From 8e8989c576503536645ae20e891b637e9a316a5f Mon Sep 17 00:00:00 2001 From: Timo Behrendt Date: Sun, 17 May 2026 19:38:29 +0200 Subject: [PATCH] feat: add bare policy binding controller --- artifacts/crd/policyBinding.yaml | 53 +++ main.go | 17 +- pkg/apis/policybinding/v1alpha1/doc.go | 23 ++ pkg/apis/policybinding/v1alpha1/types.go | 54 +++ .../v1alpha1/zz_generated.deepcopy.go | 119 ++++++ .../v1alpha1/zz_generated.register.go | 71 ++++ pkg/controllers/policybinding/controller.go | 295 ++++++++++++++ .../policybinding/controller_test.go | 363 ++++++++++++++++++ .../policybinding/v1alpha1/policybinding.go | 243 ++++++++++++ .../v1alpha1/policybindingspec.go | 75 ++++ .../v1alpha1/policybindingstatus.go | 39 ++ pkg/generated/applyconfiguration/utils.go | 10 + .../clientset/versioned/clientset.go | 13 + .../versioned/fake/clientset_generated.go | 7 + .../clientset/versioned/fake/register.go | 2 + .../clientset/versioned/scheme/register.go | 2 + .../typed/policybinding/v1alpha1/doc.go | 20 + .../typed/policybinding/v1alpha1/fake/doc.go | 20 + .../v1alpha1/fake/fake_policybinding.go | 53 +++ .../fake/fake_policybinding_client.go | 40 ++ .../v1alpha1/generated_expansion.go | 21 + .../policybinding/v1alpha1/policybinding.go | 74 ++++ .../v1alpha1/policybinding_client.go | 101 +++++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 5 + .../policybinding/interface.go | 46 +++ .../policybinding/v1alpha1/interface.go | 45 +++ .../policybinding/v1alpha1/policybinding.go | 116 ++++++ .../v1alpha1/expansion_generated.go | 27 ++ .../policybinding/v1alpha1/policybinding.go | 70 ++++ pkg/generated/openapi/zz_generated.openapi.go | 163 ++++++++ 31 files changed, 2192 insertions(+), 1 deletion(-) create mode 100644 artifacts/crd/policyBinding.yaml create mode 100644 pkg/apis/policybinding/v1alpha1/doc.go create mode 100644 pkg/apis/policybinding/v1alpha1/types.go create mode 100644 pkg/apis/policybinding/v1alpha1/zz_generated.deepcopy.go create mode 100644 pkg/apis/policybinding/v1alpha1/zz_generated.register.go create mode 100644 pkg/controllers/policybinding/controller.go create mode 100644 pkg/controllers/policybinding/controller_test.go create mode 100644 pkg/generated/applyconfiguration/policybinding/v1alpha1/policybinding.go create mode 100644 pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingspec.go create mode 100644 pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingstatus.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/doc.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/doc.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding_client.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/generated_expansion.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding.go create mode 100644 pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding_client.go create mode 100644 pkg/generated/informers/externalversions/policybinding/interface.go create mode 100644 pkg/generated/informers/externalversions/policybinding/v1alpha1/interface.go create mode 100644 pkg/generated/informers/externalversions/policybinding/v1alpha1/policybinding.go create mode 100644 pkg/generated/listers/policybinding/v1alpha1/expansion_generated.go create mode 100644 pkg/generated/listers/policybinding/v1alpha1/policybinding.go diff --git a/artifacts/crd/policyBinding.yaml b/artifacts/crd/policyBinding.yaml new file mode 100644 index 0000000..1aa2fe1 --- /dev/null +++ b/artifacts/crd/policyBinding.yaml @@ -0,0 +1,53 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: policybindings.policybinding.t000-n.de +spec: + group: policybinding.t000-n.de + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: PK + type: string + jsonPath: .status.pk + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + policy: + type: string + format: uuid + group: + type: string + format: uuid + user: + type: integer + format: int32 + target: + type: string + format: uuid + order: + type: integer + required: + - target + - order + status: + type: object + properties: + pk: + type: string + required: + - pk + names: + kind: PolicyBinding + plural: policybindings + shortNames: + - pb + scope: Namespaced diff --git a/main.go b/main.go index cc82666..7947b29 100644 --- a/main.go +++ b/main.go @@ -34,6 +34,7 @@ import ( // _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" applicationcontroller "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/controllers/application" + policybindingcontroller "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/controllers/policybinding" proxyprovidercontroller "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/controllers/proxyprovider" clientset "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned" informers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions" @@ -87,13 +88,19 @@ func main() { applicationInformerFactory.Application().V1alpha1().Applications(), ) + policyBindingInformerFactory := informers.NewSharedInformerFactory(clientset, time.Second*30) + pbController := policybindingcontroller.NewController(ctx, kubeClient, clientset, authentikClient, + policyBindingInformerFactory.PolicyBinding().V1alpha1().PolicyBindings(), + ) + // notice that there is no need to run Start methods in a separate goroutine. (i.e. go kubeInformerFactory.Start(ctx.done()) // Start method is non-blocking and runs all registered informers in a dedicated goroutine. proxyProviderInformerFactory.Start(ctx.Done()) applicationInformerFactory.Start(ctx.Done()) + policyBindingInformerFactory.Start(ctx.Done()) var wg sync.WaitGroup - wg.Add(2) + wg.Add(3) go func() { defer wg.Done() @@ -111,6 +118,14 @@ func main() { } }() + go func() { + defer wg.Done() + if err := pbController.Run(ctx, 2); err != nil { + logger.Error(err, "Error running policy binding controller") + klog.FlushAndExit(klog.ExitFlushTimeout, 1) + } + }() + wg.Wait() } diff --git a/pkg/apis/policybinding/v1alpha1/doc.go b/pkg/apis/policybinding/v1alpha1/doc.go new file mode 100644 index 0000000..8365d15 --- /dev/null +++ b/pkg/apis/policybinding/v1alpha1/doc.go @@ -0,0 +1,23 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +k8s:openapi-gen=true +// +groupName=policybinding.t000-n.de +// +groupGoName=PolicyBinding + +// Package v1alpha1 is the v1alpha1 version of the policybinding API. +package v1alpha1 diff --git a/pkg/apis/policybinding/v1alpha1/types.go b/pkg/apis/policybinding/v1alpha1/types.go new file mode 100644 index 0000000..a7b969c --- /dev/null +++ b/pkg/apis/policybinding/v1alpha1/types.go @@ -0,0 +1,54 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +kubebuilder:subresource:status +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type PolicyBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec PolicyBindingSpec `json:"spec"` + Status PolicyBindingStatus `json:"status"` +} + +type PolicyBindingSpec struct { + Policy string `json:"policy,omitempty"` + Group string `json:"group,omitempty"` + User int32 `json:"user,omitempty"` + Target string `json:"target"` + Order int32 `json:"order"` +} + +type PolicyBindingStatus struct { + PK string `json:"pk"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type PolicyBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + + Items []PolicyBinding `json:"items"` +} diff --git a/pkg/apis/policybinding/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policybinding/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000..d41615b --- /dev/null +++ b/pkg/apis/policybinding/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,119 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBinding) DeepCopyInto(out *PolicyBinding) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBinding. +func (in *PolicyBinding) DeepCopy() *PolicyBinding { + if in == nil { + return nil + } + out := new(PolicyBinding) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyBinding) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingList) DeepCopyInto(out *PolicyBindingList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PolicyBinding, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingList. +func (in *PolicyBindingList) DeepCopy() *PolicyBindingList { + if in == nil { + return nil + } + out := new(PolicyBindingList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyBindingList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingSpec) DeepCopyInto(out *PolicyBindingSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingSpec. +func (in *PolicyBindingSpec) DeepCopy() *PolicyBindingSpec { + if in == nil { + return nil + } + out := new(PolicyBindingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyBindingStatus) DeepCopyInto(out *PolicyBindingStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyBindingStatus. +func (in *PolicyBindingStatus) DeepCopy() *PolicyBindingStatus { + if in == nil { + return nil + } + out := new(PolicyBindingStatus) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apis/policybinding/v1alpha1/zz_generated.register.go b/pkg/apis/policybinding/v1alpha1/zz_generated.register.go new file mode 100644 index 0000000..3aaa79a --- /dev/null +++ b/pkg/apis/policybinding/v1alpha1/zz_generated.register.go @@ -0,0 +1,71 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by register-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName specifies the group name used to register the objects. +const GroupName = "policybinding.t000-n.de" + +// GroupVersion specifies the group and the version used to register the objects. +var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// SchemeGroupVersion is group version used to register these objects +// +// Deprecated: use GroupVersion instead. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + // Deprecated: use Install instead + AddToScheme = localSchemeBuilder.AddToScheme + Install = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &PolicyBinding{}, + &PolicyBindingList{}, + ) + // AddToGroupVersion allows the serialization of client types like ListOptions. + v1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/pkg/controllers/policybinding/controller.go b/pkg/controllers/policybinding/controller.go new file mode 100644 index 0000000..e0fbbc0 --- /dev/null +++ b/pkg/controllers/policybinding/controller.go @@ -0,0 +1,295 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package policybinding + +import ( + "context" + "fmt" + "net/http" + "slices" + "time" + + "golang.org/x/time/rate" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" + typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/client-go/tools/cache" + "k8s.io/client-go/tools/record" + "k8s.io/client-go/util/workqueue" + "k8s.io/klog/v2" + + v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + clientset "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned" + operatorscheme "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/scheme" + informers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/policybinding/v1alpha1" + listers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/listers/policybinding/v1alpha1" + authentikapi "goauthentik.io/api/v3" +) + +const controllerAgentName = "policybinding-controller" + +const ( + SuccessSynced = "Synced" + ErrResourceExists = "ErrResourceExists" + MessageResourceExists = "Resource %q already exists and is not managed by PolicyBinding" + MessageResourceSynced = "PolicyBinding synced successfully" + FieldManager = controllerAgentName +) + +// Finalizers +const ( + DeleteAuthentikPolicyBindingFinalizer = "policybinding.t000-n.de/delete-authentik-policybinding" +) + +type Controller struct { + kubeclientset kubernetes.Interface + policyBindingClientset clientset.Interface + authentik *authentikapi.APIClient + + policyBindingListener listers.PolicyBindingLister + policyBindingSynced cache.InformerSynced + + workqueue workqueue.TypedRateLimitingInterface[cache.ObjectName] + recorder record.EventRecorder +} + +func NewController( + ctx context.Context, + kubeclientset kubernetes.Interface, + policyBindingClientset clientset.Interface, + authentik *authentikapi.APIClient, + policyBindingInformer informers.PolicyBindingInformer, +) *Controller { + logger := klog.FromContext(ctx) + + utilruntime.Must(operatorscheme.AddToScheme(scheme.Scheme)) + logger.V(4).Info("Creating event broadcaster") + + eventBroadcaster := record.NewBroadcaster(record.WithContext(ctx)) + eventBroadcaster.StartStructuredLogging(0) + eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: kubeclientset.CoreV1().Events("")}) + recorder := eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: controllerAgentName}) + ratelimiter := workqueue.NewTypedMaxOfRateLimiter( + workqueue.NewTypedItemExponentialFailureRateLimiter[cache.ObjectName](5*time.Millisecond, 1000*time.Second), + &workqueue.TypedBucketRateLimiter[cache.ObjectName]{Limiter: rate.NewLimiter(rate.Limit(50), 300)}, + ) + + c := &Controller{ + kubeclientset: kubeclientset, + policyBindingClientset: policyBindingClientset, + authentik: authentik, + policyBindingListener: policyBindingInformer.Lister(), + policyBindingSynced: policyBindingInformer.Informer().HasSynced, + workqueue: workqueue.NewTypedRateLimitingQueue(ratelimiter), + recorder: recorder, + } + + logger.Info("Setting up event handlers") + policyBindingInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: c.enqueuePolicyBinding, + UpdateFunc: func(_, newObj interface{}) { + c.enqueuePolicyBinding(newObj) + }, + }) + + return c +} + +func (c *Controller) Run(ctx context.Context, workers int) error { + defer utilruntime.HandleCrash() + defer c.workqueue.ShutDown() + logger := klog.FromContext(ctx) + + logger.Info("Starting PolicyBinding controller") + + logger.Info("Waiting for informer caches to sync") + if ok := cache.WaitForCacheSync(ctx.Done(), c.policyBindingSynced); !ok { + return fmt.Errorf("failed to wait for caches to sync") + } + + logger.Info("Starting workers", "count", workers) + for i := 0; i < workers; i++ { + go wait.UntilWithContext(ctx, c.runWorker, time.Second) + } + + logger.Info("Started workers") + <-ctx.Done() + logger.Info("Shutting down workers") + return nil +} + +func (c *Controller) runWorker(ctx context.Context) { + for c.processNextWorkItem(ctx) { + } +} + +func (c *Controller) processNextWorkItem(ctx context.Context) bool { + objRef, shutdown := c.workqueue.Get() + logger := klog.FromContext(ctx) + if shutdown { + return false + } + defer c.workqueue.Done(objRef) + + err := c.syncHandler(ctx, objRef) + if err == nil { + c.workqueue.Forget(objRef) + logger.Info("Successfully synced", "objectName", objRef) + return true + } + utilruntime.HandleErrorWithContext(ctx, err, "Error syncing; requeuing for later retry", "objectReference", objRef) + c.workqueue.AddRateLimited(objRef) + return true +} + +func (c *Controller) syncHandler(ctx context.Context, objectRef cache.ObjectName) error { + logger := klog.LoggerWithValues(klog.FromContext(ctx), "objectRef", objectRef) + + pb, err := c.policyBindingListener.PolicyBindings(objectRef.Namespace).Get(objectRef.Name) + if err != nil { + if errors.IsNotFound(err) { + logger.V(4).Info("PolicyBinding no longer exists") + return nil + } + return err + } + logger.V(4).Info("sync PolicyBinding", "name", pb.Name) + + if !pb.ObjectMeta.DeletionTimestamp.IsZero() { + logger.Info("Reconciling deletion of PolicyBinding", "name", pb.Name) + return c.reconcileDelete(ctx, pb) + } + + if pb.Status.PK == "" { + logger.Info("Reconciling creation of PolicyBinding", "name", pb.Name) + return c.reconcileCreate(ctx, pb) + } + + // Check if all finalizers are present. If not, we add them. Same pattern as above, just needs a helper function to check for presence of a finalizer. + if !slices.Contains(pb.ObjectMeta.Finalizers, DeleteAuthentikPolicyBindingFinalizer) { + logger.Info("Ensuring finalizers are present", "name", pb.Name) + return c.ensureFinalizers(ctx, pb) + } + + logger.Info("Reconciling update of PolicyBinding", "name", pb.Name) + return c.reconcileUpdate(ctx, pb) +} + +func (c *Controller) ensureFinalizers(ctx context.Context, pb *v1alpha1.PolicyBinding) error { + pb.ObjectMeta.Finalizers = append(pb.ObjectMeta.Finalizers, DeleteAuthentikPolicyBindingFinalizer) + return c.updatePolicyBinding(ctx, pb) +} + +func (c *Controller) reconcileDelete(ctx context.Context, pb *v1alpha1.PolicyBinding) error { + r, err := c.authentik.PoliciesApi.PoliciesBindingsDestroy(ctx, pb.Status.PK).Execute() + if err != nil { + // This handles an edge-case, where when the PolicyBinding on Authentik has already been deleted, but the finalizer is still present. We just remove the finalizer and return. + if r != nil && r.StatusCode != http.StatusNotFound { + return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsDestroy`: %w with response %v", err, r) + } + } + + pb.ObjectMeta.Finalizers = slices.Delete(pb.ObjectMeta.Finalizers, slices.Index(pb.ObjectMeta.Finalizers, DeleteAuthentikPolicyBindingFinalizer), 1) + return c.updatePolicyBinding(ctx, pb) +} + +func (c *Controller) reconcileUpdate(ctx context.Context, pb *v1alpha1.PolicyBinding) error { + _, r, err := c.authentik.PoliciesApi.PoliciesBindingsRetrieve(ctx, pb.Status.PK).Execute() + if err != nil { + if r != nil && r.StatusCode == http.StatusNotFound { + // This handles an edge-case, where when the PolicyBinding on Authentik has been deleted, e.g. by mistake. We just remove the PK and return. + // During the next reconciliation, the PolicyBinding will be re-created. + pb.Status.PK = "" + return c.updatePolicyBindingStatus(ctx, pb) + } + return fmt.Errorf("error retrieving existing PolicyBinding: %v with response %v", err, r) + } + + patchedPolicyBindingRequest := &authentikapi.PatchedPolicyBindingRequest{ + Target: &pb.Spec.Target, + Order: &pb.Spec.Order, + } + if pb.Spec.Policy != "" { + patchedPolicyBindingRequest.SetPolicy(pb.Spec.Policy) + } + if pb.Spec.Group != "" { + patchedPolicyBindingRequest.SetGroup(pb.Spec.Group) + } + if pb.Spec.User != 0 { + patchedPolicyBindingRequest.SetUser(pb.Spec.User) + } + + resp, r, err := c.authentik.PoliciesApi.PoliciesBindingsPartialUpdate(ctx, pb.Status.PK).PatchedPolicyBindingRequest(*patchedPolicyBindingRequest).Execute() + if err != nil { + return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsPartialUpdate`: %w with response %v", err, r) + } + + pb.Status.PK = resp.Pk + return c.updatePolicyBindingStatus(ctx, pb) +} + +func (c *Controller) reconcileCreate(ctx context.Context, pb *v1alpha1.PolicyBinding) error { + policyBindingRequest := &authentikapi.PolicyBindingRequest{ + Target: pb.Spec.Target, + Order: pb.Spec.Order, + } + if pb.Spec.Policy != "" { + policyBindingRequest.SetPolicy(pb.Spec.Policy) + } + if pb.Spec.Group != "" { + policyBindingRequest.SetGroup(pb.Spec.Group) + } + if pb.Spec.User != 0 { + policyBindingRequest.SetUser(pb.Spec.User) + } + + resp, r, err := c.authentik.PoliciesApi.PoliciesBindingsCreate(ctx).PolicyBindingRequest(*policyBindingRequest).Execute() + if err != nil { + return fmt.Errorf("error when calling `PoliciesAPI.PoliciesBindingsCreate`: %w with response %v", err, r) + } + + pb.Status.PK = resp.Pk + return c.updatePolicyBindingStatus(ctx, pb) +} + +func (c *Controller) enqueuePolicyBinding(obj interface{}) { + objectRef, err := cache.ObjectToName(obj) + if err != nil { + utilruntime.HandleError(err) + return + } + c.workqueue.Add(objectRef) +} + +func (c *Controller) updatePolicyBindingStatus(ctx context.Context, pb *v1alpha1.PolicyBinding) error { + pbCopy := pb.DeepCopy() + _, err := c.policyBindingClientset.PolicyBindingV1alpha1().PolicyBindings(pbCopy.Namespace).UpdateStatus(ctx, pbCopy, metav1.UpdateOptions{FieldManager: FieldManager}) + return err +} + +// Update metadata, spec, etc. of the PolicyBinding object. +func (c *Controller) updatePolicyBinding(ctx context.Context, pb *v1alpha1.PolicyBinding) error { + pbCopy := pb.DeepCopy() + _, err := c.policyBindingClientset.PolicyBindingV1alpha1().PolicyBindings(pbCopy.Namespace).Update(ctx, pbCopy, metav1.UpdateOptions{FieldManager: FieldManager}) + return err +} diff --git a/pkg/controllers/policybinding/controller_test.go b/pkg/controllers/policybinding/controller_test.go new file mode 100644 index 0000000..ad9abee --- /dev/null +++ b/pkg/controllers/policybinding/controller_test.go @@ -0,0 +1,363 @@ +// AI generated tests and not yet reviewed. +package policybinding + +import ( + "context" + "encoding/json" + "net/http" + "net/http/httptest" + "net/url" + "slices" + "strings" + "testing" + + v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + operatorfake "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/fake" + operatorinformers "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions" + authentikapi "goauthentik.io/api/v3" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/client-go/tools/cache" +) + +func TestController_syncHandler_create(t *testing.T) { + const wantPK = "42" + + server := newAuthentikTestServer(t, authentikTestHandlers{ + policyBindingCreate: func(w http.ResponseWriter, _ *http.Request) { + writeJSON(t, w, http.StatusCreated, map[string]any{"pk": wantPK}) + }, + }) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, testPolicyBinding(), server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: "default", Name: "test-pb"}) + if err != nil { + t.Fatalf("syncHandler() error = %v", err) + } + + got := getPolicyBinding(t, ctrl, "default", "test-pb") + if got.Status.PK != wantPK { + t.Fatalf("status.pk = %q, want %q", got.Status.PK, wantPK) + } +} + +func TestController_syncHandler_ensureFinalizers(t *testing.T) { + pb := testPolicyBinding() + pb.Status.PK = "42" + + server := newAuthentikTestServer(t, authentikTestHandlers{}) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, pb, server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pb.Namespace, Name: pb.Name}) + if err != nil { + t.Fatalf("syncHandler() error = %v", err) + } + + got := getPolicyBinding(t, ctrl, pb.Namespace, pb.Name) + if !slices.Contains(got.Finalizers, DeleteAuthentikPolicyBindingFinalizer) { + t.Fatalf("finalizers = %v, want %q", got.Finalizers, DeleteAuthentikPolicyBindingFinalizer) + } +} + +func TestController_syncHandler_update(t *testing.T) { + pb := testPolicyBinding() + pb.Status.PK = "42" + pb.Finalizers = []string{DeleteAuthentikPolicyBindingFinalizer} + + server := newAuthentikTestServer(t, authentikTestHandlers{ + policyBindingRetrieve: func(w http.ResponseWriter, _ *http.Request) { + writeJSON(t, w, http.StatusOK, map[string]any{"pk": "42"}) + }, + policyBindingPartialUpdate: func(w http.ResponseWriter, _ *http.Request) { + writeJSON(t, w, http.StatusOK, map[string]any{"pk": "42"}) + }, + }) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, pb, server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pb.Namespace, Name: pb.Name}) + if err != nil { + t.Fatalf("syncHandler() error = %v", err) + } + + got := getPolicyBinding(t, ctrl, pb.Namespace, pb.Name) + if got.Status.PK != "42" { + t.Fatalf("status.pk = %q, want 42", got.Status.PK) + } +} + +func TestController_syncHandler_update_policyBindingNotFound(t *testing.T) { + pb := testPolicyBinding() + pb.Status.PK = "42" + pb.Finalizers = []string{DeleteAuthentikPolicyBindingFinalizer} + + server := newAuthentikTestServer(t, authentikTestHandlers{ + policyBindingRetrieve: func(w http.ResponseWriter, _ *http.Request) { + http.NotFound(w, nil) + }, + }) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, pb, server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pb.Namespace, Name: pb.Name}) + if err != nil { + t.Fatalf("syncHandler() error = %v", err) + } + + got := getPolicyBinding(t, ctrl, pb.Namespace, pb.Name) + if got.Status.PK != "" { + t.Fatalf("status.pk = %q, want empty after policy binding not found", got.Status.PK) + } +} + +func TestController_syncHandler_delete(t *testing.T) { + now := metav1.Now() + pb := testPolicyBinding() + pb.Status.PK = "42" + pb.DeletionTimestamp = &now + pb.Finalizers = []string{DeleteAuthentikPolicyBindingFinalizer} + + var destroyCalled bool + server := newAuthentikTestServer(t, authentikTestHandlers{ + policyBindingDestroy: func(w http.ResponseWriter, r *http.Request) { + destroyCalled = true + if r.Method != http.MethodDelete { + t.Errorf("destroy method = %s, want DELETE", r.Method) + } + w.WriteHeader(http.StatusNoContent) + }, + }) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, pb, server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pb.Namespace, Name: pb.Name}) + if err != nil { + t.Fatalf("syncHandler() error = %v", err) + } + if !destroyCalled { + t.Fatal("expected Authentik destroy call") + } + + got := getPolicyBinding(t, ctrl, pb.Namespace, pb.Name) + if slices.Contains(got.Finalizers, DeleteAuthentikPolicyBindingFinalizer) { + t.Fatalf("finalizers = %v, want finalizer removed", got.Finalizers) + } +} + +func TestController_syncHandler_delete_policyBindingAlreadyGone(t *testing.T) { + now := metav1.Now() + pb := testPolicyBinding() + pb.Status.PK = "42" + pb.DeletionTimestamp = &now + pb.Finalizers = []string{DeleteAuthentikPolicyBindingFinalizer} + + server := newAuthentikTestServer(t, authentikTestHandlers{ + policyBindingDestroy: func(w http.ResponseWriter, _ *http.Request) { + http.NotFound(w, nil) + }, + }) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, pb, server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: pb.Namespace, Name: pb.Name}) + if err != nil { + t.Fatalf("syncHandler() error = %v", err) + } + + got := getPolicyBinding(t, ctrl, pb.Namespace, pb.Name) + if slices.Contains(got.Finalizers, DeleteAuthentikPolicyBindingFinalizer) { + t.Fatalf("finalizers = %v, want finalizer removed after 404", got.Finalizers) + } +} + +func TestController_syncHandler_notFound(t *testing.T) { + server := newAuthentikTestServer(t, authentikTestHandlers{}) + t.Cleanup(server.Close) + + ctrl, ctx, cancel := newTestController(t, nil, server.URL) + t.Cleanup(cancel) + + err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: "default", Name: "missing"}) + if err != nil { + t.Fatalf("syncHandler() error = %v, want nil for missing object", err) + } +} + +func TestController_enqueuePolicyBinding(t *testing.T) { + server := newAuthentikTestServer(t, authentikTestHandlers{}) + t.Cleanup(server.Close) + + ctrl, _, cancel := newTestController(t, testPolicyBinding(), server.URL) + t.Cleanup(cancel) + + ctrl.enqueuePolicyBinding(testPolicyBinding()) + + if ctrl.workqueue.Len() != 1 { + t.Fatalf("workqueue length = %d, want 1", ctrl.workqueue.Len()) + } +} + +// --- test helpers --- + +func testPolicyBinding() *v1alpha1.PolicyBinding { + return &v1alpha1.PolicyBinding{ + TypeMeta: metav1.TypeMeta{ + APIVersion: v1alpha1.SchemeGroupVersion.String(), + Kind: "PolicyBinding", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test-pb", + Namespace: "default", + }, + Spec: v1alpha1.PolicyBindingSpec{ + Group: "14ab813f-a7f9-481b-9b08-781953ae9ebf", + Target: "8dd85627-9c48-49c2-8afc-d73dd122ffc2", + Order: 1, + }, + } +} + +func newTestController(t *testing.T, pb *v1alpha1.PolicyBinding, authentikURL string) (*Controller, context.Context, context.CancelFunc) { + t.Helper() + ctx, cancel := context.WithCancel(context.Background()) + ctrl, _, stop := newTestControllerWithContext(t, ctx, pb, authentikURL) + return ctrl, ctx, func() { + cancel() + stop() + } +} + +func newTestControllerWithContext(t *testing.T, ctx context.Context, pb *v1alpha1.PolicyBinding, authentikURL string) (*Controller, context.Context, func()) { + t.Helper() + + authentikClient := newAuthentikAPIClientForTest(t, authentikURL) + + var objects []runtime.Object + if pb != nil { + objects = append(objects, pb) + } + policyBindingClient := operatorfake.NewSimpleClientset(objects...) + + informerFactory := operatorinformers.NewSharedInformerFactory(policyBindingClient, 0) + policyBindingInformer := informerFactory.PolicyBinding().V1alpha1().PolicyBindings() + + ctrl := NewController(ctx, fake.NewClientset(), policyBindingClient, authentikClient, policyBindingInformer) + + informerFactory.Start(ctx.Done()) + for informerType, synced := range informerFactory.WaitForCacheSync(ctx.Done()) { + if !synced { + t.Fatalf("informer %v failed to sync", informerType) + } + } + + return ctrl, ctx, func() {} +} + +func newAuthentikAPIClientForTest(t *testing.T, serverURL string) *authentikapi.APIClient { + t.Helper() + + u, err := url.Parse(serverURL) + if err != nil { + t.Fatalf("parse server URL: %v", err) + } + + cfg := authentikapi.NewConfiguration() + cfg.Scheme = u.Scheme + cfg.Host = u.Host + + return authentikapi.NewAPIClient(cfg) +} + +type authentikTestHandlers struct { + policyBindingCreate http.HandlerFunc + policyBindingRetrieve http.HandlerFunc + policyBindingPartialUpdate http.HandlerFunc + policyBindingDestroy http.HandlerFunc +} + +func newAuthentikTestServer(t *testing.T, handlers authentikTestHandlers) *httptest.Server { + t.Helper() + + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + path := r.URL.Path + + switch { + case path == "/api/v3/policies/bindings/" && r.Method == http.MethodPost: + if handlers.policyBindingCreate != nil { + handlers.policyBindingCreate(w, r) + return + } + http.NotFound(w, r) + + case strings.HasPrefix(path, "/api/v3/policies/bindings/") && strings.HasSuffix(path, "/"): + idPath := strings.TrimPrefix(path, "/api/v3/policies/bindings/") + if idPath == "" { + http.NotFound(w, r) + return + } + switch r.Method { + case http.MethodGet: + if handlers.policyBindingRetrieve != nil { + handlers.policyBindingRetrieve(w, r) + return + } + http.NotFound(w, r) + case http.MethodPatch: + if handlers.policyBindingPartialUpdate != nil { + handlers.policyBindingPartialUpdate(w, r) + return + } + http.NotFound(w, r) + case http.MethodDelete: + if handlers.policyBindingDestroy != nil { + handlers.policyBindingDestroy(w, r) + return + } + http.NotFound(w, r) + default: + http.Error(w, "unexpected method on policy binding instance", http.StatusMethodNotAllowed) + } + + default: + http.NotFound(w, r) + } + }) + + return httptest.NewServer(handler) +} + +func writeJSON(t *testing.T, w http.ResponseWriter, status int, body any) { + t.Helper() + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + if err := json.NewEncoder(w).Encode(body); err != nil { + t.Fatalf("write JSON response: %v", err) + } +} + +func getPolicyBinding(t *testing.T, ctrl *Controller, namespace, name string) *v1alpha1.PolicyBinding { + t.Helper() + + got, err := ctrl.policyBindingClientset.PolicyBindingV1alpha1().PolicyBindings(namespace).Get( + context.Background(), name, metav1.GetOptions{}, + ) + if err != nil { + t.Fatalf("get PolicyBinding: %v", err) + } + return got +} diff --git a/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybinding.go b/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybinding.go new file mode 100644 index 0000000..7102c15 --- /dev/null +++ b/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybinding.go @@ -0,0 +1,243 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// PolicyBindingApplyConfiguration represents a declarative configuration of the PolicyBinding type for use +// with apply. +type PolicyBindingApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:""` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *PolicyBindingSpecApplyConfiguration `json:"spec,omitempty"` + Status *PolicyBindingStatusApplyConfiguration `json:"status,omitempty"` +} + +// PolicyBinding constructs a declarative configuration of the PolicyBinding type for use with +// apply. +func PolicyBinding(name, namespace string) *PolicyBindingApplyConfiguration { + b := &PolicyBindingApplyConfiguration{} + b.WithName(name) + b.WithNamespace(namespace) + b.WithKind("PolicyBinding") + b.WithAPIVersion("policybinding.t000-n.de/v1alpha1") + return b +} + +func (b PolicyBindingApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithKind(value string) *PolicyBindingApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithAPIVersion(value string) *PolicyBindingApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithName(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithGenerateName(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithNamespace(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithUID(value types.UID) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithResourceVersion(value string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithGeneration(value int64) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithCreationTimestamp(value metav1.Time) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *PolicyBindingApplyConfiguration) WithLabels(entries map[string]string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *PolicyBindingApplyConfiguration) WithAnnotations(entries map[string]string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *PolicyBindingApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *PolicyBindingApplyConfiguration) WithFinalizers(values ...string) *PolicyBindingApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *PolicyBindingApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithSpec(value *PolicyBindingSpecApplyConfiguration) *PolicyBindingApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *PolicyBindingApplyConfiguration) WithStatus(value *PolicyBindingStatusApplyConfiguration) *PolicyBindingApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *PolicyBindingApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *PolicyBindingApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *PolicyBindingApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *PolicyBindingApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingspec.go b/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingspec.go new file mode 100644 index 0000000..2405b59 --- /dev/null +++ b/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingspec.go @@ -0,0 +1,75 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyBindingSpecApplyConfiguration represents a declarative configuration of the PolicyBindingSpec type for use +// with apply. +type PolicyBindingSpecApplyConfiguration struct { + Policy *string `json:"policy,omitempty"` + Group *string `json:"group,omitempty"` + User *int32 `json:"user,omitempty"` + Target *string `json:"target,omitempty"` + Order *int32 `json:"order,omitempty"` +} + +// PolicyBindingSpecApplyConfiguration constructs a declarative configuration of the PolicyBindingSpec type for use with +// apply. +func PolicyBindingSpec() *PolicyBindingSpecApplyConfiguration { + return &PolicyBindingSpecApplyConfiguration{} +} + +// WithPolicy sets the Policy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Policy field is set to the value of the last call. +func (b *PolicyBindingSpecApplyConfiguration) WithPolicy(value string) *PolicyBindingSpecApplyConfiguration { + b.Policy = &value + return b +} + +// WithGroup sets the Group field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Group field is set to the value of the last call. +func (b *PolicyBindingSpecApplyConfiguration) WithGroup(value string) *PolicyBindingSpecApplyConfiguration { + b.Group = &value + return b +} + +// WithUser sets the User field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the User field is set to the value of the last call. +func (b *PolicyBindingSpecApplyConfiguration) WithUser(value int32) *PolicyBindingSpecApplyConfiguration { + b.User = &value + return b +} + +// WithTarget sets the Target field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Target field is set to the value of the last call. +func (b *PolicyBindingSpecApplyConfiguration) WithTarget(value string) *PolicyBindingSpecApplyConfiguration { + b.Target = &value + return b +} + +// WithOrder sets the Order field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Order field is set to the value of the last call. +func (b *PolicyBindingSpecApplyConfiguration) WithOrder(value int32) *PolicyBindingSpecApplyConfiguration { + b.Order = &value + return b +} diff --git a/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingstatus.go b/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingstatus.go new file mode 100644 index 0000000..6050fb9 --- /dev/null +++ b/pkg/generated/applyconfiguration/policybinding/v1alpha1/policybindingstatus.go @@ -0,0 +1,39 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyBindingStatusApplyConfiguration represents a declarative configuration of the PolicyBindingStatus type for use +// with apply. +type PolicyBindingStatusApplyConfiguration struct { + PK *string `json:"pk,omitempty"` +} + +// PolicyBindingStatusApplyConfiguration constructs a declarative configuration of the PolicyBindingStatus type for use with +// apply. +func PolicyBindingStatus() *PolicyBindingStatusApplyConfiguration { + return &PolicyBindingStatusApplyConfiguration{} +} + +// WithPK sets the PK field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PK field is set to the value of the last call. +func (b *PolicyBindingStatusApplyConfiguration) WithPK(value string) *PolicyBindingStatusApplyConfiguration { + b.PK = &value + return b +} diff --git a/pkg/generated/applyconfiguration/utils.go b/pkg/generated/applyconfiguration/utils.go index 6ad5a3c..eb1f914 100644 --- a/pkg/generated/applyconfiguration/utils.go +++ b/pkg/generated/applyconfiguration/utils.go @@ -20,9 +20,11 @@ package applyconfiguration import ( v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" proxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1" applicationv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/applyconfiguration/application/v1alpha1" internal "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/applyconfiguration/internal" + applyconfigurationpolicybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/applyconfiguration/policybinding/v1alpha1" applyconfigurationproxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/applyconfiguration/proxyprovider/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -41,6 +43,14 @@ func ForKind(kind schema.GroupVersionKind) interface{} { case v1alpha1.SchemeGroupVersion.WithKind("ApplicationStatus"): return &applicationv1alpha1.ApplicationStatusApplyConfiguration{} + // Group=policybinding.t000-n.de, Version=v1alpha1 + case policybindingv1alpha1.SchemeGroupVersion.WithKind("PolicyBinding"): + return &applyconfigurationpolicybindingv1alpha1.PolicyBindingApplyConfiguration{} + case policybindingv1alpha1.SchemeGroupVersion.WithKind("PolicyBindingSpec"): + return &applyconfigurationpolicybindingv1alpha1.PolicyBindingSpecApplyConfiguration{} + case policybindingv1alpha1.SchemeGroupVersion.WithKind("PolicyBindingStatus"): + return &applyconfigurationpolicybindingv1alpha1.PolicyBindingStatusApplyConfiguration{} + // Group=proxyprovider.t000-n.de, Version=v1alpha1 case proxyproviderv1alpha1.SchemeGroupVersion.WithKind("ProxyProvider"): return &applyconfigurationproxyproviderv1alpha1.ProxyProviderApplyConfiguration{} diff --git a/pkg/generated/clientset/versioned/clientset.go b/pkg/generated/clientset/versioned/clientset.go index b11cdcd..abed1ed 100644 --- a/pkg/generated/clientset/versioned/clientset.go +++ b/pkg/generated/clientset/versioned/clientset.go @@ -23,6 +23,7 @@ import ( http "net/http" applicationv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/application/v1alpha1" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1" proxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/proxyprovider/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -32,6 +33,7 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface ApplicationV1alpha1() applicationv1alpha1.ApplicationV1alpha1Interface + PolicyBindingV1alpha1() policybindingv1alpha1.PolicyBindingV1alpha1Interface ProxyproviderV1alpha1() proxyproviderv1alpha1.ProxyproviderV1alpha1Interface } @@ -39,6 +41,7 @@ type Interface interface { type Clientset struct { *discovery.DiscoveryClient applicationV1alpha1 *applicationv1alpha1.ApplicationV1alpha1Client + policyBindingV1alpha1 *policybindingv1alpha1.PolicyBindingV1alpha1Client proxyproviderV1alpha1 *proxyproviderv1alpha1.ProxyproviderV1alpha1Client } @@ -47,6 +50,11 @@ func (c *Clientset) ApplicationV1alpha1() applicationv1alpha1.ApplicationV1alpha return c.applicationV1alpha1 } +// PolicyBindingV1alpha1 retrieves the PolicyBindingV1alpha1Client +func (c *Clientset) PolicyBindingV1alpha1() policybindingv1alpha1.PolicyBindingV1alpha1Interface { + return c.policyBindingV1alpha1 +} + // ProxyproviderV1alpha1 retrieves the ProxyproviderV1alpha1Client func (c *Clientset) ProxyproviderV1alpha1() proxyproviderv1alpha1.ProxyproviderV1alpha1Interface { return c.proxyproviderV1alpha1 @@ -100,6 +108,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, if err != nil { return nil, err } + cs.policyBindingV1alpha1, err = policybindingv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } cs.proxyproviderV1alpha1, err = proxyproviderv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) if err != nil { return nil, err @@ -126,6 +138,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { func New(c rest.Interface) *Clientset { var cs Clientset cs.applicationV1alpha1 = applicationv1alpha1.New(c) + cs.policyBindingV1alpha1 = policybindingv1alpha1.New(c) cs.proxyproviderV1alpha1 = proxyproviderv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/pkg/generated/clientset/versioned/fake/clientset_generated.go b/pkg/generated/clientset/versioned/fake/clientset_generated.go index 306a548..336ba1f 100644 --- a/pkg/generated/clientset/versioned/fake/clientset_generated.go +++ b/pkg/generated/clientset/versioned/fake/clientset_generated.go @@ -23,6 +23,8 @@ import ( clientset "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned" applicationv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/application/v1alpha1" fakeapplicationv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/application/v1alpha1/fake" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1" + fakepolicybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake" proxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/proxyprovider/v1alpha1" fakeproxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/proxyprovider/v1alpha1/fake" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -143,6 +145,11 @@ func (c *Clientset) ApplicationV1alpha1() applicationv1alpha1.ApplicationV1alpha return &fakeapplicationv1alpha1.FakeApplicationV1alpha1{Fake: &c.Fake} } +// PolicyBindingV1alpha1 retrieves the PolicyBindingV1alpha1Client +func (c *Clientset) PolicyBindingV1alpha1() policybindingv1alpha1.PolicyBindingV1alpha1Interface { + return &fakepolicybindingv1alpha1.FakePolicyBindingV1alpha1{Fake: &c.Fake} +} + // ProxyproviderV1alpha1 retrieves the ProxyproviderV1alpha1Client func (c *Clientset) ProxyproviderV1alpha1() proxyproviderv1alpha1.ProxyproviderV1alpha1Interface { return &fakeproxyproviderv1alpha1.FakeProxyproviderV1alpha1{Fake: &c.Fake} diff --git a/pkg/generated/clientset/versioned/fake/register.go b/pkg/generated/clientset/versioned/fake/register.go index ec314b4..05d4c73 100644 --- a/pkg/generated/clientset/versioned/fake/register.go +++ b/pkg/generated/clientset/versioned/fake/register.go @@ -20,6 +20,7 @@ package fake import ( applicationv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" proxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -33,6 +34,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ applicationv1alpha1.AddToScheme, + policybindingv1alpha1.AddToScheme, proxyproviderv1alpha1.AddToScheme, } diff --git a/pkg/generated/clientset/versioned/scheme/register.go b/pkg/generated/clientset/versioned/scheme/register.go index d27cfec..6110c07 100644 --- a/pkg/generated/clientset/versioned/scheme/register.go +++ b/pkg/generated/clientset/versioned/scheme/register.go @@ -20,6 +20,7 @@ package scheme import ( applicationv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" proxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -33,6 +34,7 @@ var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ applicationv1alpha1.AddToScheme, + policybindingv1alpha1.AddToScheme, proxyproviderv1alpha1.AddToScheme, } diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/doc.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/doc.go new file mode 100644 index 0000000..df51baa --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/doc.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/doc.go new file mode 100644 index 0000000..16f4439 --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/doc.go @@ -0,0 +1,20 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding.go new file mode 100644 index 0000000..96f77e6 --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding.go @@ -0,0 +1,53 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/applyconfiguration/policybinding/v1alpha1" + typedpolicybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1" + gentype "k8s.io/client-go/gentype" +) + +// fakePolicyBindings implements PolicyBindingInterface +type fakePolicyBindings struct { + *gentype.FakeClientWithListAndApply[*v1alpha1.PolicyBinding, *v1alpha1.PolicyBindingList, *policybindingv1alpha1.PolicyBindingApplyConfiguration] + Fake *FakePolicyBindingV1alpha1 +} + +func newFakePolicyBindings(fake *FakePolicyBindingV1alpha1, namespace string) typedpolicybindingv1alpha1.PolicyBindingInterface { + return &fakePolicyBindings{ + gentype.NewFakeClientWithListAndApply[*v1alpha1.PolicyBinding, *v1alpha1.PolicyBindingList, *policybindingv1alpha1.PolicyBindingApplyConfiguration]( + fake.Fake, + namespace, + v1alpha1.SchemeGroupVersion.WithResource("policybindings"), + v1alpha1.SchemeGroupVersion.WithKind("PolicyBinding"), + func() *v1alpha1.PolicyBinding { return &v1alpha1.PolicyBinding{} }, + func() *v1alpha1.PolicyBindingList { return &v1alpha1.PolicyBindingList{} }, + func(dst, src *v1alpha1.PolicyBindingList) { dst.ListMeta = src.ListMeta }, + func(list *v1alpha1.PolicyBindingList) []*v1alpha1.PolicyBinding { + return gentype.ToPointerSlice(list.Items) + }, + func(list *v1alpha1.PolicyBindingList, items []*v1alpha1.PolicyBinding) { + list.Items = gentype.FromPointerSlice(items) + }, + ), + fake, + } +} diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding_client.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding_client.go new file mode 100644 index 0000000..c820a77 --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/fake/fake_policybinding_client.go @@ -0,0 +1,40 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakePolicyBindingV1alpha1 struct { + *testing.Fake +} + +func (c *FakePolicyBindingV1alpha1) PolicyBindings(namespace string) v1alpha1.PolicyBindingInterface { + return newFakePolicyBindings(c, namespace) +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakePolicyBindingV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/generated_expansion.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/generated_expansion.go new file mode 100644 index 0000000..44c7ee4 --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/generated_expansion.go @@ -0,0 +1,21 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type PolicyBindingExpansion interface{} diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding.go new file mode 100644 index 0000000..ae584d2 --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding.go @@ -0,0 +1,74 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + applyconfigurationpolicybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/applyconfiguration/policybinding/v1alpha1" + scheme "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// PolicyBindingsGetter has a method to return a PolicyBindingInterface. +// A group's client should implement this interface. +type PolicyBindingsGetter interface { + PolicyBindings(namespace string) PolicyBindingInterface +} + +// PolicyBindingInterface has methods to work with PolicyBinding resources. +type PolicyBindingInterface interface { + Create(ctx context.Context, policyBinding *policybindingv1alpha1.PolicyBinding, opts v1.CreateOptions) (*policybindingv1alpha1.PolicyBinding, error) + Update(ctx context.Context, policyBinding *policybindingv1alpha1.PolicyBinding, opts v1.UpdateOptions) (*policybindingv1alpha1.PolicyBinding, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, policyBinding *policybindingv1alpha1.PolicyBinding, opts v1.UpdateOptions) (*policybindingv1alpha1.PolicyBinding, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*policybindingv1alpha1.PolicyBinding, error) + List(ctx context.Context, opts v1.ListOptions) (*policybindingv1alpha1.PolicyBindingList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *policybindingv1alpha1.PolicyBinding, err error) + Apply(ctx context.Context, policyBinding *applyconfigurationpolicybindingv1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *policybindingv1alpha1.PolicyBinding, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, policyBinding *applyconfigurationpolicybindingv1alpha1.PolicyBindingApplyConfiguration, opts v1.ApplyOptions) (result *policybindingv1alpha1.PolicyBinding, err error) + PolicyBindingExpansion +} + +// policyBindings implements PolicyBindingInterface +type policyBindings struct { + *gentype.ClientWithListAndApply[*policybindingv1alpha1.PolicyBinding, *policybindingv1alpha1.PolicyBindingList, *applyconfigurationpolicybindingv1alpha1.PolicyBindingApplyConfiguration] +} + +// newPolicyBindings returns a PolicyBindings +func newPolicyBindings(c *PolicyBindingV1alpha1Client, namespace string) *policyBindings { + return &policyBindings{ + gentype.NewClientWithListAndApply[*policybindingv1alpha1.PolicyBinding, *policybindingv1alpha1.PolicyBindingList, *applyconfigurationpolicybindingv1alpha1.PolicyBindingApplyConfiguration]( + "policybindings", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *policybindingv1alpha1.PolicyBinding { return &policybindingv1alpha1.PolicyBinding{} }, + func() *policybindingv1alpha1.PolicyBindingList { return &policybindingv1alpha1.PolicyBindingList{} }, + ), + } +} diff --git a/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding_client.go b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding_client.go new file mode 100644 index 0000000..53ffca5 --- /dev/null +++ b/pkg/generated/clientset/versioned/typed/policybinding/v1alpha1/policybinding_client.go @@ -0,0 +1,101 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + http "net/http" + + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + scheme "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type PolicyBindingV1alpha1Interface interface { + RESTClient() rest.Interface + PolicyBindingsGetter +} + +// PolicyBindingV1alpha1Client is used to interact with features provided by the policybinding.t000-n.de group. +type PolicyBindingV1alpha1Client struct { + restClient rest.Interface +} + +func (c *PolicyBindingV1alpha1Client) PolicyBindings(namespace string) PolicyBindingInterface { + return newPolicyBindings(c, namespace) +} + +// NewForConfig creates a new PolicyBindingV1alpha1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*PolicyBindingV1alpha1Client, error) { + config := *c + setConfigDefaults(&config) + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new PolicyBindingV1alpha1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*PolicyBindingV1alpha1Client, error) { + config := *c + setConfigDefaults(&config) + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &PolicyBindingV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new PolicyBindingV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *PolicyBindingV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new PolicyBindingV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *PolicyBindingV1alpha1Client { + return &PolicyBindingV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) { + gv := policybindingv1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = rest.CodecFactoryForGeneratedClient(scheme.Scheme, scheme.Codecs).WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *PolicyBindingV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/generated/informers/externalversions/factory.go b/pkg/generated/informers/externalversions/factory.go index a79e66c..49eafac 100644 --- a/pkg/generated/informers/externalversions/factory.go +++ b/pkg/generated/informers/externalversions/factory.go @@ -27,6 +27,7 @@ import ( versioned "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned" application "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/application" internalinterfaces "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/internalinterfaces" + policybinding "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/policybinding" proxyprovider "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/proxyprovider" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -327,6 +328,7 @@ type SharedInformerFactory interface { InformerFor(obj runtime.Object, newFunc internalinterfaces.NewInformerFunc) cache.SharedIndexInformer Application() application.Interface + PolicyBinding() policybinding.Interface Proxyprovider() proxyprovider.Interface } @@ -334,6 +336,10 @@ func (f *sharedInformerFactory) Application() application.Interface { return application.New(f, f.namespace, f.tweakListOptions) } +func (f *sharedInformerFactory) PolicyBinding() policybinding.Interface { + return policybinding.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Proxyprovider() proxyprovider.Interface { return proxyprovider.New(f, f.namespace, f.tweakListOptions) } diff --git a/pkg/generated/informers/externalversions/generic.go b/pkg/generated/informers/externalversions/generic.go index a53174c..05b5cf5 100644 --- a/pkg/generated/informers/externalversions/generic.go +++ b/pkg/generated/informers/externalversions/generic.go @@ -22,6 +22,7 @@ import ( fmt "fmt" v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" proxyproviderv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -57,6 +58,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v1alpha1.SchemeGroupVersion.WithResource("applications"): return &genericInformer{resource: resource.GroupResource(), informer: f.Application().V1alpha1().Applications().Informer()}, nil + // Group=policybinding.t000-n.de, Version=v1alpha1 + case policybindingv1alpha1.SchemeGroupVersion.WithResource("policybindings"): + return &genericInformer{resource: resource.GroupResource(), informer: f.PolicyBinding().V1alpha1().PolicyBindings().Informer()}, nil + // Group=proxyprovider.t000-n.de, Version=v1alpha1 case proxyproviderv1alpha1.SchemeGroupVersion.WithResource("proxyproviders"): return &genericInformer{resource: resource.GroupResource(), informer: f.Proxyprovider().V1alpha1().ProxyProviders().Informer()}, nil diff --git a/pkg/generated/informers/externalversions/policybinding/interface.go b/pkg/generated/informers/externalversions/policybinding/interface.go new file mode 100644 index 0000000..9bb60f7 --- /dev/null +++ b/pkg/generated/informers/externalversions/policybinding/interface.go @@ -0,0 +1,46 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package policybinding + +import ( + internalinterfaces "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/internalinterfaces" + v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/policybinding/v1alpha1" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/pkg/generated/informers/externalversions/policybinding/v1alpha1/interface.go b/pkg/generated/informers/externalversions/policybinding/v1alpha1/interface.go new file mode 100644 index 0000000..e1f9da0 --- /dev/null +++ b/pkg/generated/informers/externalversions/policybinding/v1alpha1/interface.go @@ -0,0 +1,45 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // PolicyBindings returns a PolicyBindingInformer. + PolicyBindings() PolicyBindingInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// PolicyBindings returns a PolicyBindingInformer. +func (v *version) PolicyBindings() PolicyBindingInformer { + return &policyBindingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/generated/informers/externalversions/policybinding/v1alpha1/policybinding.go b/pkg/generated/informers/externalversions/policybinding/v1alpha1/policybinding.go new file mode 100644 index 0000000..305a62d --- /dev/null +++ b/pkg/generated/informers/externalversions/policybinding/v1alpha1/policybinding.go @@ -0,0 +1,116 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + time "time" + + apispolicybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + versioned "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned" + internalinterfaces "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/informers/externalversions/internalinterfaces" + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/listers/policybinding/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + schema "k8s.io/apimachinery/pkg/runtime/schema" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// PolicyBindingInformer provides access to a shared informer and lister for +// PolicyBindings. +type PolicyBindingInformer interface { + Informer() cache.SharedIndexInformer + Lister() policybindingv1alpha1.PolicyBindingLister +} + +type policyBindingInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyBindingInformer constructs a new informer for PolicyBinding type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyBindingInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewPolicyBindingInformerWithOptions(client, namespace, internalinterfaces.InformerOptions{ResyncPeriod: resyncPeriod, Indexers: indexers}) +} + +// NewFilteredPolicyBindingInformer constructs a new informer for PolicyBinding type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyBindingInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return NewPolicyBindingInformerWithOptions(client, namespace, internalinterfaces.InformerOptions{ResyncPeriod: resyncPeriod, Indexers: indexers, TweakListOptions: tweakListOptions}) +} + +// NewPolicyBindingInformerWithOptions constructs a new informer for PolicyBinding type with additional options. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyBindingInformerWithOptions(client versioned.Interface, namespace string, options internalinterfaces.InformerOptions) cache.SharedIndexInformer { + gvr := schema.GroupVersionResource{Group: "policybinding.t000-n.de", Version: "v1alpha1", Resource: "policybindings"} + identifier := options.InformerName.WithResource(gvr) + tweakListOptions := options.TweakListOptions + return cache.NewSharedIndexInformerWithOptions( + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ + ListFunc: func(opts v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&opts) + } + return client.PolicyBindingV1alpha1().PolicyBindings(namespace).List(context.Background(), opts) + }, + WatchFunc: func(opts v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&opts) + } + return client.PolicyBindingV1alpha1().PolicyBindings(namespace).Watch(context.Background(), opts) + }, + ListWithContextFunc: func(ctx context.Context, opts v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&opts) + } + return client.PolicyBindingV1alpha1().PolicyBindings(namespace).List(ctx, opts) + }, + WatchFuncWithContext: func(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&opts) + } + return client.PolicyBindingV1alpha1().PolicyBindings(namespace).Watch(ctx, opts) + }, + }, client), + &apispolicybindingv1alpha1.PolicyBinding{}, + cache.SharedIndexInformerOptions{ + ResyncPeriod: options.ResyncPeriod, + Indexers: options.Indexers, + Identifier: identifier, + }, + ) +} + +func (f *policyBindingInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewPolicyBindingInformerWithOptions(client, f.namespace, internalinterfaces.InformerOptions{ResyncPeriod: resyncPeriod, Indexers: cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, InformerName: f.factory.InformerName(), TweakListOptions: f.tweakListOptions}) +} + +func (f *policyBindingInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apispolicybindingv1alpha1.PolicyBinding{}, f.defaultInformer) +} + +func (f *policyBindingInformer) Lister() policybindingv1alpha1.PolicyBindingLister { + return policybindingv1alpha1.NewPolicyBindingLister(f.Informer().GetIndexer()) +} diff --git a/pkg/generated/listers/policybinding/v1alpha1/expansion_generated.go b/pkg/generated/listers/policybinding/v1alpha1/expansion_generated.go new file mode 100644 index 0000000..84a27d5 --- /dev/null +++ b/pkg/generated/listers/policybinding/v1alpha1/expansion_generated.go @@ -0,0 +1,27 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyBindingListerExpansion allows custom methods to be added to +// PolicyBindingLister. +type PolicyBindingListerExpansion interface{} + +// PolicyBindingNamespaceListerExpansion allows custom methods to be added to +// PolicyBindingNamespaceLister. +type PolicyBindingNamespaceListerExpansion interface{} diff --git a/pkg/generated/listers/policybinding/v1alpha1/policybinding.go b/pkg/generated/listers/policybinding/v1alpha1/policybinding.go new file mode 100644 index 0000000..6f502ca --- /dev/null +++ b/pkg/generated/listers/policybinding/v1alpha1/policybinding.go @@ -0,0 +1,70 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + policybindingv1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// PolicyBindingLister helps list PolicyBindings. +// All objects returned here must be treated as read-only. +type PolicyBindingLister interface { + // List lists all PolicyBindings in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*policybindingv1alpha1.PolicyBinding, err error) + // PolicyBindings returns an object that can list and get PolicyBindings. + PolicyBindings(namespace string) PolicyBindingNamespaceLister + PolicyBindingListerExpansion +} + +// policyBindingLister implements the PolicyBindingLister interface. +type policyBindingLister struct { + listers.ResourceIndexer[*policybindingv1alpha1.PolicyBinding] +} + +// NewPolicyBindingLister returns a new PolicyBindingLister. +func NewPolicyBindingLister(indexer cache.Indexer) PolicyBindingLister { + return &policyBindingLister{listers.New[*policybindingv1alpha1.PolicyBinding](indexer, policybindingv1alpha1.Resource("policybinding"))} +} + +// PolicyBindings returns an object that can list and get PolicyBindings. +func (s *policyBindingLister) PolicyBindings(namespace string) PolicyBindingNamespaceLister { + return policyBindingNamespaceLister{listers.NewNamespaced[*policybindingv1alpha1.PolicyBinding](s.ResourceIndexer, namespace)} +} + +// PolicyBindingNamespaceLister helps list and get PolicyBindings. +// All objects returned here must be treated as read-only. +type PolicyBindingNamespaceLister interface { + // List lists all PolicyBindings in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*policybindingv1alpha1.PolicyBinding, err error) + // Get retrieves the PolicyBinding from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*policybindingv1alpha1.PolicyBinding, error) + PolicyBindingNamespaceListerExpansion +} + +// policyBindingNamespaceLister implements the PolicyBindingNamespaceLister +// interface. +type policyBindingNamespaceLister struct { + listers.ResourceIndexer[*policybindingv1alpha1.PolicyBinding] +} diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 8194544..17097fe 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -36,6 +36,10 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1.ApplicationList": schema_pkg_apis_application_v1alpha1_ApplicationList(ref), "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1.ApplicationSpec": schema_pkg_apis_application_v1alpha1_ApplicationSpec(ref), "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1.ApplicationStatus": schema_pkg_apis_application_v1alpha1_ApplicationStatus(ref), + "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBinding": schema_pkg_apis_policybinding_v1alpha1_PolicyBinding(ref), + "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingList": schema_pkg_apis_policybinding_v1alpha1_PolicyBindingList(ref), + "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingSpec": schema_pkg_apis_policybinding_v1alpha1_PolicyBindingSpec(ref), + "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingStatus": schema_pkg_apis_policybinding_v1alpha1_PolicyBindingStatus(ref), "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1.ProxyProvider": schema_pkg_apis_proxyprovider_v1alpha1_ProxyProvider(ref), "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1.ProxyProviderList": schema_pkg_apis_proxyprovider_v1alpha1_ProxyProviderList(ref), "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/proxyprovider/v1alpha1.ProxyProviderSpec": schema_pkg_apis_proxyprovider_v1alpha1_ProxyProviderSpec(ref), @@ -245,6 +249,165 @@ func schema_pkg_apis_application_v1alpha1_ApplicationStatus(ref common.Reference } } +func schema_pkg_apis_policybinding_v1alpha1_PolicyBinding(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(v1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingStatus"), + }, + }, + }, + Required: []string{"spec", "status"}, + }, + }, + Dependencies: []string{ + "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingSpec", "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBindingStatus", v1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_pkg_apis_policybinding_v1alpha1_PolicyBindingList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(v1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBinding"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/policybinding/v1alpha1.PolicyBinding", v1.ListMeta{}.OpenAPIModelName()}, + } +} + +func schema_pkg_apis_policybinding_v1alpha1_PolicyBindingSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "policy": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "group": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "user": { + SchemaProps: spec.SchemaProps{ + Type: []string{"integer"}, + Format: "int32", + }, + }, + "target": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "order": { + SchemaProps: spec.SchemaProps{ + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"target", "order"}, + }, + }, + } +} + +func schema_pkg_apis_policybinding_v1alpha1_PolicyBindingStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "pk": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"pk"}, + }, + }, + } +} + func schema_pkg_apis_proxyprovider_v1alpha1_ProxyProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{