v1alpha1

package
v0.0.33 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2024 License: Apache-2.0 Imports: 5 Imported by: 23

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the hydra v1alpha1 API group +kubebuilder:object:generate=true +groupName=hydra.ory.sh

Index

Constants

View Source 
const (
	OAuth2ClientConditionReady = "Ready"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "hydra.ory.sh", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type ConditionStatus added in v0.0.27 

type ConditionStatus string

+kubebuilder:validation:Enum=True;False;Unknown 

const (
	ConditionTrue    ConditionStatus = "True"
	ConditionFalse   ConditionStatus = "False"
	ConditionUnknown ConditionStatus = "Unknown"
)

type GrantType 

type GrantType string

GrantType represents an OAuth 2.0 grant type +kubebuilder:validation:Enum=client_credentials;authorization_code;implicit;refresh_token

type HydraAdmin added in v0.0.5 

type HydraAdmin struct {
	// +kubebuilder:validation:MaxLength=64
	// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
	//
	// URL is the URL for the hydra instance on
	// which to set up the client. This value will override the value
	// provided to `--hydra-url`
	URL string `json:"url,omitempty"`

	// +kubebuilder:validation:Maximum=65535
	//
	// Port is the port for the hydra instance on
	// which to set up the client. This value will override the value
	// provided to `--hydra-port`
	Port int `json:"port,omitempty"`

	// +kubebuilder:validation:Pattern=(^$|^/.*)
	//
	// Endpoint is the endpoint for the hydra instance on which
	// to set up the client. This value will override the value
	// provided to `--endpoint` (defaults to `"/clients"` in the
	// application)
	Endpoint string `json:"endpoint,omitempty"`

	// +kubebuilder:validation:Pattern=(^$|https?|off)
	//
	// ForwardedProto overrides the `--forwarded-proto` flag. The
	// value "off" will force this to be off even if
	// `--forwarded-proto` is specified
	ForwardedProto string `json:"forwardedProto,omitempty"`
}

HydraAdmin defines the desired hydra admin instance to use for OAuth2Client

func (*HydraAdmin) DeepCopy added in v0.0.5 

func (in *HydraAdmin) DeepCopy() *HydraAdmin

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HydraAdmin.

func (*HydraAdmin) DeepCopyInto added in v0.0.5 

func (in *HydraAdmin) DeepCopyInto(out *HydraAdmin)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OAuth2Client 

type OAuth2Client struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   OAuth2ClientSpec   `json:"spec,omitempty"`
	Status OAuth2ClientStatus `json:"status,omitempty"`
}

OAuth2Client is the Schema for the oauth2clients API

func (*OAuth2Client) DeepCopy 

func (in *OAuth2Client) DeepCopy() *OAuth2Client

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2Client.

func (*OAuth2Client) DeepCopyInto 

func (in *OAuth2Client) DeepCopyInto(out *OAuth2Client)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OAuth2Client) DeepCopyObject 

func (in *OAuth2Client) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OAuth2ClientCondition added in v0.0.27 

type OAuth2ClientCondition struct {
	Type   OAuth2ClientConditionType `json:"type"`
	Status ConditionStatus           `json:"status"`
}

OAuth2ClientCondition contains condition information for an OAuth2Client

func (*OAuth2ClientCondition) DeepCopy added in v0.0.27 

func (in *OAuth2ClientCondition) DeepCopy() *OAuth2ClientCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientCondition.

func (*OAuth2ClientCondition) DeepCopyInto added in v0.0.27 

func (in *OAuth2ClientCondition) DeepCopyInto(out *OAuth2ClientCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OAuth2ClientConditionType added in v0.0.27 

type OAuth2ClientConditionType string

type OAuth2ClientList 

type OAuth2ClientList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []OAuth2Client `json:"items"`
}

OAuth2ClientList contains a list of OAuth2Client

func (*OAuth2ClientList) DeepCopy 

func (in *OAuth2ClientList) DeepCopy() *OAuth2ClientList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientList.

func (*OAuth2ClientList) DeepCopyInto 

func (in *OAuth2ClientList) DeepCopyInto(out *OAuth2ClientList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*OAuth2ClientList) DeepCopyObject 

func (in *OAuth2ClientList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type OAuth2ClientSpec 

type OAuth2ClientSpec struct {

	// ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
	ClientName string `json:"clientName,omitempty"`

	// +kubebuilder:validation:MaxItems=4
	// +kubebuilder:validation:MinItems=1
	//
	// GrantTypes is an array of grant types the client is allowed to use.
	GrantTypes []GrantType `json:"grantTypes"`

	// +kubebuilder:validation:MaxItems=3
	// +kubebuilder:validation:MinItems=1
	//
	// ResponseTypes is an array of the OAuth 2.0 response type strings that the client can
	// use at the authorization endpoint.
	ResponseTypes []ResponseType `json:"responseTypes,omitempty"`

	// RedirectURIs is an array of the redirect URIs allowed for the application
	RedirectURIs []RedirectURI `json:"redirectUris,omitempty"`

	// PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
	PostLogoutRedirectURIs []RedirectURI `json:"postLogoutRedirectUris,omitempty"`

	// AllowedCorsOrigins is an array of allowed CORS origins
	AllowedCorsOrigins []RedirectURI `json:"allowedCorsOrigins,omitempty"`

	// Audience is a whitelist defining the audiences this client is allowed to request tokens for
	Audience []string `json:"audience,omitempty"`

	// +kubebuilder:validation:Pattern=([a-zA-Z0-9\.\*]+\s?)+
	//
	// Scope is a string containing a space-separated list of scope values (as
	// described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
	// can use when requesting access tokens.
	Scope string `json:"scope"`

	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	// +kubebuilder:validation:Pattern=[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
	//
	// SecretName points to the K8s secret that contains this client's ID and password
	SecretName string `json:"secretName"`

	// SkipConsent skips the consent screen for this client.
	// +kubebuilder:validation:type=bool
	// +kubebuilder:default=false
	SkipConsent bool `json:"skipConsent,omitempty"`

	// HydraAdmin is the optional configuration to use for managing
	// this client
	HydraAdmin HydraAdmin `json:"hydraAdmin,omitempty"`

	// +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none
	//
	// Indication which authentication method shoud be used for the token endpoint
	TokenEndpointAuthMethod TokenEndpointAuthMethod `json:"tokenEndpointAuthMethod,omitempty"`

	// +kubebuilder:validation:Type=object
	// +nullable
	// +optional
	//
	// Metadata is arbitrary data
	Metadata apiextensionsv1.JSON `json:"metadata,omitempty"`

	// +kubebuilder:validation:type=string
	// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
	//
	// JwksUri Define the URL where the JSON Web Key Set should be fetched from when performing the private_key_jwt client authentication method.
	JwksUri string `json:"jwksUri,omitempty"`

	// +kubebuilder:validation:type=bool
	// +kubebuilder:default=false
	//
	// FrontChannelLogoutSessionRequired Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used
	FrontChannelLogoutSessionRequired bool `json:"frontChannelLogoutSessionRequired,omitempty"`

	// +kubebuilder:validation:type=string
	// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
	//
	// FrontChannelLogoutURI RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be
	FrontChannelLogoutURI string `json:"frontChannelLogoutURI,omitempty"`

	// +kubebuilder:validation:type=bool
	// +kubebuilder:default=false
	//
	// BackChannelLogoutSessionRequired Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false.
	BackChannelLogoutSessionRequired bool `json:"backChannelLogoutSessionRequired,omitempty"`

	// +kubebuilder:validation:type=string
	// +kubebuilder:validation:Pattern=`(^$|^https?://.*)`
	//
	// BackChannelLogoutURI RP URL that will cause the RP to log itself out when sent a Logout Token by the OP
	BackChannelLogoutURI string `json:"backChannelLogoutURI,omitempty"`
}

OAuth2ClientSpec defines the desired state of OAuth2Client

func (*OAuth2ClientSpec) DeepCopy 

func (in *OAuth2ClientSpec) DeepCopy() *OAuth2ClientSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientSpec.

func (*OAuth2ClientSpec) DeepCopyInto 

func (in *OAuth2ClientSpec) DeepCopyInto(out *OAuth2ClientSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OAuth2ClientStatus 

type OAuth2ClientStatus struct {
	// ObservedGeneration represents the most recent generation observed by the daemon set controller.
	ObservedGeneration  int64                   `json:"observedGeneration,omitempty"`
	ReconciliationError ReconciliationError     `json:"reconciliationError,omitempty"`
	Conditions          []OAuth2ClientCondition `json:"conditions,omitempty"`
}

OAuth2ClientStatus defines the observed state of OAuth2Client

func (*OAuth2ClientStatus) DeepCopy 

func (in *OAuth2ClientStatus) DeepCopy() *OAuth2ClientStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2ClientStatus.

func (*OAuth2ClientStatus) DeepCopyInto 

func (in *OAuth2ClientStatus) DeepCopyInto(out *OAuth2ClientStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ReconciliationError added in v0.0.4 

type ReconciliationError struct {
	// Code is the status code of the reconciliation error
	Code StatusCode `json:"statusCode,omitempty"`
	// Description is the description of the reconciliation error
	Description string `json:"description,omitempty"`
}

ReconciliationError represents an error that occurred during the reconciliation process

func (*ReconciliationError) DeepCopy added in v0.0.4 

func (in *ReconciliationError) DeepCopy() *ReconciliationError

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReconciliationError.

func (*ReconciliationError) DeepCopyInto added in v0.0.4 

func (in *ReconciliationError) DeepCopyInto(out *ReconciliationError)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RedirectURI added in v0.0.5 

type RedirectURI string

RedirectURI represents a redirect URI for the client +kubebuilder:validation:Pattern=`\w+:/?/?[^\s]+`

type ResponseType 

type ResponseType string

ResponseType represents an OAuth 2.0 response type strings +kubebuilder:validation:Enum=id_token;code;token;code token;code id_token;id_token token;code id_token token

type StatusCode added in v0.0.4 

type StatusCode string
const (
	StatusRegistrationFailed  StatusCode = "CLIENT_REGISTRATION_FAILED"
	StatusCreateSecretFailed  StatusCode = "SECRET_CREATION_FAILED"
	StatusUpdateFailed        StatusCode = "CLIENT_UPDATE_FAILED"
	StatusInvalidSecret       StatusCode = "INVALID_SECRET"
	StatusInvalidHydraAddress StatusCode = "INVALID_HYDRA_ADDRESS"
)

type TokenEndpointAuthMethod added in v0.0.6 

type TokenEndpointAuthMethod string

TokenEndpointAuthMethod represents an authentication method for token endpoint +kubebuilder:validation:Enum=client_secret_basic;client_secret_post;private_key_jwt;none

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.