github.com/rancher/types@v0.0.0-20220328215343-4370ff10ecd5/apis/management.cattle.io/v3/authn_types.go (about) 1 package v3 2 3 import ( 4 "github.com/rancher/norman/condition" 5 "github.com/rancher/norman/types" 6 v1 "k8s.io/api/core/v1" 7 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 8 ) 9 10 const UserConditionInitialRolesPopulated condition.Cond = "InitialRolesPopulated" 11 12 type Token struct { 13 metav1.TypeMeta `json:",inline"` 14 metav1.ObjectMeta `json:"metadata,omitempty"` 15 16 Token string `json:"token" norman:"writeOnly,noupdate"` 17 UserPrincipal Principal `json:"userPrincipal" norman:"type=reference[principal]"` 18 GroupPrincipals []Principal `json:"groupPrincipals" norman:"type=array[reference[principal]]"` 19 ProviderInfo map[string]string `json:"providerInfo,omitempty"` 20 UserID string `json:"userId" norman:"type=reference[user]"` 21 AuthProvider string `json:"authProvider"` 22 TTLMillis int64 `json:"ttl"` 23 LastUpdateTime string `json:"lastUpdateTime"` 24 IsDerived bool `json:"isDerived"` 25 Description string `json:"description"` 26 Expired bool `json:"expired"` 27 ExpiresAt string `json:"expiresAt"` 28 Current bool `json:"current"` 29 ClusterName string `json:"clusterName,omitempty" norman:"noupdate,type=reference[cluster]"` 30 Enabled *bool `json:"enabled,omitempty" norman:"default=true"` 31 } 32 33 func (t *Token) ObjClusterName() string { 34 return t.ClusterName 35 } 36 37 // +genclient 38 // +genclient:nonNamespaced 39 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 40 41 type User struct { 42 metav1.TypeMeta `json:",inline"` 43 metav1.ObjectMeta `json:"metadata,omitempty"` 44 45 DisplayName string `json:"displayName,omitempty"` 46 Description string `json:"description"` 47 Username string `json:"username,omitempty"` 48 Password string `json:"password,omitempty" norman:"writeOnly,noupdate"` 49 MustChangePassword bool `json:"mustChangePassword,omitempty"` 50 PrincipalIDs []string `json:"principalIds,omitempty" norman:"type=array[reference[principal]]"` 51 Me bool `json:"me,omitempty" norman:"nocreate,noupdate"` 52 Enabled *bool `json:"enabled,omitempty" norman:"default=true"` 53 Spec UserSpec `json:"spec,omitempty"` 54 Status UserStatus `json:"status"` 55 } 56 57 type UserStatus struct { 58 Conditions []UserCondition `json:"conditions"` 59 } 60 61 type UserCondition struct { 62 // Type of user condition. 63 Type string `json:"type"` 64 // Status of the condition, one of True, False, Unknown. 65 Status v1.ConditionStatus `json:"status"` 66 // The last time this condition was updated. 67 LastUpdateTime string `json:"lastUpdateTime,omitempty"` 68 // Last time the condition transitioned from one status to another. 69 LastTransitionTime string `json:"lastTransitionTime,omitempty"` 70 // The reason for the condition's last transition. 71 Reason string `json:"reason,omitempty"` 72 // Human-readable message indicating details about last transition 73 Message string `json:"message,omitempty"` 74 } 75 76 type UserSpec struct{} 77 78 // UserAttribute will have a CRD (and controller) generated for it, but will not be exposed in the API. 79 type UserAttribute struct { 80 metav1.TypeMeta `json:",inline"` 81 metav1.ObjectMeta `json:"metadata,omitempty"` 82 83 UserName string 84 GroupPrincipals map[string]Principals // the value is a []Principal, but code generator cannot handle slice as a value 85 LastRefresh string 86 NeedsRefresh bool 87 } 88 89 type Principals struct { 90 Items []Principal 91 } 92 93 type Group struct { 94 metav1.TypeMeta `json:",inline"` 95 metav1.ObjectMeta `json:"metadata,omitempty"` 96 97 DisplayName string `json:"displayName,omitempty"` 98 } 99 100 type GroupMember struct { 101 metav1.TypeMeta `json:",inline"` 102 metav1.ObjectMeta `json:"metadata,omitempty"` 103 104 GroupName string `json:"groupName,omitempty" norman:"type=reference[group]"` 105 PrincipalID string `json:"principalId,omitempty" norman:"type=reference[principal]"` 106 } 107 108 type Principal struct { 109 metav1.TypeMeta `json:",inline"` 110 metav1.ObjectMeta `json:"metadata,omitempty"` 111 112 DisplayName string `json:"displayName,omitempty"` 113 LoginName string `json:"loginName,omitempty"` 114 ProfilePicture string `json:"profilePicture,omitempty"` 115 ProfileURL string `json:"profileURL,omitempty"` 116 PrincipalType string `json:"principalType,omitempty"` 117 Me bool `json:"me,omitempty"` 118 MemberOf bool `json:"memberOf,omitempty"` 119 Provider string `json:"provider,omitempty"` 120 ExtraInfo map[string]string `json:"extraInfo,omitempty"` 121 } 122 123 type SearchPrincipalsInput struct { 124 Name string `json:"name" norman:"type=string,required,notnullable"` 125 PrincipalType string `json:"principalType,omitempty" norman:"type=enum,options=user|group"` 126 } 127 128 type ChangePasswordInput struct { 129 CurrentPassword string `json:"currentPassword" norman:"type=string,required"` 130 NewPassword string `json:"newPassword" norman:"type=string,required"` 131 } 132 133 type SetPasswordInput struct { 134 NewPassword string `json:"newPassword" norman:"type=string,required"` 135 } 136 137 type AuthConfig struct { 138 metav1.TypeMeta `json:",inline"` 139 metav1.ObjectMeta `json:"metadata,omitempty"` 140 141 Type string `json:"type" norman:"noupdate"` 142 Enabled bool `json:"enabled,omitempty"` 143 AccessMode string `json:"accessMode,omitempty" norman:"required,notnullable,type=enum,options=required|restricted|unrestricted"` 144 AllowedPrincipalIDs []string `json:"allowedPrincipalIds,omitempty" norman:"type=array[reference[principal]]"` 145 } 146 147 type SamlToken struct { 148 types.Namespaced 149 metav1.TypeMeta `json:",inline"` 150 metav1.ObjectMeta `json:"metadata,omitempty"` 151 152 Token string `json:"token" norman:"writeOnly,noupdate"` 153 ExpiresAt string `json:"expiresAt"` 154 } 155 156 type LocalConfig struct { 157 metav1.TypeMeta `json:",inline"` 158 metav1.ObjectMeta `json:"metadata,omitempty"` 159 AuthConfig `json:",inline" mapstructure:",squash"` 160 } 161 162 type GithubConfig struct { 163 metav1.TypeMeta `json:",inline"` 164 metav1.ObjectMeta `json:"metadata,omitempty"` 165 AuthConfig `json:",inline" mapstructure:",squash"` 166 167 Hostname string `json:"hostname,omitempty" norman:"default=github.com" norman:"required"` 168 TLS bool `json:"tls,omitempty" norman:"notnullable,default=true" norman:"required"` 169 ClientID string `json:"clientId,omitempty" norman:"required"` 170 ClientSecret string `json:"clientSecret,omitempty" norman:"required,type=password"` 171 172 // AdditionalClientIDs is a map of clientID to client secrets 173 AdditionalClientIDs map[string]string `json:"additionalClientIds,omitempty" norman:"nocreate,noupdate"` 174 HostnameToClientID map[string]string `json:"hostnameToClientId,omitempty" norman:"nocreate,noupdate"` 175 } 176 177 type GithubConfigTestOutput struct { 178 RedirectURL string `json:"redirectUrl"` 179 } 180 181 type GithubConfigApplyInput struct { 182 GithubConfig GithubConfig `json:"githubConfig,omitempty"` 183 Code string `json:"code,omitempty"` 184 Enabled bool `json:"enabled,omitempty"` 185 } 186 187 type GoogleOauthConfig struct { 188 metav1.TypeMeta `json:",inline"` 189 metav1.ObjectMeta `json:"metadata,omitempty"` 190 AuthConfig `json:",inline" mapstructure:",squash"` 191 192 OauthCredential string `json:"oauthCredential,omitempty" norman:"required,type=password,notnullable"` 193 ServiceAccountCredential string `json:"serviceAccountCredential,omitempty" norman:"required,type=password,notnullable"` 194 AdminEmail string `json:"adminEmail,omitempty" norman:"required,notnullable"` 195 Hostname string `json:"hostname,omitempty" norman:"required,notnullable,noupdate"` 196 UserInfoEndpoint string `json:"userInfoEndpoint" norman:"default=https://openidconnect.googleapis.com/v1/userinfo,required,notnullable"` 197 NestedGroupMembershipEnabled bool `json:"nestedGroupMembershipEnabled" norman:"default=false"` 198 } 199 200 type GoogleOauthConfigTestOutput struct { 201 RedirectURL string `json:"redirectUrl"` 202 } 203 204 type GoogleOauthConfigApplyInput struct { 205 GoogleOauthConfig GoogleOauthConfig `json:"googleOauthConfig,omitempty"` 206 Code string `json:"code,omitempty"` 207 Enabled bool `json:"enabled,omitempty"` 208 } 209 210 type AzureADConfig struct { 211 metav1.TypeMeta `json:",inline"` 212 metav1.ObjectMeta `json:"metadata,omitempty"` 213 AuthConfig `json:",inline" mapstructure:",squash"` 214 215 Endpoint string `json:"endpoint,omitempty" norman:"default=https://login.microsoftonline.com/,required,notnullable"` 216 GraphEndpoint string `json:"graphEndpoint,omitempty" norman:"required,notnullable"` 217 TokenEndpoint string `json:"tokenEndpoint,omitempty" norman:"required,notnullable"` 218 AuthEndpoint string `json:"authEndpoint,omitempty" norman:"required,notnullable"` 219 TenantID string `json:"tenantId,omitempty" norman:"required,notnullable"` 220 ApplicationID string `json:"applicationId,omitempty" norman:"required,notnullable"` 221 ApplicationSecret string `json:"applicationSecret,omitempty" norman:"required,notnullable,type=password"` 222 RancherURL string `json:"rancherUrl,omitempty" norman:"required,notnullable"` 223 } 224 225 type AzureADConfigTestOutput struct { 226 RedirectURL string `json:"redirectUrl"` 227 } 228 229 type AzureADConfigApplyInput struct { 230 Config AzureADConfig `json:"config,omitempty"` 231 Code string `json:"code,omitempty"` 232 } 233 234 type ActiveDirectoryConfig struct { 235 metav1.TypeMeta `json:",inline"` 236 metav1.ObjectMeta `json:"metadata,omitempty"` 237 AuthConfig `json:",inline" mapstructure:",squash"` 238 239 Servers []string `json:"servers,omitempty" norman:"type=array[string],required"` 240 Port int64 `json:"port,omitempty" norman:"default=389"` 241 TLS bool `json:"tls,omitempty" norman:"default=false"` 242 StartTLS bool `json:"starttls,omitempty" norman:"default=false"` 243 Certificate string `json:"certificate,omitempty"` 244 DefaultLoginDomain string `json:"defaultLoginDomain,omitempty"` 245 ServiceAccountUsername string `json:"serviceAccountUsername,omitempty" norman:"required"` 246 ServiceAccountPassword string `json:"serviceAccountPassword,omitempty" norman:"type=password,required"` 247 UserDisabledBitMask int64 `json:"userDisabledBitMask,omitempty" norman:"default=2"` 248 UserSearchBase string `json:"userSearchBase,omitempty" norman:"required"` 249 UserSearchAttribute string `json:"userSearchAttribute,omitempty" norman:"default=sAMAccountName|sn|givenName,required"` 250 UserSearchFilter string `json:"userSearchFilter,omitempty"` 251 UserLoginAttribute string `json:"userLoginAttribute,omitempty" norman:"default=sAMAccountName,required"` 252 UserObjectClass string `json:"userObjectClass,omitempty" norman:"default=person,required"` 253 UserNameAttribute string `json:"userNameAttribute,omitempty" norman:"default=name,required"` 254 UserEnabledAttribute string `json:"userEnabledAttribute,omitempty" norman:"default=userAccountControl,required"` 255 GroupSearchBase string `json:"groupSearchBase,omitempty"` 256 GroupSearchAttribute string `json:"groupSearchAttribute,omitempty" norman:"default=sAMAccountName,required"` 257 GroupSearchFilter string `json:"groupSearchFilter,omitempty"` 258 GroupObjectClass string `json:"groupObjectClass,omitempty" norman:"default=group,required"` 259 GroupNameAttribute string `json:"groupNameAttribute,omitempty" norman:"default=name,required"` 260 GroupDNAttribute string `json:"groupDNAttribute,omitempty" norman:"default=distinguishedName,required"` 261 GroupMemberUserAttribute string `json:"groupMemberUserAttribute,omitempty" norman:"default=distinguishedName,required"` 262 GroupMemberMappingAttribute string `json:"groupMemberMappingAttribute,omitempty" norman:"default=member,required"` 263 ConnectionTimeout int64 `json:"connectionTimeout,omitempty" norman:"default=5000,notnullable,required"` 264 NestedGroupMembershipEnabled *bool `json:"nestedGroupMembershipEnabled,omitempty" norman:"default=false"` 265 } 266 267 type ActiveDirectoryTestAndApplyInput struct { 268 ActiveDirectoryConfig ActiveDirectoryConfig `json:"activeDirectoryConfig,omitempty"` 269 Username string `json:"username"` 270 Password string `json:"password"` 271 Enabled bool `json:"enabled,omitempty"` 272 } 273 274 type LdapFields struct { 275 Servers []string `json:"servers,omitempty" norman:"type=array[string],notnullable,required"` 276 Port int64 `json:"port,omitempty" norman:"default=389,notnullable,required"` 277 TLS bool `json:"tls,omitempty" norman:"default=false,notnullable,required"` 278 StartTLS bool `json:"starttls,omitempty" norman:"default=false"` 279 Certificate string `json:"certificate,omitempty"` 280 ServiceAccountDistinguishedName string `json:"serviceAccountDistinguishedName,omitempty" norman:"required"` 281 ServiceAccountPassword string `json:"serviceAccountPassword,omitempty" norman:"type=password,required"` 282 UserDisabledBitMask int64 `json:"userDisabledBitMask,omitempty"` 283 UserSearchBase string `json:"userSearchBase,omitempty" norman:"notnullable,required"` 284 UserSearchAttribute string `json:"userSearchAttribute,omitempty" norman:"default=uid|sn|givenName,notnullable,required"` 285 UserSearchFilter string `json:"userSearchFilter,omitempty"` 286 UserLoginAttribute string `json:"userLoginAttribute,omitempty" norman:"default=uid,notnullable,required"` 287 UserObjectClass string `json:"userObjectClass,omitempty" norman:"default=inetOrgPerson,notnullable,required"` 288 UserNameAttribute string `json:"userNameAttribute,omitempty" norman:"default=cn,notnullable,required"` 289 UserMemberAttribute string `json:"userMemberAttribute,omitempty" norman:"default=memberOf,notnullable,required"` 290 UserEnabledAttribute string `json:"userEnabledAttribute,omitempty"` 291 GroupSearchBase string `json:"groupSearchBase,omitempty"` 292 GroupSearchAttribute string `json:"groupSearchAttribute,omitempty" norman:"default=cn,notnullable,required"` 293 GroupSearchFilter string `json:"groupSearchFilter,omitempty"` 294 GroupObjectClass string `json:"groupObjectClass,omitempty" norman:"default=groupOfNames,notnullable,required"` 295 GroupNameAttribute string `json:"groupNameAttribute,omitempty" norman:"default=cn,notnullable,required"` 296 GroupDNAttribute string `json:"groupDNAttribute,omitempty" norman:"default=entryDN,notnullable"` 297 GroupMemberUserAttribute string `json:"groupMemberUserAttribute,omitempty" norman:"default=entryDN,notnullable"` 298 GroupMemberMappingAttribute string `json:"groupMemberMappingAttribute,omitempty" norman:"default=member,notnullable,required"` 299 ConnectionTimeout int64 `json:"connectionTimeout,omitempty" norman:"default=5000,notnullable,required"` 300 NestedGroupMembershipEnabled bool `json:"nestedGroupMembershipEnabled" norman:"default=false"` 301 } 302 303 type LdapConfig struct { 304 metav1.TypeMeta `json:",inline"` 305 metav1.ObjectMeta `json:"metadata,omitempty"` 306 AuthConfig `json:",inline" mapstructure:",squash"` 307 LdapFields `json:",inline" mapstructure:",squash"` 308 } 309 310 type LdapTestAndApplyInput struct { 311 LdapConfig `json:"ldapConfig,omitempty"` 312 Username string `json:"username"` 313 Password string `json:"password" norman:"type=password,required"` 314 } 315 316 type OpenLdapConfig struct { 317 LdapConfig `json:",inline" mapstructure:",squash"` 318 } 319 320 type OpenLdapTestAndApplyInput struct { 321 LdapTestAndApplyInput `json:",inline" mapstructure:",squash"` 322 } 323 324 type FreeIpaConfig struct { 325 LdapConfig `json:",inline" mapstructure:",squash"` 326 } 327 328 type FreeIpaTestAndApplyInput struct { 329 LdapTestAndApplyInput `json:",inline" mapstructure:",squash"` 330 } 331 332 type SamlConfig struct { 333 metav1.TypeMeta `json:",inline"` 334 metav1.ObjectMeta `json:"metadata,omitempty"` 335 AuthConfig `json:",inline" mapstructure:",squash"` 336 337 IDPMetadataContent string `json:"idpMetadataContent" norman:"required"` 338 SpCert string `json:"spCert" norman:"required"` 339 SpKey string `json:"spKey" norman:"required,type=password"` 340 GroupsField string `json:"groupsField" norman:"required"` 341 DisplayNameField string `json:"displayNameField" norman:"required"` 342 UserNameField string `json:"userNameField" norman:"required"` 343 UIDField string `json:"uidField" norman:"required"` 344 RancherAPIHost string `json:"rancherApiHost" norman:"required"` 345 } 346 347 type SamlConfigTestInput struct { 348 FinalRedirectURL string `json:"finalRedirectUrl"` 349 } 350 351 type SamlConfigTestOutput struct { 352 IdpRedirectURL string `json:"idpRedirectUrl"` 353 } 354 355 type PingConfig struct { 356 SamlConfig `json:",inline" mapstructure:",squash"` 357 } 358 359 type ADFSConfig struct { 360 SamlConfig `json:",inline" mapstructure:",squash"` 361 } 362 363 type KeyCloakConfig struct { 364 SamlConfig `json:",inline" mapstructure:",squash"` 365 } 366 367 type OKTAConfig struct { 368 SamlConfig `json:",inline" mapstructure:",squash"` 369 } 370 371 type ShibbolethConfig struct { 372 SamlConfig `json:",inline" mapstructure:",squash"` 373 OpenLdapConfig LdapFields `json:"openLdapConfig" mapstructure:",squash"` 374 } 375 376 type AuthSystemImages struct { 377 KubeAPIAuth string `json:"kubeAPIAuth,omitempty"` 378 }