Merge pull request #122 from hyperspike/oidc

build out OIDC CRD
hyperspike · Oct 2, 2024 · 33ab219 · 33ab219
2 parents c7f0dc2 + 987ec30
commit 33ab219
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 8 deletions.
diff --git a/api/v1/auth_types.go b/api/v1/auth_types.go
@@ -17,6 +17,7 @@ limitations under the License.
 package v1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -25,11 +26,28 @@ import (
 
 // AuthSpec defines the desired state of Auth
 type AuthSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+	// +kubebuilder:validation:Required
+	Provider string `json:"provider"`
+
+	// The client ID for the OIDC provider
+	// +kubebuilder:validation:Required
+	ClientID corev1.SecretKeySelector `json:"clientID"`
+	// The client secret for the OIDC provider
+	// +kubebuilder:validation:Required
+	ClientSecret corev1.SecretKeySelector `json:"clientSecret"`
+
+	// The URL to the OIDC provider (e.g. https://oidc.example.com)
+	AutoDiscoveryURL string `json:"autoDiscoveryURL"`
+
+	// Scopes to request from the OIDC provider
+	Scopes []string `json:"scopes"`
+
+	// Group Claim name to use for group membership
+	GroupClaimName string `json:"groupClaimName"`
 
-	// Foo is an example field of Auth. Edit auth_types.go to remove/update
-	Foo string `json:"foo,omitempty"`
+	// The Gitea instance to add the OIDC authentication to
+	// +kubebuilder:validation:Required
+	Instance InstanceType `json:"instance"`
 }
 
 // AuthStatus defines the observed state of Auth

diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/hyperspike.io_auths.yaml b/config/crd/bases/hyperspike.io_auths.yaml
@@ -39,10 +39,87 @@ spec:
           spec:
             description: AuthSpec defines the desired state of Auth
             properties:
-              foo:
-                description: Foo is an example field of Auth. Edit auth_types.go to
-                  remove/update
+              autoDiscoveryURL:
+                description: The URL to the OIDC provider (e.g. https://oidc.example.com)
                 type: string
+              clientID:
+                description: The client ID for the OIDC provider
+                properties:
+                  key:
+                    description: The key of the secret to select from.  Must be a
+                      valid secret key.
+                    type: string
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                  optional:
+                    description: Specify whether the Secret or its key must be defined
+                    type: boolean
+                required:
+                - key
+                type: object
+                x-kubernetes-map-type: atomic
+              clientSecret:
+                description: The client secret for the OIDC provider
+                properties:
+                  key:
+                    description: The key of the secret to select from.  Must be a
+                      valid secret key.
+                    type: string
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    type: string
+                  optional:
+                    description: Specify whether the Secret or its key must be defined
+                    type: boolean
+                required:
+                - key
+                type: object
+                x-kubernetes-map-type: atomic
+              groupClaimName:
+                description: Group Claim name to use for group membership
+                type: string
+              instance:
+                description: The Gitea instance to add the OIDC authentication to
+                properties:
+                  labels:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  name:
+                    type: string
+                  namespace:
+                    type: string
+                required:
+                - name
+                type: object
+              provider:
+                type: string
+              scopes:
+                description: Scopes to request from the OIDC provider
+                items:
+                  type: string
+                type: array
+            required:
+            - autoDiscoveryURL
+            - clientID
+            - clientSecret
+            - groupClaimName
+            - instance
+            - provider
+            - scopes
             type: object
           status:
             description: AuthStatus defines the observed state of Auth