenticatorList{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -84,6 +88,7 @@ func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, err
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -94,6 +99,7 @@ func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, err
func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Post().
Namespace(c.ns).
Resource("webhookauthenticators").
Body(webhookAuthenticator).
Do().
@@ -105,6 +111,7 @@ func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAut
func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
Body(webhookAuthenticator).
@@ -119,6 +126,7 @@ func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAut
func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
SubResource("status").
@@ -131,6 +139,7 @@ func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.Webh
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *webhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
Body(options).
@@ -145,6 +154,7 @@ func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
@@ -157,6 +167,7 @@ func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
func (c *webhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("webhookauthenticators").
SubResource(subresources...).
Name(name).

4
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go generated
View File

@@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
restClient rest.Interface
}
func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
return newCredentialIssuers(c)
func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
return newCredentialIssuers(c, namespace)
}
// NewForConfig creates a new ConfigV1alpha1Client for the given config.

15
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go generated
View File

@@ -19,7 +19,7 @@ import (
// CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
// A group's client should implement this interface.
type CredentialIssuersGetter interface {
CredentialIssuers() CredentialIssuerInterface
CredentialIssuers(namespace string) CredentialIssuerInterface
}
// CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@@ -39,12 +39,14 @@ type CredentialIssuerInterface interface {
// credentialIssuers implements CredentialIssuerInterface
type credentialIssuers struct {
client rest.Interface
ns string
}
// newCredentialIssuers returns a CredentialIssuers
func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
return &credentialIssuers{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -52,6 +54,7 @@ func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
func (c *credentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Get().
Namespace(c.ns).
Resource("credentialissuers").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -68,6 +71,7 @@ func (c *credentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.Credenti
}
result = &v1alpha1.CredentialIssuerList{}
err = c.client.Get().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -84,6 +88,7 @@ func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error)
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -94,6 +99,7 @@ func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error)
func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Post().
Namespace(c.ns).
Resource("credentialissuers").
Body(credentialIssuer).
Do().
@@ -105,6 +111,7 @@ func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer)
func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Put().
Namespace(c.ns).
Resource("credentialissuers").
Name(credentialIssuer.Name).
Body(credentialIssuer).
@@ -119,6 +126,7 @@ func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer)
func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Put().
Namespace(c.ns).
Resource("credentialissuers").
Name(credentialIssuer.Name).
SubResource("status").
@@ -131,6 +139,7 @@ func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIs
// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
func (c *credentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("credentialissuers").
Name(name).
Body(options).
@@ -145,6 +154,7 @@ func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOpti
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
@@ -157,6 +167,7 @@ func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOpti
func (c *credentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("credentialissuers").
SubResource(subresources...).
Name(name).

4
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go generated
View File

@@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
*testing.Fake
}
func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
return &FakeCredentialIssuers{c}
func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
return &FakeCredentialIssuers{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate

27
generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go generated
View File

@@ -18,6 +18,7 @@ import (
// FakeCredentialIssuers implements CredentialIssuerInterface
type FakeCredentialIssuers struct {
Fake *FakeConfigV1alpha1
ns string
}
var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@@ -27,7 +28,8 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -37,7 +39,8 @@ func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result
// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
if obj == nil {
return nil, err
}
@@ -58,13 +61,15 @@ func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.Cred
// Watch returns a watch.Interface that watches the requested credentialIssuers.
func (c *FakeCredentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
}
// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -74,7 +79,8 @@ func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssu
// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -85,7 +91,8 @@ func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssu
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -95,13 +102,14 @@ func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.Credenti
// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
func (c *FakeCredentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOptions)
action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
return err
@@ -110,7 +118,8 @@ func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, list
// Patch applies the patch and returns the patched credentialIssuer.
func (c *FakeCredentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}

4
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go generated
View File

@@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
*testing.Fake
}
func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
return &FakeTokenCredentialRequests{c}
func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
return &FakeTokenCredentialRequests{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate

27
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go generated
View File

@@ -18,6 +18,7 @@ import (
// FakeTokenCredentialRequests implements TokenCredentialRequestInterface
type FakeTokenCredentialRequests struct {
Fake *FakeLoginV1alpha1
ns string
}
var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@@ -27,7 +28,8 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -37,7 +39,8 @@ func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (r
// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
if obj == nil {
return nil, err
}
@@ -58,13 +61,15 @@ func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha
// Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
func (c *FakeTokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
}
// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -74,7 +79,8 @@ func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.To
// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -85,7 +91,8 @@ func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.To
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -95,13 +102,14 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alp
// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
func (c *FakeTokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOptions)
action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOptions)
_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
return err
@@ -110,7 +118,8 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions
// Patch applies the patch and returns the patched tokenCredentialRequest.
func (c *FakeTokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}

4
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go generated
View File

@@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
restClient rest.Interface
}
func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
return newTokenCredentialRequests(c)
func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
return newTokenCredentialRequests(c, namespace)
}
// NewForConfig creates a new LoginV1alpha1Client for the given config.

15
generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go generated
View File

@@ -19,7 +19,7 @@ import (
// TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
// A group's client should implement this interface.
type TokenCredentialRequestsGetter interface {
TokenCredentialRequests() TokenCredentialRequestInterface
TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
}
// TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@@ -39,12 +39,14 @@ type TokenCredentialRequestInterface interface {
// tokenCredentialRequests implements TokenCredentialRequestInterface
type tokenCredentialRequests struct {
client rest.Interface
ns string
}
// newTokenCredentialRequests returns a TokenCredentialRequests
func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
return &tokenCredentialRequests{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -52,6 +54,7 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests
func (c *tokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Get().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -68,6 +71,7 @@ func (c *tokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.To
}
result = &v1alpha1.TokenCredentialRequestList{}
err = c.client.Get().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -84,6 +88,7 @@ func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, e
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -94,6 +99,7 @@ func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, e
func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Post().
Namespace(c.ns).
Resource("tokencredentialrequests").
Body(tokenCredentialRequest).
Do().
@@ -105,6 +111,7 @@ func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenC
func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(tokenCredentialRequest.Name).
Body(tokenCredentialRequest).
@@ -119,6 +126,7 @@ func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenC
func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(tokenCredentialRequest.Name).
SubResource("status").
@@ -131,6 +139,7 @@ func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.
// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
func (c *tokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(name).
Body(options).
@@ -145,6 +154,7 @@ func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, li
timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&listOptions, scheme.ParameterCodec).
Timeout(timeout).
@@ -157,6 +167,7 @@ func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, li
func (c *tokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("tokencredentialrequests").
SubResource(subresources...).
Name(name).

4
generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go generated
View File

@@ -30,10 +30,10 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
// JWTAuthenticators returns a JWTAuthenticatorInformer.
func (v *version) JWTAuthenticators() JWTAuthenticatorInformer {
return &jWTAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
return &jWTAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}
// WebhookAuthenticators returns a WebhookAuthenticatorInformer.
func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
return &webhookAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

13
generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -28,32 +28,33 @@ type JWTAuthenticatorInformer interface {
type jWTAuthenticatorInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
func NewJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredJWTAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().JWTAuthenticators().List(options)
return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(options)
return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).Watch(options)
},
},
&authenticationv1alpha1.JWTAuthenticator{},
@@ -63,7 +64,7 @@ func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPerio
}
func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
return NewFilteredJWTAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {

13
generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -28,32 +28,33 @@ type WebhookAuthenticatorInformer interface {
type webhookAuthenticatorInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().WebhookAuthenticators().List(options)
return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(options)
return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(options)
},
},
&authenticationv1alpha1.WebhookAuthenticator{},
@@ -63,7 +64,7 @@ func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncP
}
func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {

13
generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go generated
View File

@@ -28,32 +28,33 @@ type CredentialIssuerInformer interface {
type credentialIssuerInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.ConfigV1alpha1().CredentialIssuers().List(options)
return client.ConfigV1alpha1().CredentialIssuers(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.ConfigV1alpha1().CredentialIssuers().Watch(options)
return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(options)
},
},
&configv1alpha1.CredentialIssuer{},
@@ -63,7 +64,7 @@ func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPerio
}
func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {

2
generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go generated
View File

@@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
// CredentialIssuers returns a CredentialIssuerInformer.
func (v *version) CredentialIssuers() CredentialIssuerInformer {
return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

2
generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go generated
View File

@@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
// TokenCredentialRequests returns a TokenCredentialRequestInformer.
func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer {
return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
}

13
generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go generated
View File

@@ -28,32 +28,33 @@ type TokenCredentialRequestInformer interface {
type tokenCredentialRequestInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
namespace string
}
// NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil)
func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil)
}
// NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.LoginV1alpha1().TokenCredentialRequests().List(options)
return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.LoginV1alpha1().TokenCredentialRequests().Watch(options)
return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(options)
},
},
&loginv1alpha1.TokenCredentialRequest{},
@@ -63,7 +64,7 @@ func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyn
}
func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer {

8
generated/1.17/client/concierge/listers/authentication/v1alpha1/expansion_generated.go generated
View File

@@ -9,6 +9,14 @@ package v1alpha1
// JWTAuthenticatorLister.
type JWTAuthenticatorListerExpansion interface{}
// JWTAuthenticatorNamespaceListerExpansion allows custom methods to be added to
// JWTAuthenticatorNamespaceLister.
type JWTAuthenticatorNamespaceListerExpansion interface{}
// WebhookAuthenticatorListerExpansion allows custom methods to be added to
// WebhookAuthenticatorLister.
type WebhookAuthenticatorListerExpansion interface{}
// WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
// WebhookAuthenticatorNamespaceLister.
type WebhookAuthenticatorNamespaceListerExpansion interface{}

39
generated/1.17/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -16,8 +16,8 @@ import (
type JWTAuthenticatorLister interface {
// List lists all JWTAuthenticators in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
// Get retrieves the JWTAuthenticator from the index for a given name.
Get(name string) (*v1alpha1.JWTAuthenticator, error)
// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister
JWTAuthenticatorListerExpansion
}
@@ -39,9 +39,38 @@ func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1
return ret, err
}
// Get retrieves the JWTAuthenticator from the index for a given name.
func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
obj, exists, err := s.indexer.GetByKey(name)
// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
func (s *jWTAuthenticatorLister) JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister {
return jWTAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// JWTAuthenticatorNamespaceLister helps list and get JWTAuthenticators.
type JWTAuthenticatorNamespaceLister interface {
// List lists all JWTAuthenticators in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.JWTAuthenticator, error)
JWTAuthenticatorNamespaceListerExpansion
}
// jWTAuthenticatorNamespaceLister implements the JWTAuthenticatorNamespaceLister
// interface.
type jWTAuthenticatorNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all JWTAuthenticators in the indexer for a given namespace.
func (s jWTAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
})
return ret, err
}
// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
func (s jWTAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}

39
generated/1.17/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -16,8 +16,8 @@ import (
type WebhookAuthenticatorLister interface {
// List lists all WebhookAuthenticators in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
// Get retrieves the WebhookAuthenticator from the index for a given name.
Get(name string) (*v1alpha1.WebhookAuthenticator, error)
// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
WebhookAuthenticatorListerExpansion
}
@@ -39,9 +39,38 @@ func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1al
return ret, err
}
// Get retrieves the WebhookAuthenticator from the index for a given name.
func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
obj, exists, err := s.indexer.GetByKey(name)
// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
type WebhookAuthenticatorNamespaceLister interface {
// List lists all WebhookAuthenticators in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.WebhookAuthenticator, error)
WebhookAuthenticatorNamespaceListerExpansion
}
// webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
// interface.
type webhookAuthenticatorNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all WebhookAuthenticators in the indexer for a given namespace.
func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
})
return ret, err
}
// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}

39
generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go generated
View File

@@ -16,8 +16,8 @@ import (
type CredentialIssuerLister interface {
// List lists all CredentialIssuers in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
// Get retrieves the CredentialIssuer from the index for a given name.
Get(name string) (*v1alpha1.CredentialIssuer, error)
// CredentialIssuers returns an object that can list and get CredentialIssuers.
CredentialIssuers(namespace string) CredentialIssuerNamespaceLister
CredentialIssuerListerExpansion
}
@@ -39,9 +39,38 @@ func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1
return ret, err
}
// Get retrieves the CredentialIssuer from the index for a given name.
func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
obj, exists, err := s.indexer.GetByKey(name)
// CredentialIssuers returns an object that can list and get CredentialIssuers.
func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister {
return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// CredentialIssuerNamespaceLister helps list and get CredentialIssuers.
type CredentialIssuerNamespaceLister interface {
// List lists all CredentialIssuers in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.CredentialIssuer, error)
CredentialIssuerNamespaceListerExpansion
}
// credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister
// interface.
type credentialIssuerNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all CredentialIssuers in the indexer for a given namespace.
func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.CredentialIssuer))
})
return ret, err
}
// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}

4
generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go generated
View File

@@ -8,3 +8,7 @@ package v1alpha1
// CredentialIssuerListerExpansion allows custom methods to be added to
// CredentialIssuerLister.
type CredentialIssuerListerExpansion interface{}
// CredentialIssuerNamespaceListerExpansion allows custom methods to be added to
// CredentialIssuerNamespaceLister.
type CredentialIssuerNamespaceListerExpansion interface{}

4
generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go generated
View File

@@ -8,3 +8,7 @@ package v1alpha1
// TokenCredentialRequestListerExpansion allows custom methods to be added to
// TokenCredentialRequestLister.
type TokenCredentialRequestListerExpansion interface{}
// TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to
// TokenCredentialRequestNamespaceLister.
type TokenCredentialRequestNamespaceListerExpansion interface{}

39
generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go generated
View File

@@ -16,8 +16,8 @@ import (
type TokenCredentialRequestLister interface {
// List lists all TokenCredentialRequests in the indexer.
List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
// Get retrieves the TokenCredentialRequest from the index for a given name.
Get(name string) (*v1alpha1.TokenCredentialRequest, error)
// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister
TokenCredentialRequestListerExpansion
}
@@ -39,9 +39,38 @@ func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1
return ret, err
}
// Get retrieves the TokenCredentialRequest from the index for a given name.
func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
obj, exists, err := s.indexer.GetByKey(name)
// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister {
return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
}
// TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests.
type TokenCredentialRequestNamespaceLister interface {
// List lists all TokenCredentialRequests in the indexer for a given namespace.
List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
Get(name string) (*v1alpha1.TokenCredentialRequest, error)
TokenCredentialRequestNamespaceListerExpansion
}
// tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister
// interface.
type tokenCredentialRequestNamespaceLister struct {
indexer cache.Indexer
namespace string
}
// List lists all TokenCredentialRequests in the indexer for a given namespace.
func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) {
err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
ret = append(ret, m.(*v1alpha1.TokenCredentialRequest))
})
return ret, err
}
// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
if err != nil {
return nil, err
}

5
generated/1.17/crds/authentication.concierge.pinniped.dev_jwtauthenticators.yaml generated
View File

@@ -18,7 +18,7 @@ spec:
listKind: JWTAuthenticatorList
plural: jwtauthenticators
singular: jwtauthenticator
scope: Cluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.issuer
@@ -161,8 +161,7 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
subresources: {}
status:
acceptedNames:
kind: ""

5
generated/1.17/crds/authentication.concierge.pinniped.dev_webhookauthenticators.yaml generated
View File

@@ -18,7 +18,7 @@ spec:
listKind: WebhookAuthenticatorList
plural: webhookauthenticators
singular: webhookauthenticator
scope: Cluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.endpoint
@@ -137,8 +137,7 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
subresources: {}
status:
acceptedNames:
kind: ""

6
generated/1.17/crds/config.concierge.pinniped.dev_credentialissuers.yaml generated
View File

@@ -16,7 +16,7 @@ spec:
listKind: CredentialIssuerList
plural: credentialissuers
singular: credentialissuer
scope: Cluster
scope: Namespaced
versions:
- name: v1alpha1
schema:
@@ -98,11 +98,11 @@ spec:
required:
- strategies
type: object
required:
- status
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

2
generated/1.17/crds/config.supervisor.pinniped.dev_federationdomains.yaml generated
View File

@@ -150,8 +150,6 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

4
generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go generated
View File

@@ -57,11 +57,9 @@ type JWTTokenClaims struct {
// signature, existence of claims, etc.) and extract the username and groups from the token.
//
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
// +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
// +kubebuilder:subresource:status
type JWTAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

4
generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go generated
View File

@@ -29,11 +29,9 @@ type WebhookAuthenticatorSpec struct {
// WebhookAuthenticator describes the configuration of a webhook authenticator.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster
// +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
// +kubebuilder:subresource:status
type WebhookAuthenticator struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

5
generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go generated
View File

@@ -67,16 +67,13 @@ type CredentialIssuerStrategy struct {
// Describes the configuration status of a Pinniped credential issuer.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped,scope=Cluster
// +kubebuilder:subresource:status
// +kubebuilder:resource:categories=pinniped
type CredentialIssuer struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Status of the credential issuer.
// +optional
Status CredentialIssuerStatus `json:"status"`
}

1
generated/1.18/apis/concierge/login/types_token.go generated
View File

@@ -27,6 +27,7 @@ type TokenCredentialRequestStatus struct {
}
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type TokenCredentialRequest struct {
metav1.TypeMeta

1
generated/1.18/apis/concierge/login/v1alpha1/types_token.go generated
View File

@@ -30,7 +30,6 @@ type TokenCredentialRequestStatus struct {
// TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type TokenCredentialRequest struct {
metav1.TypeMeta `json:",inline"`

1
generated/1.18/apis/supervisor/config/v1alpha1/types_federationdomain.go generated
View File

@@ -109,7 +109,6 @@ type FederationDomainStatus struct {
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=pinniped
// +kubebuilder:subresource:status
type FederationDomain struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

8
generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go generated
View File

@@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
restClient rest.Interface
}
func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
return newJWTAuthenticators(c)
func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
return newJWTAuthenticators(c, namespace)
}
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
return newWebhookAuthenticators(c)
func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
return newWebhookAuthenticators(c, namespace)
}
// NewForConfig creates a new AuthenticationV1alpha1Client for the given config.

8
generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go generated
View File

@@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
*testing.Fake
}
func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
return &FakeJWTAuthenticators{c}
func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
return &FakeJWTAuthenticators{c, namespace}
}
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
return &FakeWebhookAuthenticators{c}
func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
return &FakeWebhookAuthenticators{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate

27
generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go generated
View File

@@ -20,6 +20,7 @@ import (
// FakeJWTAuthenticators implements JWTAuthenticatorInterface
type FakeJWTAuthenticators struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@@ -29,7 +30,8 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
// Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -39,7 +41,8 @@ func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1
// List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
if obj == nil {
return nil, err
}
@@ -60,13 +63,15 @@ func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
// Watch returns a watch.Interface that watches the requested jWTAuthenticators.
func (c *FakeJWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
}
// Create takes the representation of a jWTAuthenticator and creates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -76,7 +81,8 @@ func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1
// Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -87,7 +93,8 @@ func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (*v1alpha1.JWTAuthenticator, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}
@@ -97,13 +104,14 @@ func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticat
// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
func (c *FakeJWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOpts)
action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
return err
@@ -112,7 +120,8 @@ func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
// Patch applies the patch and returns the patched jWTAuthenticator.
func (c *FakeJWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
if obj == nil {
return nil, err
}

27
generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go generated
View File

@@ -20,6 +20,7 @@ import (
// FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
type FakeWebhookAuthenticators struct {
Fake *FakeAuthenticationV1alpha1
ns string
}
var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@@ -29,7 +30,8 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
// Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -39,7 +41,8 @@ func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, option
// List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
if obj == nil {
return nil, err
}
@@ -60,13 +63,15 @@ func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOption
// Watch returns a watch.Interface that watches the requested webhookAuthenticators.
func (c *FakeWebhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
}
// Create takes the representation of a webhookAuthenticator and creates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -76,7 +81,8 @@ func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthentic
// Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -87,7 +93,8 @@ func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthentic
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}
@@ -97,13 +104,14 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAut
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *FakeWebhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOpts)
action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
return err
@@ -112,7 +120,8 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v
// Patch applies the patch and returns the patched webhookAuthenticator.
func (c *FakeWebhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
if obj == nil {
return nil, err
}

15
generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go generated
View File

@@ -20,7 +20,7 @@ import (
// JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
// A group's client should implement this interface.
type JWTAuthenticatorsGetter interface {
JWTAuthenticators() JWTAuthenticatorInterface
JWTAuthenticators(namespace string) JWTAuthenticatorInterface
}
// JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@@ -40,12 +40,14 @@ type JWTAuthenticatorInterface interface {
// jWTAuthenticators implements JWTAuthenticatorInterface
type jWTAuthenticators struct {
client rest.Interface
ns string
}
// newJWTAuthenticators returns a JWTAuthenticators
func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
return &jWTAuthenticators{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -53,6 +55,7 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
func (c *jWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Get().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -69,6 +72,7 @@ func (c *jWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (resu
}
result = &v1alpha1.JWTAuthenticatorList{}
err = c.client.Get().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -85,6 +89,7 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -95,6 +100,7 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Post().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Body(jWTAuthenticator).
@@ -107,6 +113,7 @@ func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alph
func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(jWTAuthenticator.Name).
VersionedParams(&opts, scheme.ParameterCodec).
@@ -121,6 +128,7 @@ func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alph
func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(jWTAuthenticator.Name).
SubResource("status").
@@ -134,6 +142,7 @@ func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *
// Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
func (c *jWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("jwtauthenticators").
Name(name).
Body(&opts).
@@ -148,6 +157,7 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("jwtauthenticators").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
@@ -160,6 +170,7 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
func (c *jWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
result = &v1alpha1.JWTAuthenticator{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("jwtauthenticators").
Name(name).
SubResource(subresources...).

15
generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go generated
View File

@@ -20,7 +20,7 @@ import (
// WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
// A group's client should implement this interface.
type WebhookAuthenticatorsGetter interface {
WebhookAuthenticators() WebhookAuthenticatorInterface
WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
}
// WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@@ -40,12 +40,14 @@ type WebhookAuthenticatorInterface interface {
// webhookAuthenticators implements WebhookAuthenticatorInterface
type webhookAuthenticators struct {
client rest.Interface
ns string
}
// newWebhookAuthenticators returns a WebhookAuthenticators
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
return &webhookAuthenticators{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -53,6 +55,7 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthentic
func (c *webhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -69,6 +72,7 @@ func (c *webhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
}
result = &v1alpha1.WebhookAuthenticatorList{}
err = c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -85,6 +89,7 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -95,6 +100,7 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Post().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&opts, scheme.ParameterCodec).
Body(webhookAuthenticator).
@@ -107,6 +113,7 @@ func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator
func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
VersionedParams(&opts, scheme.ParameterCodec).
@@ -121,6 +128,7 @@ func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator
func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Put().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(webhookAuthenticator.Name).
SubResource("status").
@@ -134,6 +142,7 @@ func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthent
// Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
func (c *webhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
Body(&opts).
@@ -148,6 +157,7 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("webhookauthenticators").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
@@ -160,6 +170,7 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
func (c *webhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
result = &v1alpha1.WebhookAuthenticator{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("webhookauthenticators").
Name(name).
SubResource(subresources...).

4
generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go generated
View File

@@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
restClient rest.Interface
}
func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
return newCredentialIssuers(c)
func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
return newCredentialIssuers(c, namespace)
}
// NewForConfig creates a new ConfigV1alpha1Client for the given config.

15
generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go generated
View File

@@ -20,7 +20,7 @@ import (
// CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
// A group's client should implement this interface.
type CredentialIssuersGetter interface {
CredentialIssuers() CredentialIssuerInterface
CredentialIssuers(namespace string) CredentialIssuerInterface
}
// CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@@ -40,12 +40,14 @@ type CredentialIssuerInterface interface {
// credentialIssuers implements CredentialIssuerInterface
type credentialIssuers struct {
client rest.Interface
ns string
}
// newCredentialIssuers returns a CredentialIssuers
func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
return &credentialIssuers{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -53,6 +55,7 @@ func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
func (c *credentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Get().
Namespace(c.ns).
Resource("credentialissuers").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -69,6 +72,7 @@ func (c *credentialIssuers) List(ctx context.Context, opts v1.ListOptions) (resu
}
result = &v1alpha1.CredentialIssuerList{}
err = c.client.Get().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -85,6 +89,7 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -95,6 +100,7 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Post().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&opts, scheme.ParameterCodec).
Body(credentialIssuer).
@@ -107,6 +113,7 @@ func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alph
func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Put().
Namespace(c.ns).
Resource("credentialissuers").
Name(credentialIssuer.Name).
VersionedParams(&opts, scheme.ParameterCodec).
@@ -121,6 +128,7 @@ func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alph
func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Put().
Namespace(c.ns).
Resource("credentialissuers").
Name(credentialIssuer.Name).
SubResource("status").
@@ -134,6 +142,7 @@ func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *
// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
func (c *credentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("credentialissuers").
Name(name).
Body(&opts).
@@ -148,6 +157,7 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("credentialissuers").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
@@ -160,6 +170,7 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
func (c *credentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
result = &v1alpha1.CredentialIssuer{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("credentialissuers").
Name(name).
SubResource(subresources...).

4
generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go generated
View File

@@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
*testing.Fake
}
func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
return &FakeCredentialIssuers{c}
func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
return &FakeCredentialIssuers{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate

27
generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go generated
View File

@@ -20,6 +20,7 @@ import (
// FakeCredentialIssuers implements CredentialIssuerInterface
type FakeCredentialIssuers struct {
Fake *FakeConfigV1alpha1
ns string
}
var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@@ -29,7 +30,8 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
// Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -39,7 +41,8 @@ func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1
// List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
if obj == nil {
return nil, err
}
@@ -60,13 +63,15 @@ func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (
// Watch returns a watch.Interface that watches the requested credentialIssuers.
func (c *FakeCredentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
}
// Create takes the representation of a credentialIssuer and creates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -76,7 +81,8 @@ func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1
// Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -87,7 +93,8 @@ func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}
@@ -97,13 +104,14 @@ func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssu
// Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
func (c *FakeCredentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOpts)
action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
return err
@@ -112,7 +120,8 @@ func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.De
// Patch applies the patch and returns the patched credentialIssuer.
func (c *FakeCredentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
if obj == nil {
return nil, err
}

4
generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go generated
View File

@@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
*testing.Fake
}
func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
return &FakeTokenCredentialRequests{c}
func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
return &FakeTokenCredentialRequests{c, namespace}
}
// RESTClient returns a RESTClient that is used to communicate

27
generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go generated
View File

@@ -20,6 +20,7 @@ import (
// FakeTokenCredentialRequests implements TokenCredentialRequestInterface
type FakeTokenCredentialRequests struct {
Fake *FakeLoginV1alpha1
ns string
}
var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@@ -29,7 +30,8 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
// Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -39,7 +41,8 @@ func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, opti
// List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
if obj == nil {
return nil, err
}
@@ -60,13 +63,15 @@ func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOpti
// Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
}
// Create takes the representation of a tokenCredentialRequest and creates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -76,7 +81,8 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia
// Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -87,7 +93,8 @@ func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentia
// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}
@@ -97,13 +104,14 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCre
// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts)
action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOpts)
_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
return err
@@ -112,7 +120,8 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts
// Patch applies the patch and returns the patched tokenCredentialRequest.
func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
if obj == nil {
return nil, err
}

4
generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go generated
View File

@@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
restClient rest.Interface
}
func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
return newTokenCredentialRequests(c)
func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
return newTokenCredentialRequests(c, namespace)
}
// NewForConfig creates a new LoginV1alpha1Client for the given config.

15
generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go generated
View File

@@ -20,7 +20,7 @@ import (
// TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
// A group's client should implement this interface.
type TokenCredentialRequestsGetter interface {
TokenCredentialRequests() TokenCredentialRequestInterface
TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
}
// TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@@ -40,12 +40,14 @@ type TokenCredentialRequestInterface interface {
// tokenCredentialRequests implements TokenCredentialRequestInterface
type tokenCredentialRequests struct {
client rest.Interface
ns string
}
// newTokenCredentialRequests returns a TokenCredentialRequests
func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
return &tokenCredentialRequests{
client: c.RESTClient(),
ns: namespace,
}
}
@@ -53,6 +55,7 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests
func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Get().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
@@ -69,6 +72,7 @@ func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions)
}
result = &v1alpha1.TokenCredentialRequestList{}
err = c.client.Get().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -85,6 +89,7 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
}
opts.Watch = true
return c.client.Get().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&opts, scheme.ParameterCodec).
Timeout(timeout).
@@ -95,6 +100,7 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Post().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&opts, scheme.ParameterCodec).
Body(tokenCredentialRequest).
@@ -107,6 +113,7 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq
func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(tokenCredentialRequest.Name).
VersionedParams(&opts, scheme.ParameterCodec).
@@ -121,6 +128,7 @@ func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialReq
func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Put().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(tokenCredentialRequest.Name).
SubResource("status").
@@ -134,6 +142,7 @@ func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredent
// Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
return c.client.Delete().
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(name).
Body(&opts).
@@ -148,6 +157,7 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
}
return c.client.Delete().
Namespace(c.ns).
Resource("tokencredentialrequests").
VersionedParams(&listOpts, scheme.ParameterCodec).
Timeout(timeout).
@@ -160,6 +170,7 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
result = &v1alpha1.TokenCredentialRequest{}
err = c.client.Patch(pt).
Namespace(c.ns).
Resource("tokencredentialrequests").
Name(name).
SubResource(subresources...).

Some files were not shown because too many files have changed in this diff Show More