Documentation

Overview

    Package v1alpha1 is the v1alpha1 version of the Pinniped concierge authentication API.

    Index

    Constants

    View Source
    const GroupName = "authentication.concierge.pinniped.dev"

    Variables

    View Source
    var (
    	SchemeBuilder runtime.SchemeBuilder
    
    	AddToScheme = localSchemeBuilder.AddToScheme
    )
    View Source
    var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

      SchemeGroupVersion is group version used to register these objects.

      Functions

      func Resource

      func Resource(resource string) schema.GroupResource

        Resource takes an unqualified resource and returns a Group qualified GroupResource.

        Types

        type Condition

        type Condition struct {
        	// type of condition in CamelCase or in foo.example.com/CamelCase.
        	// ---
        	// Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
        	// useful (see .node.status.conditions), the ability to deconflict is important.
        	// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
        	// +required
        	// +kubebuilder:validation:Required
        	// +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$`
        	// +kubebuilder:validation:MaxLength=316
        	Type string `json:"type"`
        
        	// status of the condition, one of True, False, Unknown.
        	// +required
        	// +kubebuilder:validation:Required
        	// +kubebuilder:validation:Enum=True;False;Unknown
        	Status ConditionStatus `json:"status"`
        
        	// observedGeneration represents the .metadata.generation that the condition was set based upon.
        	// For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
        	// with respect to the current state of the instance.
        	// +optional
        	// +kubebuilder:validation:Minimum=0
        	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
        
        	// lastTransitionTime is the last time the condition transitioned from one status to another.
        	// This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
        	// +required
        	// +kubebuilder:validation:Required
        	// +kubebuilder:validation:Type=string
        	// +kubebuilder:validation:Format=date-time
        	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
        
        	// reason contains a programmatic identifier indicating the reason for the condition's last transition.
        	// Producers of specific condition types may define expected values and meanings for this field,
        	// and whether the values are considered a guaranteed API.
        	// The value should be a CamelCase string.
        	// This field may not be empty.
        	// +required
        	// +kubebuilder:validation:Required
        	// +kubebuilder:validation:MaxLength=1024
        	// +kubebuilder:validation:MinLength=1
        	// +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$`
        	Reason string `json:"reason"`
        
        	// message is a human readable message indicating details about the transition.
        	// This may be an empty string.
        	// +required
        	// +kubebuilder:validation:Required
        	// +kubebuilder:validation:MaxLength=32768
        	Message string `json:"message"`
        }

          Condition status of a resource (mirrored from the metav1.Condition type added in Kubernetes 1.19). In a future API version we can switch to using the upstream type. See https://github.com/kubernetes/apimachinery/blob/v0.19.0/pkg/apis/meta/v1/types.go#L1353-L1413.

          func (*Condition) DeepCopy

          func (in *Condition) DeepCopy() *Condition

            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition.

            func (*Condition) DeepCopyInto

            func (in *Condition) DeepCopyInto(out *Condition)

              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

              type ConditionStatus

              type ConditionStatus string

                ConditionStatus is effectively an enum type for Condition.Status.

                const (
                	ConditionTrue    ConditionStatus = "True"
                	ConditionFalse   ConditionStatus = "False"
                	ConditionUnknown ConditionStatus = "Unknown"
                )

                  These are valid condition statuses. "ConditionTrue" means a resource is in the condition. "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes can't decide if a resource is in the condition or not. In the future, we could add other intermediate conditions, e.g. ConditionDegraded.

                  type JWTAuthenticator

                  type JWTAuthenticator struct {
                  	metav1.TypeMeta   `json:",inline"`
                  	metav1.ObjectMeta `json:"metadata,omitempty"`
                  
                  	// Spec for configuring the authenticator.
                  	Spec JWTAuthenticatorSpec `json:"spec"`
                  
                  	// Status of the authenticator.
                  	Status JWTAuthenticatorStatus `json:"status,omitempty"`
                  }

                    JWTAuthenticator describes the configuration of a JWT authenticator.

                    Upon receiving a signed JWT, a JWTAuthenticator will performs some validation on it (e.g., valid signature, existence of claims, etc.) and extract the username and groups from the token.

                    +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer` +kubebuilder:subresource:status

                    func (*JWTAuthenticator) DeepCopy

                    func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator

                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.

                      func (*JWTAuthenticator) DeepCopyInto

                      func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator)

                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                        func (*JWTAuthenticator) DeepCopyObject

                        func (in *JWTAuthenticator) DeepCopyObject() runtime.Object

                          DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                          type JWTAuthenticatorList

                          type JWTAuthenticatorList struct {
                          	metav1.TypeMeta `json:",inline"`
                          	metav1.ListMeta `json:"metadata,omitempty"`
                          
                          	Items []JWTAuthenticator `json:"items"`
                          }

                            List of JWTAuthenticator objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

                            func (*JWTAuthenticatorList) DeepCopy

                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorList.

                              func (*JWTAuthenticatorList) DeepCopyInto

                              func (in *JWTAuthenticatorList) DeepCopyInto(out *JWTAuthenticatorList)

                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                func (*JWTAuthenticatorList) DeepCopyObject

                                func (in *JWTAuthenticatorList) DeepCopyObject() runtime.Object

                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                  type JWTAuthenticatorSpec

                                  type JWTAuthenticatorSpec struct {
                                  	// Issuer is the OIDC issuer URL that will be used to discover public signing keys. Issuer is
                                  	// also used to validate the "iss" JWT claim.
                                  	// +kubebuilder:validation:MinLength=1
                                  	// +kubebuilder:validation:Pattern=`^https://`
                                  	Issuer string `json:"issuer"`
                                  
                                  	// Audience is the required value of the "aud" JWT claim.
                                  	// +kubebuilder:validation:MinLength=1
                                  	Audience string `json:"audience"`
                                  
                                  	// Claims allows customization of the claims that will be mapped to user identity
                                  	// for Kubernetes access.
                                  	// +optional
                                  	Claims JWTTokenClaims `json:"claims"`
                                  
                                  	// TLS configuration for communicating with the OIDC provider.
                                  	// +optional
                                  	TLS *TLSSpec `json:"tls,omitempty"`
                                  }

                                    Spec for configuring a JWT authenticator.

                                    func (*JWTAuthenticatorSpec) DeepCopy

                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorSpec.

                                      func (*JWTAuthenticatorSpec) DeepCopyInto

                                      func (in *JWTAuthenticatorSpec) DeepCopyInto(out *JWTAuthenticatorSpec)

                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                        type JWTAuthenticatorStatus

                                        type JWTAuthenticatorStatus struct {
                                        	// Represents the observations of the authenticator's current state.
                                        	// +patchMergeKey=type
                                        	// +patchStrategy=merge
                                        	// +listType=map
                                        	// +listMapKey=type
                                        	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
                                        }

                                          Status of a JWT authenticator.

                                          func (*JWTAuthenticatorStatus) DeepCopy

                                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticatorStatus.

                                            func (*JWTAuthenticatorStatus) DeepCopyInto

                                            func (in *JWTAuthenticatorStatus) DeepCopyInto(out *JWTAuthenticatorStatus)

                                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                              type JWTTokenClaims

                                              type JWTTokenClaims struct {
                                              	// Groups is the name of the claim which should be read to extract the user's
                                              	// group membership from the JWT token. When not specified, it will default to "groups".
                                              	// +optional
                                              	Groups string `json:"groups"`
                                              
                                              	// Username is the name of the claim which should be read to extract the
                                              	// username from the JWT token. When not specified, it will default to "username".
                                              	// +optional
                                              	Username string `json:"username"`
                                              }

                                                JWTTokenClaims allows customization of the claims that will be mapped to user identity for Kubernetes access.

                                                func (*JWTTokenClaims) DeepCopy

                                                func (in *JWTTokenClaims) DeepCopy() *JWTTokenClaims

                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTTokenClaims.

                                                  func (*JWTTokenClaims) DeepCopyInto

                                                  func (in *JWTTokenClaims) DeepCopyInto(out *JWTTokenClaims)

                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                    type TLSSpec

                                                    type TLSSpec struct {
                                                    	// X.509 Certificate Authority (base64-encoded PEM bundle). If omitted, a default set of system roots will be trusted.
                                                    	// +optional
                                                    	CertificateAuthorityData string `json:"certificateAuthorityData,omitempty"`
                                                    }

                                                      Configuration for configuring TLS on various authenticators.

                                                      func (*TLSSpec) DeepCopy

                                                      func (in *TLSSpec) DeepCopy() *TLSSpec

                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSpec.

                                                        func (*TLSSpec) DeepCopyInto

                                                        func (in *TLSSpec) DeepCopyInto(out *TLSSpec)

                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                          type WebhookAuthenticator

                                                          type WebhookAuthenticator struct {
                                                          	metav1.TypeMeta   `json:",inline"`
                                                          	metav1.ObjectMeta `json:"metadata,omitempty"`
                                                          
                                                          	// Spec for configuring the authenticator.
                                                          	Spec WebhookAuthenticatorSpec `json:"spec"`
                                                          
                                                          	// Status of the authenticator.
                                                          	Status WebhookAuthenticatorStatus `json:"status,omitempty"`
                                                          }

                                                            WebhookAuthenticator describes the configuration of a webhook authenticator. +genclient +genclient:nonNamespaced +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators,scope=Cluster +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +kubebuilder:subresource:status

                                                            func (*WebhookAuthenticator) DeepCopy

                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticator.

                                                              func (*WebhookAuthenticator) DeepCopyInto

                                                              func (in *WebhookAuthenticator) DeepCopyInto(out *WebhookAuthenticator)

                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                func (*WebhookAuthenticator) DeepCopyObject

                                                                func (in *WebhookAuthenticator) DeepCopyObject() runtime.Object

                                                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                  type WebhookAuthenticatorList

                                                                  type WebhookAuthenticatorList struct {
                                                                  	metav1.TypeMeta `json:",inline"`
                                                                  	metav1.ListMeta `json:"metadata,omitempty"`
                                                                  
                                                                  	Items []WebhookAuthenticator `json:"items"`
                                                                  }

                                                                    List of WebhookAuthenticator objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

                                                                    func (*WebhookAuthenticatorList) DeepCopy

                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorList.

                                                                      func (*WebhookAuthenticatorList) DeepCopyInto

                                                                      func (in *WebhookAuthenticatorList) DeepCopyInto(out *WebhookAuthenticatorList)

                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                        func (*WebhookAuthenticatorList) DeepCopyObject

                                                                        func (in *WebhookAuthenticatorList) DeepCopyObject() runtime.Object

                                                                          DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                          type WebhookAuthenticatorSpec

                                                                          type WebhookAuthenticatorSpec struct {
                                                                          	// Webhook server endpoint URL.
                                                                          	// +kubebuilder:validation:MinLength=1
                                                                          	// +kubebuilder:validation:Pattern=`^https://`
                                                                          	Endpoint string `json:"endpoint"`
                                                                          
                                                                          	// TLS configuration.
                                                                          	// +optional
                                                                          	TLS *TLSSpec `json:"tls,omitempty"`
                                                                          }

                                                                            Spec for configuring a webhook authenticator.

                                                                            func (*WebhookAuthenticatorSpec) DeepCopy

                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorSpec.

                                                                              func (*WebhookAuthenticatorSpec) DeepCopyInto

                                                                              func (in *WebhookAuthenticatorSpec) DeepCopyInto(out *WebhookAuthenticatorSpec)

                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                type WebhookAuthenticatorStatus

                                                                                type WebhookAuthenticatorStatus struct {
                                                                                	// Represents the observations of the authenticator's current state.
                                                                                	// +patchMergeKey=type
                                                                                	// +patchStrategy=merge
                                                                                	// +listType=map
                                                                                	// +listMapKey=type
                                                                                	Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
                                                                                }

                                                                                  Status of a webhook authenticator.

                                                                                  func (*WebhookAuthenticatorStatus) DeepCopy

                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookAuthenticatorStatus.

                                                                                    func (*WebhookAuthenticatorStatus) DeepCopyInto

                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.