diff --git a/Gopkg.lock b/Gopkg.lock index e44356d4a17..46bbc136f47 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -367,14 +367,14 @@ version = "1.0.1" [[projects]] - digest = "1:68214731af5ff5a3bfab4d28571578e5522bc4f667ad1232745d7b4189ccb442" + digest = "1:ae6f25905d1386e85891d65085f12afb7d8729a4153211cf11f0a19b5e17bf3e" name = "github.com/openshift/api" packages = [ "config/v1", "route/v1", ] pruneopts = "NUT" - revision = "8241b16bb46fe9bd7aebbbce92d7af84fb71be7f" + revision = "aab033bae2a129607f4fb277c3777b2eabb08601" [[projects]] digest = "1:6b1540f37963c713da08d8463791201d8469e8c755ed66a0b54ee424b15ea401" diff --git a/Gopkg.toml b/Gopkg.toml index 6101f169ed3..229208b1737 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -82,7 +82,7 @@ ignored = [ [[constraint]] name = "github.com/openshift/api" - revision = "8241b16bb46fe9bd7aebbbce92d7af84fb71be7f" + revision = "aab033bae2a129607f4fb277c3777b2eabb08601" [[constraint]] name = "github.com/openshift/client-go" diff --git a/data/data/manifests/openshift/cluster-infrastructure-crd.yaml b/data/data/manifests/openshift/cluster-infrastructure-crd.yaml new file mode 100644 index 00000000000..b656fddd6ec --- /dev/null +++ b/data/data/manifests/openshift/cluster-infrastructure-crd.yaml @@ -0,0 +1,16 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: infrastructures.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Infrastructure + listKind: InfrastructureList + plural: infrastructures + singular: infrastructure + scope: Cluster + versions: + - name: v1 + served: true + storage: true diff --git a/pkg/asset/manifests/infrastructure.go b/pkg/asset/manifests/infrastructure.go new file mode 100644 index 00000000000..8b96eee76ac --- /dev/null +++ b/pkg/asset/manifests/infrastructure.go @@ -0,0 +1,109 @@ +package manifests + +import ( + "path/filepath" + + "github.com/ghodss/yaml" + "github.com/pkg/errors" + + "github.com/openshift/installer/pkg/asset" + "github.com/openshift/installer/pkg/asset/installconfig" + "github.com/openshift/installer/pkg/asset/templates/content/openshift" + + configv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/openshift/installer/pkg/types/aws" + "github.com/openshift/installer/pkg/types/libvirt" + "github.com/openshift/installer/pkg/types/none" + "github.com/openshift/installer/pkg/types/openstack" +) + +var ( + infraCrdFilename = filepath.Join(manifestDir, "cluster-infrastructure-01-crd.yaml") + infraCfgFilename = filepath.Join(manifestDir, "cluster-infrastructure-02-config.yml") +) + +// Infrastructure generates the cluster-infrastructure-*.yml files. +type Infrastructure struct { + FileList []*asset.File +} + +var _ asset.WritableAsset = (*Infrastructure)(nil) + +// Name returns a human friendly name for the asset. +func (*Infrastructure) Name() string { + return "Infrastructure Config" +} + +// Dependencies returns all of the dependencies directly needed to generate +// the asset. +func (*Infrastructure) Dependencies() []asset.Asset { + return []asset.Asset{ + &installconfig.InstallConfig{}, + &openshift.InfrastructureCRD{}, + } +} + +// Generate generates the Infrastructure config and its CRD. +func (i *Infrastructure) Generate(dependencies asset.Parents) error { + installConfig := &installconfig.InstallConfig{} + infra := &openshift.InfrastructureCRD{} + dependencies.Get(installConfig, infra) + + var platform configv1.PlatformType + switch installConfig.Config.Platform.Name() { + case aws.Name: + platform = configv1.AWSPlatform + case none.Name: + platform = configv1.NonePlatform + case libvirt.Name: + platform = configv1.LibvirtPlatform + case openstack.Name: + platform = configv1.OpenStackPlatform + default: + platform = configv1.NonePlatform + } + + config := &configv1.Infrastructure{ + TypeMeta: metav1.TypeMeta{ + APIVersion: configv1.SchemeGroupVersion.String(), + Kind: "Infrastructure", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster", + // not namespaced + }, + Status: configv1.InfrastructureStatus{ + Platform: platform, + }, + } + + configData, err := yaml.Marshal(config) + if err != nil { + return errors.Wrapf(err, "failed to marshal config: %#v", config) + } + + i.FileList = []*asset.File{ + { + Filename: infraCrdFilename, + Data: []byte(infra.Files()[0].Data), + }, + { + Filename: infraCfgFilename, + Data: configData, + }, + } + + return nil +} + +// Files returns the files generated by the asset. +func (i *Infrastructure) Files() []*asset.File { + return i.FileList +} + +// Load returns false since this asset is not written to disk by the installer. +func (i *Infrastructure) Load(f asset.FileFetcher) (bool, error) { + return false, nil +} diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index 5444a1855ef..d93ccac18c7 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -55,6 +55,7 @@ func (m *Manifests) Dependencies() []asset.Asset { &installconfig.InstallConfig{}, &Ingress{}, &DNS{}, + &Infrastructure{}, &Networking{}, &tls.RootCA{}, &tls.EtcdCA{}, @@ -88,8 +89,9 @@ func (m *Manifests) Generate(dependencies asset.Parents) error { ingress := &Ingress{} dns := &DNS{} network := &Networking{} + infra := &Infrastructure{} installConfig := &installconfig.InstallConfig{} - dependencies.Get(installConfig, ingress, dns, network) + dependencies.Get(installConfig, ingress, dns, network, infra) // mao go to kube-system config map m.KubeSysConfig = configMap("kube-system", "cluster-config-v1", genericData{ @@ -111,6 +113,7 @@ func (m *Manifests) Generate(dependencies asset.Parents) error { m.FileList = append(m.FileList, ingress.Files()...) m.FileList = append(m.FileList, dns.Files()...) m.FileList = append(m.FileList, network.Files()...) + m.FileList = append(m.FileList, infra.Files()...) return nil } diff --git a/pkg/asset/templates/content/openshift/cluster-infrastructure-crd.go b/pkg/asset/templates/content/openshift/cluster-infrastructure-crd.go new file mode 100644 index 00000000000..0c6ea11faab --- /dev/null +++ b/pkg/asset/templates/content/openshift/cluster-infrastructure-crd.go @@ -0,0 +1,66 @@ +package openshift + +import ( + "os" + "path/filepath" + + "github.com/openshift/installer/pkg/asset" + "github.com/openshift/installer/pkg/asset/templates/content" +) + +const ( + infraCRDfilename = "cluster-infrastructure-crd.yaml" +) + +var _ asset.WritableAsset = (*InfrastructureCRD)(nil) + +// InfrastructureCRD is the custom resource definition for the openshift/api +// Infrastructure type. +type InfrastructureCRD struct { + fileName string + FileList []*asset.File +} + +// Dependencies returns all of the dependencies directly needed by the asset +func (t *InfrastructureCRD) Dependencies() []asset.Asset { + return []asset.Asset{} +} + +// Name returns the human-friendly name of the asset. +func (t *InfrastructureCRD) Name() string { + return "Infrastructure" +} + +// Generate generates the actual files by this asset +func (t *InfrastructureCRD) Generate(parents asset.Parents) error { + t.fileName = infraCRDfilename + data, err := content.GetOpenshiftTemplate(t.fileName) + if err != nil { + return err + } + t.FileList = []*asset.File{ + { + Filename: filepath.Join(content.TemplateDir, t.fileName), + Data: []byte(data), + }, + } + return nil +} + +// Files returns the files generated by the asset. +func (t *InfrastructureCRD) Files() []*asset.File { + return t.FileList +} + +// Load returns the asset from disk. +func (t *InfrastructureCRD) Load(f asset.FileFetcher) (bool, error) { + file, err := f.FetchByName(filepath.Join(content.TemplateDir, infraCRDfilename)) + if err != nil { + if os.IsNotExist(err) { + return false, nil + } + return false, err + } + t.FileList = []*asset.File{file} + return true, nil +} diff --git a/pkg/asset/templates/templates.go b/pkg/asset/templates/templates.go index a1b2993dd33..87f160e5d29 100644 --- a/pkg/asset/templates/templates.go +++ b/pkg/asset/templates/templates.go @@ -41,6 +41,7 @@ func (m *Templates) Dependencies() []asset.Asset { &openshift.CloudCredsSecret{}, &openshift.KubeadminPasswordSecret{}, &openshift.RoleCloudCredsSecretReader{}, + &openshift.InfrastructureCRD{}, } } @@ -65,6 +66,7 @@ func (m *Templates) Generate(dependencies asset.Parents) error { cloudCredsSecret := &openshift.CloudCredsSecret{} kubeadminPasswordSecret := &openshift.KubeadminPasswordSecret{} roleCloudCredsSecretReader := &openshift.RoleCloudCredsSecretReader{} + infrastructure := &openshift.InfrastructureCRD{} dependencies.Get( kubeCloudConfig, @@ -84,7 +86,8 @@ func (m *Templates) Generate(dependencies asset.Parents) error { bindingDiscovery, cloudCredsSecret, kubeadminPasswordSecret, - roleCloudCredsSecretReader) + roleCloudCredsSecretReader, + infrastructure) m.FileList = []*asset.File{} m.FileList = append(m.FileList, kubeCloudConfig.Files()...) @@ -106,6 +109,7 @@ func (m *Templates) Generate(dependencies asset.Parents) error { m.FileList = append(m.FileList, cloudCredsSecret.Files()...) m.FileList = append(m.FileList, kubeadminPasswordSecret.Files()...) m.FileList = append(m.FileList, roleCloudCredsSecretReader.Files()...) + m.FileList = append(m.FileList, infrastructure.Files()...) return nil } diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go index 0a2ad39357a..eed769098d4 100644 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ b/vendor/github.com/openshift/api/config/v1/register.go @@ -42,7 +42,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ConsoleList{}, &DNS{}, &DNSList{}, - &GenericControllerConfig{}, &IdentityProvider{}, &IdentityProviderList{}, &Image{}, diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index bfefb67d2f1..7445c4fff8d 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -12,6 +12,14 @@ type ConfigMapReference struct { Key string `json:"filename,omitempty"` } +// LocalSecretReference references a secret within the local namespace +type LocalSecretReference struct { + // Name of the secret in the local namespace + Name string `json:"name"` + // Key selects a specific key within the local secret. Must be a valid secret key. + Key string `json:"key,omitempty"` +} + // HTTPServingInfo holds configuration for serving HTTP type HTTPServingInfo struct { // ServingInfo is the HTTP serving information @@ -244,12 +252,8 @@ type ClientConnectionOverrides struct { Burst int32 `json:"burst"` } -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - // GenericControllerConfig provides information to configure a controller type GenericControllerConfig struct { - metav1.TypeMeta `json:",inline"` - // ServingInfo is the HTTP serving information for the controller's endpoints ServingInfo HTTPServingInfo `json:"servingInfo,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 281dca7acd3..af181c34e72 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -7,7 +7,6 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Authentication holds cluster-wide information about Authentication. The canonical name is `cluster` -// TODO this object is an example of a possible grouping and is subject to change or removal type Authentication struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -20,13 +19,34 @@ type Authentication struct { } type AuthenticationSpec struct { - // webhook token auth config (ttl) - // external token address - // serviceAccountOAuthGrantMethod or remove/disallow it as an option + // oauthMetadata contains the discovery endpoint data for OAuth 2.0 + // Authorization Server Metadata for an external OAuth server. + // This discovery document can be viewed from its served location: + // oc get --raw '/.well-known/oauth-authorization-server' + // For further details, see the IETF Draft: + // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + // If oauthMetadata.name is non-empty, this value has precedence + // over the observed value stored in status.oauthMetadata + // +optional + OAuthMetadata ConfigMapReference `json:"oauthMetadata"` + + // webhookTokenAuthenticators configures remote token reviewers. + // These remote authentication webhooks can be used to verify bearer tokens + // via the tokenreviews.authentication.k8s.io REST API. This is required to + // honor bearer tokens that are provisioned by an external authentication service. + WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators"` } type AuthenticationStatus struct { - // internal token address + // oauthMetadata contains the discovery endpoint data for OAuth 2.0 + // Authorization Server Metadata for an external OAuth server. + // This discovery document can be viewed from its served location: + // oc get --raw '/.well-known/oauth-authorization-server' + // For further details, see the IETF Draft: + // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + // This contains the observed value based on cluster state. + // An explicitly set value in spec.oauthMetadata has precedence over this field. + OAuthMetadata ConfigMapReference `json:"oauthMetadata"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -37,3 +57,11 @@ type AuthenticationList struct { metav1.ListMeta `json:"metadata,omitempty"` Items []Authentication `json:"items"` } + +// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator +type WebhookTokenAuthenticator struct { + // kubeConfig contains kube config file data which describes how to access the remote webhook service. + // For further details, see: + // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + KubeConfig LocalSecretReference `json:"kubeConfig"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go index 480c1d321ce..49d3d0fe681 100644 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ b/vendor/github.com/openshift/api/config/v1/types_build.go @@ -32,17 +32,20 @@ type BuildSpec struct { } type BuildDefaults struct { - // GitHTTPProxy is the location of the HTTPProxy for Git source + // DefaultProxy contains the default proxy settings for all build operations, including image pull/push + // and source download. + // + // Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables + // in the build config's strategy. // +optional - GitHTTPProxy string `json:"gitHTTPProxy,omitempty"` + DefaultProxy *ProxyConfig `json:"defaultProxy,omitempty"` - // GitHTTPSProxy is the location of the HTTPSProxy for Git source + // GitProxy contains the proxy settings for git operations only. If set, this will override + // any Proxy settings for all git commands, such as git clone. + // + // Values that are not set here will be inherited from DefaultProxy. // +optional - GitHTTPSProxy string `json:"gitHTTPSProxy,omitempty"` - - // GitNoProxy is the list of domains for which the proxy should not be used - // +optional - GitNoProxy string `json:"gitNoProxy,omitempty"` + GitProxy *ProxyConfig `json:"gitProxy,omitempty"` // Env is a set of default environment variables that will be applied to the // build if the specified variables do not exist on the build @@ -69,6 +72,21 @@ type ImageLabel struct { Value string `json:"value,omitempty"` } +// ProxyConfig defines what proxies to use for an operation +type ProxyConfig struct { + // HttpProxy is the URL of the proxy for HTTP requests + // +optional + HTTPProxy string `json:"httpProxy,omitempty"` + + // HttpsProxy is the URL of the proxy for HTTPS requests + // +optional + HTTPSProxy string `json:"httpsProxy,omitempty"` + + // NoProxy is the list of domains for which the proxy should not be used + // +optional + NoProxy string `json:"noProxy,omitempty"` +} + type BuildOverrides struct { // ImageLabels is a list of docker labels that are applied to the resulting image. // If user provided a label in their Build/BuildConfig with the same name as one in this diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index e012443ea26..a43b12a69a6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -73,11 +73,19 @@ type ClusterVersionSpec struct { // progress, or is failing. // +k8s:deepcopy-gen=true type ClusterVersionStatus struct { - // current is the version that the cluster will be reconciled to. This - // value may be empty during cluster startup, and then will be set whenever - // a new update is being applied. Use the conditions array to know whether - // the update is complete. - Current Update `json:"current"` + // desired is the version that the cluster is reconciling towards. + // If the cluster is not yet fully initialized desired will be set + // with the information available, which may be a payload or a tag. + Desired Update `json:"desired"` + + // history contains a list of the most recent versions applied to the cluster. + // This value may be empty during cluster startup, and then will be updated + // when a new update is being applied. The newest update is first in the + // list and it is ordered by recency. Updates in the history have state + // Completed if the rollout completed - if an update was failing or halfway + // applied the state will be Partial. Only a limited amount of update history + // is preserved. + History []UpdateHistory `json:"history"` // generation reports which version of the spec is being processed. // If this value is not equal to metadata.generation, then the @@ -106,6 +114,46 @@ type ClusterVersionStatus struct { AvailableUpdates []Update `json:"availableUpdates"` } +// UpdateState is a constant representing whether an update was successfully +// applied to the cluster or not. +type UpdateState string + +const ( + // CompletedUpdate indicates an update was successfully applied + // to the cluster (all resource updates were successful). + CompletedUpdate UpdateState = "Completed" + // PartialUpdate indicates an update was never completely applied + // or is currently being applied. + PartialUpdate UpdateState = "Partial" +) + +// UpdateHistory is a single attempted update to the cluster. +type UpdateHistory struct { + // state reflects whether the update was fully applied. The Partial state + // indicates the update is not fully applied, while the Completed state + // indicates the update was successfully rolled out at least once (all + // parts of the update successfully applied). + State UpdateState `json:"state"` + + // startedTime is the time at which the update was started. + StartedTime metav1.Time `json:"startedTime"` + // completionTime, if set, is when the update was fully applied. The update + // that is currently being applied will have a null completion time. + // Completion time will always be set for entries that are not the current + // update (usually to the started time of the next update). + CompletionTime *metav1.Time `json:"completionTime"` + + // version is a semantic versioning identifying the update version. If the + // requested payload does not define a version, or if a failure occurs + // retrieving the payload, this value may be empty. + // + // +optional + Version string `json:"version"` + // payload is a container image location that contains the update. This value + // is always populated. + Payload string `json:"payload"` +} + // ClusterID is string RFC4122 uuid. type ClusterID string diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 234e872c0b8..42efc79db95 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -25,9 +25,31 @@ type InfrastructureSpec struct { } type InfrastructureStatus struct { - // type + // platform is the underlying infrastructure provider for the cluster. This + // value controls whether infrastructure automation such as service load + // balancers, dynamic volume provisioning, machine creation and deletion, and + // other integrations are enabled. If None, no infrastructure automation is + // enabled. + Platform PlatformType `json:"platform,omitempty"` } +// platformType is a specific supported infrastructure provider. +type PlatformType string + +const ( + // awsPlatform represents Amazon AWS. + AWSPlatform PlatformType = "AWS" + + // openStackPlatform represents OpenStack. + OpenStackPlatform PlatformType = "OpenStack" + + // libvirtPlatform represents libvirt. + LibvirtPlatform PlatformType = "Libvirt" + + // nonePlatform means there is no infrastructure provider. + NonePlatform PlatformType = "None" +) + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type InfrastructureList struct { diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index aaea1aab145..144ba15b532 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -13,20 +13,56 @@ type Network struct { // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` - // spec holds user settable values for configuration + // spec holds user settable values for configuration. Spec NetworkSpec `json:"spec"` // status holds observed values from the cluster. They may not be overridden. Status NetworkStatus `json:"status"` } +// NetworkSpec is the desired network configuration. +// As a general rule, this SHOULD NOT be read directly. Instead, you should +// consume the NetworkStatus, as it indicates the currently deployed configuration. +// Currently, none of these fields may be changed after installation. type NetworkSpec struct { - // serviceCIDR - // servicePortRange - // vxlanPort - // ClusterNetworks []ClusterNetworkEntry `json:"clusterNetworks"` + // IP address pool to use for pod IPs. + ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` + + // IP address pool for services. + // Currently, we only support a single entry here. + ServiceNetwork []string `json:"serviceNetwork"` + + // NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). + // This should match a value that the cluster-network-operator understands, + // or else no networking will be installed. + // Currently supported values are: + // - OpenShiftSDN + NetworkType string `json:"networkType"` } +// NetworkStatus is the current network configuration. type NetworkStatus struct { + // IP address pool to use for pod IPs. + ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` + + // IP address pool for services. + // Currently, we only support a single entry here. + ServiceNetwork []string `json:"serviceNetwork"` + + // NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + NetworkType string `json:"networkType"` + + // ClusterNetworkMTU is the MTU for inter-pod networking. + ClusterNetworkMTU int `json:"clusterNetworkMTU"` +} + +// ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs +// are allocated. +type ClusterNetworkEntry struct { + // The complete block for pod IPs. + CIDR string `json:"cidr"` + + // The size (prefix) of block to allocate to each node. + HostPrefix uint32 `json:"hostPrefix"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/config/v1/types_oauth.go b/vendor/github.com/openshift/api/config/v1/types_oauth.go index d4402ed3383..91cffacdc19 100644 --- a/vendor/github.com/openshift/api/config/v1/types_oauth.go +++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go @@ -1,37 +1,550 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// OAuth Server and Identity Provider Config // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // OAuth holds cluster-wide information about OAuth. The canonical name is `cluster` -// TODO this object is an example of a possible grouping and is subject to change or removal type OAuth struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - Spec OAuthSpec `json:"spec"` - // status holds observed values from the cluster. They may not be overridden. - Status OAuthStatus `json:"status"` + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata"` + Spec OAuthSpec `json:"spec"` + Status OAuthStatus `json:"status,omitempty"` } +// OAuthSpec contains desired cluster auth configuration type OAuthSpec struct { - // options for configuring the embedded oauth server. - // possibly wellknown? + // identityProviders is an ordered list of ways for a user to identify themselves + IdentityProviders []OAuthIdentityProvider `json:"identityProviders"` + + // tokenConfig contains options for authorization and access tokens + TokenConfig TokenConfig `json:"tokenConfig"` + + // templates allow you to customize pages like the login page. + // +optional + Templates OAuthTemplates `json:"templates"` } +// OAuthStatus shows current known state of OAuth server in the cluster type OAuthStatus struct { + // TODO Fill in } -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// TokenConfig holds the necessary configuration options for authorization and access tokens +type TokenConfig struct { + // authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens + AuthorizeTokenMaxAgeSeconds int32 `json:"authorizeTokenMaxAgeSeconds"` + // accessTokenMaxAgeSeconds defines the maximum age of access tokens + AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"` + // accessTokenInactivityTimeoutSeconds defines the default token + // inactivity timeout for tokens granted by any client. + // The value represents the maximum amount of time that can occur between + // consecutive uses of the token. Tokens become invalid if they are not + // used within this temporal window. The user will need to acquire a new + // token to regain access once a token times out. + // Valid values are integer values: + // x < 0 Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`) + // x = 0 Tokens time out is disabled (default) + // x > 0 Tokens time out if there is no activity for x seconds + // The current minimum allowed value for X is 300 (5 minutes) + // +optional + AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"` +} + +const ( + // LoginTemplateKey is the default key of the login template + LoginTemplateKey = "login.html" + // ProviderSelectionTemplateKey is the default key for the provider selection template + ProviderSelectionTemplateKey = "providers.html" + // ErrorsTemplateKey is the default key for the errors template + ErrorsTemplateKey = "errors.html" +) + +// OAuthTemplates allow for customization of pages like the login page +type OAuthTemplates struct { + // login is a reference to a secret that specifies a go template to use to render the login page. + // If a key is not specified, the key `login.html` is used to locate the template data. + // If unspecified, the default login page is used. + // +optional + Login LocalSecretReference `json:"login,omitemtpy"` + + // providerSelection is a reference to a secret that specifies a go template to use to render + // the provider selection page. + // If a key is not specified, the key `providers.html` is used to locate the template data. + // If unspecified, the default provider selection page is used. + // +optional + ProviderSelection LocalSecretReference `json:"providerSelection,omitempty"` + + // error is a reference to a secret that specifies a go template to use to render error pages + // during the authentication or grant flow. + // If a key is not specified, the key `errrors.html` is used to locate the template data. + // If unspecified, the default error page is used. + // +optional + Error LocalSecretReference `json:"error,omitempty"` +} + +// OAuthIdentityProvider provides identities for users authenticating using credentials +type OAuthIdentityProvider struct { + // name is used to qualify the identities returned by this provider. + // - It MUST be unique and not shared by any other identity provider used + // - It MUST be a vlid path segment: name cannot equal "." or ".." or contain "/" or "%" + // Ref: https://godoc.org/k8s.io/apimachinery/pkg/api/validation/path#ValidatePathSegmentName + Name string `json:"name"` + + // challenge indicates whether to issue WWW-Authenticate challenges for this provider + UseAsChallenger bool `json:"challenge"` + // login indicates whether to use this identity provider for unauthenticated browsers to login against + UseAsLogin bool `json:"login"` + + // mappingMethod determines how identities from this provider are mapped to users + // Defaults to "claim" + // +optional + MappingMethod MappingMethodType `json:"mappingMethod"` + + // grantMethod: allow, deny, prompt + // This method will be used only if the specific OAuth client doesn't provide a strategy + // of their own. Valid grant handling methods are: + // - auto: always approves grant requests, useful for trusted clients + // - prompt: prompts the end user for approval of grant requests, useful for third-party clients + // - deny: always denies grant requests, useful for black-listed clients + // Defaults to "prompt" if not set. + // +optional + GrantMethod GrantHandlerType `json:"grantMethod"` + + // IdentityProvidersConfig + ProviderConfig IdentityProviderConfig `json:",inline"` +} + +// MappingMethodType specifies how new identities should be mapped to users when they log in +type MappingMethodType string + +const ( + // MappingMethodClaim provisions a user with the identity’s preferred user name. Fails if a user + // with that user name is already mapped to another identity. + // Default. + MappingMethodClaim MappingMethodType = "claim" + + // MappingMethodLookup looks up existing users already mapped to an identity but does not + // automatically provision users or identities. Requires identities and users be set up + // manually or using an external process. + MappingMethodLookup MappingMethodType = "lookup" + + // MappingMethodAdd provisions a user with the identity’s preferred user name. If a user with + // that user name already exists, the identity is mapped to the existing user, adding to any + // existing identity mappings for the user. + MappingMethodAdd MappingMethodType = "add" + + // MappingMethodGenerate provisions a user with the identity’s preferred user name. If a user + // with the preferred user name is already mapped to an existing identity, a unique user name is + // generated, e.g. myuser2. This method should not be used in combination with external + // processes that require exact matches between openshift user names and the idp user name + // such as LDAP group sync. + MappingMethodGenerate MappingMethodType = "generate" +) + +// GrantHandlerType are the valid strategies for handling grant requests +type GrantHandlerType string + +const ( + // GrantHandlerAuto auto-approves client authorization grant requests + GrantHandlerAuto GrantHandlerType = "auto" + // GrantHandlerPrompt prompts the user to approve new client authorization grant requests + GrantHandlerPrompt GrantHandlerType = "prompt" + // GrantHandlerDeny auto-denies client authorization grant requests + GrantHandlerDeny GrantHandlerType = "deny" +) + +type IdentityProviderType string + +const ( + // IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth + IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth" + + // IdentityProviderTypeAllowAll provides identities for all users authenticating using non-empty passwords + IdentityProviderTypeAllowAll IdentityProviderType = "AllowAll" + + // IdentityProviderTypeDenyAll provides no identities for users + IdentityProviderTypeDenyAll IdentityProviderType = "DenyAll" + + // IdentityProviderTypeHTPasswd provides identities from an HTPasswd file + IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd" + + // IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials + IdentityProviderTypeLDAP IdentityProviderType = "LDAP" + + // IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials + IdentityProviderTypeKeystone IdentityProviderType = "Keystone" + + // IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials + IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader" + + // IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials + IdentityProviderTypeGitHub IdentityProviderType = "GitHub" + + // IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials + IdentityProviderTypeGitLab IdentityProviderType = "GitLab" + + // IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials + IdentityProviderTypeGoogle IdentityProviderType = "Google" + + // IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials + IdentityProviderTypeOpenID IdentityProviderType = "OpenID" +) + +// IdentityProviderConfig contains configuration for using a specific identity provider +type IdentityProviderConfig struct { + // type identifies the identity provider type for this entry. + Type IdentityProviderType `json:"type"` + + // Provider-specific configuration + // The json tag MUST match the `Type` specified above, case-insensitively + // e.g. For `Type: "LDAP"`, the `LDAPPasswordIdentityProvider` configuration should be provided + + // basicAuth contains configuration options for the BasicAuth IdP + // +optional + BasicAuth *BasicAuthPasswordIdentityProvider `json:"basicAuth,omitempty"` + + // allowAll enables the AllowAllIdentityProvider which provides identities for users + // authenticating using non-empty passwords. + // Defaults to `false`, i.e. allowAll set to off + // +optional + AllowAll bool `json:"allowAll,omitempty"` + + // denyAll enables the DenyAllPasswordIdentityProvider which provides no identities for users + // Defaults to `false`, ie. denyAll set to off + // +optional + DenyAll bool `json:"denyAll,omitempty"` + + // htpasswd enables user authentication using an HTPasswd file to validate credentials + // +optional + HTPasswd *HTPasswdPasswordIdentityProvider `json:"htpasswd,omitempty"` + + // ldap enables user authentication using LDAP credentials + // +optional + LDAP *LDAPPasswordIdentityProvider `json:"ldap,omitempty"` + + // keystone enables user authentication using keystone password credentials + // +optional + Keystone *KeystonePasswordIdentityProvider `json:"keystone,omitempty"` + + // requestHeader enables user authentication using request header credentials + RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"` + + // github enables user authentication using GitHub credentials + // +optional + GitHub *GitHubIdentityProvider `json:"github,omitempty"` + + // gitlab enables user authentication using GitLab credentials + // +optional + GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"` + + // google enables user authentication using Google credentials + // +optional + Google *GoogleIdentityProvider `json:"google,omitempty"` + + // openID enables user authentication using OpenID credentials + // +optional + OpenID *OpenIDIdentityProvider `json:"openID,omitempty"` +} + +// BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials +type BasicAuthPasswordIdentityProvider struct { + // OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server + OAuthRemoteConnectionInfo `json:",inline"` +} + +// RemoteConnectionInfo holds information necessary for establishing a remote connection +type OAuthRemoteConnectionInfo struct { + // url is the remote URL to connect to + URL string `json:"url"` + // ca is a reference to a ConfigMap containing the CA for verifying TLS connections + CA ConfigMapReference `json:"ca"` + + // tlsClientCert references a secret containing the TLS client certificate to present when + // connecting to the server. + // Looks under the key "tls.cert" for the data unless a lookup key is specified in the secret ref + TLSClientCert LocalSecretReference `json:"tlsClientCert"` + + // tlsClientKey references a secret containing the TLS private key for the client certificate + // Looks under the key "tls.key" for the data unless a lookup key is specified in the secret ref + TLSClientKey LocalSecretReference `json:"tlsClientKey"` +} + +// HTPasswdDataKey is the default key for the htpasswd file data in a secret +const HTPasswdDataKey = "htpasswd" + +// HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials +type HTPasswdPasswordIdentityProvider struct { + // fileData is a reference to a secret containing the data to use as the htpasswd file + // Looks under the key `htpasswd` unless a lookup key is specified in the secret ref + FileData LocalSecretReference `json:"fileData"` +} + +const ( + // BindPasswordKey is default the key for the LDAP bind password in a secret + BindPasswordKey = "bindPassword" + // ClientSecretKey is the key for the oauth client secret data in a secret + ClientSecretKey = "clientSecret" +) + +// LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials +type LDAPPasswordIdentityProvider struct { + // url is an RFC 2255 URL which specifies the LDAP search parameters to use. + // The syntax of the URL is: + // ldap://host:port/basedn?attribute?scope?filter + URL string `json:"url"` + + // bindDN is an optional DN to bind with during the search phase. + // +optional + BindDN string `json:"bindDN"` + + // bindPassword is a reference to the secret containing an optional password to bind + // with during the search phase. + // Looks under the key `bindPassword` unless a lookup key is specified in the secret ref + // +optional + BindPassword LocalSecretReference `json:"bindPassword"` + + // insecure, if true, indicates the connection should not use TLS + // WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always + // attempt to connect using TLS, even when `insecure` is set to `true` + // When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to + // a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. + Insecure bool `json:"insecure"` + + // ca is a reference to a ConfigMap containing an optional trusted certificate authority bundle + // to use when making requests to the server. + // If empty, the default system roots are used. + // +optional + CA ConfigMapReference `json:"ca"` + + // attributes maps LDAP attributes to identities + Attributes LDAPAttributeMapping `json:"attributes"` +} + +// LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields +type LDAPAttributeMapping struct { + // id is the list of attributes whose values should be used as the user ID. Required. + // First non-empty attribute is used. At least one attribute is required. If none of the listed + // attribute have a value, authentication fails. + // LDAP standard identity attribute is "dn" + ID []string `json:"id"` + // preferredUsername is the list of attributes whose values should be used as the preferred username. + // LDAP standard login attribute is "uid" + // +optional + PreferredUsername []string `json:"preferredUsername"` + // name is the list of attributes whose values should be used as the display name. Optional. + // If unspecified, no display name is set for the identity + // LDAP standard display name attribute is "cn" + // +optional + Name []string `json:"name"` + // email is the list of attributes whose values should be used as the email address. Optional. + // If unspecified, no email is set for the identity + // +optional + Email []string `json:"email"` +} + +// KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials +type KeystonePasswordIdentityProvider struct { + // OAuthRemoteConnectionInfo contains information about how to connect to the keystone server + OAuthRemoteConnectionInfo `json:",inline"` + // domainName is required for keystone v3 + DomainName string `json:"domainName"` + // useKeystoneIdentity flag indicates that user should be authenticated by username, not keystone ID + // DEPRECATED - only use this option for legacy systems to ensure backwards compatibiity + // +optional + LegacyLookupByUsername bool `json:"useKeystoneIdentity"` +} + +// RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials +type RequestHeaderIdentityProvider struct { + // loginURL is a URL to redirect unauthenticated /authorize requests to + // Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here + // ${url} is replaced with the current URL, escaped to be safe in a query parameter + // https://www.example.com/sso-login?then=${url} + // ${query} is replaced with the current query string + // https://www.example.com/auth-proxy/oauth/authorize?${query} + // Required when UseAsLogin is set to true. + LoginURL string `json:"loginURL"` + + // challengeURL is a URL to redirect unauthenticated /authorize requests to + // Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be + // redirected here. + // ${url} is replaced with the current URL, escaped to be safe in a query parameter + // https://www.example.com/sso-login?then=${url} + // ${query} is replaced with the current query string + // https://www.example.com/auth-proxy/oauth/authorize?${query} + // Required when UseAsChallenger is set to true. + ChallengeURL string `json:"challengeURL"` + + // clientCA is a reference to a configmap with the trusted signer certs. If empty, no request + // verification is done, and any direct request to the OAuth server can impersonate any identity + // from this provider, merely by setting a request header. + // +optional + ClientCA ConfigMapReference `json:"ca"` + + // clientCommonNames is an optional list of common names to require a match from. If empty, any + // client certificate validated against the clientCA bundle is considered authoritative. + // +optional + ClientCommonNames []string `json:"clientCommonNames"` + + // headers is the set of headers to check for identity information + Headers []string `json:"headers"` + + // preferredUsernameHeaders is the set of headers to check for the preferred username + PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"` + + // nameHeaders is the set of headers to check for the display name + NameHeaders []string `json:"nameHeaders"` + + // emailHeaders is the set of headers to check for the email address + EmailHeaders []string `json:"emailHeaders"` +} + +// GitHubIdentityProvider provides identities for users authenticating using GitHub credentials +type GitHubIdentityProvider struct { + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is is a reference to the secret containing the oauth client secret + // The secret referenced must contain a key named `clientSecret` containing the secret data. + ClientSecret LocalSecretReference `json:"clientSecret"` + + // organizations optionally restricts which organizations are allowed to log in + // +optional + Organizations []string `json:"organizations"` + // teams optionally restricts which teams are allowed to log in. Format is /. + // +optional + Teams []string `json:"teams"` + + // hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of + // GitHub Enterprise. + // It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. + // +optional + Hostname string `json:"hostname"` + + // ca is a reference to a ConfigMap containing an optional trusted certificate authority bundle + // to use when making requests to the server. + // If empty, the default system roots are used. + // This can only be configured when hostname is set to a non-empty value. + // +optional + CA ConfigMapReference `json:"ca"` +} + +// GitLabIdentityProvider provides identities for users authenticating using GitLab credentials +type GitLabIdentityProvider struct { + // ca is a reference to a ConfigMap containing an optional trusted certificate authority bundle + // to use when making requests to the server. + // If empty, the default system roots are used. + // +optional + CA ConfigMapReference `json:"ca"` + + // url is the oauth server base URL + URL string `json:"url"` + + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is is a reference to the secret containing the oauth client secret + // The secret referenced must contain a key named `clientSecret` containing the secret data. + ClientSecret LocalSecretReference `json:"clientSecret"` + + // legacy determines that OAuth2 should be used, not OIDC + // +optional + LegacyOAuth2 bool `json:"legacy,omitempty"` +} + +// GoogleIdentityProvider provides identities for users authenticating using Google credentials +type GoogleIdentityProvider struct { + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is is a reference to the secret containing the oauth client secret + // The secret referenced must contain a key named `clientSecret` containing the secret data. + ClientSecret LocalSecretReference `json:"clientSecret"` + + // hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to + // +optional + HostedDomain string `json:"hostedDomain"` +} + +// OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials +type OpenIDIdentityProvider struct { + // ca is a reference to a ConfigMap containing an optional trusted certificate authority bundle + // to use when making requests to the server. + // If empty, the default system roots are used. + // +optional + CA ConfigMapReference `json:"ca"` + + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is is a reference to the secret containing the oauth client secret + // The secret referenced must contain a key named `clientSecret` containing the secret data. + ClientSecret LocalSecretReference `json:"clientSecret"` + + // extraScopes are any scopes to request in addition to the standard "openid" scope. + // +optional + ExtraScopes []string `json:"extraScopes"` + + // extraAuthorizeParameters are any custom parameters to add to the authorize request. + // +optional + ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters"` + + // urls to use to authenticate + URLs OpenIDURLs `json:"urls"` + + // claims mappings + Claims OpenIDClaims `json:"claims"` +} + +// OpenIDURLs are URLs to use when authenticating with an OpenID identity provider +type OpenIDURLs struct { + // authorize is the oauth authorization URL + Authorize string `json:"authorize"` + // token is the oauth token granting URL + Token string `json:"token"` + // userInfo is the optional userinfo URL. + // If present, a granted access_token is used to request claims + // If empty, a granted id_token is parsed for claims + // +optional + UserInfo string `json:"userInfo"` +} + +// UserIDClaim is used in the `ID` field for an `OpenIDClaim` +// Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability +// "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can +// rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique +// and never reassigned within the Issuer for a particular End-User, as described in Section 2. +// Therefore, the only guaranteed unique identifier for a given End-User is the combination of the +// iss Claim and the sub Claim." +const UserIDClaim = "sub" + +// OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider +type OpenIDClaims struct { + // preferredUsername is the list of claims whose values should be used as the preferred username. + // If unspecified, the preferred username is determined from the value of the id claim + // +optional + PreferredUsername []string `json:"preferredUsername"` + // name is the list of claims whose values should be used as the display name. Optional. + // If unspecified, no display name is set for the identity + // +optional + Name []string `json:"name"` + // email is the list of claims whose values should be used as the email address. Optional. + // If unspecified, no email is set for the identity + // +optional + Email []string `json:"email"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type OAuthList struct { metav1.TypeMeta `json:",inline"` - // Standard object's metadata. metav1.ListMeta `json:"metadata,omitempty"` Items []OAuth `json:"items"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/types_swagger_doc_generated.go index 8f433b01558..55b534c2e12 100644 --- a/vendor/github.com/openshift/api/config/v1/types_swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/types_swagger_doc_generated.go @@ -162,6 +162,16 @@ func (LeaderElection) SwaggerDoc() map[string]string { return map_LeaderElection } +var map_LocalSecretReference = map[string]string{ + "": "LocalSecretReference references a secret within the local namespace", + "name": "Name of the secret in the local namespace", + "key": "Key selects a specific key within the local secret. Must be a valid secret key.", +} + +func (LocalSecretReference) SwaggerDoc() map[string]string { + return map_LocalSecretReference +} + var map_NamedCertificate = map[string]string{ "": "NamedCertificate specifies a certificate/key, and the names it should be served for", "names": "Names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 2e376017cf1..e0fed9683ed 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -48,7 +48,7 @@ func (in *Authentication) DeepCopyInto(out *Authentication) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status return } @@ -107,6 +107,12 @@ func (in *AuthenticationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { *out = *in + out.OAuthMetadata = in.OAuthMetadata + if in.WebhookTokenAuthenticators != nil { + in, out := &in.WebhookTokenAuthenticators, &out.WebhookTokenAuthenticators + *out = make([]WebhookTokenAuthenticator, len(*in)) + copy(*out, *in) + } return } @@ -123,6 +129,7 @@ func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { *out = *in + out.OAuthMetadata = in.OAuthMetadata return } @@ -136,6 +143,23 @@ func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BasicAuthPasswordIdentityProvider) DeepCopyInto(out *BasicAuthPasswordIdentityProvider) { + *out = *in + out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuthPasswordIdentityProvider. +func (in *BasicAuthPasswordIdentityProvider) DeepCopy() *BasicAuthPasswordIdentityProvider { + if in == nil { + return nil + } + out := new(BasicAuthPasswordIdentityProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Build) DeepCopyInto(out *Build) { *out = *in @@ -166,6 +190,24 @@ func (in *Build) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BuildDefaults) DeepCopyInto(out *BuildDefaults) { *out = *in + if in.DefaultProxy != nil { + in, out := &in.DefaultProxy, &out.DefaultProxy + if *in == nil { + *out = nil + } else { + *out = new(ProxyConfig) + **out = **in + } + } + if in.GitProxy != nil { + in, out := &in.GitProxy, &out.GitProxy + if *in == nil { + *out = nil + } else { + *out = new(ProxyConfig) + **out = **in + } + } if in.Env != nil { in, out := &in.Env, &out.Env *out = make([]core_v1.EnvVar, len(*in)) @@ -305,6 +347,22 @@ func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterNetworkEntry) DeepCopyInto(out *ClusterNetworkEntry) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkEntry. +func (in *ClusterNetworkEntry) DeepCopy() *ClusterNetworkEntry { + if in == nil { + return nil + } + out := new(ClusterNetworkEntry) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterOperator) DeepCopyInto(out *ClusterOperator) { *out = *in @@ -517,7 +575,14 @@ func (in *ClusterVersionSpec) DeepCopy() *ClusterVersionSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { *out = *in - out.Current = in.Current + out.Desired = in.Desired + if in.History != nil { + in, out := &in.History, &out.History + *out = make([]UpdateHistory, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions *out = make([]ClusterOperatorStatusCondition, len(*in)) @@ -869,7 +934,6 @@ func (in *GenericAPIServerConfig) DeepCopy() *GenericAPIServerConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericControllerConfig) DeepCopyInto(out *GenericControllerConfig) { *out = *in - out.TypeMeta = in.TypeMeta in.ServingInfo.DeepCopyInto(&out.ServingInfo) out.LeaderElection = in.LeaderElection out.Authentication = in.Authentication @@ -887,12 +951,84 @@ func (in *GenericControllerConfig) DeepCopy() *GenericControllerConfig { return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *GenericControllerConfig) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitHubIdentityProvider) DeepCopyInto(out *GitHubIdentityProvider) { + *out = *in + out.ClientSecret = in.ClientSecret + if in.Organizations != nil { + in, out := &in.Organizations, &out.Organizations + *out = make([]string, len(*in)) + copy(*out, *in) } - return nil + if in.Teams != nil { + in, out := &in.Teams, &out.Teams + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.CA = in.CA + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubIdentityProvider. +func (in *GitHubIdentityProvider) DeepCopy() *GitHubIdentityProvider { + if in == nil { + return nil + } + out := new(GitHubIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitLabIdentityProvider) DeepCopyInto(out *GitLabIdentityProvider) { + *out = *in + out.CA = in.CA + out.ClientSecret = in.ClientSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitLabIdentityProvider. +func (in *GitLabIdentityProvider) DeepCopy() *GitLabIdentityProvider { + if in == nil { + return nil + } + out := new(GitLabIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GoogleIdentityProvider) DeepCopyInto(out *GoogleIdentityProvider) { + *out = *in + out.ClientSecret = in.ClientSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleIdentityProvider. +func (in *GoogleIdentityProvider) DeepCopy() *GoogleIdentityProvider { + if in == nil { + return nil + } + out := new(GoogleIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTPasswdPasswordIdentityProvider) DeepCopyInto(out *HTPasswdPasswordIdentityProvider) { + *out = *in + out.FileData = in.FileData + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTPasswdPasswordIdentityProvider. +func (in *HTPasswdPasswordIdentityProvider) DeepCopy() *HTPasswdPasswordIdentityProvider { + if in == nil { + return nil + } + out := new(HTPasswdPasswordIdentityProvider) + in.DeepCopyInto(out) + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -940,6 +1076,103 @@ func (in *IdentityProvider) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityProviderConfig) DeepCopyInto(out *IdentityProviderConfig) { + *out = *in + if in.BasicAuth != nil { + in, out := &in.BasicAuth, &out.BasicAuth + if *in == nil { + *out = nil + } else { + *out = new(BasicAuthPasswordIdentityProvider) + **out = **in + } + } + if in.HTPasswd != nil { + in, out := &in.HTPasswd, &out.HTPasswd + if *in == nil { + *out = nil + } else { + *out = new(HTPasswdPasswordIdentityProvider) + **out = **in + } + } + if in.LDAP != nil { + in, out := &in.LDAP, &out.LDAP + if *in == nil { + *out = nil + } else { + *out = new(LDAPPasswordIdentityProvider) + (*in).DeepCopyInto(*out) + } + } + if in.Keystone != nil { + in, out := &in.Keystone, &out.Keystone + if *in == nil { + *out = nil + } else { + *out = new(KeystonePasswordIdentityProvider) + **out = **in + } + } + if in.RequestHeader != nil { + in, out := &in.RequestHeader, &out.RequestHeader + if *in == nil { + *out = nil + } else { + *out = new(RequestHeaderIdentityProvider) + (*in).DeepCopyInto(*out) + } + } + if in.GitHub != nil { + in, out := &in.GitHub, &out.GitHub + if *in == nil { + *out = nil + } else { + *out = new(GitHubIdentityProvider) + (*in).DeepCopyInto(*out) + } + } + if in.GitLab != nil { + in, out := &in.GitLab, &out.GitLab + if *in == nil { + *out = nil + } else { + *out = new(GitLabIdentityProvider) + **out = **in + } + } + if in.Google != nil { + in, out := &in.Google, &out.Google + if *in == nil { + *out = nil + } else { + *out = new(GoogleIdentityProvider) + **out = **in + } + } + if in.OpenID != nil { + in, out := &in.OpenID, &out.OpenID + if *in == nil { + *out = nil + } else { + *out = new(OpenIDIdentityProvider) + (*in).DeepCopyInto(*out) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderConfig. +func (in *IdentityProviderConfig) DeepCopy() *IdentityProviderConfig { + if in == nil { + return nil + } + out := new(IdentityProviderConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IdentityProviderList) DeepCopyInto(out *IdentityProviderList) { *out = *in @@ -1316,6 +1549,23 @@ func (in *IngressStatus) DeepCopy() *IngressStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeystonePasswordIdentityProvider) DeepCopyInto(out *KeystonePasswordIdentityProvider) { + *out = *in + out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeystonePasswordIdentityProvider. +func (in *KeystonePasswordIdentityProvider) DeepCopy() *KeystonePasswordIdentityProvider { + if in == nil { + return nil + } + out := new(KeystonePasswordIdentityProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeClientConfig) DeepCopyInto(out *KubeClientConfig) { *out = *in @@ -1333,6 +1583,61 @@ func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PreferredUsername != nil { + in, out := &in.PreferredUsername, &out.PreferredUsername + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Email != nil { + in, out := &in.Email, &out.Email + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAttributeMapping. +func (in *LDAPAttributeMapping) DeepCopy() *LDAPAttributeMapping { + if in == nil { + return nil + } + out := new(LDAPAttributeMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LDAPPasswordIdentityProvider) DeepCopyInto(out *LDAPPasswordIdentityProvider) { + *out = *in + out.BindPassword = in.BindPassword + out.CA = in.CA + in.Attributes.DeepCopyInto(&out.Attributes) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPPasswordIdentityProvider. +func (in *LDAPPasswordIdentityProvider) DeepCopy() *LDAPPasswordIdentityProvider { + if in == nil { + return nil + } + out := new(LDAPPasswordIdentityProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LeaderElection) DeepCopyInto(out *LeaderElection) { *out = *in @@ -1352,6 +1657,22 @@ func (in *LeaderElection) DeepCopy() *LeaderElection { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalSecretReference. +func (in *LocalSecretReference) DeepCopy() *LocalSecretReference { + if in == nil { + return nil + } + out := new(LocalSecretReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NamedCertificate) DeepCopyInto(out *NamedCertificate) { *out = *in @@ -1379,8 +1700,8 @@ func (in *Network) DeepCopyInto(out *Network) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) return } @@ -1438,6 +1759,16 @@ func (in *NetworkList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = *in + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -1454,6 +1785,16 @@ func (in *NetworkSpec) DeepCopy() *NetworkSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { *out = *in + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -1472,7 +1813,7 @@ func (in *OAuth) DeepCopyInto(out *OAuth) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status return } @@ -1495,6 +1836,23 @@ func (in *OAuth) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthIdentityProvider) DeepCopyInto(out *OAuthIdentityProvider) { + *out = *in + in.ProviderConfig.DeepCopyInto(&out.ProviderConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthIdentityProvider. +func (in *OAuthIdentityProvider) DeepCopy() *OAuthIdentityProvider { + if in == nil { + return nil + } + out := new(OAuthIdentityProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OAuthList) DeepCopyInto(out *OAuthList) { *out = *in @@ -1528,9 +1886,37 @@ func (in *OAuthList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthRemoteConnectionInfo) DeepCopyInto(out *OAuthRemoteConnectionInfo) { + *out = *in + out.CA = in.CA + out.TLSClientCert = in.TLSClientCert + out.TLSClientKey = in.TLSClientKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthRemoteConnectionInfo. +func (in *OAuthRemoteConnectionInfo) DeepCopy() *OAuthRemoteConnectionInfo { + if in == nil { + return nil + } + out := new(OAuthRemoteConnectionInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OAuthSpec) DeepCopyInto(out *OAuthSpec) { *out = *in + if in.IdentityProviders != nil { + in, out := &in.IdentityProviders, &out.IdentityProviders + *out = make([]OAuthIdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.TokenConfig = in.TokenConfig + out.Templates = in.Templates return } @@ -1560,6 +1946,104 @@ func (in *OAuthStatus) DeepCopy() *OAuthStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthTemplates) DeepCopyInto(out *OAuthTemplates) { + *out = *in + out.Login = in.Login + out.ProviderSelection = in.ProviderSelection + out.Error = in.Error + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthTemplates. +func (in *OAuthTemplates) DeepCopy() *OAuthTemplates { + if in == nil { + return nil + } + out := new(OAuthTemplates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenIDClaims) DeepCopyInto(out *OpenIDClaims) { + *out = *in + if in.PreferredUsername != nil { + in, out := &in.PreferredUsername, &out.PreferredUsername + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Email != nil { + in, out := &in.Email, &out.Email + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDClaims. +func (in *OpenIDClaims) DeepCopy() *OpenIDClaims { + if in == nil { + return nil + } + out := new(OpenIDClaims) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenIDIdentityProvider) DeepCopyInto(out *OpenIDIdentityProvider) { + *out = *in + out.CA = in.CA + out.ClientSecret = in.ClientSecret + if in.ExtraScopes != nil { + in, out := &in.ExtraScopes, &out.ExtraScopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExtraAuthorizeParameters != nil { + in, out := &in.ExtraAuthorizeParameters, &out.ExtraAuthorizeParameters + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + out.URLs = in.URLs + in.Claims.DeepCopyInto(&out.Claims) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDIdentityProvider. +func (in *OpenIDIdentityProvider) DeepCopy() *OpenIDIdentityProvider { + if in == nil { + return nil + } + out := new(OpenIDIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenIDURLs) DeepCopyInto(out *OpenIDURLs) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDURLs. +func (in *OpenIDURLs) DeepCopy() *OpenIDURLs { + if in == nil { + return nil + } + out := new(OpenIDURLs) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Project) DeepCopyInto(out *Project) { *out = *in @@ -1653,6 +2137,22 @@ func (in *ProjectStatus) DeepCopy() *ProjectStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyConfig) DeepCopyInto(out *ProxyConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfig. +func (in *ProxyConfig) DeepCopy() *ProxyConfig { + if in == nil { + return nil + } + out := new(ProxyConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegistryLocation) DeepCopyInto(out *RegistryLocation) { *out = *in @@ -1686,6 +2186,48 @@ func (in *RemoteConnectionInfo) DeepCopy() *RemoteConnectionInfo { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestHeaderIdentityProvider) DeepCopyInto(out *RequestHeaderIdentityProvider) { + *out = *in + out.ClientCA = in.ClientCA + if in.ClientCommonNames != nil { + in, out := &in.ClientCommonNames, &out.ClientCommonNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PreferredUsernameHeaders != nil { + in, out := &in.PreferredUsernameHeaders, &out.PreferredUsernameHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NameHeaders != nil { + in, out := &in.NameHeaders, &out.NameHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EmailHeaders != nil { + in, out := &in.EmailHeaders, &out.EmailHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderIdentityProvider. +func (in *RequestHeaderIdentityProvider) DeepCopy() *RequestHeaderIdentityProvider { + if in == nil { + return nil + } + out := new(RequestHeaderIdentityProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Scheduling) DeepCopyInto(out *Scheduling) { *out = *in @@ -1841,6 +2383,22 @@ func (in *StringSourceSpec) DeepCopy() *StringSourceSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenConfig) DeepCopyInto(out *TokenConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenConfig. +func (in *TokenConfig) DeepCopy() *TokenConfig { + if in == nil { + return nil + } + out := new(TokenConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Update) DeepCopyInto(out *Update) { *out = *in @@ -1856,3 +2414,45 @@ func (in *Update) DeepCopy() *Update { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpdateHistory) DeepCopyInto(out *UpdateHistory) { + *out = *in + in.StartedTime.DeepCopyInto(&out.StartedTime) + if in.CompletionTime != nil { + in, out := &in.CompletionTime, &out.CompletionTime + if *in == nil { + *out = nil + } else { + *out = (*in).DeepCopy() + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpdateHistory. +func (in *UpdateHistory) DeepCopy() *UpdateHistory { + if in == nil { + return nil + } + out := new(UpdateHistory) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { + *out = *in + out.KubeConfig = in.KubeConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookTokenAuthenticator. +func (in *WebhookTokenAuthenticator) DeepCopy() *WebhookTokenAuthenticator { + if in == nil { + return nil + } + out := new(WebhookTokenAuthenticator) + in.DeepCopyInto(out) + return out +}