Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewFederationDomainWatcherController

func NewFederationDomainWatcherController(
	providerSetter ProvidersSetter,
	clock clock.Clock,
	client pinnipedclientset.Interface,
	federationDomainInformer configinformers.FederationDomainInformer,
	withInformer pinnipedcontroller.WithInformerOptionFunc,
) controllerlib.Controller

    NewFederationDomainWatcherController creates a controllerlib.Controller that watches FederationDomain objects and notifies a callback object of the collection of provider configs.

    func NewJWKSObserverController

    func NewJWKSObserverController(
    	issuerToJWKSSetter IssuerToJWKSMapSetter,
    	secretInformer corev1informers.SecretInformer,
    	federationDomainInformer v1alpha1.FederationDomainInformer,
    	withInformer pinnipedcontroller.WithInformerOptionFunc,
    ) controllerlib.Controller

      Returns a controller which watches all of the FederationDomains and their corresponding Secrets and fills an in-memory cache of the JWKS info for each currently configured issuer. This controller assumes that the informers passed to it are already scoped down to the appropriate namespace. It also assumes that the IssuerToJWKSMapSetter passed to it has an underlying implementation which is thread-safe.

      func NewJWKSWriterController

      func NewJWKSWriterController(
      	jwksSecretLabels map[string]string,
      	kubeClient kubernetes.Interface,
      	pinnipedClient pinnipedclientset.Interface,
      	secretInformer corev1informers.SecretInformer,
      	federationDomainInformer configinformers.FederationDomainInformer,
      	withInformer pinnipedcontroller.WithInformerOptionFunc,
      ) controllerlib.Controller

        NewJWKSWriterController returns a controllerlib.Controller that ensures a FederationDomain has a corresponding Secret that contains a valid active JWK and JWKS.

        func NewTLSCertObserverController

        func NewTLSCertObserverController(
        	issuerTLSCertSetter IssuerTLSCertSetter,
        	defaultTLSCertificateSecretName string,
        	secretInformer corev1informers.SecretInformer,
        	federationDomainInformer v1alpha1.FederationDomainInformer,
        	withInformer pinnipedcontroller.WithInformerOptionFunc,
        ) controllerlib.Controller

        Types

        type IssuerTLSCertSetter

        type IssuerTLSCertSetter interface {
        	SetIssuerHostToTLSCertMap(issuerHostToTLSCertMap map[string]*tls.Certificate)
        	SetDefaultTLSCert(certificate *tls.Certificate)
        }

        type IssuerToJWKSMapSetter

        type IssuerToJWKSMapSetter interface {
        	SetIssuerToJWKSMap(
        		issuerToJWKSMap map[string]*jose.JSONWebKeySet,
        		issuerToActiveJWKMap map[string]*jose.JSONWebKey,
        	)
        }

        type ProvidersSetter

        type ProvidersSetter interface {
        	SetProviders(federationDomains ...*provider.FederationDomainIssuer)
        }

          ProvidersSetter can be notified of all known valid providers with its SetIssuer function. If there are no longer any valid issuers, then it can be called with no arguments. Implementations of this type should be thread-safe to support calls from multiple goroutines.

          Directories

          Path Synopsis
          Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret.
          Package secretgenerator provides a supervisorSecretsController that can ensure existence of a generated secret.
          Package upstreamwatcher implements a controller that watches OIDCIdentityProvider objects.
          Package upstreamwatcher implements a controller that watches OIDCIdentityProvider objects.