github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #123696 from aramase/aramase/f/kep_3331_v1beta1_api

Browse Source 
Duplicate v1alpha1 AuthenticationConfiguration to v1beta1
This commit is contained in:
Kubernetes Prow Robot
2024-03-06 15:35:28 -08:00
committed by GitHub
parent bd25605619 b502aa6f31
commit 05cb0a55c8
6 changed files with 924 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
pkg/kubeapiserver/options/authentication_test.go
View File

@@ -1030,6 +1030,64 @@ jwt:
},
expectedConfig: &apiserver.AuthenticationConfiguration{},
},
{
name: "v1beta1 - json",
file: func() string {
return writeTempFile(t, `{
"apiVersion":"apiserver.config.k8s.io/v1beta1",
"kind":"AuthenticationConfiguration",
"jwt":[{"issuer":{"url": "https://test-issuer"}}]}`)
},
expectedConfig: &apiserver.AuthenticationConfiguration{
JWT: []apiserver.JWTAuthenticator{
{
Issuer: apiserver.Issuer{
URL: "https://test-issuer",
},
},
},
},
},
{
name: "v1beta1 - yaml",
file: func() string {
return writeTempFile(t, `
apiVersion: apiserver.config.k8s.io/v1beta1
kind: AuthenticationConfiguration
jwt:
- issuer:
url: https://test-issuer
claimMappings:
username:
claim: sub
prefix: ""
`)
},
expectedConfig: &apiserver.AuthenticationConfiguration{
JWT: []apiserver.JWTAuthenticator{
{
Issuer: apiserver.Issuer{
URL: "https://test-issuer",
},
ClaimMappings: apiserver.ClaimMappings{
Username: apiserver.PrefixedClaimOrExpression{
Claim: "sub",
Prefix: pointer.String(""),
},
},
},
},
},
},
{
name: "v1beta1 - no jwt",
file: func() string {
return writeTempFile(t, `{
"apiVersion":"apiserver.config.k8s.io/v1beta1",
"kind":"AuthenticationConfiguration"}`)
},
expectedConfig: &apiserver.AuthenticationConfiguration{},
},
}
for _, tc := range testCases {

1
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/register.go
View File

@@ -52,6 +52,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&EgressSelectorConfiguration{},
)
scheme.AddKnownTypes(ConfigSchemeGroupVersion,
&AuthenticationConfiguration{},
&AuthorizationConfiguration{},
&TracingConfiguration{},
)

318
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go
View File

@@ -132,6 +132,324 @@ type TracingConfiguration struct {
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// AuthenticationConfiguration provides versioned configuration for authentication.
type AuthenticationConfiguration struct {
metav1.TypeMeta
// jwt is a list of authenticator to authenticate Kubernetes users using
// JWT compliant tokens. The authenticator will attempt to parse a raw ID token,
// verify it's been signed by the configured issuer. The public key to verify the
// signature is discovered from the issuer's public endpoint using OIDC discovery.
// For an incoming token, each JWT authenticator will be attempted in
// the order in which it is specified in this list. Note however that
// other authenticators may run before or after the JWT authenticators.
// The specific position of JWT authenticators in relation to other
// authenticators is neither defined nor stable across releases. Since
// each JWT authenticator must have a unique issuer URL, at most one
// JWT authenticator will attempt to cryptographically validate the token.
//
// The minimum valid JWT payload must contain the following claims:
// {
// "iss": "https://issuer.example.com",
// "aud": ["audience"],
// "exp": 1234567890,
// "<username claim>": "username"
// }
JWT []JWTAuthenticator `json:"jwt"`
}
// JWTAuthenticator provides the configuration for a single JWT authenticator.
type JWTAuthenticator struct {
// issuer contains the basic OIDC provider connection options.
// +required
Issuer Issuer `json:"issuer"`
// claimValidationRules are rules that are applied to validate token claims to authenticate users.
// +optional
ClaimValidationRules []ClaimValidationRule `json:"claimValidationRules,omitempty"`
// claimMappings points claims of a token to be treated as user attributes.
// +required
ClaimMappings ClaimMappings `json:"claimMappings"`
// userValidationRules are rules that are applied to final user before completing authentication.
// These allow invariants to be applied to incoming identities such as preventing the
// use of the system: prefix that is commonly used by Kubernetes components.
// The validation rules are logically ANDed together and must all return true for the validation to pass.
// +optional
UserValidationRules []UserValidationRule `json:"userValidationRules,omitempty"`
}
// Issuer provides the configuration for an external provider's specific settings.
type Issuer struct {
// url points to the issuer URL in a format https://url or https://url/path.
// This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.
// Same value as the --oidc-issuer-url flag.
// Discovery information is fetched from "{url}/.well-known/openid-configuration" unless overridden by discoveryURL.
// Required to be unique across all JWT authenticators.
// Note that egress selection configuration is not used for this network connection.
// +required
URL string `json:"url"`
// discoveryURL, if specified, overrides the URL used to fetch discovery
// information instead of using "{url}/.well-known/openid-configuration".
// The exact value specified is used, so "/.well-known/openid-configuration"
// must be included in discoveryURL if needed.
//
// The "issuer" field in the fetched discovery information must match the "issuer.url" field
// in the AuthenticationConfiguration and will be used to validate the "iss" claim in the presented JWT.
// This is for scenarios where the well-known and jwks endpoints are hosted at a different
// location than the issuer (such as locally in the cluster).
//
// Example:
// A discovery url that is exposed using kubernetes service 'oidc' in namespace 'oidc-namespace'
// and discovery information is available at '/.well-known/openid-configuration'.
// discoveryURL: "https://oidc.oidc-namespace/.well-known/openid-configuration"
// certificateAuthority is used to verify the TLS connection and the hostname on the leaf certificate
// must be set to 'oidc.oidc-namespace'.
//
// curl https://oidc.oidc-namespace/.well-known/openid-configuration (.discoveryURL field)
// {
// issuer: "https://oidc.example.com" (.url field)
// }
//
// discoveryURL must be different from url.
// Required to be unique across all JWT authenticators.
// Note that egress selection configuration is not used for this network connection.
// +optional
DiscoveryURL *string `json:"discoveryURL,omitempty"`
// certificateAuthority contains PEM-encoded certificate authority certificates
// used to validate the connection when fetching discovery information.
// If unset, the system verifier is used.
// Same value as the content of the file referenced by the --oidc-ca-file flag.
// +optional
CertificateAuthority string `json:"certificateAuthority,omitempty"`
// audiences is the set of acceptable audiences the JWT must be issued to.
// At least one of the entries must match the "aud" claim in presented JWTs.
// Same value as the --oidc-client-id flag (though this field supports an array).
// Required to be non-empty.
// +required
Audiences []string `json:"audiences"`
// audienceMatchPolicy defines how the "audiences" field is used to match the "aud" claim in the presented JWT.
// Allowed values are:
// 1. "MatchAny" when multiple audiences are specified and
// 2. empty (or unset) or "MatchAny" when a single audience is specified.
//
// - MatchAny: the "aud" claim in the presented JWT must match at least one of the entries in the "audiences" field.
// For example, if "audiences" is ["foo", "bar"], the "aud" claim in the presented JWT must contain either "foo" or "bar" (and may contain both).
//
// - "": The match policy can be empty (or unset) when a single audience is specified in the "audiences" field. The "aud" claim in the presented JWT must contain the single audience (and may contain others).
//
// For more nuanced audience validation, use claimValidationRules.
// example: claimValidationRule[].expression: 'sets.equivalent(claims.aud, ["bar", "foo", "baz"])' to require an exact match.
// +optional
AudienceMatchPolicy AudienceMatchPolicyType `json:"audienceMatchPolicy,omitempty"`
}
// AudienceMatchPolicyType is a set of valid values for issuer.audienceMatchPolicy
type AudienceMatchPolicyType string
// Valid types for AudienceMatchPolicyType
const (
// MatchAny means the "aud" claim in the presented JWT must match at least one of the entries in the "audiences" field.
AudienceMatchPolicyMatchAny AudienceMatchPolicyType = "MatchAny"
)
// ClaimValidationRule provides the configuration for a single claim validation rule.
type ClaimValidationRule struct {
// claim is the name of a required claim.
// Same as --oidc-required-claim flag.
// Only string claim keys are supported.
// Mutually exclusive with expression and message.
// +optional
Claim string `json:"claim,omitempty"`
// requiredValue is the value of a required claim.
// Same as --oidc-required-claim flag.
// Only string claim values are supported.
// If claim is set and requiredValue is not set, the claim must be present with a value set to the empty string.
// Mutually exclusive with expression and message.
// +optional
RequiredValue string `json:"requiredValue,omitempty"`
// expression represents the expression which will be evaluated by CEL.
// Must produce a boolean.
//
// CEL expressions have access to the contents of the token claims, organized into CEL variable:
// - 'claims' is a map of claim names to claim values.
// For example, a variable named 'sub' can be accessed as 'claims.sub'.
// Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
// Must return true for the validation to pass.
//
// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
//
// Mutually exclusive with claim and requiredValue.
// +optional
Expression string `json:"expression,omitempty"`
// message customizes the returned error message when expression returns false.
// message is a literal string.
// Mutually exclusive with claim and requiredValue.
// +optional
Message string `json:"message,omitempty"`
}
// ClaimMappings provides the configuration for claim mapping
type ClaimMappings struct {
// username represents an option for the username attribute.
// The claim's value must be a singular string.
// Same as the --oidc-username-claim and --oidc-username-prefix flags.
// If username.expression is set, the expression must produce a string value.
//
// In the flag based approach, the --oidc-username-claim and --oidc-username-prefix are optional. If --oidc-username-claim is not set,
// the default value is "sub". For the authentication config, there is no defaulting for claim or prefix. The claim and prefix must be set explicitly.
// For claim, if --oidc-username-claim was not set with legacy flag approach, configure username.claim="sub" in the authentication config.
// For prefix:
// (1) --oidc-username-prefix="-", no prefix was added to the username. For the same behavior using authentication config,
// set username.prefix=""
// (2) --oidc-username-prefix="" and --oidc-username-claim != "email", prefix was "<value of --oidc-issuer-url>#". For the same
// behavior using authentication config, set username.prefix="<value of issuer.url>#"
// (3) --oidc-username-prefix="<value>". For the same behavior using authentication config, set username.prefix="<value>"
// +required
Username PrefixedClaimOrExpression `json:"username"`
// groups represents an option for the groups attribute.
// The claim's value must be a string or string array claim.
// If groups.claim is set, the prefix must be specified (and can be the empty string).
// If groups.expression is set, the expression must produce a string or string array value.
// "", [], and null values are treated as the group mapping not being present.
// +optional
Groups PrefixedClaimOrExpression `json:"groups,omitempty"`
// uid represents an option for the uid attribute.
// Claim must be a singular string claim.
// If uid.expression is set, the expression must produce a string value.
// +optional
UID ClaimOrExpression `json:"uid"`
// extra represents an option for the extra attribute.
// expression must produce a string or string array value.
// If the value is empty, the extra mapping will not be present.
//
// hard-coded extra key/value
// - key: "foo"
// valueExpression: "'bar'"
// This will result in an extra attribute - foo: ["bar"]
//
// hard-coded key, value copying claim value
// - key: "foo"
// valueExpression: "claims.some_claim"
// This will result in an extra attribute - foo: [value of some_claim]
//
// hard-coded key, value derived from claim value
// - key: "admin"
// valueExpression: '(has(claims.is_admin) && claims.is_admin) ? "true":""'
// This will result in:
// - if is_admin claim is present and true, extra attribute - admin: ["true"]
// - if is_admin claim is present and false or is_admin claim is not present, no extra attribute will be added
//
// +optional
Extra []ExtraMapping `json:"extra,omitempty"`
}
// PrefixedClaimOrExpression provides the configuration for a single prefixed claim or expression.
type PrefixedClaimOrExpression struct {
// claim is the JWT claim to use.
// Mutually exclusive with expression.
// +optional
Claim string `json:"claim,omitempty"`
// prefix is prepended to claim's value to prevent clashes with existing names.
// prefix needs to be set if claim is set and can be the empty string.
// Mutually exclusive with expression.
// +optional
Prefix *string `json:"prefix,omitempty"`
// expression represents the expression which will be evaluated by CEL.
//
// CEL expressions have access to the contents of the token claims, organized into CEL variable:
// - 'claims' is a map of claim names to claim values.
// For example, a variable named 'sub' can be accessed as 'claims.sub'.
// Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
//
// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
//
// Mutually exclusive with claim and prefix.
// +optional
Expression string `json:"expression,omitempty"`
}
// ClaimOrExpression provides the configuration for a single claim or expression.
type ClaimOrExpression struct {
// claim is the JWT claim to use.
// Either claim or expression must be set.
// Mutually exclusive with expression.
// +optional
Claim string `json:"claim,omitempty"`
// expression represents the expression which will be evaluated by CEL.
//
// CEL expressions have access to the contents of the token claims, organized into CEL variable:
// - 'claims' is a map of claim names to claim values.
// For example, a variable named 'sub' can be accessed as 'claims.sub'.
// Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
//
// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
//
// Mutually exclusive with claim.
// +optional
Expression string `json:"expression,omitempty"`
}
// ExtraMapping provides the configuration for a single extra mapping.
type ExtraMapping struct {
// key is a string to use as the extra attribute key.
// key must be a domain-prefix path (e.g. example.org/foo). All characters before the first "/" must be a valid
// subdomain as defined by RFC 1123. All characters trailing the first "/" must
// be valid HTTP Path characters as defined by RFC 3986.
// key must be lowercase.
// Required to be unique.
// +required
Key string `json:"key"`
// valueExpression is a CEL expression to extract extra attribute value.
// valueExpression must produce a string or string array value.
// "", [], and null values are treated as the extra mapping not being present.
// Empty string values contained within a string array are filtered out.
//
// CEL expressions have access to the contents of the token claims, organized into CEL variable:
// - 'claims' is a map of claim names to claim values.
// For example, a variable named 'sub' can be accessed as 'claims.sub'.
// Nested claims can be accessed using dot notation, e.g. 'claims.foo.bar'.
//
// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
//
// +required
ValueExpression string `json:"valueExpression"`
}
// UserValidationRule provides the configuration for a single user info validation rule.
type UserValidationRule struct {
// expression represents the expression which will be evaluated by CEL.
// Must return true for the validation to pass.
//
// CEL expressions have access to the contents of UserInfo, organized into CEL variable:
// - 'user' - authentication.k8s.io/v1, Kind=UserInfo object
// Refer to https://github.com/kubernetes/api/blob/release-1.28/authentication/v1/types.go#L105-L122 for the definition.
// API documentation: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#userinfo-v1-authentication-k8s-io
//
// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
//
// +required
Expression string `json:"expression"`
// message customizes the returned error message when rule returns false.
// message is a literal string.
// +optional
Message string `json:"message,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type AuthorizationConfiguration struct {
metav1.TypeMeta

351
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.conversion.go generated
View File

@@ -24,6 +24,7 @@ package v1beta1
import (
unsafe "unsafe"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime"
apiserver "k8s.io/apiserver/pkg/apis/apiserver"
@@ -36,6 +37,16 @@ func init() {
// RegisterConversions adds conversion functions to the given scheme.
// Public to allow building arbitrary schemes.
func RegisterConversions(s *runtime.Scheme) error {
if err := s.AddGeneratedConversionFunc((*AuthenticationConfiguration)(nil), (*apiserver.AuthenticationConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration(a.(*AuthenticationConfiguration), b.(*apiserver.AuthenticationConfiguration), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.AuthenticationConfiguration)(nil), (*AuthenticationConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration(a.(*apiserver.AuthenticationConfiguration), b.(*AuthenticationConfiguration), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*AuthorizationConfiguration)(nil), (*apiserver.AuthorizationConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_AuthorizationConfiguration_To_apiserver_AuthorizationConfiguration(a.(*AuthorizationConfiguration), b.(*apiserver.AuthorizationConfiguration), scope)
}); err != nil {
@@ -56,6 +67,36 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*ClaimMappings)(nil), (*apiserver.ClaimMappings)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(a.(*ClaimMappings), b.(*apiserver.ClaimMappings), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.ClaimMappings)(nil), (*ClaimMappings)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(a.(*apiserver.ClaimMappings), b.(*ClaimMappings), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*ClaimOrExpression)(nil), (*apiserver.ClaimOrExpression)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(a.(*ClaimOrExpression), b.(*apiserver.ClaimOrExpression), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.ClaimOrExpression)(nil), (*ClaimOrExpression)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(a.(*apiserver.ClaimOrExpression), b.(*ClaimOrExpression), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*ClaimValidationRule)(nil), (*apiserver.ClaimValidationRule)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule(a.(*ClaimValidationRule), b.(*apiserver.ClaimValidationRule), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.ClaimValidationRule)(nil), (*ClaimValidationRule)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule(a.(*apiserver.ClaimValidationRule), b.(*ClaimValidationRule), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*Connection)(nil), (*apiserver.Connection)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_Connection_To_apiserver_Connection(a.(*Connection), b.(*apiserver.Connection), scope)
}); err != nil {
@@ -81,6 +122,46 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*ExtraMapping)(nil), (*apiserver.ExtraMapping)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping(a.(*ExtraMapping), b.(*apiserver.ExtraMapping), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.ExtraMapping)(nil), (*ExtraMapping)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping(a.(*apiserver.ExtraMapping), b.(*ExtraMapping), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*Issuer)(nil), (*apiserver.Issuer)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_Issuer_To_apiserver_Issuer(a.(*Issuer), b.(*apiserver.Issuer), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.Issuer)(nil), (*Issuer)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_Issuer_To_v1beta1_Issuer(a.(*apiserver.Issuer), b.(*Issuer), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*JWTAuthenticator)(nil), (*apiserver.JWTAuthenticator)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(a.(*JWTAuthenticator), b.(*apiserver.JWTAuthenticator), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.JWTAuthenticator)(nil), (*JWTAuthenticator)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(a.(*apiserver.JWTAuthenticator), b.(*JWTAuthenticator), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*PrefixedClaimOrExpression)(nil), (*apiserver.PrefixedClaimOrExpression)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(a.(*PrefixedClaimOrExpression), b.(*apiserver.PrefixedClaimOrExpression), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.PrefixedClaimOrExpression)(nil), (*PrefixedClaimOrExpression)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(a.(*apiserver.PrefixedClaimOrExpression), b.(*PrefixedClaimOrExpression), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*TCPTransport)(nil), (*apiserver.TCPTransport)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_TCPTransport_To_apiserver_TCPTransport(a.(*TCPTransport), b.(*apiserver.TCPTransport), scope)
}); err != nil {
@@ -131,6 +212,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*UserValidationRule)(nil), (*apiserver.UserValidationRule)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule(a.(*UserValidationRule), b.(*apiserver.UserValidationRule), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*apiserver.UserValidationRule)(nil), (*UserValidationRule)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule(a.(*apiserver.UserValidationRule), b.(*UserValidationRule), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*WebhookConfiguration)(nil), (*apiserver.WebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_WebhookConfiguration_To_apiserver_WebhookConfiguration(a.(*WebhookConfiguration), b.(*apiserver.WebhookConfiguration), scope)
}); err != nil {
@@ -169,6 +260,46 @@ func RegisterConversions(s *runtime.Scheme) error {
return nil
}
func autoConvert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration(in *AuthenticationConfiguration, out *apiserver.AuthenticationConfiguration, s conversion.Scope) error {
if in.JWT != nil {
in, out := &in.JWT, &out.JWT
*out = make([]apiserver.JWTAuthenticator, len(*in))
for i := range *in {
if err := Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.JWT = nil
}
return nil
}
// Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration is an autogenerated conversion function.
func Convert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration(in *AuthenticationConfiguration, out *apiserver.AuthenticationConfiguration, s conversion.Scope) error {
return autoConvert_v1beta1_AuthenticationConfiguration_To_apiserver_AuthenticationConfiguration(in, out, s)
}
func autoConvert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration(in *apiserver.AuthenticationConfiguration, out *AuthenticationConfiguration, s conversion.Scope) error {
if in.JWT != nil {
in, out := &in.JWT, &out.JWT
*out = make([]JWTAuthenticator, len(*in))
for i := range *in {
if err := Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(&(*in)[i], &(*out)[i], s); err != nil {
return err
}
}
} else {
out.JWT = nil
}
return nil
}
// Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration is an autogenerated conversion function.
func Convert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration(in *apiserver.AuthenticationConfiguration, out *AuthenticationConfiguration, s conversion.Scope) error {
return autoConvert_apiserver_AuthenticationConfiguration_To_v1beta1_AuthenticationConfiguration(in, out, s)
}
func autoConvert_v1beta1_AuthorizationConfiguration_To_apiserver_AuthorizationConfiguration(in *AuthorizationConfiguration, out *apiserver.AuthorizationConfiguration, s conversion.Scope) error {
out.Authorizers = *(*[]apiserver.AuthorizerConfiguration)(unsafe.Pointer(&in.Authorizers))
return nil
@@ -213,6 +344,92 @@ func Convert_apiserver_AuthorizerConfiguration_To_v1beta1_AuthorizerConfiguratio
return autoConvert_apiserver_AuthorizerConfiguration_To_v1beta1_AuthorizerConfiguration(in, out, s)
}
func autoConvert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(in *ClaimMappings, out *apiserver.ClaimMappings, s conversion.Scope) error {
if err := Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(&in.Username, &out.Username, s); err != nil {
return err
}
if err := Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(&in.Groups, &out.Groups, s); err != nil {
return err
}
if err := Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(&in.UID, &out.UID, s); err != nil {
return err
}
out.Extra = *(*[]apiserver.ExtraMapping)(unsafe.Pointer(&in.Extra))
return nil
}
// Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings is an autogenerated conversion function.
func Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(in *ClaimMappings, out *apiserver.ClaimMappings, s conversion.Scope) error {
return autoConvert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(in, out, s)
}
func autoConvert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(in *apiserver.ClaimMappings, out *ClaimMappings, s conversion.Scope) error {
if err := Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(&in.Username, &out.Username, s); err != nil {
return err
}
if err := Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(&in.Groups, &out.Groups, s); err != nil {
return err
}
if err := Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(&in.UID, &out.UID, s); err != nil {
return err
}
out.Extra = *(*[]ExtraMapping)(unsafe.Pointer(&in.Extra))
return nil
}
// Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings is an autogenerated conversion function.
func Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(in *apiserver.ClaimMappings, out *ClaimMappings, s conversion.Scope) error {
return autoConvert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(in, out, s)
}
func autoConvert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(in *ClaimOrExpression, out *apiserver.ClaimOrExpression, s conversion.Scope) error {
out.Claim = in.Claim
out.Expression = in.Expression
return nil
}
// Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression is an autogenerated conversion function.
func Convert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(in *ClaimOrExpression, out *apiserver.ClaimOrExpression, s conversion.Scope) error {
return autoConvert_v1beta1_ClaimOrExpression_To_apiserver_ClaimOrExpression(in, out, s)
}
func autoConvert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(in *apiserver.ClaimOrExpression, out *ClaimOrExpression, s conversion.Scope) error {
out.Claim = in.Claim
out.Expression = in.Expression
return nil
}
// Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression is an autogenerated conversion function.
func Convert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(in *apiserver.ClaimOrExpression, out *ClaimOrExpression, s conversion.Scope) error {
return autoConvert_apiserver_ClaimOrExpression_To_v1beta1_ClaimOrExpression(in, out, s)
}
func autoConvert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule(in *ClaimValidationRule, out *apiserver.ClaimValidationRule, s conversion.Scope) error {
out.Claim = in.Claim
out.RequiredValue = in.RequiredValue
out.Expression = in.Expression
out.Message = in.Message
return nil
}
// Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule is an autogenerated conversion function.
func Convert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule(in *ClaimValidationRule, out *apiserver.ClaimValidationRule, s conversion.Scope) error {
return autoConvert_v1beta1_ClaimValidationRule_To_apiserver_ClaimValidationRule(in, out, s)
}
func autoConvert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule(in *apiserver.ClaimValidationRule, out *ClaimValidationRule, s conversion.Scope) error {
out.Claim = in.Claim
out.RequiredValue = in.RequiredValue
out.Expression = in.Expression
out.Message = in.Message
return nil
}
// Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule is an autogenerated conversion function.
func Convert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule(in *apiserver.ClaimValidationRule, out *ClaimValidationRule, s conversion.Scope) error {
return autoConvert_apiserver_ClaimValidationRule_To_v1beta1_ClaimValidationRule(in, out, s)
}
func autoConvert_v1beta1_Connection_To_apiserver_Connection(in *Connection, out *apiserver.Connection, s conversion.Scope) error {
out.ProxyProtocol = apiserver.ProtocolType(in.ProxyProtocol)
out.Transport = (*apiserver.Transport)(unsafe.Pointer(in.Transport))
@@ -296,6 +513,118 @@ func Convert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConf
return autoConvert_apiserver_EgressSelectorConfiguration_To_v1beta1_EgressSelectorConfiguration(in, out, s)
}
func autoConvert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping(in *ExtraMapping, out *apiserver.ExtraMapping, s conversion.Scope) error {
out.Key = in.Key
out.ValueExpression = in.ValueExpression
return nil
}
// Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping is an autogenerated conversion function.
func Convert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping(in *ExtraMapping, out *apiserver.ExtraMapping, s conversion.Scope) error {
return autoConvert_v1beta1_ExtraMapping_To_apiserver_ExtraMapping(in, out, s)
}
func autoConvert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping(in *apiserver.ExtraMapping, out *ExtraMapping, s conversion.Scope) error {
out.Key = in.Key
out.ValueExpression = in.ValueExpression
return nil
}
// Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping is an autogenerated conversion function.
func Convert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping(in *apiserver.ExtraMapping, out *ExtraMapping, s conversion.Scope) error {
return autoConvert_apiserver_ExtraMapping_To_v1beta1_ExtraMapping(in, out, s)
}
func autoConvert_v1beta1_Issuer_To_apiserver_Issuer(in *Issuer, out *apiserver.Issuer, s conversion.Scope) error {
out.URL = in.URL
if err := v1.Convert_Pointer_string_To_string(&in.DiscoveryURL, &out.DiscoveryURL, s); err != nil {
return err
}
out.CertificateAuthority = in.CertificateAuthority
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
out.AudienceMatchPolicy = apiserver.AudienceMatchPolicyType(in.AudienceMatchPolicy)
return nil
}
// Convert_v1beta1_Issuer_To_apiserver_Issuer is an autogenerated conversion function.
func Convert_v1beta1_Issuer_To_apiserver_Issuer(in *Issuer, out *apiserver.Issuer, s conversion.Scope) error {
return autoConvert_v1beta1_Issuer_To_apiserver_Issuer(in, out, s)
}
func autoConvert_apiserver_Issuer_To_v1beta1_Issuer(in *apiserver.Issuer, out *Issuer, s conversion.Scope) error {
out.URL = in.URL
if err := v1.Convert_string_To_Pointer_string(&in.DiscoveryURL, &out.DiscoveryURL, s); err != nil {
return err
}
out.CertificateAuthority = in.CertificateAuthority
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
out.AudienceMatchPolicy = AudienceMatchPolicyType(in.AudienceMatchPolicy)
return nil
}
// Convert_apiserver_Issuer_To_v1beta1_Issuer is an autogenerated conversion function.
func Convert_apiserver_Issuer_To_v1beta1_Issuer(in *apiserver.Issuer, out *Issuer, s conversion.Scope) error {
return autoConvert_apiserver_Issuer_To_v1beta1_Issuer(in, out, s)
}
func autoConvert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(in *JWTAuthenticator, out *apiserver.JWTAuthenticator, s conversion.Scope) error {
if err := Convert_v1beta1_Issuer_To_apiserver_Issuer(&in.Issuer, &out.Issuer, s); err != nil {
return err
}
out.ClaimValidationRules = *(*[]apiserver.ClaimValidationRule)(unsafe.Pointer(&in.ClaimValidationRules))
if err := Convert_v1beta1_ClaimMappings_To_apiserver_ClaimMappings(&in.ClaimMappings, &out.ClaimMappings, s); err != nil {
return err
}
out.UserValidationRules = *(*[]apiserver.UserValidationRule)(unsafe.Pointer(&in.UserValidationRules))
return nil
}
// Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator is an autogenerated conversion function.
func Convert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(in *JWTAuthenticator, out *apiserver.JWTAuthenticator, s conversion.Scope) error {
return autoConvert_v1beta1_JWTAuthenticator_To_apiserver_JWTAuthenticator(in, out, s)
}
func autoConvert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(in *apiserver.JWTAuthenticator, out *JWTAuthenticator, s conversion.Scope) error {
if err := Convert_apiserver_Issuer_To_v1beta1_Issuer(&in.Issuer, &out.Issuer, s); err != nil {
return err
}
out.ClaimValidationRules = *(*[]ClaimValidationRule)(unsafe.Pointer(&in.ClaimValidationRules))
if err := Convert_apiserver_ClaimMappings_To_v1beta1_ClaimMappings(&in.ClaimMappings, &out.ClaimMappings, s); err != nil {
return err
}
out.UserValidationRules = *(*[]UserValidationRule)(unsafe.Pointer(&in.UserValidationRules))
return nil
}
// Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator is an autogenerated conversion function.
func Convert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(in *apiserver.JWTAuthenticator, out *JWTAuthenticator, s conversion.Scope) error {
return autoConvert_apiserver_JWTAuthenticator_To_v1beta1_JWTAuthenticator(in, out, s)
}
func autoConvert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(in *PrefixedClaimOrExpression, out *apiserver.PrefixedClaimOrExpression, s conversion.Scope) error {
out.Claim = in.Claim
out.Prefix = (*string)(unsafe.Pointer(in.Prefix))
out.Expression = in.Expression
return nil
}
// Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression is an autogenerated conversion function.
func Convert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(in *PrefixedClaimOrExpression, out *apiserver.PrefixedClaimOrExpression, s conversion.Scope) error {
return autoConvert_v1beta1_PrefixedClaimOrExpression_To_apiserver_PrefixedClaimOrExpression(in, out, s)
}
func autoConvert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(in *apiserver.PrefixedClaimOrExpression, out *PrefixedClaimOrExpression, s conversion.Scope) error {
out.Claim = in.Claim
out.Prefix = (*string)(unsafe.Pointer(in.Prefix))
out.Expression = in.Expression
return nil
}
// Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression is an autogenerated conversion function.
func Convert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(in *apiserver.PrefixedClaimOrExpression, out *PrefixedClaimOrExpression, s conversion.Scope) error {
return autoConvert_apiserver_PrefixedClaimOrExpression_To_v1beta1_PrefixedClaimOrExpression(in, out, s)
}
func autoConvert_v1beta1_TCPTransport_To_apiserver_TCPTransport(in *TCPTransport, out *apiserver.TCPTransport, s conversion.Scope) error {
out.URL = in.URL
out.TLSConfig = (*apiserver.TLSConfig)(unsafe.Pointer(in.TLSConfig))
@@ -404,6 +733,28 @@ func Convert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in *apiserver.UDSTra
return autoConvert_apiserver_UDSTransport_To_v1beta1_UDSTransport(in, out, s)
}
func autoConvert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule(in *UserValidationRule, out *apiserver.UserValidationRule, s conversion.Scope) error {
out.Expression = in.Expression
out.Message = in.Message
return nil
}
// Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule is an autogenerated conversion function.
func Convert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule(in *UserValidationRule, out *apiserver.UserValidationRule, s conversion.Scope) error {
return autoConvert_v1beta1_UserValidationRule_To_apiserver_UserValidationRule(in, out, s)
}
func autoConvert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule(in *apiserver.UserValidationRule, out *UserValidationRule, s conversion.Scope) error {
out.Expression = in.Expression
out.Message = in.Message
return nil
}
// Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule is an autogenerated conversion function.
func Convert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule(in *apiserver.UserValidationRule, out *UserValidationRule, s conversion.Scope) error {
return autoConvert_apiserver_UserValidationRule_To_v1beta1_UserValidationRule(in, out, s)
}
func autoConvert_v1beta1_WebhookConfiguration_To_apiserver_WebhookConfiguration(in *WebhookConfiguration, out *apiserver.WebhookConfiguration, s conversion.Scope) error {
out.AuthorizedTTL = in.AuthorizedTTL
out.UnauthorizedTTL = in.UnauthorizedTTL

195
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/zz_generated.deepcopy.go generated
View File

@@ -25,6 +25,38 @@ import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuthenticationConfiguration) DeepCopyInto(out *AuthenticationConfiguration) {
*out = *in
out.TypeMeta = in.TypeMeta
if in.JWT != nil {
in, out := &in.JWT, &out.JWT
*out = make([]JWTAuthenticator, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationConfiguration.
func (in *AuthenticationConfiguration) DeepCopy() *AuthenticationConfiguration {
if in == nil {
return nil
}
out := new(AuthenticationConfiguration)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *AuthenticationConfiguration) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuthorizationConfiguration) DeepCopyInto(out *AuthorizationConfiguration) {
*out = *in
@@ -78,6 +110,62 @@ func (in *AuthorizerConfiguration) DeepCopy() *AuthorizerConfiguration {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClaimMappings) DeepCopyInto(out *ClaimMappings) {
*out = *in
in.Username.DeepCopyInto(&out.Username)
in.Groups.DeepCopyInto(&out.Groups)
out.UID = in.UID
if in.Extra != nil {
in, out := &in.Extra, &out.Extra
*out = make([]ExtraMapping, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimMappings.
func (in *ClaimMappings) DeepCopy() *ClaimMappings {
if in == nil {
return nil
}
out := new(ClaimMappings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClaimOrExpression) DeepCopyInto(out *ClaimOrExpression) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimOrExpression.
func (in *ClaimOrExpression) DeepCopy() *ClaimOrExpression {
if in == nil {
return nil
}
out := new(ClaimOrExpression)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClaimValidationRule) DeepCopyInto(out *ClaimValidationRule) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimValidationRule.
func (in *ClaimValidationRule) DeepCopy() *ClaimValidationRule {
if in == nil {
return nil
}
out := new(ClaimValidationRule)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Connection) DeepCopyInto(out *Connection) {
*out = *in
@@ -148,6 +236,97 @@ func (in *EgressSelectorConfiguration) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExtraMapping) DeepCopyInto(out *ExtraMapping) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExtraMapping.
func (in *ExtraMapping) DeepCopy() *ExtraMapping {
if in == nil {
return nil
}
out := new(ExtraMapping)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Issuer) DeepCopyInto(out *Issuer) {
*out = *in
if in.DiscoveryURL != nil {
in, out := &in.DiscoveryURL, &out.DiscoveryURL
*out = new(string)
**out = **in
}
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Issuer.
func (in *Issuer) DeepCopy() *Issuer {
if in == nil {
return nil
}
out := new(Issuer)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *JWTAuthenticator) DeepCopyInto(out *JWTAuthenticator) {
*out = *in
in.Issuer.DeepCopyInto(&out.Issuer)
if in.ClaimValidationRules != nil {
in, out := &in.ClaimValidationRules, &out.ClaimValidationRules
*out = make([]ClaimValidationRule, len(*in))
copy(*out, *in)
}
in.ClaimMappings.DeepCopyInto(&out.ClaimMappings)
if in.UserValidationRules != nil {
in, out := &in.UserValidationRules, &out.UserValidationRules
*out = make([]UserValidationRule, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthenticator.
func (in *JWTAuthenticator) DeepCopy() *JWTAuthenticator {
if in == nil {
return nil
}
out := new(JWTAuthenticator)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PrefixedClaimOrExpression) DeepCopyInto(out *PrefixedClaimOrExpression) {
*out = *in
if in.Prefix != nil {
in, out := &in.Prefix, &out.Prefix
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefixedClaimOrExpression.
func (in *PrefixedClaimOrExpression) DeepCopy() *PrefixedClaimOrExpression {
if in == nil {
return nil
}
out := new(PrefixedClaimOrExpression)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TCPTransport) DeepCopyInto(out *TCPTransport) {
*out = *in
@@ -253,6 +432,22 @@ func (in *UDSTransport) DeepCopy() *UDSTransport {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *UserValidationRule) DeepCopyInto(out *UserValidationRule) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserValidationRule.
func (in *UserValidationRule) DeepCopy() *UserValidationRule {
if in == nil {
return nil
}
out := new(UserValidationRule)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration) {
*out = *in

2
test/integration/apiserver/oidc/oidc_test.go
View File

@@ -145,7 +145,7 @@ func runTests(t *testing.T, useAuthenticationConfig bool) {
if useAuthenticationConfig {
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1alpha1
apiVersion: apiserver.config.k8s.io/v1beta1
kind: AuthenticationConfiguration
jwt:
- issuer: