From 69bfd2624fe5b256dddc55b22c6e8ffac7a4e923 Mon Sep 17 00:00:00 2001 From: vpnachev Date: Fri, 10 May 2024 15:52:31 +0300 Subject: [PATCH 1/4] Move CredentialsBinding to security.gardener.cloud group --- ...ice-v1alpha1-security-gardener-cloud.yaml} | 4 +- .../app/gardener_apiserver.go | 24 +- docs/api-reference/authentication.md | 125 +-- docs/api-reference/security.md | 139 +++ docs/proposals/26-workload-identity.md | 36 +- example/80-credentialsbinding.yaml | 4 +- hack/api-reference/security-config.json | 20 + hack/update-codegen.sh | 27 +- pkg/api/register.go | 2 + pkg/apis/authentication/register.go | 2 - .../authentication/v1alpha1/generated.pb.go | 791 +--------------- .../authentication/v1alpha1/generated.proto | 37 - pkg/apis/authentication/v1alpha1/register.go | 5 - .../v1alpha1/zz_generated.conversion.go | 105 --- .../v1alpha1/zz_generated.deepcopy.go | 83 -- .../v1alpha1/zz_generated.defaults.go | 13 - .../authentication/zz_generated.deepcopy.go | 83 -- pkg/apis/security/doc.go | 9 + pkg/apis/security/install/install.go | 29 + pkg/apis/security/register.go | 43 + .../types_credentialsbinding.go | 4 +- pkg/apis/security/v1alpha1/defaults.go | 13 + .../v1alpha1/defaults_credentialsbinding.go | 0 .../defaults_credentialsbinding_test.go | 4 +- pkg/apis/security/v1alpha1/doc.go | 16 + pkg/apis/security/v1alpha1/generated.pb.go | 888 ++++++++++++++++++ pkg/apis/security/v1alpha1/generated.proto | 54 ++ pkg/apis/security/v1alpha1/register.go | 47 + .../v1alpha1/types_credentialsbinding.go | 2 +- .../v1alpha1/zz_generated.conversion.go | 131 +++ .../v1alpha1/zz_generated.deepcopy.go | 97 ++ .../v1alpha1/zz_generated.defaults.go | 34 + .../validation/.import-restrictions | 0 .../validation/credentialsbinding.go | 12 +- .../validation/credentialsbinding_test.go | 48 +- .../validation/validation_suite_test.go | 17 + pkg/apis/security/zz_generated.deepcopy.go | 97 ++ .../admission/initializer/initializer.go | 20 +- pkg/apiserver/admission/initializer/types.go | 20 +- pkg/apiserver/apis.go | 4 +- pkg/apiserver/apiserver.go | 6 +- pkg/apiserver/openapi/api_violations.report | 2 +- pkg/apiserver/openapi/openapi_generated.go | 282 +++--- .../credentialsbinding/storage/storage.go | 12 +- .../storage/tableconvertor.go | 4 +- .../credentialsbinding/strategy.go | 10 +- .../rest/storage_security.go} | 12 +- pkg/client/kubernetes/client.go | 4 +- pkg/client/kubernetes/types.go | 4 +- .../clientset/versioned/clientset.go | 16 +- .../versioned/fake/clientset_generated.go | 12 +- .../clientset/versioned/fake/doc.go | 0 .../clientset/versioned/fake/register.go | 4 +- .../clientset/versioned/scheme/doc.go | 0 .../clientset/versioned/scheme/register.go | 4 +- .../security}/v1alpha1/credentialsbinding.go | 6 +- .../versioned/typed/security}/v1alpha1/doc.go | 0 .../typed/security}/v1alpha1/fake/doc.go | 0 .../v1alpha1/fake/fake_credentialsbinding.go | 4 +- .../v1alpha1/fake/fake_security_client.go} | 8 +- .../security}/v1alpha1/generated_expansion.go | 0 .../security/v1alpha1/security_client.go} | 34 +- .../informers/externalversions/factory.go | 12 +- .../informers/externalversions/generic.go | 6 +- .../internalinterfaces/factory_interfaces.go | 2 +- .../externalversions/security}/interface.go | 6 +- .../security}/v1alpha1/credentialsbinding.go | 16 +- .../security}/v1alpha1/interface.go | 2 +- .../security}/v1alpha1/credentialsbinding.go | 2 +- .../security}/v1alpha1/expansion_generated.go | 0 pkg/component/gardener/apiserver/apiserver.go | 4 +- .../gardener/apiserver/apiserver_test.go | 2 +- skaffold-operator.yaml | 58 +- skaffold.yaml | 70 +- 74 files changed, 2097 insertions(+), 1596 deletions(-) rename charts/gardener/controlplane/charts/application/templates/{apiservice-v1alpha1-authentication-gardener-cloud.yaml => apiservice-v1alpha1-security-gardener-cloud.yaml} (89%) create mode 100644 docs/api-reference/security.md create mode 100644 hack/api-reference/security-config.json create mode 100644 pkg/apis/security/doc.go create mode 100644 pkg/apis/security/install/install.go create mode 100644 pkg/apis/security/register.go rename pkg/apis/{authentication => security}/types_credentialsbinding.go (92%) create mode 100644 pkg/apis/security/v1alpha1/defaults.go rename pkg/apis/{authentication => security}/v1alpha1/defaults_credentialsbinding.go (100%) rename pkg/apis/{authentication => security}/v1alpha1/defaults_credentialsbinding_test.go (95%) create mode 100644 pkg/apis/security/v1alpha1/doc.go create mode 100644 pkg/apis/security/v1alpha1/generated.pb.go create mode 100644 pkg/apis/security/v1alpha1/generated.proto create mode 100644 pkg/apis/security/v1alpha1/register.go rename pkg/apis/{authentication => security}/v1alpha1/types_credentialsbinding.go (95%) create mode 100644 pkg/apis/security/v1alpha1/zz_generated.conversion.go create mode 100644 pkg/apis/security/v1alpha1/zz_generated.deepcopy.go create mode 100644 pkg/apis/security/v1alpha1/zz_generated.defaults.go rename pkg/apis/{authentication => security}/validation/.import-restrictions (100%) rename pkg/apis/{authentication => security}/validation/credentialsbinding.go (86%) rename pkg/apis/{authentication => security}/validation/credentialsbinding_test.go (82%) create mode 100644 pkg/apis/security/validation/validation_suite_test.go create mode 100644 pkg/apis/security/zz_generated.deepcopy.go rename pkg/apiserver/registry/{authentication => security}/credentialsbinding/storage/storage.go (77%) rename pkg/apiserver/registry/{authentication => security}/credentialsbinding/storage/tableconvertor.go (95%) rename pkg/apiserver/registry/{authentication => security}/credentialsbinding/strategy.go (84%) rename pkg/apiserver/registry/{authentication/rest/storage_authentication.go => security/rest/storage_security.go} (70%) rename pkg/client/{authentication => security}/clientset/versioned/clientset.go (81%) rename pkg/client/{authentication => security}/clientset/versioned/fake/clientset_generated.go (75%) rename pkg/client/{authentication => security}/clientset/versioned/fake/doc.go (100%) rename pkg/client/{authentication => security}/clientset/versioned/fake/register.go (91%) rename pkg/client/{authentication => security}/clientset/versioned/scheme/doc.go (100%) rename pkg/client/{authentication => security}/clientset/versioned/scheme/register.go (91%) rename pkg/client/{authentication/clientset/versioned/typed/authentication => security/clientset/versioned/typed/security}/v1alpha1/credentialsbinding.go (95%) rename pkg/client/{authentication/clientset/versioned/typed/authentication => security/clientset/versioned/typed/security}/v1alpha1/doc.go (100%) rename pkg/client/{authentication/clientset/versioned/typed/authentication => security/clientset/versioned/typed/security}/v1alpha1/fake/doc.go (100%) rename pkg/client/{authentication/clientset/versioned/typed/authentication => security/clientset/versioned/typed/security}/v1alpha1/fake/fake_credentialsbinding.go (97%) rename pkg/client/{authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go => security/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go} (59%) rename pkg/client/{authentication/clientset/versioned/typed/authentication => security/clientset/versioned/typed/security}/v1alpha1/generated_expansion.go (100%) rename pkg/client/{authentication/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go => security/clientset/versioned/typed/security/v1alpha1/security_client.go} (55%) rename pkg/client/{authentication => security}/informers/externalversions/factory.go (94%) rename pkg/client/{authentication => security}/informers/externalversions/generic.go (87%) rename pkg/client/{authentication => security}/informers/externalversions/internalinterfaces/factory_interfaces.go (91%) rename pkg/client/{authentication/informers/externalversions/authentication => security/informers/externalversions/security}/interface.go (78%) rename pkg/client/{authentication/informers/externalversions/authentication => security/informers/externalversions/security}/v1alpha1/credentialsbinding.go (78%) rename pkg/client/{authentication/informers/externalversions/authentication => security/informers/externalversions/security}/v1alpha1/interface.go (89%) rename pkg/client/{authentication/listers/authentication => security/listers/security}/v1alpha1/credentialsbinding.go (97%) rename pkg/client/{authentication/listers/authentication => security/listers/security}/v1alpha1/expansion_generated.go (100%) diff --git a/charts/gardener/controlplane/charts/application/templates/apiservice-v1alpha1-authentication-gardener-cloud.yaml b/charts/gardener/controlplane/charts/application/templates/apiservice-v1alpha1-security-gardener-cloud.yaml similarity index 89% rename from charts/gardener/controlplane/charts/application/templates/apiservice-v1alpha1-authentication-gardener-cloud.yaml rename to charts/gardener/controlplane/charts/application/templates/apiservice-v1alpha1-security-gardener-cloud.yaml index 3f7e6b14339..284c1e06f4a 100644 --- a/charts/gardener/controlplane/charts/application/templates/apiservice-v1alpha1-authentication-gardener-cloud.yaml +++ b/charts/gardener/controlplane/charts/application/templates/apiservice-v1alpha1-security-gardener-cloud.yaml @@ -2,7 +2,7 @@ apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: - name: v1alpha1.authentication.gardener.cloud + name: v1alpha1.security.gardener.cloud labels: app: gardener role: apiserver @@ -14,7 +14,7 @@ spec: {{- if not .Values.global.apiserver.insecureSkipTLSVerify }} caBundle: {{ required ".Values.global.apiserver.caBundle is required" (b64enc .Values.global.apiserver.caBundle) }} {{- end }} - group: authentication.gardener.cloud + group: security.gardener.cloud version: v1alpha1 groupPriorityMinimum: 10 versionPriority: 10 diff --git a/cmd/gardener-apiserver/app/gardener_apiserver.go b/cmd/gardener-apiserver/app/gardener_apiserver.go index d9eab2090f6..58e53b7e87e 100644 --- a/cmd/gardener-apiserver/app/gardener_apiserver.go +++ b/cmd/gardener-apiserver/app/gardener_apiserver.go @@ -39,22 +39,22 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "github.com/gardener/gardener/pkg/api" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" "github.com/gardener/gardener/pkg/apis/operations" operationsv1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" seedmanagementv1alpha1 "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1" settingsv1alpha1 "github.com/gardener/gardener/pkg/apis/settings/v1alpha1" "github.com/gardener/gardener/pkg/apiserver" admissioninitializer "github.com/gardener/gardener/pkg/apiserver/admission/initializer" "github.com/gardener/gardener/pkg/apiserver/openapi" "github.com/gardener/gardener/pkg/apiserver/storage" - authenticationclientset "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" - authenticationinformers "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions" gardencoreclientset "github.com/gardener/gardener/pkg/client/core/clientset/versioned" gardencoreinformers "github.com/gardener/gardener/pkg/client/core/informers/externalversions" kubernetesclient "github.com/gardener/gardener/pkg/client/kubernetes" + securityclientset "github.com/gardener/gardener/pkg/client/security/clientset/versioned" + securityinformers "github.com/gardener/gardener/pkg/client/security/informers/externalversions" seedmanagementclientset "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" seedmanagementinformers "github.com/gardener/gardener/pkg/client/seedmanagement/informers/externalversions" settingsclientset "github.com/gardener/gardener/pkg/client/settings/clientset/versioned" @@ -109,7 +109,7 @@ type Options struct { KubeInformerFactory kubeinformers.SharedInformerFactory SeedManagementInformerFactory seedmanagementinformers.SharedInformerFactory SettingsInformerFactory settingsinformers.SharedInformerFactory - AuthenticationInformerFactory authenticationinformers.SharedInformerFactory + SecurityInformerFactory securityinformers.SharedInformerFactory Logs *logsv1.LoggingConfiguration } @@ -123,7 +123,7 @@ func NewOptions() *Options { seedmanagementv1alpha1.SchemeGroupVersion, settingsv1alpha1.SchemeGroupVersion, operationsv1alpha1.SchemeGroupVersion, - authenticationv1alpha1.SchemeGroupVersion, + securityv1alpha1.SchemeGroupVersion, ), ), ServerRunOptions: genericoptions.NewServerRunOptions(), @@ -212,12 +212,12 @@ func (o *Options) config(kubeAPIServerConfig *rest.Config, kubeClient *kubernete } o.SettingsInformerFactory = settingsinformers.NewSharedInformerFactory(settingsClient, protobufLoopbackConfig.Timeout) - // authentication client - authenticationClient, err := authenticationclientset.NewForConfig(&protobufLoopbackConfig) + // security client + securityClient, err := securityclientset.NewForConfig(&protobufLoopbackConfig) if err != nil { return nil, err } - o.AuthenticationInformerFactory = authenticationinformers.NewSharedInformerFactory(authenticationClient, protobufLoopbackConfig.Timeout) + o.SecurityInformerFactory = securityinformers.NewSharedInformerFactory(securityClient, protobufLoopbackConfig.Timeout) // dynamic client dynamicClient, err := dynamic.NewForConfig(kubeAPIServerConfig) @@ -234,8 +234,8 @@ func (o *Options) config(kubeAPIServerConfig *rest.Config, kubeClient *kubernete o.SeedManagementInformerFactory, seedManagementClient, o.SettingsInformerFactory, - o.AuthenticationInformerFactory, - authenticationClient, + o.SecurityInformerFactory, + securityClient, o.KubeInformerFactory, kubeClient, dynamicClient, @@ -310,7 +310,7 @@ func (o *Options) Run(ctx context.Context) error { o.CoreInformerFactory.Start(context.StopCh) o.KubeInformerFactory.Start(context.StopCh) o.SeedManagementInformerFactory.Start(context.StopCh) - o.AuthenticationInformerFactory.Start(context.StopCh) + o.SecurityInformerFactory.Start(context.StopCh) o.SettingsInformerFactory.Start(context.StopCh) return nil }); err != nil { @@ -422,7 +422,7 @@ func (o *Options) ApplyTo(config *apiserver.Config, kubeClient kubernetes.Interf seedmanagementv1alpha1.SchemeGroupVersion, settingsv1alpha1.SchemeGroupVersion, operationsv1alpha1.SchemeGroupVersion, - authenticationv1alpha1.SchemeGroupVersion, + securityv1alpha1.SchemeGroupVersion, ) mergedResourceConfig, err := resourceconfig.MergeAPIResourceConfigs(resourceConfig, nil, api.Scheme) diff --git a/docs/api-reference/authentication.md b/docs/api-reference/authentication.md index 554c5f70559..9bf389d6d95 100644 --- a/docs/api-reference/authentication.md +++ b/docs/api-reference/authentication.md @@ -9,100 +9,7 @@

Package v1alpha1 is a version of the API.

Resource Types: - -

CredentialsBinding -

-

-

CredentialsBinding represents a binding to credentials in the same or another namespace.

-

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -authentication.gardener.cloud/v1alpha1 - -
-kind
-string -		CredentialsBinding
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -(Optional) -

Standard object metadata.

-Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-provider
- - -CredentialsBindingProvider - - -		 -

Provider defines the provider type of the CredentialsBinding. -This field is immutable.

-
-credentialsRef
- - -Kubernetes core/v1.ObjectReference - - -		 -

CredentialsRef is a reference to a resource holding the credentials. -Accepted resources are core/v1.Secret and authentication.gardener.cloud/v1alpha1.WorkloadIdentity

-
-quotas
- - -[]Kubernetes core/v1.ObjectReference - - -		 -(Optional) -

Quotas is a list of references to Quota objects in the same or another namespace. -This field is immutable.

-
+

AdminKubeconfigRequest

@@ -257,36 +164,6 @@ Kubernetes meta/v1.Time -

CredentialsBindingProvider -

-

-(Appears on: -CredentialsBinding) -

-

-

CredentialsBindingProvider defines the provider type of the CredentialsBinding.

-

- - - - - - - - - - - - - -
FieldDescription
-type
- -string - -		 -

Type is the type of the provider.

-

ViewerKubeconfigRequest

diff --git a/docs/api-reference/security.md b/docs/api-reference/security.md new file mode 100644 index 00000000000..1ad47c98a37 --- /dev/null +++ b/docs/api-reference/security.md @@ -0,0 +1,139 @@ +

Packages:

+ +

security.gardener.cloud/v1alpha1

+

+

Package v1alpha1 is a version of the API.

+

+Resource Types: + +

CredentialsBinding +

+

+

CredentialsBinding represents a binding to credentials in the same or another namespace.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +security.gardener.cloud/v1alpha1 + +
+kind
+string +		CredentialsBinding
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +(Optional) +

Standard object metadata.

+Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+provider
+ + +CredentialsBindingProvider + + +		 +

Provider defines the provider type of the CredentialsBinding. +This field is immutable.

+
+credentialsRef
+ + +Kubernetes core/v1.ObjectReference + + +		 +

CredentialsRef is a reference to a resource holding the credentials. +Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity

+
+quotas
+ + +[]Kubernetes core/v1.ObjectReference + + +		 +(Optional) +

Quotas is a list of references to Quota objects in the same or another namespace. +This field is immutable.

+
+

CredentialsBindingProvider +

+

+(Appears on: +CredentialsBinding) +

+

+

CredentialsBindingProvider defines the provider type of the CredentialsBinding.

+

+ + + + + + + + + + + + + +
FieldDescription
+type
+ +string + +		 +

Type is the type of the provider.

+
+
+

+Generated with gen-crd-api-reference-docs +

diff --git a/docs/proposals/26-workload-identity.md b/docs/proposals/26-workload-identity.md index 36d5931c4ed..6c4a49ba6e7 100644 --- a/docs/proposals/26-workload-identity.md +++ b/docs/proposals/26-workload-identity.md @@ -127,7 +127,7 @@ Gardener as an OIDC compatible token issuer. ### API Changes -A new resource `WorkloadIdentity` in `authentication.gardener.cloud` API Group +A new resource `WorkloadIdentity` in `security.gardener.cloud` API Group will be implemented. It will specify different characteristics of the JWT, like the value for the `aud` claim. @@ -152,7 +152,7 @@ otherwise Gardener users will have to deduce it themselves which could turn out to be error prone. ```yaml -apiVersion: authentication.gardener.cloud/v1alpha1 +apiVersion: security.gardener.cloud/v1alpha1 kind: WorkloadIdentity metadata: name: banana-testing @@ -164,7 +164,7 @@ spec: targetSystem: # Required field. type: aws # Required field. providerConfig: # Optional field of type *runtime.RawExtension, extensions can make it mandatory via admission webhooks. - apiVersion: aws.authentication.gardener.cloud/v1alpha1 + apiVersion: aws.security.gardener.cloud/v1alpha1 kind: Config iamRoleARN: arn:aws:iam::112233445566:role/gardener-dev status: @@ -174,7 +174,7 @@ status: JWTs will be available when the clients send `create` requests on the `WorkloadIdentity/token` subresource. As the clients will be providing various custom information that will be used for the generation of the JWT, yet another -resource `TokenRequest` in the API group `authentication.gardener.cloud` will be +resource `TokenRequest` in the API group `security.gardener.cloud` will be used, similar to `TokenRequest` from `authentication.k8s.io/v1` API. It is envisioned this resource to contain just metadata for the context where the JWT is being used, e.g. shoot or backup entry identifier. Gardener API server must @@ -194,7 +194,7 @@ client as response. The expiration timestamp of the token will be also available in the status via the `.status.expirationTimestamp` field. ```yaml -apiVersion: authentication.gardener.cloud/v1alpha1 +apiVersion: security.gardener.cloud/v1alpha1 kind: TokenRequest spec: contextObject: # Optional field, various metadata about context of use of the token @@ -218,7 +218,7 @@ refer `WorkloadIdentity` as infrastructure credentials, from user experience point of view `SecretBinding` is not the best name for such resource, because it is no longer limited to referring only secrets as its name implies. Therefore, a new resource named `CredentialsBinding` in the API group -`authentication.gardener.cloud` will be implemented. It will have all features +`security.gardener.cloud` will be implemented. It will have all features of `SecretBinding`, but on top of that will be extended to refer to `WorkloadIdentity` resources via `.credentialsRef` field of type `ObjectReference`. @@ -237,7 +237,7 @@ In a nutshell, the changes introduced compared to `SecretBinding` are: validation is possible for the given extension. ```yaml -apiVersion: authentication.gardener.cloud/v1alpha1 +apiVersion: security.gardener.cloud/v1alpha1 kind: CredentialsBinding metadata: name: my-credentials @@ -245,7 +245,7 @@ metadata: provider: type: aws # {aws,azure,gcp,...} credentialsRef: - apiVersion: authentication.gardener.cloud/v1alpha1 # or "v1", when secret is being used + apiVersion: security.gardener.cloud/v1alpha1 # or "v1", when secret is being used kind: WorkloadIdentity # or "Secret", when secret is being used name: my-provider-account # namespace: "...", allow reference across namespaces @@ -440,18 +440,18 @@ Kubernetes Secrets will be the resource holding the JWT, the provider config, and metadata about the used workload identity. The JWT will be stored under the `token` data key, while the provider config will use the `config` data key. The name and namespace of the used `WorkloadIdentity` will be stored in the -annotations `workloadidentity.authentication.gardener.cloud/name` and -`workloadidentity.authentication.gardener.cloud/namespace` respectively. The -annotation `workloadidentity.authentication.gardener.cloud/context-object`, if +annotations `workloadidentity.security.gardener.cloud/name` and +`workloadidentity.security.gardener.cloud/namespace` respectively. The +annotation `workloadidentity.security.gardener.cloud/context-object`, if present, will hold reference to the object using the workload identity, the value will be JSON document and have the format `{"apiVersion":"...","kind":"...","name":"...","namespace":"...","uid":"..."}`. It will be the source for the `spec.contextObject` field of the `TokenRequest`. To let the controller(s) easily select or distinguish these secrets, they will be labeled with -`authentication.gardener.cloud/purpose: workload-identity-token-requestor`. The +`security.gardener.cloud/purpose: workload-identity-token-requestor`. The secrets will be also labeled with -`workloadidentity.authentication.gardener.cloud/provider=` +`workloadidentity.security.gardener.cloud/provider=` so that the extensions can easily select them and make adjustments via admission webhooks, e.g. transform the service provider config and the token into canonical form usable by the respective service provider SDK. @@ -473,12 +473,12 @@ metadata: name: cloudprovider namespace: shoot--local--foo annotations: - workloadidentity.authentication.gardener.cloud/namespace: garden-local - workloadidentity.authentication.gardener.cloud/name: banana-testing - workloadidentity.authentication.gardener.cloud/context-object: '{"apiVersion":"core.gardener.cloud/v1beta1","kind":"Shoot","name":"foo","namespace":"garden-local","uid":"54d09554-6a68-4f46-a23a-e3592385d820"}' + workloadidentity.security.gardener.cloud/namespace: garden-local + workloadidentity.security.gardener.cloud/name: banana-testing + workloadidentity.security.gardener.cloud/context-object: '{"apiVersion":"core.gardener.cloud/v1beta1","kind":"Shoot","name":"foo","namespace":"garden-local","uid":"54d09554-6a68-4f46-a23a-e3592385d820"}' labels: - authentication.gardener.cloud/purpose: workload-identity-token-requestor - workloadidentity.authentication.gardener.cloud/provider: aws # {aws,azure,gcp,...} + security.gardener.cloud/purpose: workload-identity-token-requestor + workloadidentity.security.gardener.cloud/provider: aws # {aws,azure,gcp,...} type: Opaque ``` diff --git a/example/80-credentialsbinding.yaml b/example/80-credentialsbinding.yaml index b6b2748460d..3bdb609aeb5 100644 --- a/example/80-credentialsbinding.yaml +++ b/example/80-credentialsbinding.yaml @@ -1,7 +1,7 @@ # CredentialsBinding bind a Secret or WorkloadIdentity from the same or # another namespace together with Quotas from the same or other namespaces. --- -apiVersion: authentication.gardener.cloud/v1alpha1 +apiVersion: security.gardener.cloud/v1alpha1 kind: CredentialsBinding metadata: name: my-provider-account @@ -9,7 +9,7 @@ metadata: provider: type: # {aws,azure,gcp,...} credentialsRef: - apiVersion: authentication.gardener.cloud/v1alpha1 # or "v1", when secret is being used + apiVersion: security.gardener.cloud/v1alpha1 # or "v1", when secret is being used kind: WorkloadIdentity # or "Secret", when secret is being used # namespace: namespace-other-than-'garden-dev' // optional name: my-provider-account diff --git a/hack/api-reference/security-config.json b/hack/api-reference/security-config.json new file mode 100644 index 00000000000..61b702e261f --- /dev/null +++ b/hack/api-reference/security-config.json @@ -0,0 +1,20 @@ +{ + "hideMemberFields": [ + "TypeMeta" + ], + "hideTypePatterns": [ + "ParseError$", + "List$" + ], + "externalPackages": [ + { + "typeMatchPrefix": "^k8s\\.io/(api|apimachinery/pkg/apis)/", + "docsURLTemplate": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#{{lower .TypeIdentifier}}-{{arrIndex .PackageSegments -1}}-{{arrIndex .PackageSegments -2}}" + } + ], + "typeDisplayNamePrefixOverrides": { + "k8s.io/api/": "Kubernetes ", + "k8s.io/apimachinery/pkg/apis/": "Kubernetes " + }, + "markdownDisabled": false +} diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 4c19c325250..5c6c322f0d0 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -19,6 +19,7 @@ AVAILABLE_CODEGEN_OPTIONS=( "seedmanagement_groups" "operations_groups" "settings_groups" + "security_groups" "operatorconfig_groups" "controllermanager_groups" "admissioncontroller_groups" @@ -184,6 +185,29 @@ settings_groups() { } export -f settings_groups +# security.gardener.cloud APIs + +security_groups() { + echo "Generating API groups for pkg/apis/security" + + bash "${CODE_GEN_DIR}"/generate-internal-groups.sh \ + client,deepcopy,defaulter,informer,lister \ + github.com/gardener/gardener/pkg/client/security \ + "" \ + github.com/gardener/gardener/pkg/apis \ + "security:v1alpha1" \ + -h "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" + + bash "${CODE_GEN_DIR}"/generate-internal-groups.sh \ + deepcopy,defaulter,conversion \ + github.com/gardener/gardener/pkg/client/security \ + github.com/gardener/gardener/pkg/apis \ + github.com/gardener/gardener/pkg/apis \ + "security:v1alpha1" \ + -h "${PROJECT_ROOT}/hack/LICENSE_BOILERPLATE.txt" +} +export -f security_groups + # operations.gardener.cloud APIs operations_groups() { @@ -213,7 +237,7 @@ authentication_groups() { echo "Generating API groups for pkg/apis/authentication" bash "${CODE_GEN_DIR}"/generate-internal-groups.sh \ - client,deepcopy,defaulter,informer,lister \ + deepcopy,defaulter \ github.com/gardener/gardener/pkg/client/authentication \ "" \ github.com/gardener/gardener/pkg/apis \ @@ -517,6 +541,7 @@ openapi_definitions() { --input-dirs=github.com/gardener/gardener/pkg/apis/core/v1beta1 \ --input-dirs=github.com/gardener/gardener/pkg/apis/settings/v1alpha1 \ --input-dirs=github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1 \ + --input-dirs=github.com/gardener/gardener/pkg/apis/security/v1alpha1 \ --input-dirs=github.com/gardener/gardener/pkg/apis/operations/v1alpha1 \ --input-dirs=k8s.io/api/core/v1 \ --input-dirs=k8s.io/api/rbac/v1 \ diff --git a/pkg/api/register.go b/pkg/api/register.go index 4db29b9abde..96525872322 100644 --- a/pkg/api/register.go +++ b/pkg/api/register.go @@ -15,6 +15,7 @@ import ( authenticationinstall "github.com/gardener/gardener/pkg/apis/authentication/install" gardencoreinstall "github.com/gardener/gardener/pkg/apis/core/install" operationsinstall "github.com/gardener/gardener/pkg/apis/operations/install" + securityinstall "github.com/gardener/gardener/pkg/apis/security/install" seedmanagementinstall "github.com/gardener/gardener/pkg/apis/seedmanagement/install" settingsinstall "github.com/gardener/gardener/pkg/apis/settings/install" ) @@ -29,6 +30,7 @@ var ( func init() { authenticationinstall.Install(Scheme) gardencoreinstall.Install(Scheme) + securityinstall.Install(Scheme) seedmanagementinstall.Install(Scheme) settingsinstall.Install(Scheme) operationsinstall.Install(Scheme) diff --git a/pkg/apis/authentication/register.go b/pkg/apis/authentication/register.go index 507b131f9e6..9f5ef4be507 100644 --- a/pkg/apis/authentication/register.go +++ b/pkg/apis/authentication/register.go @@ -36,8 +36,6 @@ var ( func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &KubeconfigRequest{}, - &CredentialsBinding{}, - &CredentialsBindingList{}, ) return nil diff --git a/pkg/apis/authentication/v1alpha1/generated.pb.go b/pkg/apis/authentication/v1alpha1/generated.pb.go index 0297d148503..82d3e471f1f 100644 --- a/pkg/apis/authentication/v1alpha1/generated.pb.go +++ b/pkg/apis/authentication/v1alpha1/generated.pb.go @@ -12,7 +12,6 @@ import ( io "io" proto "github.com/gogo/protobuf/proto" - v11 "k8s.io/api/core/v1" math "math" math_bits "math/bits" @@ -115,94 +114,10 @@ func (m *AdminKubeconfigRequestStatus) XXX_DiscardUnknown() { var xxx_messageInfo_AdminKubeconfigRequestStatus proto.InternalMessageInfo -func (m *CredentialsBinding) Reset() { *m = CredentialsBinding{} } -func (*CredentialsBinding) ProtoMessage() {} -func (*CredentialsBinding) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{3} -} -func (m *CredentialsBinding) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CredentialsBinding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *CredentialsBinding) XXX_Merge(src proto.Message) { - xxx_messageInfo_CredentialsBinding.Merge(m, src) -} -func (m *CredentialsBinding) XXX_Size() int { - return m.Size() -} -func (m *CredentialsBinding) XXX_DiscardUnknown() { - xxx_messageInfo_CredentialsBinding.DiscardUnknown(m) -} - -var xxx_messageInfo_CredentialsBinding proto.InternalMessageInfo - -func (m *CredentialsBindingList) Reset() { *m = CredentialsBindingList{} } -func (*CredentialsBindingList) ProtoMessage() {} -func (*CredentialsBindingList) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{4} -} -func (m *CredentialsBindingList) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CredentialsBindingList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *CredentialsBindingList) XXX_Merge(src proto.Message) { - xxx_messageInfo_CredentialsBindingList.Merge(m, src) -} -func (m *CredentialsBindingList) XXX_Size() int { - return m.Size() -} -func (m *CredentialsBindingList) XXX_DiscardUnknown() { - xxx_messageInfo_CredentialsBindingList.DiscardUnknown(m) -} - -var xxx_messageInfo_CredentialsBindingList proto.InternalMessageInfo - -func (m *CredentialsBindingProvider) Reset() { *m = CredentialsBindingProvider{} } -func (*CredentialsBindingProvider) ProtoMessage() {} -func (*CredentialsBindingProvider) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{5} -} -func (m *CredentialsBindingProvider) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CredentialsBindingProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *CredentialsBindingProvider) XXX_Merge(src proto.Message) { - xxx_messageInfo_CredentialsBindingProvider.Merge(m, src) -} -func (m *CredentialsBindingProvider) XXX_Size() int { - return m.Size() -} -func (m *CredentialsBindingProvider) XXX_DiscardUnknown() { - xxx_messageInfo_CredentialsBindingProvider.DiscardUnknown(m) -} - -var xxx_messageInfo_CredentialsBindingProvider proto.InternalMessageInfo - func (m *ViewerKubeconfigRequest) Reset() { *m = ViewerKubeconfigRequest{} } func (*ViewerKubeconfigRequest) ProtoMessage() {} func (*ViewerKubeconfigRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{6} + return fileDescriptor_4ad0cb10cdbf25b8, []int{3} } func (m *ViewerKubeconfigRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -230,7 +145,7 @@ var xxx_messageInfo_ViewerKubeconfigRequest proto.InternalMessageInfo func (m *ViewerKubeconfigRequestSpec) Reset() { *m = ViewerKubeconfigRequestSpec{} } func (*ViewerKubeconfigRequestSpec) ProtoMessage() {} func (*ViewerKubeconfigRequestSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{7} + return fileDescriptor_4ad0cb10cdbf25b8, []int{4} } func (m *ViewerKubeconfigRequestSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -258,7 +173,7 @@ var xxx_messageInfo_ViewerKubeconfigRequestSpec proto.InternalMessageInfo func (m *ViewerKubeconfigRequestStatus) Reset() { *m = ViewerKubeconfigRequestStatus{} } func (*ViewerKubeconfigRequestStatus) ProtoMessage() {} func (*ViewerKubeconfigRequestStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_4ad0cb10cdbf25b8, []int{8} + return fileDescriptor_4ad0cb10cdbf25b8, []int{5} } func (m *ViewerKubeconfigRequestStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -287,9 +202,6 @@ func init() { proto.RegisterType((*AdminKubeconfigRequest)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.AdminKubeconfigRequest") proto.RegisterType((*AdminKubeconfigRequestSpec)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.AdminKubeconfigRequestSpec") proto.RegisterType((*AdminKubeconfigRequestStatus)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.AdminKubeconfigRequestStatus") - proto.RegisterType((*CredentialsBinding)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.CredentialsBinding") - proto.RegisterType((*CredentialsBindingList)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.CredentialsBindingList") - proto.RegisterType((*CredentialsBindingProvider)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.CredentialsBindingProvider") proto.RegisterType((*ViewerKubeconfigRequest)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.ViewerKubeconfigRequest") proto.RegisterType((*ViewerKubeconfigRequestSpec)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.ViewerKubeconfigRequestSpec") proto.RegisterType((*ViewerKubeconfigRequestStatus)(nil), "github.com.gardener.gardener.pkg.apis.authentication.v1alpha1.ViewerKubeconfigRequestStatus") @@ -300,52 +212,40 @@ func init() { } var fileDescriptor_4ad0cb10cdbf25b8 = []byte{ - // 717 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x56, 0x4f, 0x4f, 0x13, 0x41, - 0x14, 0xef, 0xd2, 0x42, 0x70, 0xc4, 0x46, 0x96, 0x88, 0x4d, 0xd1, 0x85, 0xac, 0x17, 0x63, 0xe2, - 0xac, 0x18, 0x63, 0xbc, 0x60, 0xe2, 0x12, 0x0e, 0x06, 0x89, 0xb2, 0x10, 0x13, 0x91, 0x83, 0xd3, - 0xdd, 0xd7, 0xed, 0x58, 0xf6, 0x0f, 0x3b, 0xb3, 0xd5, 0x46, 0x0f, 0x24, 0x9a, 0x78, 0xf5, 0xb3, - 0xf8, 0x29, 0xd0, 0x13, 0x47, 0x4e, 0x44, 0xea, 0xdd, 0x6f, 0x60, 0x62, 0x66, 0xba, 0xed, 0x96, - 0x2e, 0xad, 0x24, 0x80, 0xc6, 0xdb, 0xce, 0xcc, 0xfb, 0xfd, 0x79, 0xf3, 0x9b, 0xbc, 0x2c, 0x5a, - 0x71, 0x29, 0xaf, 0xc5, 0x15, 0x6c, 0x07, 0x9e, 0xe1, 0x92, 0xc8, 0x01, 0x1f, 0xa2, 0xf4, 0x23, - 0xac, 0xbb, 0x06, 0x09, 0x29, 0x33, 0x48, 0xcc, 0x6b, 0xe0, 0x73, 0x6a, 0x13, 0x4e, 0x03, 0xdf, - 0x68, 0xcc, 0x93, 0xad, 0xb0, 0x46, 0xe6, 0x0d, 0x57, 0x94, 0x11, 0x0e, 0x0e, 0x0e, 0xa3, 0x80, - 0x07, 0xea, 0x42, 0x4a, 0x87, 0x3b, 0x2c, 0xe9, 0x47, 0x58, 0x77, 0xb1, 0xa0, 0xc3, 0x47, 0xe9, - 0x70, 0x87, 0xae, 0x7c, 0xbb, 0xd7, 0x4d, 0xe0, 0x06, 0x86, 0x64, 0xad, 0xc4, 0x55, 0xb9, 0x92, - 0x0b, 0xf9, 0xd5, 0x56, 0x2b, 0xeb, 0xf5, 0x07, 0x0c, 0xd3, 0x40, 0x58, 0x34, 0xec, 0x20, 0x02, - 0xa3, 0x91, 0x71, 0x54, 0xbe, 0x97, 0xd6, 0x78, 0xc4, 0xae, 0x51, 0x1f, 0xa2, 0x66, 0xda, 0x97, - 0x07, 0x9c, 0x1c, 0x87, 0x32, 0x06, 0xa1, 0xa2, 0xd8, 0xe7, 0xd4, 0x83, 0x0c, 0xe0, 0xfe, 0x9f, - 0x00, 0xcc, 0xae, 0x81, 0x47, 0xfa, 0x71, 0xfa, 0xaf, 0x11, 0x34, 0xfd, 0xc8, 0xf1, 0xa8, 0xbf, - 0x1c, 0x57, 0xc0, 0x0e, 0xfc, 0x2a, 0x75, 0x2d, 0xd8, 0x8e, 0x81, 0x71, 0xf5, 0x15, 0x1a, 0x17, - 0xf6, 0x1c, 0xc2, 0x49, 0x49, 0x99, 0x53, 0x6e, 0x5e, 0xbc, 0x7b, 0x07, 0xb7, 0x55, 0x70, 0xaf, - 0x4a, 0x7a, 0xab, 0xa2, 0x1a, 0x37, 0xe6, 0xf1, 0xd3, 0xca, 0x6b, 0xb0, 0xf9, 0x0a, 0x70, 0x62, - 0xaa, 0xbb, 0x07, 0xb3, 0xb9, 0xd6, 0xc1, 0x2c, 0x4a, 0xf7, 0xac, 0x2e, 0xab, 0xfa, 0x0e, 0x15, - 0x58, 0x08, 0x76, 0x69, 0x44, 0xb2, 0xbf, 0xc0, 0xa7, 0x0a, 0x0f, 0x1f, 0xdf, 0xc6, 0x5a, 0x08, - 0xb6, 0x39, 0x91, 0xd8, 0x28, 0x88, 0x95, 0x25, 0x45, 0xd5, 0x0f, 0x0a, 0x1a, 0x63, 0x9c, 0xf0, - 0x98, 0x95, 0xf2, 0x52, 0xff, 0xe5, 0xf9, 0xe8, 0x4b, 0x09, 0xb3, 0x98, 0x38, 0x18, 0x6b, 0xaf, - 0xad, 0x44, 0x5a, 0x27, 0xa8, 0x3c, 0xd8, 0xb7, 0xba, 0x88, 0x26, 0xe1, 0x6d, 0x48, 0x23, 0xa9, - 0xb4, 0x26, 0x0a, 0x1c, 0x26, 0xb3, 0xc8, 0x9b, 0x57, 0x5a, 0x07, 0xb3, 0x93, 0x4b, 0xfd, 0x87, - 0x56, 0xb6, 0x5e, 0xff, 0xaa, 0xa0, 0x6b, 0xc3, 0xbc, 0xa9, 0x18, 0xa1, 0x7a, 0xf7, 0x48, 0xd2, - 0x4f, 0x98, 0x45, 0x11, 0x5a, 0x0f, 0xa0, 0xa7, 0x42, 0x6d, 0xa2, 0xa9, 0x54, 0x65, 0x9d, 0x7a, - 0xc0, 0x38, 0xf1, 0xc2, 0x24, 0xc5, 0x5b, 0x27, 0x7b, 0x23, 0x02, 0x66, 0xce, 0x24, 0x97, 0x32, - 0xb5, 0x94, 0xa5, 0xb3, 0x8e, 0xd3, 0xd0, 0xbf, 0xe4, 0x91, 0xba, 0x18, 0x81, 0x23, 0xee, 0x9f, - 0x6c, 0x31, 0x93, 0xfa, 0x0e, 0xf5, 0xdd, 0xbf, 0xf0, 0x54, 0x3f, 0x29, 0x68, 0x3c, 0x8c, 0x82, - 0x06, 0x75, 0x20, 0x3a, 0xa3, 0xf7, 0x9a, 0xed, 0xe3, 0x59, 0x22, 0x60, 0x5e, 0x4e, 0xbc, 0x8c, - 0x77, 0x76, 0xac, 0xae, 0xb8, 0x6a, 0xa3, 0xa2, 0x9d, 0x22, 0x2d, 0xa8, 0x26, 0xcf, 0xf7, 0x46, - 0x4f, 0xc7, 0x58, 0x4c, 0xa3, 0xb4, 0x3f, 0x0b, 0xaa, 0x10, 0x81, 0x6f, 0x83, 0x39, 0x9d, 0x10, - 0x17, 0x17, 0x8f, 0x50, 0x58, 0x7d, 0x94, 0xea, 0x32, 0x1a, 0xdb, 0x8e, 0x03, 0x4e, 0x58, 0xa9, - 0x30, 0x97, 0x3f, 0x29, 0x79, 0xf7, 0x8d, 0xaf, 0x4a, 0xa8, 0x95, 0x50, 0xe8, 0x3f, 0x15, 0x34, - 0x9d, 0x6d, 0xf6, 0x09, 0x65, 0x5c, 0xdd, 0xcc, 0x04, 0x87, 0x4f, 0x16, 0x9c, 0x40, 0xcb, 0xd8, - 0xba, 0x57, 0xd5, 0xd9, 0xe9, 0x09, 0xad, 0x81, 0x46, 0x29, 0x07, 0x8f, 0x95, 0x46, 0x64, 0x13, - 0xab, 0x67, 0x1e, 0x98, 0x79, 0x29, 0x51, 0x1f, 0x7d, 0x2c, 0x74, 0xac, 0xb6, 0x9c, 0xfe, 0x10, - 0x95, 0x07, 0x87, 0xab, 0xce, 0xa1, 0x02, 0x6f, 0x86, 0x20, 0xfb, 0xbd, 0x90, 0x8e, 0xa6, 0xf5, - 0x66, 0x08, 0x96, 0x3c, 0xd1, 0x77, 0xf2, 0xe8, 0xea, 0x73, 0x0a, 0x6f, 0x20, 0xfa, 0x17, 0x53, - 0xf9, 0xfd, 0x91, 0xa9, 0xbc, 0x71, 0xca, 0x4b, 0x1b, 0xd0, 0xc7, 0xc0, 0xb1, 0xfc, 0xb1, 0x7f, - 0x2c, 0x6f, 0x9e, 0x93, 0x81, 0xe1, 0x73, 0xb9, 0x82, 0x66, 0x86, 0x38, 0x3f, 0x9b, 0xc1, 0xfc, - 0x4d, 0x41, 0xd7, 0x87, 0xba, 0xfb, 0x8f, 0x26, 0xb3, 0x69, 0xef, 0x1e, 0x6a, 0xb9, 0xbd, 0x43, - 0x2d, 0xb7, 0x7f, 0xa8, 0xe5, 0x76, 0x5a, 0x9a, 0xb2, 0xdb, 0xd2, 0x94, 0xbd, 0x96, 0xa6, 0xec, - 0xb7, 0x34, 0xe5, 0x7b, 0x4b, 0x53, 0x3e, 0xff, 0xd0, 0x72, 0x1b, 0x0b, 0xa7, 0xfa, 0xdd, 0xfb, - 0x1d, 0x00, 0x00, 0xff, 0xff, 0x2f, 0x9f, 0x1a, 0xd1, 0x2e, 0x0a, 0x00, 0x00, + // 524 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x55, 0x4f, 0x6b, 0xd4, 0x40, + 0x14, 0xcf, 0x74, 0x4b, 0x91, 0xb1, 0x14, 0x9a, 0xa2, 0x2e, 0x5b, 0xcd, 0xca, 0x9e, 0x44, 0x70, + 0xe2, 0x8a, 0x88, 0x97, 0x1e, 0x8c, 0xf4, 0x24, 0x45, 0x48, 0x45, 0xb0, 0x7a, 0x70, 0x92, 0xbc, + 0x26, 0xe3, 0x9a, 0x64, 0xcc, 0x4c, 0x56, 0x8b, 0x1e, 0x0a, 0xfa, 0x01, 0xfc, 0x58, 0xab, 0xa7, + 0x1e, 0x7b, 0x5a, 0xdc, 0xf8, 0x39, 0x04, 0x99, 0xd9, 0xb4, 0xd9, 0xee, 0x76, 0x57, 0x61, 0x5d, + 0xa4, 0xb7, 0xf7, 0x32, 0xef, 0xf7, 0x67, 0xe6, 0xfd, 0x20, 0x78, 0x27, 0x64, 0x32, 0xca, 0x3d, + 0xe2, 0xa7, 0xb1, 0x1d, 0xd2, 0x2c, 0x80, 0x04, 0xb2, 0xaa, 0xe0, 0x9d, 0xd0, 0xa6, 0x9c, 0x09, + 0x9b, 0xe6, 0x32, 0x82, 0x44, 0x32, 0x9f, 0x4a, 0x96, 0x26, 0x76, 0xb7, 0x4d, 0xdf, 0xf2, 0x88, + 0xb6, 0xed, 0x50, 0x8d, 0x51, 0x09, 0x01, 0xe1, 0x59, 0x2a, 0x53, 0x73, 0xab, 0xa2, 0x23, 0x27, + 0x2c, 0x55, 0xc1, 0x3b, 0x21, 0x51, 0x74, 0xe4, 0x2c, 0x1d, 0x39, 0xa1, 0x6b, 0xdc, 0x19, 0x75, + 0x93, 0x86, 0xa9, 0xad, 0x59, 0xbd, 0x7c, 0x5f, 0x77, 0xba, 0xd1, 0xd5, 0x50, 0xad, 0x71, 0xbf, + 0xf3, 0x50, 0x10, 0x96, 0x2a, 0x8b, 0x31, 0xf5, 0x23, 0x96, 0x40, 0x76, 0x50, 0x79, 0x8e, 0x41, + 0x52, 0xbb, 0x3b, 0xe1, 0xb1, 0x61, 0x4f, 0x43, 0x65, 0x79, 0x22, 0x59, 0x0c, 0x13, 0x80, 0x07, + 0x7f, 0x02, 0x08, 0x3f, 0x82, 0x98, 0x8e, 0xe3, 0x5a, 0xbf, 0x96, 0xf0, 0xd5, 0x47, 0x41, 0xcc, + 0x92, 0x27, 0xb9, 0x07, 0x7e, 0x9a, 0xec, 0xb3, 0xd0, 0x85, 0x77, 0x39, 0x08, 0x69, 0xbe, 0xc6, + 0x97, 0x94, 0xbd, 0x80, 0x4a, 0x5a, 0x47, 0x37, 0xd1, 0xad, 0xcb, 0xf7, 0xee, 0x92, 0xa1, 0x0a, + 0x19, 0x55, 0xa9, 0x5e, 0x4c, 0x4d, 0x93, 0x6e, 0x9b, 0x3c, 0xf5, 0xde, 0x80, 0x2f, 0x77, 0x40, + 0x52, 0xc7, 0xec, 0xf5, 0x9b, 0x46, 0xd1, 0x6f, 0xe2, 0xea, 0x9b, 0x7b, 0xca, 0x6a, 0x7e, 0xc4, + 0xcb, 0x82, 0x83, 0x5f, 0x5f, 0xd2, 0xec, 0x2f, 0xc8, 0x5c, 0x8b, 0x21, 0xe7, 0x5f, 0x63, 0x97, + 0x83, 0xef, 0xac, 0x96, 0x36, 0x96, 0x55, 0xe7, 0x6a, 0x51, 0xf3, 0x33, 0xc2, 0x2b, 0x42, 0x52, + 0x99, 0x8b, 0x7a, 0x4d, 0xeb, 0xbf, 0x5c, 0x8c, 0xbe, 0x96, 0x70, 0xd6, 0x4a, 0x07, 0x2b, 0xc3, + 0xde, 0x2d, 0xa5, 0x5b, 0x14, 0x37, 0xa6, 0xfb, 0x36, 0x1f, 0xe3, 0x75, 0xf8, 0xc0, 0x59, 0xa6, + 0x95, 0x76, 0xd5, 0x40, 0x20, 0xf4, 0x2e, 0x6a, 0xce, 0x95, 0xa2, 0xdf, 0x5c, 0xdf, 0x1e, 0x3f, + 0x74, 0x27, 0xe7, 0x5b, 0xdf, 0x10, 0xbe, 0x3e, 0xcb, 0x9b, 0x49, 0x30, 0xee, 0x9c, 0x1e, 0x69, + 0xfa, 0x55, 0x67, 0x4d, 0x2d, 0x6d, 0x04, 0x30, 0x32, 0x61, 0x1e, 0xe0, 0x8d, 0x4a, 0xe5, 0x19, + 0x8b, 0x41, 0x48, 0x1a, 0xf3, 0x72, 0x8b, 0xb7, 0xff, 0x2e, 0x23, 0x0a, 0xe6, 0x6c, 0x96, 0x8f, + 0xb2, 0xb1, 0x3d, 0x49, 0xe7, 0x9e, 0xa7, 0xd1, 0x3a, 0xac, 0xe1, 0x6b, 0xcf, 0x19, 0xbc, 0x87, + 0xec, 0x7f, 0xe4, 0xf5, 0xd3, 0x99, 0xbc, 0xee, 0xcd, 0x99, 0x97, 0x29, 0xf7, 0x98, 0x1a, 0xd8, + 0x2f, 0xe3, 0x81, 0x7d, 0xb5, 0x20, 0x03, 0xb3, 0x13, 0xeb, 0xe1, 0xcd, 0x19, 0xce, 0xff, 0x4d, + 0x64, 0xbf, 0x23, 0x7c, 0x63, 0xa6, 0xbb, 0x0b, 0x94, 0x59, 0xc7, 0xef, 0x0d, 0x2c, 0xe3, 0x68, + 0x60, 0x19, 0xc7, 0x03, 0xcb, 0x38, 0x2c, 0x2c, 0xd4, 0x2b, 0x2c, 0x74, 0x54, 0x58, 0xe8, 0xb8, + 0xb0, 0xd0, 0x8f, 0xc2, 0x42, 0x5f, 0x7f, 0x5a, 0xc6, 0xde, 0xd6, 0x5c, 0x3f, 0xb9, 0xdf, 0x01, + 0x00, 0x00, 0xff, 0xff, 0x70, 0x4f, 0x31, 0xf7, 0x24, 0x07, 0x00, 0x00, } func (m *AdminKubeconfigRequest) Marshal() (dAtA []byte, err error) { @@ -469,148 +369,6 @@ func (m *AdminKubeconfigRequestStatus) MarshalToSizedBuffer(dAtA []byte) (int, e return len(dAtA) - i, nil } -func (m *CredentialsBinding) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CredentialsBinding) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CredentialsBinding) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Quotas) > 0 { - for iNdEx := len(m.Quotas) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Quotas[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x22 - } - } - { - size, err := m.CredentialsRef.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.Provider.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - { - size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *CredentialsBindingList) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CredentialsBindingList) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CredentialsBindingList) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Items) > 0 { - for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - } - { - size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *CredentialsBindingProvider) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CredentialsBindingProvider) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *CredentialsBindingProvider) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - i -= len(m.Type) - copy(dAtA[i:], m.Type) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - func (m *ViewerKubeconfigRequest) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -785,55 +543,6 @@ func (m *AdminKubeconfigRequestStatus) Size() (n int) { return n } -func (m *CredentialsBinding) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.ObjectMeta.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Provider.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.CredentialsRef.Size() - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Quotas) > 0 { - for _, e := range m.Quotas { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *CredentialsBindingList) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = m.ListMeta.Size() - n += 1 + l + sovGenerated(uint64(l)) - if len(m.Items) > 0 { - for _, e := range m.Items { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *CredentialsBindingProvider) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Type) - n += 1 + l + sovGenerated(uint64(l)) - return n -} - func (m *ViewerKubeconfigRequest) Size() (n int) { if m == nil { return 0 @@ -915,50 +624,6 @@ func (this *AdminKubeconfigRequestStatus) String() string { }, "") return s } -func (this *CredentialsBinding) String() string { - if this == nil { - return "nil" - } - repeatedStringForQuotas := "[]ObjectReference{" - for _, f := range this.Quotas { - repeatedStringForQuotas += fmt.Sprintf("%v", f) + "," - } - repeatedStringForQuotas += "}" - s := strings.Join([]string{`&CredentialsBinding{`, - `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, - `Provider:` + strings.Replace(strings.Replace(this.Provider.String(), "CredentialsBindingProvider", "CredentialsBindingProvider", 1), `&`, ``, 1) + `,`, - `CredentialsRef:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CredentialsRef), "ObjectReference", "v11.ObjectReference", 1), `&`, ``, 1) + `,`, - `Quotas:` + repeatedStringForQuotas + `,`, - `}`, - }, "") - return s -} -func (this *CredentialsBindingList) String() string { - if this == nil { - return "nil" - } - repeatedStringForItems := "[]CredentialsBinding{" - for _, f := range this.Items { - repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "CredentialsBinding", "CredentialsBinding", 1), `&`, ``, 1) + "," - } - repeatedStringForItems += "}" - s := strings.Join([]string{`&CredentialsBindingList{`, - `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, - `Items:` + repeatedStringForItems + `,`, - `}`, - }, "") - return s -} -func (this *CredentialsBindingProvider) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&CredentialsBindingProvider{`, - `Type:` + fmt.Sprintf("%v", this.Type) + `,`, - `}`, - }, "") - return s -} func (this *ViewerKubeconfigRequest) String() string { if this == nil { return "nil" @@ -1336,388 +1001,6 @@ func (m *AdminKubeconfigRequestStatus) Unmarshal(dAtA []byte) error { } return nil } -func (m *CredentialsBinding) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CredentialsBinding: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CredentialsBinding: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Provider", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Provider.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CredentialsRef", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.CredentialsRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Quotas", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Quotas = append(m.Quotas, v11.ObjectReference{}) - if err := m.Quotas[len(m.Quotas)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CredentialsBindingList) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CredentialsBindingList: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CredentialsBindingList: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Items = append(m.Items, CredentialsBinding{}) - if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CredentialsBindingProvider) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CredentialsBindingProvider: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CredentialsBindingProvider: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Type = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *ViewerKubeconfigRequest) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/authentication/v1alpha1/generated.proto b/pkg/apis/authentication/v1alpha1/generated.proto index f70aa36da77..f2b7e78e631 100644 --- a/pkg/apis/authentication/v1alpha1/generated.proto +++ b/pkg/apis/authentication/v1alpha1/generated.proto @@ -8,7 +8,6 @@ syntax = "proto2"; package github.com.gardener.gardener.pkg.apis.authentication.v1alpha1; -import "k8s.io/api/core/v1/generated.proto"; import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; @@ -49,42 +48,6 @@ message AdminKubeconfigRequestStatus { optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2; } -// CredentialsBinding represents a binding to credentials in the same or another namespace. -message CredentialsBinding { - // Standard object metadata. - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; - - // Provider defines the provider type of the CredentialsBinding. - // This field is immutable. - optional CredentialsBindingProvider provider = 2; - - // CredentialsRef is a reference to a resource holding the credentials. - // Accepted resources are core/v1.Secret and authentication.gardener.cloud/v1alpha1.WorkloadIdentity - optional k8s.io.api.core.v1.ObjectReference credentialsRef = 3; - - // Quotas is a list of references to Quota objects in the same or another namespace. - // This field is immutable. - // +optional - repeated k8s.io.api.core.v1.ObjectReference quotas = 4; -} - -// CredentialsBindingList is a collection of CredentialsBindings. -message CredentialsBindingList { - // Standard list object metadata. - // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; - - // Items is the list of CredentialsBindings. - repeated CredentialsBinding items = 2; -} - -// CredentialsBindingProvider defines the provider type of the CredentialsBinding. -message CredentialsBindingProvider { - // Type is the type of the provider. - optional string type = 1; -} - // ViewerKubeconfigRequest can be used to request a kubeconfig with viewer credentials (excluding Secrets) // for a Shoot cluster. message ViewerKubeconfigRequest { diff --git a/pkg/apis/authentication/v1alpha1/register.go b/pkg/apis/authentication/v1alpha1/register.go index 2fc381ae76d..082fb1c7276 100644 --- a/pkg/apis/authentication/v1alpha1/register.go +++ b/pkg/apis/authentication/v1alpha1/register.go @@ -4,7 +4,6 @@ package v1alpha1 import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" ) @@ -38,11 +37,7 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &AdminKubeconfigRequest{}, &ViewerKubeconfigRequest{}, - &CredentialsBinding{}, - &CredentialsBindingList{}, ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil } diff --git a/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go b/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go index 68b834c0118..3707121a5f4 100644 --- a/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/authentication/v1alpha1/zz_generated.conversion.go @@ -10,10 +10,7 @@ package v1alpha1 import ( - unsafe "unsafe" - authentication "github.com/gardener/gardener/pkg/apis/authentication" - v1 "k8s.io/api/core/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -25,36 +22,6 @@ func init() { // RegisterConversions adds conversion functions to the given scheme. // Public to allow building arbitrary schemes. func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*CredentialsBinding)(nil), (*authentication.CredentialsBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CredentialsBinding_To_authentication_CredentialsBinding(a.(*CredentialsBinding), b.(*authentication.CredentialsBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.CredentialsBinding)(nil), (*CredentialsBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_CredentialsBinding_To_v1alpha1_CredentialsBinding(a.(*authentication.CredentialsBinding), b.(*CredentialsBinding), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*CredentialsBindingList)(nil), (*authentication.CredentialsBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CredentialsBindingList_To_authentication_CredentialsBindingList(a.(*CredentialsBindingList), b.(*authentication.CredentialsBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.CredentialsBindingList)(nil), (*CredentialsBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(a.(*authentication.CredentialsBindingList), b.(*CredentialsBindingList), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*CredentialsBindingProvider)(nil), (*authentication.CredentialsBindingProvider)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_CredentialsBindingProvider_To_authentication_CredentialsBindingProvider(a.(*CredentialsBindingProvider), b.(*authentication.CredentialsBindingProvider), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*authentication.CredentialsBindingProvider)(nil), (*CredentialsBindingProvider)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_authentication_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(a.(*authentication.CredentialsBindingProvider), b.(*CredentialsBindingProvider), scope) - }); err != nil { - return err - } if err := s.AddConversionFunc((*authentication.KubeconfigRequest)(nil), (*AdminKubeconfigRequest)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_authentication_KubeconfigRequest_To_v1alpha1_AdminKubeconfigRequest(a.(*authentication.KubeconfigRequest), b.(*AdminKubeconfigRequest), scope) }); err != nil { @@ -77,75 +44,3 @@ func RegisterConversions(s *runtime.Scheme) error { } return nil } - -func autoConvert_v1alpha1_CredentialsBinding_To_authentication_CredentialsBinding(in *CredentialsBinding, out *authentication.CredentialsBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1alpha1_CredentialsBindingProvider_To_authentication_CredentialsBindingProvider(&in.Provider, &out.Provider, s); err != nil { - return err - } - out.CredentialsRef = in.CredentialsRef - out.Quotas = *(*[]v1.ObjectReference)(unsafe.Pointer(&in.Quotas)) - return nil -} - -// Convert_v1alpha1_CredentialsBinding_To_authentication_CredentialsBinding is an autogenerated conversion function. -func Convert_v1alpha1_CredentialsBinding_To_authentication_CredentialsBinding(in *CredentialsBinding, out *authentication.CredentialsBinding, s conversion.Scope) error { - return autoConvert_v1alpha1_CredentialsBinding_To_authentication_CredentialsBinding(in, out, s) -} - -func autoConvert_authentication_CredentialsBinding_To_v1alpha1_CredentialsBinding(in *authentication.CredentialsBinding, out *CredentialsBinding, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_authentication_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(&in.Provider, &out.Provider, s); err != nil { - return err - } - out.CredentialsRef = in.CredentialsRef - out.Quotas = *(*[]v1.ObjectReference)(unsafe.Pointer(&in.Quotas)) - return nil -} - -// Convert_authentication_CredentialsBinding_To_v1alpha1_CredentialsBinding is an autogenerated conversion function. -func Convert_authentication_CredentialsBinding_To_v1alpha1_CredentialsBinding(in *authentication.CredentialsBinding, out *CredentialsBinding, s conversion.Scope) error { - return autoConvert_authentication_CredentialsBinding_To_v1alpha1_CredentialsBinding(in, out, s) -} - -func autoConvert_v1alpha1_CredentialsBindingList_To_authentication_CredentialsBindingList(in *CredentialsBindingList, out *authentication.CredentialsBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]authentication.CredentialsBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1alpha1_CredentialsBindingList_To_authentication_CredentialsBindingList is an autogenerated conversion function. -func Convert_v1alpha1_CredentialsBindingList_To_authentication_CredentialsBindingList(in *CredentialsBindingList, out *authentication.CredentialsBindingList, s conversion.Scope) error { - return autoConvert_v1alpha1_CredentialsBindingList_To_authentication_CredentialsBindingList(in, out, s) -} - -func autoConvert_authentication_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(in *authentication.CredentialsBindingList, out *CredentialsBindingList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]CredentialsBinding)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_authentication_CredentialsBindingList_To_v1alpha1_CredentialsBindingList is an autogenerated conversion function. -func Convert_authentication_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(in *authentication.CredentialsBindingList, out *CredentialsBindingList, s conversion.Scope) error { - return autoConvert_authentication_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(in, out, s) -} - -func autoConvert_v1alpha1_CredentialsBindingProvider_To_authentication_CredentialsBindingProvider(in *CredentialsBindingProvider, out *authentication.CredentialsBindingProvider, s conversion.Scope) error { - out.Type = in.Type - return nil -} - -// Convert_v1alpha1_CredentialsBindingProvider_To_authentication_CredentialsBindingProvider is an autogenerated conversion function. -func Convert_v1alpha1_CredentialsBindingProvider_To_authentication_CredentialsBindingProvider(in *CredentialsBindingProvider, out *authentication.CredentialsBindingProvider, s conversion.Scope) error { - return autoConvert_v1alpha1_CredentialsBindingProvider_To_authentication_CredentialsBindingProvider(in, out, s) -} - -func autoConvert_authentication_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(in *authentication.CredentialsBindingProvider, out *CredentialsBindingProvider, s conversion.Scope) error { - out.Type = in.Type - return nil -} - -// Convert_authentication_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider is an autogenerated conversion function. -func Convert_authentication_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(in *authentication.CredentialsBindingProvider, out *CredentialsBindingProvider, s conversion.Scope) error { - return autoConvert_authentication_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(in, out, s) -} diff --git a/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go index bbbe4a79578..57e5fb9267f 100644 --- a/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/authentication/v1alpha1/zz_generated.deepcopy.go @@ -10,7 +10,6 @@ package v1alpha1 import ( - v1 "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -85,88 +84,6 @@ func (in *AdminKubeconfigRequestStatus) DeepCopy() *AdminKubeconfigRequestStatus return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsBinding) DeepCopyInto(out *CredentialsBinding) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Provider = in.Provider - out.CredentialsRef = in.CredentialsRef - if in.Quotas != nil { - in, out := &in.Quotas, &out.Quotas - *out = make([]v1.ObjectReference, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBinding. -func (in *CredentialsBinding) DeepCopy() *CredentialsBinding { - if in == nil { - return nil - } - out := new(CredentialsBinding) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialsBinding) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsBindingList) DeepCopyInto(out *CredentialsBindingList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CredentialsBinding, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingList. -func (in *CredentialsBindingList) DeepCopy() *CredentialsBindingList { - if in == nil { - return nil - } - out := new(CredentialsBindingList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialsBindingList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsBindingProvider) DeepCopyInto(out *CredentialsBindingProvider) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingProvider. -func (in *CredentialsBindingProvider) DeepCopy() *CredentialsBindingProvider { - if in == nil { - return nil - } - out := new(CredentialsBindingProvider) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ViewerKubeconfigRequest) DeepCopyInto(out *ViewerKubeconfigRequest) { *out = *in diff --git a/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go b/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go index 2f623adc53f..4bf772f4ff4 100644 --- a/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go +++ b/pkg/apis/authentication/v1alpha1/zz_generated.defaults.go @@ -18,8 +18,6 @@ import ( // All generated defaulters are covering - they call all nested defaulters. func RegisterDefaults(scheme *runtime.Scheme) error { scheme.AddTypeDefaultingFunc(&AdminKubeconfigRequest{}, func(obj interface{}) { SetObjectDefaults_AdminKubeconfigRequest(obj.(*AdminKubeconfigRequest)) }) - scheme.AddTypeDefaultingFunc(&CredentialsBinding{}, func(obj interface{}) { SetObjectDefaults_CredentialsBinding(obj.(*CredentialsBinding)) }) - scheme.AddTypeDefaultingFunc(&CredentialsBindingList{}, func(obj interface{}) { SetObjectDefaults_CredentialsBindingList(obj.(*CredentialsBindingList)) }) scheme.AddTypeDefaultingFunc(&ViewerKubeconfigRequest{}, func(obj interface{}) { SetObjectDefaults_ViewerKubeconfigRequest(obj.(*ViewerKubeconfigRequest)) }) return nil } @@ -28,17 +26,6 @@ func SetObjectDefaults_AdminKubeconfigRequest(in *AdminKubeconfigRequest) { SetDefaults_AdminKubeconfigRequestSpec(&in.Spec) } -func SetObjectDefaults_CredentialsBinding(in *CredentialsBinding) { - SetDefaults_CredentialsBinding(in) -} - -func SetObjectDefaults_CredentialsBindingList(in *CredentialsBindingList) { - for i := range in.Items { - a := &in.Items[i] - SetObjectDefaults_CredentialsBinding(a) - } -} - func SetObjectDefaults_ViewerKubeconfigRequest(in *ViewerKubeconfigRequest) { SetDefaults_ViewerKubeconfigRequestSpec(&in.Spec) } diff --git a/pkg/apis/authentication/zz_generated.deepcopy.go b/pkg/apis/authentication/zz_generated.deepcopy.go index 78288386bc6..217e2a275b4 100644 --- a/pkg/apis/authentication/zz_generated.deepcopy.go +++ b/pkg/apis/authentication/zz_generated.deepcopy.go @@ -10,92 +10,9 @@ package authentication import ( - v1 "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsBinding) DeepCopyInto(out *CredentialsBinding) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Provider = in.Provider - out.CredentialsRef = in.CredentialsRef - if in.Quotas != nil { - in, out := &in.Quotas, &out.Quotas - *out = make([]v1.ObjectReference, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBinding. -func (in *CredentialsBinding) DeepCopy() *CredentialsBinding { - if in == nil { - return nil - } - out := new(CredentialsBinding) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialsBinding) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsBindingList) DeepCopyInto(out *CredentialsBindingList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]CredentialsBinding, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingList. -func (in *CredentialsBindingList) DeepCopy() *CredentialsBindingList { - if in == nil { - return nil - } - out := new(CredentialsBindingList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *CredentialsBindingList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CredentialsBindingProvider) DeepCopyInto(out *CredentialsBindingProvider) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingProvider. -func (in *CredentialsBindingProvider) DeepCopy() *CredentialsBindingProvider { - if in == nil { - return nil - } - out := new(CredentialsBindingProvider) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeconfigRequest) DeepCopyInto(out *KubeconfigRequest) { *out = *in diff --git a/pkg/apis/security/doc.go b/pkg/apis/security/doc.go new file mode 100644 index 00000000000..f8d3e8ebaff --- /dev/null +++ b/pkg/apis/security/doc.go @@ -0,0 +1,9 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// +k8s:deepcopy-gen=package + +// Package security is the internal version of the API. +// +groupName=security.gardener.cloud +package security diff --git a/pkg/apis/security/install/install.go b/pkg/apis/security/install/install.go new file mode 100644 index 00000000000..961c5a030cc --- /dev/null +++ b/pkg/apis/security/install/install.go @@ -0,0 +1,29 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package install + +import ( + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + + "github.com/gardener/gardener/pkg/apis/security" + "github.com/gardener/gardener/pkg/apis/security/v1alpha1" +) + +var ( + localSchemeBuilder = runtime.SchemeBuilder{ + v1alpha1.AddToScheme, + } + // AddToScheme adds all versioned API types to the given scheme. + AddToScheme = localSchemeBuilder.AddToScheme +) + +// Install registers the API group and adds types to a scheme. +func Install(scheme *runtime.Scheme) { + utilruntime.Must(security.AddToScheme(scheme)) + utilruntime.Must(v1alpha1.AddToScheme(scheme)) + + utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion)) +} diff --git a/pkg/apis/security/register.go b/pkg/apis/security/register.go new file mode 100644 index 00000000000..bc4cfa3bba8 --- /dev/null +++ b/pkg/apis/security/register.go @@ -0,0 +1,43 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package security + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the name of the security API group. +const GroupName = "security.gardener.cloud" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns back a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // SchemeBuilder is a new Scheme Builder which registers our API. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // AddToScheme is a reference to the Scheme Builder's AddToScheme function. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &CredentialsBinding{}, + &CredentialsBindingList{}, + ) + + return nil +} diff --git a/pkg/apis/authentication/types_credentialsbinding.go b/pkg/apis/security/types_credentialsbinding.go similarity index 92% rename from pkg/apis/authentication/types_credentialsbinding.go rename to pkg/apis/security/types_credentialsbinding.go index d7f54e0339f..dbc457ef544 100644 --- a/pkg/apis/authentication/types_credentialsbinding.go +++ b/pkg/apis/security/types_credentialsbinding.go @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -package authentication +package security import ( corev1 "k8s.io/api/core/v1" @@ -21,7 +21,7 @@ type CredentialsBinding struct { // This field is immutable. Provider CredentialsBindingProvider // CredentialsRef is a reference to a resource holding the credentials. - // Accepted resources are core/v1.Secret and authentication.gardener.cloud/v1alpha1.WorkloadIdentity + // Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity CredentialsRef corev1.ObjectReference // Quotas is a list of references to Quota objects in the same or another namespace. // This field is immutable. diff --git a/pkg/apis/security/v1alpha1/defaults.go b/pkg/apis/security/v1alpha1/defaults.go new file mode 100644 index 00000000000..1753703ec7b --- /dev/null +++ b/pkg/apis/security/v1alpha1/defaults.go @@ -0,0 +1,13 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} diff --git a/pkg/apis/authentication/v1alpha1/defaults_credentialsbinding.go b/pkg/apis/security/v1alpha1/defaults_credentialsbinding.go similarity index 100% rename from pkg/apis/authentication/v1alpha1/defaults_credentialsbinding.go rename to pkg/apis/security/v1alpha1/defaults_credentialsbinding.go diff --git a/pkg/apis/authentication/v1alpha1/defaults_credentialsbinding_test.go b/pkg/apis/security/v1alpha1/defaults_credentialsbinding_test.go similarity index 95% rename from pkg/apis/authentication/v1alpha1/defaults_credentialsbinding_test.go rename to pkg/apis/security/v1alpha1/defaults_credentialsbinding_test.go index fd8be8c6377..37d4d96f699 100644 --- a/pkg/apis/authentication/v1alpha1/defaults_credentialsbinding_test.go +++ b/pkg/apis/security/v1alpha1/defaults_credentialsbinding_test.go @@ -10,7 +10,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - . "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + . "github.com/gardener/gardener/pkg/apis/security/v1alpha1" ) var _ = Describe("CredentialsBinding defaulting", func() { @@ -71,7 +71,7 @@ var _ = Describe("CredentialsBinding defaulting", func() { Namespace: "test", }, CredentialsRef: corev1.ObjectReference{ - APIVersion: "authentication.gardener.cloud/v1alpha1", + APIVersion: "security.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "bar", }, diff --git a/pkg/apis/security/v1alpha1/doc.go b/pkg/apis/security/v1alpha1/doc.go new file mode 100644 index 00000000000..6deeba61ecd --- /dev/null +++ b/pkg/apis/security/v1alpha1/doc.go @@ -0,0 +1,16 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// Package v1alpha1 is the v1alpha1 version of the API. +// +k8s:deepcopy-gen=package,register +// +k8s:conversion-gen=github.com/gardener/gardener/pkg/apis/security +// +k8s:openapi-gen=true +// +k8s:defaulter-gen=TypeMeta +// +k8s:protobuf-gen=package + +//go:generate gen-crd-api-reference-docs -api-dir . -config ../../../../hack/api-reference/security-config.json -template-dir ../../../../hack/api-reference/template -out-file ../../../../docs/api-reference/security.md + +// Package v1alpha1 is a version of the API. +// +groupName=security.gardener.cloud +package v1alpha1 diff --git a/pkg/apis/security/v1alpha1/generated.pb.go b/pkg/apis/security/v1alpha1/generated.pb.go new file mode 100644 index 00000000000..f1a86929efd --- /dev/null +++ b/pkg/apis/security/v1alpha1/generated.pb.go @@ -0,0 +1,888 @@ +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: github.com/gardener/gardener/pkg/apis/security/v1alpha1/generated.proto + +package v1alpha1 + +import ( + fmt "fmt" + + io "io" + + proto "github.com/gogo/protobuf/proto" + v11 "k8s.io/api/core/v1" + + math "math" + math_bits "math/bits" + reflect "reflect" + strings "strings" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +func (m *CredentialsBinding) Reset() { *m = CredentialsBinding{} } +func (*CredentialsBinding) ProtoMessage() {} +func (*CredentialsBinding) Descriptor() ([]byte, []int) { + return fileDescriptor_32adcae6cdc9d73e, []int{0} +} +func (m *CredentialsBinding) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CredentialsBinding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *CredentialsBinding) XXX_Merge(src proto.Message) { + xxx_messageInfo_CredentialsBinding.Merge(m, src) +} +func (m *CredentialsBinding) XXX_Size() int { + return m.Size() +} +func (m *CredentialsBinding) XXX_DiscardUnknown() { + xxx_messageInfo_CredentialsBinding.DiscardUnknown(m) +} + +var xxx_messageInfo_CredentialsBinding proto.InternalMessageInfo + +func (m *CredentialsBindingList) Reset() { *m = CredentialsBindingList{} } +func (*CredentialsBindingList) ProtoMessage() {} +func (*CredentialsBindingList) Descriptor() ([]byte, []int) { + return fileDescriptor_32adcae6cdc9d73e, []int{1} +} +func (m *CredentialsBindingList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CredentialsBindingList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *CredentialsBindingList) XXX_Merge(src proto.Message) { + xxx_messageInfo_CredentialsBindingList.Merge(m, src) +} +func (m *CredentialsBindingList) XXX_Size() int { + return m.Size() +} +func (m *CredentialsBindingList) XXX_DiscardUnknown() { + xxx_messageInfo_CredentialsBindingList.DiscardUnknown(m) +} + +var xxx_messageInfo_CredentialsBindingList proto.InternalMessageInfo + +func (m *CredentialsBindingProvider) Reset() { *m = CredentialsBindingProvider{} } +func (*CredentialsBindingProvider) ProtoMessage() {} +func (*CredentialsBindingProvider) Descriptor() ([]byte, []int) { + return fileDescriptor_32adcae6cdc9d73e, []int{2} +} +func (m *CredentialsBindingProvider) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CredentialsBindingProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *CredentialsBindingProvider) XXX_Merge(src proto.Message) { + xxx_messageInfo_CredentialsBindingProvider.Merge(m, src) +} +func (m *CredentialsBindingProvider) XXX_Size() int { + return m.Size() +} +func (m *CredentialsBindingProvider) XXX_DiscardUnknown() { + xxx_messageInfo_CredentialsBindingProvider.DiscardUnknown(m) +} + +var xxx_messageInfo_CredentialsBindingProvider proto.InternalMessageInfo + +func init() { + proto.RegisterType((*CredentialsBinding)(nil), "github.com.gardener.gardener.pkg.apis.security.v1alpha1.CredentialsBinding") + proto.RegisterType((*CredentialsBindingList)(nil), "github.com.gardener.gardener.pkg.apis.security.v1alpha1.CredentialsBindingList") + proto.RegisterType((*CredentialsBindingProvider)(nil), "github.com.gardener.gardener.pkg.apis.security.v1alpha1.CredentialsBindingProvider") +} + +func init() { + proto.RegisterFile("github.com/gardener/gardener/pkg/apis/security/v1alpha1/generated.proto", fileDescriptor_32adcae6cdc9d73e) +} + +var fileDescriptor_32adcae6cdc9d73e = []byte{ + // 495 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0xc1, 0x6e, 0xd3, 0x30, + 0x1c, 0xc6, 0x93, 0xb5, 0x9b, 0x8a, 0x81, 0x0a, 0xe5, 0x30, 0x45, 0x3d, 0x64, 0x55, 0xb9, 0x70, + 0xc1, 0xa1, 0x08, 0x31, 0x4e, 0x1c, 0xb2, 0x03, 0x42, 0x03, 0x01, 0x81, 0x13, 0x02, 0x09, 0xd7, + 0xf9, 0x37, 0x35, 0x5d, 0x62, 0xe3, 0x38, 0x95, 0x7a, 0x83, 0x37, 0xe0, 0x41, 0x78, 0x90, 0x1e, + 0x77, 0xdc, 0x69, 0xa2, 0xe1, 0xc2, 0x63, 0xa0, 0xb8, 0x49, 0x5d, 0x16, 0x26, 0xa6, 0x6a, 0x37, + 0xdb, 0xf1, 0xf7, 0xfb, 0xfe, 0x9f, 0x3f, 0x29, 0xe8, 0x59, 0xcc, 0xd4, 0x24, 0x1f, 0x61, 0xca, + 0x13, 0x3f, 0x26, 0x32, 0x82, 0x14, 0xa4, 0x59, 0x88, 0x69, 0xec, 0x13, 0xc1, 0x32, 0x3f, 0x03, + 0x9a, 0x4b, 0xa6, 0xe6, 0xfe, 0x6c, 0x48, 0x4e, 0xc4, 0x84, 0x0c, 0xfd, 0xb8, 0xbc, 0x40, 0x14, + 0x44, 0x58, 0x48, 0xae, 0xb8, 0x73, 0x68, 0x40, 0xb8, 0xd6, 0x9b, 0x85, 0x98, 0xc6, 0xb8, 0x04, + 0xe1, 0x1a, 0x84, 0x6b, 0x50, 0xef, 0xfe, 0xe6, 0x04, 0x3c, 0xe6, 0xbe, 0xe6, 0x8d, 0xf2, 0xb1, + 0xde, 0xe9, 0x8d, 0x5e, 0xad, 0x7c, 0x7a, 0x83, 0xe9, 0x93, 0x0c, 0x33, 0x5e, 0x8e, 0xe5, 0x53, + 0x2e, 0xc1, 0x9f, 0x35, 0x66, 0xe9, 0x3d, 0x32, 0x77, 0x12, 0x42, 0x27, 0x2c, 0x05, 0x39, 0x37, + 0x59, 0x12, 0x50, 0xe4, 0x5f, 0x2a, 0xff, 0x32, 0x95, 0xcc, 0x53, 0xc5, 0x12, 0x68, 0x08, 0x1e, + 0xff, 0x4f, 0x90, 0xd1, 0x09, 0x24, 0xe4, 0xa2, 0x6e, 0xf0, 0xa3, 0x85, 0x9c, 0x23, 0x09, 0x11, + 0xa4, 0x8a, 0x91, 0x93, 0x2c, 0x60, 0x69, 0xc4, 0xd2, 0xd8, 0xf9, 0x84, 0x3a, 0xe5, 0x68, 0x11, + 0x51, 0xc4, 0xb5, 0xfb, 0xf6, 0xbd, 0x9b, 0x0f, 0x1f, 0xe0, 0x95, 0x03, 0xde, 0x74, 0x30, 0x6f, + 0x59, 0xde, 0xc6, 0xb3, 0x21, 0x7e, 0x35, 0xfa, 0x0c, 0x54, 0xbd, 0x04, 0x45, 0x02, 0x67, 0x71, + 0x7e, 0x60, 0x15, 0xe7, 0x07, 0xc8, 0x9c, 0x85, 0x6b, 0xaa, 0xf3, 0xcd, 0x46, 0x1d, 0x21, 0xf9, + 0x8c, 0x45, 0x20, 0xdd, 0x1d, 0x6d, 0xf1, 0x16, 0x6f, 0xd9, 0x1b, 0x6e, 0x26, 0x78, 0x5d, 0xa1, + 0x83, 0x3b, 0xd5, 0x14, 0x9d, 0xfa, 0x24, 0x5c, 0xdb, 0x3a, 0x14, 0x75, 0xa9, 0x51, 0x86, 0x30, + 0x76, 0x5b, 0x7a, 0x90, 0xbb, 0x1b, 0x59, 0x71, 0x59, 0xac, 0x49, 0x16, 0xc2, 0x18, 0x24, 0xa4, + 0x14, 0x82, 0xfd, 0x0a, 0xdc, 0x3d, 0xfa, 0x0b, 0x11, 0x5e, 0x40, 0x3a, 0xc7, 0x68, 0xef, 0x4b, + 0xce, 0x15, 0xc9, 0xdc, 0x76, 0xbf, 0x75, 0x55, 0x78, 0xb7, 0x82, 0xef, 0xbd, 0xd1, 0xd2, 0xb0, + 0x42, 0x0c, 0x7e, 0xdb, 0x68, 0xbf, 0x19, 0xf6, 0x05, 0xcb, 0x94, 0xf3, 0xa1, 0x51, 0x19, 0xbe, + 0x5a, 0x65, 0xa5, 0x5a, 0x17, 0xb6, 0x7e, 0xaa, 0xfa, 0x64, 0xa3, 0x2e, 0x81, 0x76, 0x99, 0x82, + 0x24, 0x73, 0x77, 0x74, 0x88, 0xe3, 0x6b, 0xac, 0x2a, 0xb8, 0x5d, 0xf9, 0xee, 0x3e, 0x2f, 0x1d, + 0xc2, 0x95, 0xd1, 0xe0, 0x29, 0xea, 0x5d, 0x5e, 0xab, 0xd3, 0x47, 0x6d, 0x35, 0x17, 0xa0, 0x93, + 0xde, 0x08, 0x6e, 0x55, 0x84, 0xf6, 0xbb, 0xb9, 0x80, 0x50, 0x7f, 0x09, 0x3e, 0x2e, 0x96, 0x9e, + 0x75, 0xba, 0xf4, 0xac, 0xb3, 0xa5, 0x67, 0x7d, 0x2d, 0x3c, 0x7b, 0x51, 0x78, 0xf6, 0x69, 0xe1, + 0xd9, 0x67, 0x85, 0x67, 0xff, 0x2c, 0x3c, 0xfb, 0xfb, 0x2f, 0xcf, 0x7a, 0x7f, 0xb8, 0xe5, 0x3f, + 0xe7, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x53, 0x0f, 0x89, 0xaf, 0xad, 0x04, 0x00, 0x00, +} + +func (m *CredentialsBinding) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CredentialsBinding) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CredentialsBinding) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Quotas) > 0 { + for iNdEx := len(m.Quotas) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Quotas[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + } + { + size, err := m.CredentialsRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + { + size, err := m.Provider.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *CredentialsBindingList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CredentialsBindingList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CredentialsBindingList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *CredentialsBindingProvider) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CredentialsBindingProvider) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CredentialsBindingProvider) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Type) + copy(dAtA[i:], m.Type) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { + offset -= sovGenerated(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *CredentialsBinding) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.Provider.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.CredentialsRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Quotas) > 0 { + for _, e := range m.Quotas { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *CredentialsBindingList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *CredentialsBindingProvider) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Type) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func sovGenerated(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozGenerated(x uint64) (n int) { + return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (this *CredentialsBinding) String() string { + if this == nil { + return "nil" + } + repeatedStringForQuotas := "[]ObjectReference{" + for _, f := range this.Quotas { + repeatedStringForQuotas += fmt.Sprintf("%v", f) + "," + } + repeatedStringForQuotas += "}" + s := strings.Join([]string{`&CredentialsBinding{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Provider:` + strings.Replace(strings.Replace(this.Provider.String(), "CredentialsBindingProvider", "CredentialsBindingProvider", 1), `&`, ``, 1) + `,`, + `CredentialsRef:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CredentialsRef), "ObjectReference", "v11.ObjectReference", 1), `&`, ``, 1) + `,`, + `Quotas:` + repeatedStringForQuotas + `,`, + `}`, + }, "") + return s +} +func (this *CredentialsBindingList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]CredentialsBinding{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "CredentialsBinding", "CredentialsBinding", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&CredentialsBindingList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *CredentialsBindingProvider) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&CredentialsBindingProvider{`, + `Type:` + fmt.Sprintf("%v", this.Type) + `,`, + `}`, + }, "") + return s +} +func valueToStringGenerated(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *CredentialsBinding) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CredentialsBinding: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CredentialsBinding: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Provider", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.Provider.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CredentialsRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.CredentialsRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Quotas", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Quotas = append(m.Quotas, v11.ObjectReference{}) + if err := m.Quotas[len(m.Quotas)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CredentialsBindingList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CredentialsBindingList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CredentialsBindingList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, CredentialsBinding{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CredentialsBindingProvider) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CredentialsBindingProvider: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CredentialsBindingProvider: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Type = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipGenerated(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthGenerated + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") +) diff --git a/pkg/apis/security/v1alpha1/generated.proto b/pkg/apis/security/v1alpha1/generated.proto new file mode 100644 index 00000000000..1ddcb76e20d --- /dev/null +++ b/pkg/apis/security/v1alpha1/generated.proto @@ -0,0 +1,54 @@ +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = "proto2"; + +package github.com.gardener.gardener.pkg.apis.security.v1alpha1; + +import "k8s.io/api/core/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "github.com/gardener/gardener/pkg/apis/security/v1alpha1"; + +// CredentialsBinding represents a binding to credentials in the same or another namespace. +message CredentialsBinding { + // Standard object metadata. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Provider defines the provider type of the CredentialsBinding. + // This field is immutable. + optional CredentialsBindingProvider provider = 2; + + // CredentialsRef is a reference to a resource holding the credentials. + // Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity + optional k8s.io.api.core.v1.ObjectReference credentialsRef = 3; + + // Quotas is a list of references to Quota objects in the same or another namespace. + // This field is immutable. + // +optional + repeated k8s.io.api.core.v1.ObjectReference quotas = 4; +} + +// CredentialsBindingList is a collection of CredentialsBindings. +message CredentialsBindingList { + // Standard list object metadata. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + // Items is the list of CredentialsBindings. + repeated CredentialsBinding items = 2; +} + +// CredentialsBindingProvider defines the provider type of the CredentialsBinding. +message CredentialsBindingProvider { + // Type is the type of the provider. + optional string type = 1; +} + diff --git a/pkg/apis/security/v1alpha1/register.go b/pkg/apis/security/v1alpha1/register.go new file mode 100644 index 00000000000..5a87fa6b4df --- /dev/null +++ b/pkg/apis/security/v1alpha1/register.go @@ -0,0 +1,47 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the name of the security API group. +const GroupName = "security.gardener.cloud" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// Kind takes an unqualified kind and returns a Group qualified GroupKind. +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // SchemeBuilder is a new Scheme Builder which registers our API. + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, addDefaultingFuncs) + localSchemeBuilder = &SchemeBuilder + // AddToScheme is a reference to the Scheme Builder's AddToScheme function. + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &CredentialsBinding{}, + &CredentialsBindingList{}, + ) + + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + + return nil +} diff --git a/pkg/apis/authentication/v1alpha1/types_credentialsbinding.go b/pkg/apis/security/v1alpha1/types_credentialsbinding.go similarity index 95% rename from pkg/apis/authentication/v1alpha1/types_credentialsbinding.go rename to pkg/apis/security/v1alpha1/types_credentialsbinding.go index f8910d10c14..ca4b6a5dbdb 100644 --- a/pkg/apis/authentication/v1alpha1/types_credentialsbinding.go +++ b/pkg/apis/security/v1alpha1/types_credentialsbinding.go @@ -22,7 +22,7 @@ type CredentialsBinding struct { // This field is immutable. Provider CredentialsBindingProvider `json:"provider" protobuf:"bytes,2,opt,name=provider"` // CredentialsRef is a reference to a resource holding the credentials. - // Accepted resources are core/v1.Secret and authentication.gardener.cloud/v1alpha1.WorkloadIdentity + // Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity CredentialsRef corev1.ObjectReference `json:"credentialsRef" protobuf:"bytes,3,name=credentialsRef"` // Quotas is a list of references to Quota objects in the same or another namespace. // This field is immutable. diff --git a/pkg/apis/security/v1alpha1/zz_generated.conversion.go b/pkg/apis/security/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000000..4a41a653249 --- /dev/null +++ b/pkg/apis/security/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,131 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + unsafe "unsafe" + + security "github.com/gardener/gardener/pkg/apis/security" + v1 "k8s.io/api/core/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*CredentialsBinding)(nil), (*security.CredentialsBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_CredentialsBinding_To_security_CredentialsBinding(a.(*CredentialsBinding), b.(*security.CredentialsBinding), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*security.CredentialsBinding)(nil), (*CredentialsBinding)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_security_CredentialsBinding_To_v1alpha1_CredentialsBinding(a.(*security.CredentialsBinding), b.(*CredentialsBinding), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*CredentialsBindingList)(nil), (*security.CredentialsBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_CredentialsBindingList_To_security_CredentialsBindingList(a.(*CredentialsBindingList), b.(*security.CredentialsBindingList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*security.CredentialsBindingList)(nil), (*CredentialsBindingList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_security_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(a.(*security.CredentialsBindingList), b.(*CredentialsBindingList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*CredentialsBindingProvider)(nil), (*security.CredentialsBindingProvider)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_CredentialsBindingProvider_To_security_CredentialsBindingProvider(a.(*CredentialsBindingProvider), b.(*security.CredentialsBindingProvider), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*security.CredentialsBindingProvider)(nil), (*CredentialsBindingProvider)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_security_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(a.(*security.CredentialsBindingProvider), b.(*CredentialsBindingProvider), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_CredentialsBinding_To_security_CredentialsBinding(in *CredentialsBinding, out *security.CredentialsBinding, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_v1alpha1_CredentialsBindingProvider_To_security_CredentialsBindingProvider(&in.Provider, &out.Provider, s); err != nil { + return err + } + out.CredentialsRef = in.CredentialsRef + out.Quotas = *(*[]v1.ObjectReference)(unsafe.Pointer(&in.Quotas)) + return nil +} + +// Convert_v1alpha1_CredentialsBinding_To_security_CredentialsBinding is an autogenerated conversion function. +func Convert_v1alpha1_CredentialsBinding_To_security_CredentialsBinding(in *CredentialsBinding, out *security.CredentialsBinding, s conversion.Scope) error { + return autoConvert_v1alpha1_CredentialsBinding_To_security_CredentialsBinding(in, out, s) +} + +func autoConvert_security_CredentialsBinding_To_v1alpha1_CredentialsBinding(in *security.CredentialsBinding, out *CredentialsBinding, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if err := Convert_security_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(&in.Provider, &out.Provider, s); err != nil { + return err + } + out.CredentialsRef = in.CredentialsRef + out.Quotas = *(*[]v1.ObjectReference)(unsafe.Pointer(&in.Quotas)) + return nil +} + +// Convert_security_CredentialsBinding_To_v1alpha1_CredentialsBinding is an autogenerated conversion function. +func Convert_security_CredentialsBinding_To_v1alpha1_CredentialsBinding(in *security.CredentialsBinding, out *CredentialsBinding, s conversion.Scope) error { + return autoConvert_security_CredentialsBinding_To_v1alpha1_CredentialsBinding(in, out, s) +} + +func autoConvert_v1alpha1_CredentialsBindingList_To_security_CredentialsBindingList(in *CredentialsBindingList, out *security.CredentialsBindingList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]security.CredentialsBinding)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1alpha1_CredentialsBindingList_To_security_CredentialsBindingList is an autogenerated conversion function. +func Convert_v1alpha1_CredentialsBindingList_To_security_CredentialsBindingList(in *CredentialsBindingList, out *security.CredentialsBindingList, s conversion.Scope) error { + return autoConvert_v1alpha1_CredentialsBindingList_To_security_CredentialsBindingList(in, out, s) +} + +func autoConvert_security_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(in *security.CredentialsBindingList, out *CredentialsBindingList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]CredentialsBinding)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_security_CredentialsBindingList_To_v1alpha1_CredentialsBindingList is an autogenerated conversion function. +func Convert_security_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(in *security.CredentialsBindingList, out *CredentialsBindingList, s conversion.Scope) error { + return autoConvert_security_CredentialsBindingList_To_v1alpha1_CredentialsBindingList(in, out, s) +} + +func autoConvert_v1alpha1_CredentialsBindingProvider_To_security_CredentialsBindingProvider(in *CredentialsBindingProvider, out *security.CredentialsBindingProvider, s conversion.Scope) error { + out.Type = in.Type + return nil +} + +// Convert_v1alpha1_CredentialsBindingProvider_To_security_CredentialsBindingProvider is an autogenerated conversion function. +func Convert_v1alpha1_CredentialsBindingProvider_To_security_CredentialsBindingProvider(in *CredentialsBindingProvider, out *security.CredentialsBindingProvider, s conversion.Scope) error { + return autoConvert_v1alpha1_CredentialsBindingProvider_To_security_CredentialsBindingProvider(in, out, s) +} + +func autoConvert_security_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(in *security.CredentialsBindingProvider, out *CredentialsBindingProvider, s conversion.Scope) error { + out.Type = in.Type + return nil +} + +// Convert_security_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider is an autogenerated conversion function. +func Convert_security_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(in *security.CredentialsBindingProvider, out *CredentialsBindingProvider, s conversion.Scope) error { + return autoConvert_security_CredentialsBindingProvider_To_v1alpha1_CredentialsBindingProvider(in, out, s) +} diff --git a/pkg/apis/security/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/security/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..120c17fbc68 --- /dev/null +++ b/pkg/apis/security/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,97 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsBinding) DeepCopyInto(out *CredentialsBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Provider = in.Provider + out.CredentialsRef = in.CredentialsRef + if in.Quotas != nil { + in, out := &in.Quotas, &out.Quotas + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBinding. +func (in *CredentialsBinding) DeepCopy() *CredentialsBinding { + if in == nil { + return nil + } + out := new(CredentialsBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CredentialsBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsBindingList) DeepCopyInto(out *CredentialsBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CredentialsBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingList. +func (in *CredentialsBindingList) DeepCopy() *CredentialsBindingList { + if in == nil { + return nil + } + out := new(CredentialsBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CredentialsBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsBindingProvider) DeepCopyInto(out *CredentialsBindingProvider) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingProvider. +func (in *CredentialsBindingProvider) DeepCopy() *CredentialsBindingProvider { + if in == nil { + return nil + } + out := new(CredentialsBindingProvider) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apis/security/v1alpha1/zz_generated.defaults.go b/pkg/apis/security/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000000..fa5a96a2e0a --- /dev/null +++ b/pkg/apis/security/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,34 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + scheme.AddTypeDefaultingFunc(&CredentialsBinding{}, func(obj interface{}) { SetObjectDefaults_CredentialsBinding(obj.(*CredentialsBinding)) }) + scheme.AddTypeDefaultingFunc(&CredentialsBindingList{}, func(obj interface{}) { SetObjectDefaults_CredentialsBindingList(obj.(*CredentialsBindingList)) }) + return nil +} + +func SetObjectDefaults_CredentialsBinding(in *CredentialsBinding) { + SetDefaults_CredentialsBinding(in) +} + +func SetObjectDefaults_CredentialsBindingList(in *CredentialsBindingList) { + for i := range in.Items { + a := &in.Items[i] + SetObjectDefaults_CredentialsBinding(a) + } +} diff --git a/pkg/apis/authentication/validation/.import-restrictions b/pkg/apis/security/validation/.import-restrictions similarity index 100% rename from pkg/apis/authentication/validation/.import-restrictions rename to pkg/apis/security/validation/.import-restrictions diff --git a/pkg/apis/authentication/validation/credentialsbinding.go b/pkg/apis/security/validation/credentialsbinding.go similarity index 86% rename from pkg/apis/authentication/validation/credentialsbinding.go rename to pkg/apis/security/validation/credentialsbinding.go index a4faa7fb1bc..abb629752b5 100644 --- a/pkg/apis/authentication/validation/credentialsbinding.go +++ b/pkg/apis/security/validation/credentialsbinding.go @@ -13,13 +13,13 @@ import ( "k8s.io/apimachinery/pkg/util/validation" "k8s.io/apimachinery/pkg/util/validation/field" - "github.com/gardener/gardener/pkg/apis/authentication" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" gardencorevalidation "github.com/gardener/gardener/pkg/apis/core/validation" + "github.com/gardener/gardener/pkg/apis/security" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" ) // ValidateCredentialsBinding validates a CredentialsBinding. -func ValidateCredentialsBinding(binding *authentication.CredentialsBinding) field.ErrorList { +func ValidateCredentialsBinding(binding *security.CredentialsBinding) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, apivalidation.ValidateObjectMeta(&binding.ObjectMeta, true, gardencorevalidation.ValidateName, field.NewPath("metadata"))...) @@ -33,7 +33,7 @@ func ValidateCredentialsBinding(binding *authentication.CredentialsBinding) fiel } // ValidateCredentialsBindingUpdate validates a CredentialsBinding object before an update. -func ValidateCredentialsBindingUpdate(newBinding, oldBinding *authentication.CredentialsBinding) field.ErrorList { +func ValidateCredentialsBindingUpdate(newBinding, oldBinding *security.CredentialsBinding) field.ErrorList { allErrs := field.ErrorList{} allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&newBinding.ObjectMeta, &oldBinding.ObjectMeta, field.NewPath("metadata"))...) @@ -46,7 +46,7 @@ func ValidateCredentialsBindingUpdate(newBinding, oldBinding *authentication.Cre } // ValidateCredentialsBindingProvider validates a CredentialsBindingProvider object. -func ValidateCredentialsBindingProvider(provider authentication.CredentialsBindingProvider, fldPath *field.Path) field.ErrorList { +func ValidateCredentialsBindingProvider(provider security.CredentialsBindingProvider, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} if len(provider.Type) == 0 { @@ -99,7 +99,7 @@ func validateCredentials(ref corev1.ObjectReference, fldPath *field.Path) field. var ( secret = corev1.SchemeGroupVersion.WithKind("Secret") - workloadIdentity = authenticationv1alpha1.SchemeGroupVersion.WithKind("WorkloadIdentity") + workloadIdentity = securityv1alpha1.SchemeGroupVersion.WithKind("WorkloadIdentity") allowedGVKs = sets.New(secret, workloadIdentity) validGVKs = []string{secret.String(), workloadIdentity.String()} diff --git a/pkg/apis/authentication/validation/credentialsbinding_test.go b/pkg/apis/security/validation/credentialsbinding_test.go similarity index 82% rename from pkg/apis/authentication/validation/credentialsbinding_test.go rename to pkg/apis/security/validation/credentialsbinding_test.go index 9289fb2999c..2232a8cfcbc 100644 --- a/pkg/apis/authentication/validation/credentialsbinding_test.go +++ b/pkg/apis/security/validation/credentialsbinding_test.go @@ -13,21 +13,21 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation/field" - "github.com/gardener/gardener/pkg/apis/authentication" - . "github.com/gardener/gardener/pkg/apis/authentication/validation" + "github.com/gardener/gardener/pkg/apis/security" + . "github.com/gardener/gardener/pkg/apis/security/validation" ) var _ = Describe("CredentialsBinding Validation Tests", func() { Describe("#ValidateCredentialsBinding", func() { - var credentialsBinding *authentication.CredentialsBinding + var credentialsBinding *security.CredentialsBinding BeforeEach(func() { - credentialsBinding = &authentication.CredentialsBinding{ + credentialsBinding = &security.CredentialsBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "binding", Namespace: "garden", }, - Provider: authentication.CredentialsBindingProvider{ + Provider: security.CredentialsBindingProvider{ Type: "foo", }, CredentialsRef: corev1.ObjectReference{ @@ -47,7 +47,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { It("[WorkloadIdentity] should not return any errors", func() { credentialsBinding.CredentialsRef = corev1.ObjectReference{ - APIVersion: "authentication.gardener.cloud/v1alpha1", + APIVersion: "security.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "my-workloadidentity", Namespace: "my-namespace", @@ -102,7 +102,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { It("should forbid empty CredentialsBinding resources", func() { credentialsBinding.ObjectMeta = metav1.ObjectMeta{} credentialsBinding.CredentialsRef = corev1.ObjectReference{} - credentialsBinding.Provider = authentication.CredentialsBindingProvider{} + credentialsBinding.Provider = security.CredentialsBindingProvider{} errorList := ValidateCredentialsBinding(credentialsBinding) Expect(errorList).To(ConsistOf( @@ -159,8 +159,8 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { corev1.ObjectReference{APIVersion: "v1", Kind: "Secret", Name: "foo", Namespace: "bar"}, BeEmpty(), ), - Entry("should allow authentication.gardener.cloud/v1alpha1.WorkloadIdentity", - corev1.ObjectReference{APIVersion: "authentication.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "foo", Namespace: "bar"}, + Entry("should allow security.gardener.cloud/v1alpha1.WorkloadIdentity", + corev1.ObjectReference{APIVersion: "security.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "foo", Namespace: "bar"}, BeEmpty(), ), Entry("should forbid v1.Secret with non DNS1123 name", @@ -172,8 +172,8 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { })), ), ), - Entry("should forbid authentication.gardener.cloud/v1alpha1.WorkloadIdentity with non DNS1123 namespace", - corev1.ObjectReference{APIVersion: "authentication.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "foo", Namespace: "bar?"}, + Entry("should forbid security.gardener.cloud/v1alpha1.WorkloadIdentity with non DNS1123 namespace", + corev1.ObjectReference{APIVersion: "security.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "foo", Namespace: "bar?"}, ConsistOf( PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeInvalid), @@ -211,8 +211,8 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { })), ), ), - Entry("should forbid authentication.gardener.cloud/v1alpha1.FooBar", - corev1.ObjectReference{APIVersion: "authentication.gardener.cloud/v1alpha1", Kind: "FooBar", Name: "foo", Namespace: "bar"}, + Entry("should forbid security.gardener.cloud/v1alpha1.FooBar", + corev1.ObjectReference{APIVersion: "security.gardener.cloud/v1alpha1", Kind: "FooBar", Name: "foo", Namespace: "bar"}, ConsistOf( PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeNotSupported), @@ -220,8 +220,8 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { })), ), ), - Entry("should forbid authentication.gardener.cloud/v2alpha1.WorkloadIdentity", - corev1.ObjectReference{APIVersion: "authentication.gardener.cloud/v2alpha1", Kind: "WorkloadIdentity", Name: "foo", Namespace: "bar"}, + Entry("should forbid security.gardener.cloud/v2alpha1.WorkloadIdentity", + corev1.ObjectReference{APIVersion: "security.gardener.cloud/v2alpha1", Kind: "WorkloadIdentity", Name: "foo", Namespace: "bar"}, ConsistOf( PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeNotSupported), @@ -248,19 +248,19 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { }) Describe("#ValidateCredentialsBindingUpdate", func() { - var credentialsBinding *authentication.CredentialsBinding + var credentialsBinding *security.CredentialsBinding BeforeEach(func() { - credentialsBinding = &authentication.CredentialsBinding{ + credentialsBinding = &security.CredentialsBinding{ ObjectMeta: metav1.ObjectMeta{ Name: "binding", Namespace: "garden", }, - Provider: authentication.CredentialsBindingProvider{ + Provider: security.CredentialsBindingProvider{ Type: "foo", }, CredentialsRef: corev1.ObjectReference{ - APIVersion: "authentication.gardener.cloud/v1alpha1", + APIVersion: "security.gardener.cloud/v1alpha1", Kind: "WorkloadIdentity", Name: "my-workloadidentity", Namespace: "my-namespace", @@ -287,7 +287,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { It("should forbid updating the CredentialsBinding provider when the field is already set", func() { newCredentialsBinding := prepareCredentialsBindingForUpdate(credentialsBinding) - newCredentialsBinding.Provider = authentication.CredentialsBindingProvider{ + newCredentialsBinding.Provider = security.CredentialsBindingProvider{ Type: "new-type", } @@ -305,7 +305,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { Describe("#ValidateCredentialsBindingProvider", func() { path := field.NewPath("provider") It("should return err when provider is empty", func() { - errorList := ValidateCredentialsBindingProvider(authentication.CredentialsBindingProvider{}, path) + errorList := ValidateCredentialsBindingProvider(security.CredentialsBindingProvider{}, path) Expect(errorList).To(ConsistOf( PointTo(MatchFields(IgnoreExtras, Fields{ "Type": Equal(field.ErrorTypeRequired), @@ -315,7 +315,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { }) It("should succeed when provider is valid", func() { - errorList := ValidateCredentialsBindingProvider(authentication.CredentialsBindingProvider{ + errorList := ValidateCredentialsBindingProvider(security.CredentialsBindingProvider{ Type: "foo", }, path) Expect(errorList).To(BeEmpty()) @@ -323,7 +323,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { It("should forbid multiple providers", func() { errList := ValidateCredentialsBindingProvider( - authentication.CredentialsBindingProvider{ + security.CredentialsBindingProvider{ Type: "foo,bar", }, path, @@ -339,7 +339,7 @@ var _ = Describe("CredentialsBinding Validation Tests", func() { }) }) -func prepareCredentialsBindingForUpdate(credentialsBinding *authentication.CredentialsBinding) *authentication.CredentialsBinding { +func prepareCredentialsBindingForUpdate(credentialsBinding *security.CredentialsBinding) *security.CredentialsBinding { c := credentialsBinding.DeepCopy() c.ResourceVersion = "1" return c diff --git a/pkg/apis/security/validation/validation_suite_test.go b/pkg/apis/security/validation/validation_suite_test.go new file mode 100644 index 00000000000..f705b49bf44 --- /dev/null +++ b/pkg/apis/security/validation/validation_suite_test.go @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +package validation_test + +import ( + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func TestValidation(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "APIs Security Validation Suite") +} diff --git a/pkg/apis/security/zz_generated.deepcopy.go b/pkg/apis/security/zz_generated.deepcopy.go new file mode 100644 index 00000000000..09f4dc90f44 --- /dev/null +++ b/pkg/apis/security/zz_generated.deepcopy.go @@ -0,0 +1,97 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// SPDX-FileCopyrightText: SAP SE or an SAP affiliate company and Gardener contributors +// +// SPDX-License-Identifier: Apache-2.0 + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package security + +import ( + v1 "k8s.io/api/core/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsBinding) DeepCopyInto(out *CredentialsBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Provider = in.Provider + out.CredentialsRef = in.CredentialsRef + if in.Quotas != nil { + in, out := &in.Quotas, &out.Quotas + *out = make([]v1.ObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBinding. +func (in *CredentialsBinding) DeepCopy() *CredentialsBinding { + if in == nil { + return nil + } + out := new(CredentialsBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CredentialsBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsBindingList) DeepCopyInto(out *CredentialsBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CredentialsBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingList. +func (in *CredentialsBindingList) DeepCopy() *CredentialsBindingList { + if in == nil { + return nil + } + out := new(CredentialsBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CredentialsBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CredentialsBindingProvider) DeepCopyInto(out *CredentialsBindingProvider) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CredentialsBindingProvider. +func (in *CredentialsBindingProvider) DeepCopy() *CredentialsBindingProvider { + if in == nil { + return nil + } + out := new(CredentialsBindingProvider) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apiserver/admission/initializer/initializer.go b/pkg/apiserver/admission/initializer/initializer.go index 9b14a2d39a0..02f3da193c8 100644 --- a/pkg/apiserver/admission/initializer/initializer.go +++ b/pkg/apiserver/admission/initializer/initializer.go @@ -12,10 +12,10 @@ import ( kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" - authenticationclientset "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" - authenticationinformers "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions" gardencoreclientset "github.com/gardener/gardener/pkg/client/core/clientset/versioned" gardencoreinformers "github.com/gardener/gardener/pkg/client/core/informers/externalversions" + securityclientset "github.com/gardener/gardener/pkg/client/security/clientset/versioned" + securityinformers "github.com/gardener/gardener/pkg/client/security/informers/externalversions" seedmanagementclientset "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" seedmanagementinformers "github.com/gardener/gardener/pkg/client/seedmanagement/informers/externalversions" settingsinformers "github.com/gardener/gardener/pkg/client/settings/informers/externalversions" @@ -28,8 +28,8 @@ func New( seedManagementInformers seedmanagementinformers.SharedInformerFactory, seedManagementClient seedmanagementclientset.Interface, settingsInformers settingsinformers.SharedInformerFactory, - authenticationInformers authenticationinformers.SharedInformerFactory, - authenticationClient authenticationclientset.Interface, + securityInformers securityinformers.SharedInformerFactory, + securityClient securityclientset.Interface, kubeInformers kubeinformers.SharedInformerFactory, kubeClient kubernetes.Interface, dynamicClient dynamic.Interface, @@ -45,8 +45,8 @@ func New( settingsInformers: settingsInformers, - authenticationInformers: authenticationInformers, - authenticationClient: authenticationClient, + securityInformers: securityInformers, + securityClient: securityClient, kubeInformers: kubeInformers, kubeClient: kubeClient, @@ -76,11 +76,11 @@ func (i pluginInitializer) Initialize(plugin admission.Interface) { wants.SetSeedManagementClientSet(i.seedManagementClient) } - if wants, ok := plugin.(WantsAuthenticationInformerFactory); ok { - wants.SetAuthenticationInformerFactory(i.authenticationInformers) + if wants, ok := plugin.(WantsSecurityInformerFactory); ok { + wants.SetSecurityInformerFactory(i.securityInformers) } - if wants, ok := plugin.(WantsAuthenticationClientSet); ok { - wants.SetAuthenticationClientSet(i.authenticationClient) + if wants, ok := plugin.(WantsSecurityClientSet); ok { + wants.SetSecurityClientSet(i.securityClient) } if wants, ok := plugin.(WantsSettingsInformerFactory); ok { diff --git a/pkg/apiserver/admission/initializer/types.go b/pkg/apiserver/admission/initializer/types.go index c9675bfbaa6..3335a1d5627 100644 --- a/pkg/apiserver/admission/initializer/types.go +++ b/pkg/apiserver/admission/initializer/types.go @@ -12,10 +12,10 @@ import ( kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" - authenticationclientset "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" - authenticationinformers "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions" gardencoreclientset "github.com/gardener/gardener/pkg/client/core/clientset/versioned" gardencoreinformers "github.com/gardener/gardener/pkg/client/core/informers/externalversions" + securityclientset "github.com/gardener/gardener/pkg/client/security/clientset/versioned" + securityinformers "github.com/gardener/gardener/pkg/client/security/informers/externalversions" seedmanagementclientset "github.com/gardener/gardener/pkg/client/seedmanagement/clientset/versioned" seedmanagementinformers "github.com/gardener/gardener/pkg/client/seedmanagement/informers/externalversions" settingsinformers "github.com/gardener/gardener/pkg/client/settings/informers/externalversions" @@ -51,15 +51,15 @@ type WantsSeedManagementClientSet interface { admission.InitializationValidator } -// WantsAuthenticationInformerFactory defines a function which sets authentication InformerFactory for admission plugins that need it. -type WantsAuthenticationInformerFactory interface { - SetAuthenticationInformerFactory(authenticationinformers.SharedInformerFactory) +// WantsSecurityInformerFactory defines a function which sets security InformerFactory for admission plugins that need it. +type WantsSecurityInformerFactory interface { + SetSecurityInformerFactory(securityinformers.SharedInformerFactory) admission.InitializationValidator } -// WantsAuthenticationClientSet defines a function which sets Authentication Clientset for admission plugins that need it. -type WantsAuthenticationClientSet interface { - SetAuthenticationClientSet(authenticationclientset.Interface) +// WantsSecurityClientSet defines a function which sets Security Clientset for admission plugins that need it. +type WantsSecurityClientSet interface { + SetSecurityClientSet(securityclientset.Interface) admission.InitializationValidator } @@ -102,8 +102,8 @@ type pluginInitializer struct { settingsInformers settingsinformers.SharedInformerFactory - authenticationInformers authenticationinformers.SharedInformerFactory - authenticationClient authenticationclientset.Interface + securityInformers securityinformers.SharedInformerFactory + securityClient securityclientset.Interface kubeInformers kubeinformers.SharedInformerFactory kubeClient kubernetes.Interface diff --git a/pkg/apiserver/apis.go b/pkg/apiserver/apis.go index 6045601c53d..f48eacb77cd 100644 --- a/pkg/apiserver/apis.go +++ b/pkg/apiserver/apis.go @@ -7,18 +7,18 @@ package apiserver import ( "k8s.io/apimachinery/pkg/runtime/schema" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" operationsv1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" seedmanagementv1alpha1 "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1" settingsv1alpha1 "github.com/gardener/gardener/pkg/apis/settings/v1alpha1" ) // AllGardenerAPIGroupVersions is the list of all GroupVersions that are served by gardener-apiserver. var AllGardenerAPIGroupVersions = []schema.GroupVersion{ - authenticationv1alpha1.SchemeGroupVersion, gardencorev1beta1.SchemeGroupVersion, settingsv1alpha1.SchemeGroupVersion, seedmanagementv1alpha1.SchemeGroupVersion, operationsv1alpha1.SchemeGroupVersion, + securityv1alpha1.SchemeGroupVersion, } diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 762a2d24aa9..b3384b51806 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -14,9 +14,9 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" kubeinformers "k8s.io/client-go/informers" - authenticationrest "github.com/gardener/gardener/pkg/apiserver/registry/authentication/rest" corerest "github.com/gardener/gardener/pkg/apiserver/registry/core/rest" operationsrest "github.com/gardener/gardener/pkg/apiserver/registry/operations/rest" + securityrest "github.com/gardener/gardener/pkg/apiserver/registry/security/rest" seedmanagementrest "github.com/gardener/gardener/pkg/apiserver/registry/seedmanagement/rest" settingsrest "github.com/gardener/gardener/pkg/apiserver/registry/settings/rest" gardencoreinformers "github.com/gardener/gardener/pkg/client/core/informers/externalversions" @@ -87,10 +87,10 @@ func (c completedConfig) New() (*GardenerServer, error) { seedManagementAPIGroupInfo = (seedmanagementrest.StorageProvider{}).NewRESTStorage(c.GenericConfig.RESTOptionsGetter) settingsAPIGroupInfo = (settingsrest.StorageProvider{}).NewRESTStorage(c.GenericConfig.RESTOptionsGetter) operationsAPIGroupInfo = (operationsrest.StorageProvider{}).NewRESTStorage(c.GenericConfig.RESTOptionsGetter) - authenticationAPIGroupInfo = (authenticationrest.StorageProvider{}).NewRESTStorage(c.GenericConfig.RESTOptionsGetter) + securityAPIGroupInfo = (securityrest.StorageProvider{}).NewRESTStorage(c.GenericConfig.RESTOptionsGetter) ) - if err := s.GenericAPIServer.InstallAPIGroups(&coreAPIGroupInfo, &settingsAPIGroupInfo, &seedManagementAPIGroupInfo, &operationsAPIGroupInfo, &authenticationAPIGroupInfo); err != nil { + if err := s.GenericAPIServer.InstallAPIGroups(&coreAPIGroupInfo, &settingsAPIGroupInfo, &seedManagementAPIGroupInfo, &operationsAPIGroupInfo, &securityAPIGroupInfo); err != nil { return nil, err } diff --git a/pkg/apiserver/openapi/api_violations.report b/pkg/apiserver/openapi/api_violations.report index 82e2308e938..c7c277efed9 100644 --- a/pkg/apiserver/openapi/api_violations.report +++ b/pkg/apiserver/openapi/api_violations.report @@ -1,5 +1,4 @@ API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/authentication/v1alpha1,AdminKubeconfigRequestStatus,Kubeconfig -API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/authentication/v1alpha1,CredentialsBinding,Quotas API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/authentication/v1alpha1,ViewerKubeconfigRequestStatus,Kubeconfig API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/core/v1beta1,Alerting,EmailReceivers API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/core/v1beta1,AvailabilityZone,UnavailableMachineTypes @@ -73,6 +72,7 @@ API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/core API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/core/v1beta1,Worker,Zones API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/operations/v1alpha1,BastionSpec,Ingress API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/operations/v1alpha1,BastionStatus,Conditions +API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/security/v1alpha1,CredentialsBinding,Quotas API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1,GardenletDeployment,AdditionalVolumeMounts API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1,GardenletDeployment,AdditionalVolumes API rule violation: list_type_missing,github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1,GardenletDeployment,Env diff --git a/pkg/apiserver/openapi/openapi_generated.go b/pkg/apiserver/openapi/openapi_generated.go index 6ad03787bbf..e0c0e48406a 100644 --- a/pkg/apiserver/openapi/openapi_generated.go +++ b/pkg/apiserver/openapi/openapi_generated.go @@ -24,9 +24,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequest": schema_pkg_apis_authentication_v1alpha1_AdminKubeconfigRequest(ref), "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequestSpec": schema_pkg_apis_authentication_v1alpha1_AdminKubeconfigRequestSpec(ref), "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.AdminKubeconfigRequestStatus": schema_pkg_apis_authentication_v1alpha1_AdminKubeconfigRequestStatus(ref), - "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBinding": schema_pkg_apis_authentication_v1alpha1_CredentialsBinding(ref), - "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBindingList": schema_pkg_apis_authentication_v1alpha1_CredentialsBindingList(ref), - "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBindingProvider": schema_pkg_apis_authentication_v1alpha1_CredentialsBindingProvider(ref), "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.ViewerKubeconfigRequest": schema_pkg_apis_authentication_v1alpha1_ViewerKubeconfigRequest(ref), "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.ViewerKubeconfigRequestSpec": schema_pkg_apis_authentication_v1alpha1_ViewerKubeconfigRequestSpec(ref), "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.ViewerKubeconfigRequestStatus": schema_pkg_apis_authentication_v1alpha1_ViewerKubeconfigRequestStatus(ref), @@ -211,6 +208,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/gardener/gardener/pkg/apis/operations/v1alpha1.BastionList": schema_pkg_apis_operations_v1alpha1_BastionList(ref), "github.com/gardener/gardener/pkg/apis/operations/v1alpha1.BastionSpec": schema_pkg_apis_operations_v1alpha1_BastionSpec(ref), "github.com/gardener/gardener/pkg/apis/operations/v1alpha1.BastionStatus": schema_pkg_apis_operations_v1alpha1_BastionStatus(ref), + "github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBinding": schema_pkg_apis_security_v1alpha1_CredentialsBinding(ref), + "github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBindingList": schema_pkg_apis_security_v1alpha1_CredentialsBindingList(ref), + "github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBindingProvider": schema_pkg_apis_security_v1alpha1_CredentialsBindingProvider(ref), "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1.Gardenlet": schema_pkg_apis_seedmanagement_v1alpha1_Gardenlet(ref), "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1.GardenletDeployment": schema_pkg_apis_seedmanagement_v1alpha1_GardenletDeployment(ref), "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1.Image": schema_pkg_apis_seedmanagement_v1alpha1_Image(ref), @@ -674,144 +674,6 @@ func schema_pkg_apis_authentication_v1alpha1_AdminKubeconfigRequestStatus(ref co } } -func schema_pkg_apis_authentication_v1alpha1_CredentialsBinding(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CredentialsBinding represents a binding to credentials in the same or another namespace.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "Standard object metadata.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "provider": { - SchemaProps: spec.SchemaProps{ - Description: "Provider defines the provider type of the CredentialsBinding. This field is immutable.", - Default: map[string]interface{}{}, - Ref: ref("github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBindingProvider"), - }, - }, - "credentialsRef": { - SchemaProps: spec.SchemaProps{ - Description: "CredentialsRef is a reference to a resource holding the credentials. Accepted resources are core/v1.Secret and authentication.gardener.cloud/v1alpha1.WorkloadIdentity", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), - }, - }, - "quotas": { - SchemaProps: spec.SchemaProps{ - Description: "Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), - }, - }, - }, - }, - }, - }, - Required: []string{"provider", "credentialsRef"}, - }, - }, - Dependencies: []string{ - "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBindingProvider", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_pkg_apis_authentication_v1alpha1_CredentialsBindingList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CredentialsBindingList is a collection of CredentialsBindings.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "Standard list object metadata.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Description: "Items is the list of CredentialsBindings.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBinding"), - }, - }, - }, - }, - }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1.CredentialsBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_pkg_apis_authentication_v1alpha1_CredentialsBindingProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CredentialsBindingProvider defines the provider type of the CredentialsBinding.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "Type is the type of the provider.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"type"}, - }, - }, - } -} - func schema_pkg_apis_authentication_v1alpha1_ViewerKubeconfigRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -9600,6 +9462,144 @@ func schema_pkg_apis_operations_v1alpha1_BastionStatus(ref common.ReferenceCallb } } +func schema_pkg_apis_security_v1alpha1_CredentialsBinding(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CredentialsBinding represents a binding to credentials in the same or another namespace.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "Standard object metadata.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "provider": { + SchemaProps: spec.SchemaProps{ + Description: "Provider defines the provider type of the CredentialsBinding. This field is immutable.", + Default: map[string]interface{}{}, + Ref: ref("github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBindingProvider"), + }, + }, + "credentialsRef": { + SchemaProps: spec.SchemaProps{ + Description: "CredentialsRef is a reference to a resource holding the credentials. Accepted resources are core/v1.Secret and security.gardener.cloud/v1alpha1.WorkloadIdentity", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.ObjectReference"), + }, + }, + "quotas": { + SchemaProps: spec.SchemaProps{ + Description: "Quotas is a list of references to Quota objects in the same or another namespace. This field is immutable.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.ObjectReference"), + }, + }, + }, + }, + }, + }, + Required: []string{"provider", "credentialsRef"}, + }, + }, + Dependencies: []string{ + "github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBindingProvider", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_security_v1alpha1_CredentialsBindingList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CredentialsBindingList is a collection of CredentialsBindings.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "Standard list object metadata.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Items is the list of CredentialsBindings.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBinding"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/gardener/gardener/pkg/apis/security/v1alpha1.CredentialsBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_pkg_apis_security_v1alpha1_CredentialsBindingProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CredentialsBindingProvider defines the provider type of the CredentialsBinding.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "Type is the type of the provider.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"type"}, + }, + }, + } +} + func schema_pkg_apis_seedmanagement_v1alpha1_Gardenlet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apiserver/registry/authentication/credentialsbinding/storage/storage.go b/pkg/apiserver/registry/security/credentialsbinding/storage/storage.go similarity index 77% rename from pkg/apiserver/registry/authentication/credentialsbinding/storage/storage.go rename to pkg/apiserver/registry/security/credentialsbinding/storage/storage.go index bb7201e9ceb..fc31a86ecc5 100644 --- a/pkg/apiserver/registry/authentication/credentialsbinding/storage/storage.go +++ b/pkg/apiserver/registry/security/credentialsbinding/storage/storage.go @@ -10,8 +10,8 @@ import ( genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" "k8s.io/apiserver/pkg/registry/rest" - "github.com/gardener/gardener/pkg/apis/authentication" - "github.com/gardener/gardener/pkg/apiserver/registry/authentication/credentialsbinding" + "github.com/gardener/gardener/pkg/apis/security" + "github.com/gardener/gardener/pkg/apiserver/registry/security/credentialsbinding" ) // REST implements a RESTStorage for CredentialsBinding. @@ -36,11 +36,11 @@ func NewStorage(optsGetter generic.RESTOptionsGetter) CredentialsBindingStorage // NewREST returns a RESTStorage object that will work against CredentialsBinding. func NewREST(optsGetter generic.RESTOptionsGetter) *REST { store := &genericregistry.Store{ - NewFunc: func() runtime.Object { return &authentication.CredentialsBinding{} }, - NewListFunc: func() runtime.Object { return &authentication.CredentialsBindingList{} }, + NewFunc: func() runtime.Object { return &security.CredentialsBinding{} }, + NewListFunc: func() runtime.Object { return &security.CredentialsBindingList{} }, - DefaultQualifiedResource: authentication.Resource("credentialsbindings"), - SingularQualifiedResource: authentication.Resource("credentialsbinding"), + DefaultQualifiedResource: security.Resource("credentialsbindings"), + SingularQualifiedResource: security.Resource("credentialsbinding"), EnableGarbageCollection: true, CreateStrategy: credentialsbinding.Strategy, diff --git a/pkg/apiserver/registry/authentication/credentialsbinding/storage/tableconvertor.go b/pkg/apiserver/registry/security/credentialsbinding/storage/tableconvertor.go similarity index 95% rename from pkg/apiserver/registry/authentication/credentialsbinding/storage/tableconvertor.go rename to pkg/apiserver/registry/security/credentialsbinding/storage/tableconvertor.go index ec5a5288676..fa91671bf3d 100644 --- a/pkg/apiserver/registry/authentication/credentialsbinding/storage/tableconvertor.go +++ b/pkg/apiserver/registry/security/credentialsbinding/storage/tableconvertor.go @@ -14,7 +14,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/registry/rest" - "github.com/gardener/gardener/pkg/apis/authentication" + "github.com/gardener/gardener/pkg/apis/security" ) var swaggerMetadataDescriptions = metav1.ObjectMeta{}.SwaggerDoc() @@ -56,7 +56,7 @@ func (c *convertor) ConvertToTable(_ context.Context, o runtime.Object, _ runtim table.Rows, err = metatable.MetaToTableRow(o, func(o runtime.Object, _ metav1.Object, _, _ string) ([]interface{}, error) { var ( - obj = o.(*authentication.CredentialsBinding) + obj = o.(*security.CredentialsBinding) cells = []interface{}{} ) diff --git a/pkg/apiserver/registry/authentication/credentialsbinding/strategy.go b/pkg/apiserver/registry/security/credentialsbinding/strategy.go similarity index 84% rename from pkg/apiserver/registry/authentication/credentialsbinding/strategy.go rename to pkg/apiserver/registry/security/credentialsbinding/strategy.go index 9f148861064..889c6ab5553 100644 --- a/pkg/apiserver/registry/authentication/credentialsbinding/strategy.go +++ b/pkg/apiserver/registry/security/credentialsbinding/strategy.go @@ -12,8 +12,8 @@ import ( "k8s.io/apiserver/pkg/storage/names" "github.com/gardener/gardener/pkg/api" - "github.com/gardener/gardener/pkg/apis/authentication" - "github.com/gardener/gardener/pkg/apis/authentication/validation" + "github.com/gardener/gardener/pkg/apis/security" + "github.com/gardener/gardener/pkg/apis/security/validation" ) type credentialsBindingStrategy struct { @@ -37,7 +37,7 @@ func (credentialsBindingStrategy) PrepareForUpdate(_ context.Context, _, _ runti } func (credentialsBindingStrategy) Validate(_ context.Context, obj runtime.Object) field.ErrorList { - credentialsbinding := obj.(*authentication.CredentialsBinding) + credentialsbinding := obj.(*security.CredentialsBinding) return validation.ValidateCredentialsBinding(credentialsbinding) } @@ -49,8 +49,8 @@ func (credentialsBindingStrategy) AllowCreateOnUpdate() bool { } func (credentialsBindingStrategy) ValidateUpdate(_ context.Context, newObj, oldObj runtime.Object) field.ErrorList { - newCredentialsBinding := newObj.(*authentication.CredentialsBinding) - oldCredentialsBinding := oldObj.(*authentication.CredentialsBinding) + newCredentialsBinding := newObj.(*security.CredentialsBinding) + oldCredentialsBinding := oldObj.(*security.CredentialsBinding) return validation.ValidateCredentialsBindingUpdate(newCredentialsBinding, oldCredentialsBinding) } diff --git a/pkg/apiserver/registry/authentication/rest/storage_authentication.go b/pkg/apiserver/registry/security/rest/storage_security.go similarity index 70% rename from pkg/apiserver/registry/authentication/rest/storage_authentication.go rename to pkg/apiserver/registry/security/rest/storage_security.go index bc77045ef0b..d1cf2735f3a 100644 --- a/pkg/apiserver/registry/authentication/rest/storage_authentication.go +++ b/pkg/apiserver/registry/security/rest/storage_security.go @@ -11,9 +11,9 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" "github.com/gardener/gardener/pkg/api" - "github.com/gardener/gardener/pkg/apis/authentication" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" - credentialsbindingstore "github.com/gardener/gardener/pkg/apiserver/registry/authentication/credentialsbinding/storage" + "github.com/gardener/gardener/pkg/apis/security" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" + credentialsbindingstore "github.com/gardener/gardener/pkg/apiserver/registry/security/credentialsbinding/storage" ) // StorageProvider is an empty struct. @@ -21,14 +21,14 @@ type StorageProvider struct{} // NewRESTStorage creates a new API group info object and registers the v1alpha1 Garden storage. func (p StorageProvider) NewRESTStorage(restOptionsGetter generic.RESTOptionsGetter) genericapiserver.APIGroupInfo { - apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(authentication.GroupName, api.Scheme, metav1.ParameterCodec, api.Codecs) - apiGroupInfo.VersionedResourcesStorageMap[authenticationv1alpha1.SchemeGroupVersion.Version] = p.v1alpha1Storage(restOptionsGetter) + apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(security.GroupName, api.Scheme, metav1.ParameterCodec, api.Codecs) + apiGroupInfo.VersionedResourcesStorageMap[securityv1alpha1.SchemeGroupVersion.Version] = p.v1alpha1Storage(restOptionsGetter) return apiGroupInfo } // GroupName returns the garden group name. func (p StorageProvider) GroupName() string { - return authentication.GroupName + return security.GroupName } func (p StorageProvider) v1alpha1Storage(restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { diff --git a/pkg/client/kubernetes/client.go b/pkg/client/kubernetes/client.go index 46e5143de28..f58e8bb3373 100644 --- a/pkg/client/kubernetes/client.go +++ b/pkg/client/kubernetes/client.go @@ -23,8 +23,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" - authenticationinstall "github.com/gardener/gardener/pkg/apis/authentication/install" gardencoreinstall "github.com/gardener/gardener/pkg/apis/core/install" + securityinstall "github.com/gardener/gardener/pkg/apis/security/install" seedmanagementinstall "github.com/gardener/gardener/pkg/apis/seedmanagement/install" settingsinstall "github.com/gardener/gardener/pkg/apis/settings/install" ) @@ -52,7 +52,7 @@ func init() { gardencoreinstall.AddToScheme, seedmanagementinstall.AddToScheme, settingsinstall.AddToScheme, - authenticationinstall.AddToScheme, + securityinstall.AddToScheme, ) utilruntime.Must(apiutil.AddToProtobufScheme(protobufSchemeBuilder.AddToScheme)) diff --git a/pkg/client/kubernetes/types.go b/pkg/client/kubernetes/types.go index 781d801e5eb..096884cbbf5 100644 --- a/pkg/client/kubernetes/types.go +++ b/pkg/client/kubernetes/types.go @@ -34,12 +34,12 @@ import ( "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" - authenticationinstall "github.com/gardener/gardener/pkg/apis/authentication/install" gardencoreinstall "github.com/gardener/gardener/pkg/apis/core/install" extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1" operationsinstall "github.com/gardener/gardener/pkg/apis/operations/install" operatorv1alpha1 "github.com/gardener/gardener/pkg/apis/operator/v1alpha1" resourcesv1alpha1 "github.com/gardener/gardener/pkg/apis/resources/v1alpha1" + securityinstall "github.com/gardener/gardener/pkg/apis/security/install" seedmanagementinstall "github.com/gardener/gardener/pkg/apis/seedmanagement/install" settingsinstall "github.com/gardener/gardener/pkg/apis/settings/install" "github.com/gardener/gardener/pkg/chartrenderer" @@ -95,7 +95,7 @@ var ( settingsinstall.AddToScheme, operationsinstall.AddToScheme, apiregistrationscheme.AddToScheme, - authenticationinstall.AddToScheme, + securityinstall.AddToScheme, ) seedSchemeBuilder = runtime.NewSchemeBuilder( diff --git a/pkg/client/authentication/clientset/versioned/clientset.go b/pkg/client/security/clientset/versioned/clientset.go similarity index 81% rename from pkg/client/authentication/clientset/versioned/clientset.go rename to pkg/client/security/clientset/versioned/clientset.go index c5dd00991db..0b6fb8ed9b1 100644 --- a/pkg/client/authentication/clientset/versioned/clientset.go +++ b/pkg/client/security/clientset/versioned/clientset.go @@ -10,7 +10,7 @@ import ( "fmt" "net/http" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/client/security/clientset/versioned/typed/security/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" flowcontrol "k8s.io/client-go/util/flowcontrol" @@ -18,18 +18,18 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface - AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface + SecurityV1alpha1() securityv1alpha1.SecurityV1alpha1Interface } // Clientset contains the clients for groups. type Clientset struct { *discovery.DiscoveryClient - authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client + securityV1alpha1 *securityv1alpha1.SecurityV1alpha1Client } -// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client -func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface { - return c.authenticationV1alpha1 +// SecurityV1alpha1 retrieves the SecurityV1alpha1Client +func (c *Clientset) SecurityV1alpha1() securityv1alpha1.SecurityV1alpha1Interface { + return c.securityV1alpha1 } // Discovery retrieves the DiscoveryClient @@ -76,7 +76,7 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, var cs Clientset var err error - cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) + cs.securityV1alpha1, err = securityv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) if err != nil { return nil, err } @@ -101,7 +101,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { // New creates a new Clientset for the given RESTClient. func New(c rest.Interface) *Clientset { var cs Clientset - cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) + cs.securityV1alpha1 = securityv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) return &cs diff --git a/pkg/client/authentication/clientset/versioned/fake/clientset_generated.go b/pkg/client/security/clientset/versioned/fake/clientset_generated.go similarity index 75% rename from pkg/client/authentication/clientset/versioned/fake/clientset_generated.go rename to pkg/client/security/clientset/versioned/fake/clientset_generated.go index 59c0ff008b6..adce5ac76ce 100644 --- a/pkg/client/authentication/clientset/versioned/fake/clientset_generated.go +++ b/pkg/client/security/clientset/versioned/fake/clientset_generated.go @@ -7,9 +7,9 @@ package fake import ( - clientset "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1" - fakeauthenticationv1alpha1 "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake" + clientset "github.com/gardener/gardener/pkg/client/security/clientset/versioned" + securityv1alpha1 "github.com/gardener/gardener/pkg/client/security/clientset/versioned/typed/security/v1alpha1" + fakesecurityv1alpha1 "github.com/gardener/gardener/pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -67,7 +67,7 @@ var ( _ testing.FakeClient = &Clientset{} ) -// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client -func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface { - return &fakeauthenticationv1alpha1.FakeAuthenticationV1alpha1{Fake: &c.Fake} +// SecurityV1alpha1 retrieves the SecurityV1alpha1Client +func (c *Clientset) SecurityV1alpha1() securityv1alpha1.SecurityV1alpha1Interface { + return &fakesecurityv1alpha1.FakeSecurityV1alpha1{Fake: &c.Fake} } diff --git a/pkg/client/authentication/clientset/versioned/fake/doc.go b/pkg/client/security/clientset/versioned/fake/doc.go similarity index 100% rename from pkg/client/authentication/clientset/versioned/fake/doc.go rename to pkg/client/security/clientset/versioned/fake/doc.go diff --git a/pkg/client/authentication/clientset/versioned/fake/register.go b/pkg/client/security/clientset/versioned/fake/register.go similarity index 91% rename from pkg/client/authentication/clientset/versioned/fake/register.go rename to pkg/client/security/clientset/versioned/fake/register.go index d647c929469..5a0e589cb64 100644 --- a/pkg/client/authentication/clientset/versioned/fake/register.go +++ b/pkg/client/security/clientset/versioned/fake/register.go @@ -7,7 +7,7 @@ package fake import ( - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -19,7 +19,7 @@ var scheme = runtime.NewScheme() var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ - authenticationv1alpha1.AddToScheme, + securityv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/authentication/clientset/versioned/scheme/doc.go b/pkg/client/security/clientset/versioned/scheme/doc.go similarity index 100% rename from pkg/client/authentication/clientset/versioned/scheme/doc.go rename to pkg/client/security/clientset/versioned/scheme/doc.go diff --git a/pkg/client/authentication/clientset/versioned/scheme/register.go b/pkg/client/security/clientset/versioned/scheme/register.go similarity index 91% rename from pkg/client/authentication/clientset/versioned/scheme/register.go rename to pkg/client/security/clientset/versioned/scheme/register.go index 41ff9411048..15681649a92 100644 --- a/pkg/client/authentication/clientset/versioned/scheme/register.go +++ b/pkg/client/security/clientset/versioned/scheme/register.go @@ -7,7 +7,7 @@ package scheme import ( - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -19,7 +19,7 @@ var Scheme = runtime.NewScheme() var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ - authenticationv1alpha1.AddToScheme, + securityv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/credentialsbinding.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/credentialsbinding.go similarity index 95% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/credentialsbinding.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/credentialsbinding.go index 74a9e728a37..3fa4629631a 100644 --- a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/credentialsbinding.go +++ b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/credentialsbinding.go @@ -10,8 +10,8 @@ import ( "context" "time" - v1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" - scheme "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned/scheme" + v1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" + scheme "github.com/gardener/gardener/pkg/client/security/clientset/versioned/scheme" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" @@ -44,7 +44,7 @@ type credentialsBindings struct { } // newCredentialsBindings returns a CredentialsBindings -func newCredentialsBindings(c *AuthenticationV1alpha1Client, namespace string) *credentialsBindings { +func newCredentialsBindings(c *SecurityV1alpha1Client, namespace string) *credentialsBindings { return &credentialsBindings{ client: c.RESTClient(), ns: namespace, diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/doc.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/doc.go similarity index 100% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/doc.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/doc.go diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/doc.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/doc.go similarity index 100% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/doc.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/doc.go diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_credentialsbinding.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/fake_credentialsbinding.go similarity index 97% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_credentialsbinding.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/fake_credentialsbinding.go index 9be7224b3a9..14a221eb60b 100644 --- a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_credentialsbinding.go +++ b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/fake_credentialsbinding.go @@ -9,7 +9,7 @@ package fake import ( "context" - v1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + v1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" types "k8s.io/apimachinery/pkg/types" @@ -19,7 +19,7 @@ import ( // FakeCredentialsBindings implements CredentialsBindingInterface type FakeCredentialsBindings struct { - Fake *FakeAuthenticationV1alpha1 + Fake *FakeSecurityV1alpha1 ns string } diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go similarity index 59% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go index 2eed27bdee9..4f3a9bd2e30 100644 --- a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go +++ b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/fake/fake_security_client.go @@ -7,22 +7,22 @@ package fake import ( - v1alpha1 "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1" + v1alpha1 "github.com/gardener/gardener/pkg/client/security/clientset/versioned/typed/security/v1alpha1" rest "k8s.io/client-go/rest" testing "k8s.io/client-go/testing" ) -type FakeAuthenticationV1alpha1 struct { +type FakeSecurityV1alpha1 struct { *testing.Fake } -func (c *FakeAuthenticationV1alpha1) CredentialsBindings(namespace string) v1alpha1.CredentialsBindingInterface { +func (c *FakeSecurityV1alpha1) CredentialsBindings(namespace string) v1alpha1.CredentialsBindingInterface { return &FakeCredentialsBindings{c, namespace} } // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. -func (c *FakeAuthenticationV1alpha1) RESTClient() rest.Interface { +func (c *FakeSecurityV1alpha1) RESTClient() rest.Interface { var ret *rest.RESTClient return ret } diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/generated_expansion.go similarity index 100% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/generated_expansion.go diff --git a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/security_client.go similarity index 55% rename from pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go rename to pkg/client/security/clientset/versioned/typed/security/v1alpha1/security_client.go index 39d9832d8d9..645e54369cd 100644 --- a/pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go +++ b/pkg/client/security/clientset/versioned/typed/security/v1alpha1/security_client.go @@ -9,29 +9,29 @@ package v1alpha1 import ( "net/http" - v1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" - "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned/scheme" + v1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" + "github.com/gardener/gardener/pkg/client/security/clientset/versioned/scheme" rest "k8s.io/client-go/rest" ) -type AuthenticationV1alpha1Interface interface { +type SecurityV1alpha1Interface interface { RESTClient() rest.Interface CredentialsBindingsGetter } -// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.gardener.cloud group. -type AuthenticationV1alpha1Client struct { +// SecurityV1alpha1Client is used to interact with features provided by the security.gardener.cloud group. +type SecurityV1alpha1Client struct { restClient rest.Interface } -func (c *AuthenticationV1alpha1Client) CredentialsBindings(namespace string) CredentialsBindingInterface { +func (c *SecurityV1alpha1Client) CredentialsBindings(namespace string) CredentialsBindingInterface { return newCredentialsBindings(c, namespace) } -// NewForConfig creates a new AuthenticationV1alpha1Client for the given config. +// NewForConfig creates a new SecurityV1alpha1Client for the given config. // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), // where httpClient was generated with rest.HTTPClientFor(c). -func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) { +func NewForConfig(c *rest.Config) (*SecurityV1alpha1Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err @@ -43,9 +43,9 @@ func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) { return NewForConfigAndClient(&config, httpClient) } -// NewForConfigAndClient creates a new AuthenticationV1alpha1Client for the given config and http client. +// NewForConfigAndClient creates a new SecurityV1alpha1Client for the given config and http client. // Note the http client provided takes precedence over the configured transport values. -func NewForConfigAndClient(c *rest.Config, h *http.Client) (*AuthenticationV1alpha1Client, error) { +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*SecurityV1alpha1Client, error) { config := *c if err := setConfigDefaults(&config); err != nil { return nil, err @@ -54,12 +54,12 @@ func NewForConfigAndClient(c *rest.Config, h *http.Client) (*AuthenticationV1alp if err != nil { return nil, err } - return &AuthenticationV1alpha1Client{client}, nil + return &SecurityV1alpha1Client{client}, nil } -// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and +// NewForConfigOrDie creates a new SecurityV1alpha1Client for the given config and // panics if there is an error in the config. -func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client { +func NewForConfigOrDie(c *rest.Config) *SecurityV1alpha1Client { client, err := NewForConfig(c) if err != nil { panic(err) @@ -67,9 +67,9 @@ func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client { return client } -// New creates a new AuthenticationV1alpha1Client for the given RESTClient. -func New(c rest.Interface) *AuthenticationV1alpha1Client { - return &AuthenticationV1alpha1Client{c} +// New creates a new SecurityV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *SecurityV1alpha1Client { + return &SecurityV1alpha1Client{c} } func setConfigDefaults(config *rest.Config) error { @@ -87,7 +87,7 @@ func setConfigDefaults(config *rest.Config) error { // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. -func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface { +func (c *SecurityV1alpha1Client) RESTClient() rest.Interface { if c == nil { return nil } diff --git a/pkg/client/authentication/informers/externalversions/factory.go b/pkg/client/security/informers/externalversions/factory.go similarity index 94% rename from pkg/client/authentication/informers/externalversions/factory.go rename to pkg/client/security/informers/externalversions/factory.go index 0e8a1896b0d..1a1e65aaa37 100644 --- a/pkg/client/authentication/informers/externalversions/factory.go +++ b/pkg/client/security/informers/externalversions/factory.go @@ -11,9 +11,9 @@ import ( sync "sync" time "time" - versioned "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" - authentication "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions/authentication" - internalinterfaces "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions/internalinterfaces" + versioned "github.com/gardener/gardener/pkg/client/security/clientset/versioned" + internalinterfaces "github.com/gardener/gardener/pkg/client/security/informers/externalversions/internalinterfaces" + security "github.com/gardener/gardener/pkg/client/security/informers/externalversions/security" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -241,9 +241,9 @@ type SharedInformerFactory interface { // client. InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer - Authentication() authentication.Interface + Security() security.Interface } -func (f *sharedInformerFactory) Authentication() authentication.Interface { - return authentication.New(f, f.namespace, f.tweakListOptions) +func (f *sharedInformerFactory) Security() security.Interface { + return security.New(f, f.namespace, f.tweakListOptions) } diff --git a/pkg/client/authentication/informers/externalversions/generic.go b/pkg/client/security/informers/externalversions/generic.go similarity index 87% rename from pkg/client/authentication/informers/externalversions/generic.go rename to pkg/client/security/informers/externalversions/generic.go index 05dc1de8f24..7794065e8cf 100644 --- a/pkg/client/authentication/informers/externalversions/generic.go +++ b/pkg/client/security/informers/externalversions/generic.go @@ -9,7 +9,7 @@ package externalversions import ( "fmt" - v1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + v1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -40,9 +40,9 @@ func (f *genericInformer) Lister() cache.GenericLister { // TODO extend this to unknown resources with a client pool func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { - // Group=authentication.gardener.cloud, Version=v1alpha1 + // Group=security.gardener.cloud, Version=v1alpha1 case v1alpha1.SchemeGroupVersion.WithResource("credentialsbindings"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().CredentialsBindings().Informer()}, nil + return &genericInformer{resource: resource.GroupResource(), informer: f.Security().V1alpha1().CredentialsBindings().Informer()}, nil } diff --git a/pkg/client/authentication/informers/externalversions/internalinterfaces/factory_interfaces.go b/pkg/client/security/informers/externalversions/internalinterfaces/factory_interfaces.go similarity index 91% rename from pkg/client/authentication/informers/externalversions/internalinterfaces/factory_interfaces.go rename to pkg/client/security/informers/externalversions/internalinterfaces/factory_interfaces.go index 54082552a9a..1348316b5a0 100644 --- a/pkg/client/authentication/informers/externalversions/internalinterfaces/factory_interfaces.go +++ b/pkg/client/security/informers/externalversions/internalinterfaces/factory_interfaces.go @@ -9,7 +9,7 @@ package internalinterfaces import ( time "time" - versioned "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" + versioned "github.com/gardener/gardener/pkg/client/security/clientset/versioned" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" cache "k8s.io/client-go/tools/cache" diff --git a/pkg/client/authentication/informers/externalversions/authentication/interface.go b/pkg/client/security/informers/externalversions/security/interface.go similarity index 78% rename from pkg/client/authentication/informers/externalversions/authentication/interface.go rename to pkg/client/security/informers/externalversions/security/interface.go index ddc64ca5da5..eb76249e730 100644 --- a/pkg/client/authentication/informers/externalversions/authentication/interface.go +++ b/pkg/client/security/informers/externalversions/security/interface.go @@ -4,11 +4,11 @@ // Code generated by informer-gen. DO NOT EDIT. -package authentication +package security import ( - v1alpha1 "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions/authentication/v1alpha1" - internalinterfaces "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions/internalinterfaces" + internalinterfaces "github.com/gardener/gardener/pkg/client/security/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/gardener/gardener/pkg/client/security/informers/externalversions/security/v1alpha1" ) // Interface provides access to each of this group's versions. diff --git a/pkg/client/authentication/informers/externalversions/authentication/v1alpha1/credentialsbinding.go b/pkg/client/security/informers/externalversions/security/v1alpha1/credentialsbinding.go similarity index 78% rename from pkg/client/authentication/informers/externalversions/authentication/v1alpha1/credentialsbinding.go rename to pkg/client/security/informers/externalversions/security/v1alpha1/credentialsbinding.go index f8c56e20dba..7ae3e6902e0 100644 --- a/pkg/client/authentication/informers/externalversions/authentication/v1alpha1/credentialsbinding.go +++ b/pkg/client/security/informers/externalversions/security/v1alpha1/credentialsbinding.go @@ -10,10 +10,10 @@ import ( "context" time "time" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" - versioned "github.com/gardener/gardener/pkg/client/authentication/clientset/versioned" - internalinterfaces "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions/internalinterfaces" - v1alpha1 "github.com/gardener/gardener/pkg/client/authentication/listers/authentication/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" + versioned "github.com/gardener/gardener/pkg/client/security/clientset/versioned" + internalinterfaces "github.com/gardener/gardener/pkg/client/security/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/gardener/gardener/pkg/client/security/listers/security/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" watch "k8s.io/apimachinery/pkg/watch" @@ -50,16 +50,16 @@ func NewFilteredCredentialsBindingInformer(client versioned.Interface, namespace if tweakListOptions != nil { tweakListOptions(&options) } - return client.AuthenticationV1alpha1().CredentialsBindings(namespace).List(context.TODO(), options) + return client.SecurityV1alpha1().CredentialsBindings(namespace).List(context.TODO(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.AuthenticationV1alpha1().CredentialsBindings(namespace).Watch(context.TODO(), options) + return client.SecurityV1alpha1().CredentialsBindings(namespace).Watch(context.TODO(), options) }, }, - &authenticationv1alpha1.CredentialsBinding{}, + &securityv1alpha1.CredentialsBinding{}, resyncPeriod, indexers, ) @@ -70,7 +70,7 @@ func (f *credentialsBindingInformer) defaultInformer(client versioned.Interface, } func (f *credentialsBindingInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&authenticationv1alpha1.CredentialsBinding{}, f.defaultInformer) + return f.factory.InformerFor(&securityv1alpha1.CredentialsBinding{}, f.defaultInformer) } func (f *credentialsBindingInformer) Lister() v1alpha1.CredentialsBindingLister { diff --git a/pkg/client/authentication/informers/externalversions/authentication/v1alpha1/interface.go b/pkg/client/security/informers/externalversions/security/v1alpha1/interface.go similarity index 89% rename from pkg/client/authentication/informers/externalversions/authentication/v1alpha1/interface.go rename to pkg/client/security/informers/externalversions/security/v1alpha1/interface.go index 7f067f3190f..ed0b8a0eb90 100644 --- a/pkg/client/authentication/informers/externalversions/authentication/v1alpha1/interface.go +++ b/pkg/client/security/informers/externalversions/security/v1alpha1/interface.go @@ -7,7 +7,7 @@ package v1alpha1 import ( - internalinterfaces "github.com/gardener/gardener/pkg/client/authentication/informers/externalversions/internalinterfaces" + internalinterfaces "github.com/gardener/gardener/pkg/client/security/informers/externalversions/internalinterfaces" ) // Interface provides access to all the informers in this group version. diff --git a/pkg/client/authentication/listers/authentication/v1alpha1/credentialsbinding.go b/pkg/client/security/listers/security/v1alpha1/credentialsbinding.go similarity index 97% rename from pkg/client/authentication/listers/authentication/v1alpha1/credentialsbinding.go rename to pkg/client/security/listers/security/v1alpha1/credentialsbinding.go index fb8d87a60b3..13ce9f65d39 100644 --- a/pkg/client/authentication/listers/authentication/v1alpha1/credentialsbinding.go +++ b/pkg/client/security/listers/security/v1alpha1/credentialsbinding.go @@ -7,7 +7,7 @@ package v1alpha1 import ( - v1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" + v1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/tools/cache" diff --git a/pkg/client/authentication/listers/authentication/v1alpha1/expansion_generated.go b/pkg/client/security/listers/security/v1alpha1/expansion_generated.go similarity index 100% rename from pkg/client/authentication/listers/authentication/v1alpha1/expansion_generated.go rename to pkg/client/security/listers/security/v1alpha1/expansion_generated.go diff --git a/pkg/component/gardener/apiserver/apiserver.go b/pkg/component/gardener/apiserver/apiserver.go index 9ed0fde2512..7dc84ca7324 100644 --- a/pkg/component/gardener/apiserver/apiserver.go +++ b/pkg/component/gardener/apiserver/apiserver.go @@ -12,11 +12,11 @@ import ( corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" - authenticationv1alpha1 "github.com/gardener/gardener/pkg/apis/authentication/v1alpha1" gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants" operationsv1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" operatorv1alpha1 "github.com/gardener/gardener/pkg/apis/operator/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" seedmanagementv1alpha1 "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1" settingsv1alpha1 "github.com/gardener/gardener/pkg/apis/settings/v1alpha1" "github.com/gardener/gardener/pkg/component/apiserver" @@ -168,7 +168,7 @@ func (g *gardenerAPIServer) Deploy(ctx context.Context) error { g.apiService(secretCAGardener, seedmanagementv1alpha1.SchemeGroupVersion.Group, seedmanagementv1alpha1.SchemeGroupVersion.Version), g.apiService(secretCAGardener, operationsv1alpha1.SchemeGroupVersion.Group, operationsv1alpha1.SchemeGroupVersion.Version), g.apiService(secretCAGardener, settingsv1alpha1.SchemeGroupVersion.Group, settingsv1alpha1.SchemeGroupVersion.Version), - g.apiService(secretCAGardener, authenticationv1alpha1.SchemeGroupVersion.Group, authenticationv1alpha1.SchemeGroupVersion.Version), + g.apiService(secretCAGardener, securityv1alpha1.SchemeGroupVersion.Group, securityv1alpha1.SchemeGroupVersion.Version), g.service(), g.endpoints(serviceRuntime.Spec.ClusterIP), g.clusterRole(), diff --git a/pkg/component/gardener/apiserver/apiserver_test.go b/pkg/component/gardener/apiserver/apiserver_test.go index 7d5b6aec01b..94d3628f2ab 100644 --- a/pkg/component/gardener/apiserver/apiserver_test.go +++ b/pkg/component/gardener/apiserver/apiserver_test.go @@ -1454,7 +1454,7 @@ kubeConfigFile: /etc/kubernetes/admission-kubeconfigs/validatingadmissionwebhook apiServiceFor("seedmanagement.gardener.cloud", "v1alpha1"), apiServiceFor("operations.gardener.cloud", "v1alpha1"), apiServiceFor("settings.gardener.cloud", "v1alpha1"), - apiServiceFor("authentication.gardener.cloud", "v1alpha1"), + apiServiceFor("security.gardener.cloud", "v1alpha1"), serviceVirtual, endpoints, clusterRole, diff --git a/skaffold-operator.yaml b/skaffold-operator.yaml index a469e478d47..daf5551cff6 100644 --- a/skaffold-operator.yaml +++ b/skaffold-operator.yaml @@ -33,9 +33,6 @@ build: - pkg/admissioncontroller/apis/config/v1alpha1 - pkg/admissioncontroller/apis/config/validation - pkg/api/extensions - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/helper - pkg/apis/core/install @@ -57,6 +54,9 @@ build: - pkg/apis/operator/v1alpha1/validation - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -107,8 +107,8 @@ build: - pkg/component/networking/vpn/seedserver - pkg/component/observability/logging - pkg/component/observability/logging/fluentbit - - pkg/component/observability/logging/fluentoperator - pkg/component/observability/logging/fluentcustomresources + - pkg/component/observability/logging/fluentoperator - pkg/component/observability/logging/vali - pkg/component/observability/logging/vali/constants - pkg/component/observability/monitoring @@ -220,9 +220,6 @@ build: - cmd/utils - pkg/api/extensions - pkg/api/indexer - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -240,6 +237,9 @@ build: - pkg/apis/resources - pkg/apis/resources/v1alpha1 - pkg/apis/resources/v1alpha1/helper + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -343,6 +343,10 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 + - pkg/apis/security/validation - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/helper @@ -358,9 +362,6 @@ build: - pkg/apiserver/admission/initializer - pkg/apiserver/features - pkg/apiserver/openapi - - pkg/apiserver/registry/authentication/credentialsbinding - - pkg/apiserver/registry/authentication/credentialsbinding/storage - - pkg/apiserver/registry/authentication/rest - pkg/apiserver/registry/core/backupbucket - pkg/apiserver/registry/core/backupbucket/storage - pkg/apiserver/registry/core/backupentry @@ -395,6 +396,9 @@ build: - pkg/apiserver/registry/operations/bastion - pkg/apiserver/registry/operations/bastion/storage - pkg/apiserver/registry/operations/rest + - pkg/apiserver/registry/security/credentialsbinding + - pkg/apiserver/registry/security/credentialsbinding/storage + - pkg/apiserver/registry/security/rest - pkg/apiserver/registry/seedmanagement/managedseed - pkg/apiserver/registry/seedmanagement/managedseed/storage - pkg/apiserver/registry/seedmanagement/managedseedset @@ -407,14 +411,6 @@ build: - pkg/apiserver/registry/settings/rest - pkg/apiserver/storage - pkg/chartrenderer - - pkg/client/authentication/clientset/versioned - - pkg/client/authentication/clientset/versioned/scheme - - pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1 - - pkg/client/authentication/informers/externalversions - - pkg/client/authentication/informers/externalversions/authentication - - pkg/client/authentication/informers/externalversions/authentication/v1alpha1 - - pkg/client/authentication/informers/externalversions/internalinterfaces - - pkg/client/authentication/listers/authentication/v1alpha1 - pkg/client/core/clientset/versioned - pkg/client/core/clientset/versioned/scheme - pkg/client/core/clientset/versioned/typed/core/v1beta1 @@ -425,6 +421,14 @@ build: - pkg/client/core/listers/core/v1beta1 - pkg/client/kubernetes - pkg/client/kubernetes/cache + - pkg/client/security/clientset/versioned + - pkg/client/security/clientset/versioned/scheme + - pkg/client/security/clientset/versioned/typed/security/v1alpha1 + - pkg/client/security/informers/externalversions + - pkg/client/security/informers/externalversions/internalinterfaces + - pkg/client/security/informers/externalversions/security + - pkg/client/security/informers/externalversions/security/v1alpha1 + - pkg/client/security/listers/security/v1alpha1 - pkg/client/seedmanagement/clientset/versioned - pkg/client/seedmanagement/clientset/versioned/scheme - pkg/client/seedmanagement/clientset/versioned/typed/seedmanagement/v1alpha1 @@ -518,9 +522,6 @@ build: - cmd/utils - pkg/api/extensions - pkg/api/indexer - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -535,6 +536,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -628,9 +632,6 @@ build: - cmd/gardener-scheduler/app - cmd/utils - pkg/api/extensions - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -645,6 +646,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -710,9 +714,6 @@ build: - pkg/admissioncontroller/webhook/admission/seedrestriction - pkg/admissioncontroller/webhook/auth/seed - pkg/admissioncontroller/webhook/auth/seed/graph - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/helper - pkg/apis/core/install @@ -728,6 +729,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install diff --git a/skaffold.yaml b/skaffold.yaml index 723d6bd4ded..baf2d7e8f8c 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -60,6 +60,10 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 + - pkg/apis/security/validation - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/helper @@ -75,9 +79,6 @@ build: - pkg/apiserver/admission/initializer - pkg/apiserver/features - pkg/apiserver/openapi - - pkg/apiserver/registry/authentication/credentialsbinding - - pkg/apiserver/registry/authentication/credentialsbinding/storage - - pkg/apiserver/registry/authentication/rest - pkg/apiserver/registry/core/backupbucket - pkg/apiserver/registry/core/backupbucket/storage - pkg/apiserver/registry/core/backupentry @@ -112,6 +113,9 @@ build: - pkg/apiserver/registry/operations/bastion - pkg/apiserver/registry/operations/bastion/storage - pkg/apiserver/registry/operations/rest + - pkg/apiserver/registry/security/credentialsbinding + - pkg/apiserver/registry/security/credentialsbinding/storage + - pkg/apiserver/registry/security/rest - pkg/apiserver/registry/seedmanagement/managedseed - pkg/apiserver/registry/seedmanagement/managedseed/storage - pkg/apiserver/registry/seedmanagement/managedseedset @@ -124,14 +128,6 @@ build: - pkg/apiserver/registry/settings/rest - pkg/apiserver/storage - pkg/chartrenderer - - pkg/client/authentication/clientset/versioned - - pkg/client/authentication/clientset/versioned/scheme - - pkg/client/authentication/clientset/versioned/typed/authentication/v1alpha1 - - pkg/client/authentication/informers/externalversions - - pkg/client/authentication/informers/externalversions/authentication - - pkg/client/authentication/informers/externalversions/authentication/v1alpha1 - - pkg/client/authentication/informers/externalversions/internalinterfaces - - pkg/client/authentication/listers/authentication/v1alpha1 - pkg/client/core/clientset/versioned - pkg/client/core/clientset/versioned/scheme - pkg/client/core/clientset/versioned/typed/core/v1beta1 @@ -142,6 +138,14 @@ build: - pkg/client/core/listers/core/v1beta1 - pkg/client/kubernetes - pkg/client/kubernetes/cache + - pkg/client/security/clientset/versioned + - pkg/client/security/clientset/versioned/scheme + - pkg/client/security/clientset/versioned/typed/security/v1alpha1 + - pkg/client/security/informers/externalversions + - pkg/client/security/informers/externalversions/internalinterfaces + - pkg/client/security/informers/externalversions/security + - pkg/client/security/informers/externalversions/security/v1alpha1 + - pkg/client/security/listers/security/v1alpha1 - pkg/client/seedmanagement/clientset/versioned - pkg/client/seedmanagement/clientset/versioned/scheme - pkg/client/seedmanagement/clientset/versioned/typed/seedmanagement/v1alpha1 @@ -235,9 +239,6 @@ build: - cmd/utils - pkg/api/extensions - pkg/api/indexer - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -252,6 +253,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -345,9 +349,6 @@ build: - cmd/gardener-scheduler/app - cmd/utils - pkg/api/extensions - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -362,6 +363,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -427,9 +431,6 @@ build: - pkg/admissioncontroller/webhook/admission/seedrestriction - pkg/admissioncontroller/webhook/auth/seed - pkg/admissioncontroller/webhook/auth/seed/graph - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/helper - pkg/apis/core/install @@ -445,6 +446,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -619,9 +623,6 @@ build: - imagevector - pkg/api/core - pkg/api/extensions - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -637,6 +638,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -843,9 +847,6 @@ build: - imagevector - pkg/api/extensions - pkg/api/indexer - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/helper - pkg/apis/core/install @@ -864,6 +865,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -942,8 +946,8 @@ build: - pkg/component/observability/logging - pkg/component/observability/logging/eventlogger - pkg/component/observability/logging/fluentbit - - pkg/component/observability/logging/fluentoperator - pkg/component/observability/logging/fluentcustomresources + - pkg/component/observability/logging/fluentoperator - pkg/component/observability/logging/vali - pkg/component/observability/logging/vali/constants - pkg/component/observability/monitoring @@ -1079,9 +1083,6 @@ build: - cmd/utils - pkg/api/extensions - pkg/api/indexer - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -1099,6 +1100,9 @@ build: - pkg/apis/resources - pkg/apis/resources/v1alpha1 - pkg/apis/resources/v1alpha1/helper + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install @@ -1182,9 +1186,6 @@ build: - cmd/utils - imagevector - pkg/api/extensions - - pkg/apis/authentication - - pkg/apis/authentication/install - - pkg/apis/authentication/v1alpha1 - pkg/apis/core - pkg/apis/core/install - pkg/apis/core/v1beta1 @@ -1200,6 +1201,9 @@ build: - pkg/apis/operator/v1alpha1 - pkg/apis/resources - pkg/apis/resources/v1alpha1 + - pkg/apis/security + - pkg/apis/security/install + - pkg/apis/security/v1alpha1 - pkg/apis/seedmanagement - pkg/apis/seedmanagement/encoding - pkg/apis/seedmanagement/install From 03ed22be9253c59e791e6cde08821b1885df2e00 Mon Sep 17 00:00:00 2001 From: vpnachev Date: Mon, 13 May 2024 16:33:26 +0300 Subject: [PATCH 2/4] Address review feedback --- cmd/gardener-apiserver/app/gardener_apiserver.go | 1 + docs/README.md | 1 + docs/api-reference/README.md | 1 + docs/api-reference/authentication.md | 3 ++- pkg/apis/authentication/doc.go | 1 + pkg/apis/authentication/register.go | 1 + pkg/apis/authentication/v1alpha1/doc.go | 1 + pkg/apis/authentication/v1alpha1/register.go | 1 + test/integration/envtest/environment_test.go | 6 ++++++ 9 files changed, 15 insertions(+), 1 deletion(-) diff --git a/cmd/gardener-apiserver/app/gardener_apiserver.go b/cmd/gardener-apiserver/app/gardener_apiserver.go index 58e53b7e87e..8f09c4345fa 100644 --- a/cmd/gardener-apiserver/app/gardener_apiserver.go +++ b/cmd/gardener-apiserver/app/gardener_apiserver.go @@ -423,6 +423,7 @@ func (o *Options) ApplyTo(config *apiserver.Config, kubeClient kubernetes.Interf settingsv1alpha1.SchemeGroupVersion, operationsv1alpha1.SchemeGroupVersion, securityv1alpha1.SchemeGroupVersion, + // Note: "authentication.gardener.cloud/v1alpha1" API is already used for CRD registration and must not be served by the API server. ) mergedResourceConfig, err := resourceconfig.MergeAPIResourceConfigs(resourceConfig, nil, api.Scheme) diff --git a/docs/README.md b/docs/README.md index f337d15bd9f..80b7a876ef9 100644 --- a/docs/README.md +++ b/docs/README.md @@ -79,6 +79,7 @@ * [`extensions.gardener.cloud` API Group](api-reference/extensions.md) * [`operations.gardener.cloud` API Group](api-reference/operations.md) * [`resources.gardener.cloud` API Group](api-reference/resources.md) +* [`security.gardener.cloid` API Group](api-reference/security.md) * [`seedmanagement.gardener.cloud` API Group](api-reference/seedmanagement.md) * [`settings.gardener.cloud` API Group](api-reference/settings.md) diff --git a/docs/api-reference/README.md b/docs/api-reference/README.md index 1cce5a7d9b8..e7aecbdc7c7 100644 --- a/docs/api-reference/README.md +++ b/docs/api-reference/README.md @@ -5,5 +5,6 @@ * [`extensions.gardener.cloud` API Group](extensions.md) * [`operations.gardener.cloud` API Group](operations.md) * [`resources.gardener.cloud` API Group](resources.md) +* [`security.gardener.cloid` API Group](api-reference/security.md) * [`seedmanagement.gardener.cloud` API Group](seedmanagement.md) * [`settings.gardener.cloud` API Group](settings.md) diff --git a/docs/api-reference/authentication.md b/docs/api-reference/authentication.md index 9bf389d6d95..d6f89f62fef 100644 --- a/docs/api-reference/authentication.md +++ b/docs/api-reference/authentication.md @@ -6,7 +6,8 @@

authentication.gardener.cloud/v1alpha1

-

Package v1alpha1 is a version of the API.

+

Package v1alpha1 is a version of the API. +“authentication.gardener.cloud/v1alpha1” API is already used for CRD registration and must not be served by the API server.

Resource Types:
    diff --git a/pkg/apis/authentication/doc.go b/pkg/apis/authentication/doc.go index 1a21e8d28d5..500af574723 100644 --- a/pkg/apis/authentication/doc.go +++ b/pkg/apis/authentication/doc.go @@ -5,5 +5,6 @@ // +k8s:deepcopy-gen=package // Package authentication is the internal version of the API. +// "authentication.gardener.cloud/v1alpha1" API is already used for CRD registration and must not be served by the API server. // +groupName=authentication.gardener.cloud package authentication diff --git a/pkg/apis/authentication/register.go b/pkg/apis/authentication/register.go index 9f5ef4be507..ae03e121e50 100644 --- a/pkg/apis/authentication/register.go +++ b/pkg/apis/authentication/register.go @@ -10,6 +10,7 @@ import ( ) // GroupName is the name of the authentication API group. +// "authentication.gardener.cloud/v1alpha1" API is already used for CRD registration and must not be served by the API server. const GroupName = "authentication.gardener.cloud" // SchemeGroupVersion is group version used to register these objects. diff --git a/pkg/apis/authentication/v1alpha1/doc.go b/pkg/apis/authentication/v1alpha1/doc.go index 52ad46cfe05..42113a59b27 100644 --- a/pkg/apis/authentication/v1alpha1/doc.go +++ b/pkg/apis/authentication/v1alpha1/doc.go @@ -12,5 +12,6 @@ //go:generate gen-crd-api-reference-docs -api-dir . -config ../../../../hack/api-reference/authentication-config.json -template-dir ../../../../hack/api-reference/template -out-file ../../../../docs/api-reference/authentication.md // Package v1alpha1 is a version of the API. +// "authentication.gardener.cloud/v1alpha1" API is already used for CRD registration and must not be served by the API server. // +groupName=authentication.gardener.cloud package v1alpha1 diff --git a/pkg/apis/authentication/v1alpha1/register.go b/pkg/apis/authentication/v1alpha1/register.go index 082fb1c7276..0e2b55e43f1 100644 --- a/pkg/apis/authentication/v1alpha1/register.go +++ b/pkg/apis/authentication/v1alpha1/register.go @@ -9,6 +9,7 @@ import ( ) // GroupName is the name of the authentication API group. +// "authentication.gardener.cloud/v1alpha1" API is already used for CRD registration and must not be served by the API server. const GroupName = "authentication.gardener.cloud" // SchemeGroupVersion is group version used to register these objects diff --git a/test/integration/envtest/environment_test.go b/test/integration/envtest/environment_test.go index 53f1f31111d..9134e404187 100644 --- a/test/integration/envtest/environment_test.go +++ b/test/integration/envtest/environment_test.go @@ -12,6 +12,7 @@ import ( gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1" operationsv1alpha1 "github.com/gardener/gardener/pkg/apis/operations/v1alpha1" + securityv1alpha1 "github.com/gardener/gardener/pkg/apis/security/v1alpha1" seedmanagementv1alpha1 "github.com/gardener/gardener/pkg/apis/seedmanagement/v1alpha1" settingsv1alpha1 "github.com/gardener/gardener/pkg/apis/settings/v1alpha1" gardenerutils "github.com/gardener/gardener/pkg/utils/gardener" @@ -40,4 +41,9 @@ var _ = Describe("GardenerTestEnvironment", func() { bastion := &operationsv1alpha1.Bastion{ObjectMeta: metav1.ObjectMeta{GenerateName: "test-", Namespace: testNamespace.Name}} Expect(testClient.Create(ctx, bastion)).To(MatchError(ContainSubstring("Bastion.operations.gardener.cloud \"\" is invalid"))) }) + + It("should be able to manipulate resource from security.gardener.cloud/v1alpha1", func() { + credentialsBinding := &securityv1alpha1.CredentialsBinding{ObjectMeta: metav1.ObjectMeta{GenerateName: "test-", Namespace: testNamespace.Name}} + Expect(testClient.Create(ctx, credentialsBinding)).To(MatchError(ContainSubstring("CredentialsBinding.security.gardener.cloud \"\" is invalid"))) + }) }) From 5231715f778c0abc9cf0940cd32c8b95bd45648f Mon Sep 17 00:00:00 2001 From: vpnachev Date: Mon, 13 May 2024 17:04:37 +0300 Subject: [PATCH 3/4] Fix reference to security api docs --- docs/api-reference/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api-reference/README.md b/docs/api-reference/README.md index e7aecbdc7c7..8e799986c25 100644 --- a/docs/api-reference/README.md +++ b/docs/api-reference/README.md @@ -5,6 +5,6 @@ * [`extensions.gardener.cloud` API Group](extensions.md) * [`operations.gardener.cloud` API Group](operations.md) * [`resources.gardener.cloud` API Group](resources.md) -* [`security.gardener.cloid` API Group](api-reference/security.md) +* [`security.gardener.cloid` API Group](security.md) * [`seedmanagement.gardener.cloud` API Group](seedmanagement.md) * [`settings.gardener.cloud` API Group](settings.md) From f52e72d4be262146774ca166c43a780f32e9aa03 Mon Sep 17 00:00:00 2001 From: ialidzhikov Date: Mon, 13 May 2024 17:51:32 +0300 Subject: [PATCH 4/4] Fix the integration test --- test/integration/envtest/environment_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/envtest/environment_test.go b/test/integration/envtest/environment_test.go index 9134e404187..d4a447445f0 100644 --- a/test/integration/envtest/environment_test.go +++ b/test/integration/envtest/environment_test.go @@ -44,6 +44,6 @@ var _ = Describe("GardenerTestEnvironment", func() { It("should be able to manipulate resource from security.gardener.cloud/v1alpha1", func() { credentialsBinding := &securityv1alpha1.CredentialsBinding{ObjectMeta: metav1.ObjectMeta{GenerateName: "test-", Namespace: testNamespace.Name}} - Expect(testClient.Create(ctx, credentialsBinding)).To(MatchError(ContainSubstring("CredentialsBinding.security.gardener.cloud \"\" is invalid"))) + Expect(testClient.Create(ctx, credentialsBinding)).To(MatchError(MatchRegexp("CredentialsBinding.security.gardener.cloud \"test-.+\" is invalid"))) }) })