From 19223c71223cbf39a6f9da4503ce19a5eba0eea9 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:12:54 +0600 Subject: [PATCH 1/8] Add NatsCredentialRequest extended API Adds a NatsCredentialRequest resource under identity.k8s.appscode.com that wraps the appscode.com Register endpoint, so in-cluster callers (e.g. the audit lib) can obtain NATS credentials via the Kubernetes API server when direct egress to appscode.com is blocked. Includes the deepcopy / openapi / clientset / fake-client glue and a GetNatsCredential method on the identity b3 client used by the extended API storage in ui-server. Signed-off-by: Tamal Saha --- .../v1alpha1/natscredentialrequest_types.go | 62 +++++++++ apis/identity/v1alpha1/openapi_generated.go | 128 ++++++++++++++++++ .../v1alpha1/zz_generated.deepcopy.go | 94 +++++++++++++ .../v1alpha1/fake/fake_identity_client.go | 4 + .../fake/fake_natscredentialrequest.go | 46 +++++++ .../identity/v1alpha1/generated_expansion.go | 2 + .../identity/v1alpha1/identity_client.go | 5 + .../v1alpha1/natscredentialrequest.go | 64 +++++++++ pkg/identity/b3.go | 85 ++++++++++++ 9 files changed, 490 insertions(+) create mode 100644 apis/identity/v1alpha1/natscredentialrequest_types.go create mode 100644 client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go create mode 100644 client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go diff --git a/apis/identity/v1alpha1/natscredentialrequest_types.go b/apis/identity/v1alpha1/natscredentialrequest_types.go new file mode 100644 index 0000000000..be218b3e88 --- /dev/null +++ b/apis/identity/v1alpha1/natscredentialrequest_types.go @@ -0,0 +1,62 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + ResourceKindNatsCredentialRequest = "NatsCredentialRequest" + ResourceNatsCredentialRequest = "natscredentialrequest" + ResourceNatsCredentialRequests = "natscredentialrequests" +) + +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=create +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=natscredentialrequests,singular=natscredentialrequest,scope=Cluster +type NatsCredentialRequest struct { + metav1.TypeMeta `json:",inline"` + // Request describes the attributes for the nats credential request. + // +optional + Request *NatsCredentialRequestRequest `json:"request,omitempty"` + // Response describes the attributes for the nats credential response. + // +optional + Response *NatsCredentialRequestResponse `json:"response,omitempty"` +} + +type NatsCredentialRequestRequest struct { + Features string `json:"features,omitempty"` + License []byte `json:"license,omitempty"` +} + +type NatsCredentialRequestResponse struct { + NatsConfig `json:",inline"` + Credential []byte `json:"credential,omitempty"` +} + +type NatsConfig struct { + Subject string `json:"natsSubject"` + Server string `json:"natsServer"` +} + +func init() { + SchemeBuilder.Register(&NatsCredentialRequest{}) +} diff --git a/apis/identity/v1alpha1/openapi_generated.go b/apis/identity/v1alpha1/openapi_generated.go index 2434aa4512..f27a4a0dcd 100644 --- a/apis/identity/v1alpha1/openapi_generated.go +++ b/apis/identity/v1alpha1/openapi_generated.go @@ -379,6 +379,10 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.InboxTokenRequestRequest": schema_resource_metadata_apis_identity_v1alpha1_InboxTokenRequestRequest(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.InboxTokenRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_InboxTokenRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.KubernetesInfo": schema_resource_metadata_apis_identity_v1alpha1_KubernetesInfo(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsConfig": schema_resource_metadata_apis_identity_v1alpha1_NatsConfig(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequest": schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequest(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestRequest": schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestRequest(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NodeInfo": schema_resource_metadata_apis_identity_v1alpha1_NodeInfo(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NodeStats": schema_resource_metadata_apis_identity_v1alpha1_NodeStats(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.ProductInfo": schema_resource_metadata_apis_identity_v1alpha1_ProductInfo(ref), @@ -19991,6 +19995,130 @@ func schema_resource_metadata_apis_identity_v1alpha1_KubernetesInfo(ref common.R } } +func schema_resource_metadata_apis_identity_v1alpha1_NatsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "natsSubject": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "natsServer": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"natsSubject", "natsServer"}, + }, + }, + } +} + +func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "request": { + SchemaProps: spec.SchemaProps{ + Description: "Request describes the attributes for the nats credential request.", + Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestRequest"), + }, + }, + "response": { + SchemaProps: spec.SchemaProps{ + Description: "Response describes the attributes for the nats credential response.", + Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestResponse"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestRequest", "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestResponse"}, + } +} + +func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "features": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "license": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, + }, + }, + } +} + +func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestResponse(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "natsSubject": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "natsServer": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "credential": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, + Required: []string{"natsSubject", "natsServer"}, + }, + }, + } +} + func schema_resource_metadata_apis_identity_v1alpha1_NodeInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/apis/identity/v1alpha1/zz_generated.deepcopy.go b/apis/identity/v1alpha1/zz_generated.deepcopy.go index 580371d9dd..db776ffc70 100644 --- a/apis/identity/v1alpha1/zz_generated.deepcopy.go +++ b/apis/identity/v1alpha1/zz_generated.deepcopy.go @@ -242,6 +242,100 @@ func (in *KubernetesInfo) DeepCopy() *KubernetesInfo { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NatsConfig) DeepCopyInto(out *NatsConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsConfig. +func (in *NatsConfig) DeepCopy() *NatsConfig { + if in == nil { + return nil + } + out := new(NatsConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NatsCredentialRequest) DeepCopyInto(out *NatsCredentialRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = new(NatsCredentialRequestRequest) + (*in).DeepCopyInto(*out) + } + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = new(NatsCredentialRequestResponse) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsCredentialRequest. +func (in *NatsCredentialRequest) DeepCopy() *NatsCredentialRequest { + if in == nil { + return nil + } + out := new(NatsCredentialRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NatsCredentialRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NatsCredentialRequestRequest) DeepCopyInto(out *NatsCredentialRequestRequest) { + *out = *in + if in.License != nil { + in, out := &in.License, &out.License + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsCredentialRequestRequest. +func (in *NatsCredentialRequestRequest) DeepCopy() *NatsCredentialRequestRequest { + if in == nil { + return nil + } + out := new(NatsCredentialRequestRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NatsCredentialRequestResponse) DeepCopyInto(out *NatsCredentialRequestResponse) { + *out = *in + out.NatsConfig = in.NatsConfig + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsCredentialRequestResponse. +func (in *NatsCredentialRequestResponse) DeepCopy() *NatsCredentialRequestResponse { + if in == nil { + return nil + } + out := new(NatsCredentialRequestResponse) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeInfo) DeepCopyInto(out *NodeInfo) { *out = *in diff --git a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go index 3cfecfa9e2..bf7daa541b 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -36,6 +36,10 @@ func (c *FakeIdentityV1alpha1) InboxTokenRequests() v1alpha1.InboxTokenRequestIn return &FakeInboxTokenRequests{c} } +func (c *FakeIdentityV1alpha1) NatsCredentialRequests() v1alpha1.NatsCredentialRequestInterface { + return &FakeNatsCredentialRequests{c} +} + func (c *FakeIdentityV1alpha1) SelfSubjectNamespaceAccessReviews() v1alpha1.SelfSubjectNamespaceAccessReviewInterface { return &FakeSelfSubjectNamespaceAccessReviews{c} } diff --git a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go new file mode 100644 index 0000000000..65fbba8ca4 --- /dev/null +++ b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go @@ -0,0 +1,46 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + testing "k8s.io/client-go/testing" + v1alpha1 "kmodules.xyz/resource-metadata/apis/identity/v1alpha1" +) + +// FakeNatsCredentialRequests implements NatsCredentialRequestInterface +type FakeNatsCredentialRequests struct { + Fake *FakeIdentityV1alpha1 +} + +var natscredentialrequestsResource = v1alpha1.SchemeGroupVersion.WithResource("natscredentialrequests") + +var natscredentialrequestsKind = v1alpha1.SchemeGroupVersion.WithKind("NatsCredentialRequest") + +// Create takes the representation of a natsCredentialRequest and creates it. Returns the server's representation of the natsCredentialRequest, and an error, if there is any. +func (c *FakeNatsCredentialRequests) Create(ctx context.Context, natsCredentialRequest *v1alpha1.NatsCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.NatsCredentialRequest, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(natscredentialrequestsResource, natsCredentialRequest), &v1alpha1.NatsCredentialRequest{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.NatsCredentialRequest), err +} diff --git a/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go index 2759be69e2..32a0f481b4 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -22,4 +22,6 @@ type ClusterIdentityExpansion interface{} type InboxTokenRequestExpansion interface{} +type NatsCredentialRequestExpansion interface{} + type SelfSubjectNamespaceAccessReviewExpansion interface{} diff --git a/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go index 8f05d4680f..b1b58f528a 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -30,6 +30,7 @@ type IdentityV1alpha1Interface interface { RESTClient() rest.Interface ClusterIdentitiesGetter InboxTokenRequestsGetter + NatsCredentialRequestsGetter SelfSubjectNamespaceAccessReviewsGetter } @@ -46,6 +47,10 @@ func (c *IdentityV1alpha1Client) InboxTokenRequests() InboxTokenRequestInterface return newInboxTokenRequests(c) } +func (c *IdentityV1alpha1Client) NatsCredentialRequests() NatsCredentialRequestInterface { + return newNatsCredentialRequests(c) +} + func (c *IdentityV1alpha1Client) SelfSubjectNamespaceAccessReviews() SelfSubjectNamespaceAccessReviewInterface { return newSelfSubjectNamespaceAccessReviews(c) } diff --git a/client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go b/client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go new file mode 100644 index 0000000000..cb4ddf88a3 --- /dev/null +++ b/client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go @@ -0,0 +1,64 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + rest "k8s.io/client-go/rest" + v1alpha1 "kmodules.xyz/resource-metadata/apis/identity/v1alpha1" + scheme "kmodules.xyz/resource-metadata/client/clientset/versioned/scheme" +) + +// NatsCredentialRequestsGetter has a method to return a NatsCredentialRequestInterface. +// A group's client should implement this interface. +type NatsCredentialRequestsGetter interface { + NatsCredentialRequests() NatsCredentialRequestInterface +} + +// NatsCredentialRequestInterface has methods to work with NatsCredentialRequest resources. +type NatsCredentialRequestInterface interface { + Create(ctx context.Context, natsCredentialRequest *v1alpha1.NatsCredentialRequest, opts v1.CreateOptions) (*v1alpha1.NatsCredentialRequest, error) + NatsCredentialRequestExpansion +} + +// natsCredentialRequests implements NatsCredentialRequestInterface +type natsCredentialRequests struct { + client rest.Interface +} + +// newNatsCredentialRequests returns a NatsCredentialRequests +func newNatsCredentialRequests(c *IdentityV1alpha1Client) *natsCredentialRequests { + return &natsCredentialRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a natsCredentialRequest and creates it. Returns the server's representation of the natsCredentialRequest, and an error, if there is any. +func (c *natsCredentialRequests) Create(ctx context.Context, natsCredentialRequest *v1alpha1.NatsCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.NatsCredentialRequest, err error) { + result = &v1alpha1.NatsCredentialRequest{} + err = c.client.Post(). + Resource("natscredentialrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(natsCredentialRequest). + Do(ctx). + Into(result) + return +} diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index d671bf6822..175afbb9b2 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -17,6 +17,7 @@ limitations under the License. package identity import ( + "bytes" "crypto/tls" "crypto/x509" "encoding/pem" @@ -200,6 +201,90 @@ func (c *Client) GetToken() (*identityapi.InboxTokenRequestResponse, error) { return tokenResponse, nil } +// natsRegisterOptions mirrors the payload accepted by the appscode register +// endpoint (api/v1/register). It is duplicated here so that resource-metadata +// does not need to vendor the full license-verifier package. +type natsRegisterOptions struct { + ClusterUID string `json:"clusterUID"` + Features string `json:"features"` + CACert []byte `json:"caCert,omitempty"` + License []byte `json:"license"` +} + +func (c *Client) GetNatsCredential(features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { + id, err := c.GetIdentity() + if err != nil { + return nil, err + } + if features == "" { + features = info.ProductName + } + + opts := natsRegisterOptions{ + ClusterUID: id.Status.UID, + Features: features, + CACert: []byte(info.LicenseCA), + License: license, + } + data, err := json.Marshal(opts) + if err != nil { + return nil, err + } + + endpoint, err := info.RegistrationAPIEndpoint(c.baseURL) + if err != nil { + return nil, err + } + + req, err := http.NewRequest(http.MethodPost, endpoint, bytes.NewReader(data)) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", "application/json") + if c.token != "" { + req.Header.Add("Authorization", "Bearer "+c.token) + } + if klog.V(8).Enabled() { + command, _ := http2curl.GetCurlCommand(req) + klog.V(8).Infoln(command.String()) + } + + resp, err := c.client.Do(req) + if err != nil { + var ce *tls.CertificateVerificationError + if errors.As(err, &ce) { + klog.ErrorS(err, "UnverifiedCertificates") + for _, cert := range ce.UnverifiedCertificates { + klog.Errorln(string(encodeCertPEM(cert))) + } + } + return nil, err + } + defer resp.Body.Close() // nolint:errcheck + + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + if resp.StatusCode != http.StatusOK { + return nil, apierrors.NewGenericServerResponse( + resp.StatusCode, + http.MethodPost, + schema.GroupResource{Group: identityapi.GroupName, Resource: identityapi.ResourceNatsCredentialRequests}, + "", + string(body), + 0, + false, + ) + } + + out := &identityapi.NatsCredentialRequestResponse{} + if err = json.Unmarshal(body, out); err != nil { + return nil, err + } + return out, nil +} + const SelfName = "self" func (c *Client) GetIdentity() (*identityapi.ClusterIdentity, error) { From 76ed4d2a072d87a6ff0ce055797bdbe37df144fc Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:32:53 +0600 Subject: [PATCH 2/8] Expose GetNatsCredentialForCluster Lets callers that already know the cluster UID hit the register endpoint without needing a controller-runtime client. The existing GetNatsCredential now resolves the cluster identity via c.kc and delegates. Signed-off-by: Tamal Saha --- pkg/identity/b3.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index 175afbb9b2..4feff1412b 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -211,17 +211,29 @@ type natsRegisterOptions struct { License []byte `json:"license"` } +// GetNatsCredential resolves the cluster identity via c.kc and then calls +// GetNatsCredentialForCluster. Use GetNatsCredentialForCluster directly when +// the cluster UID is already known and there is no controller-runtime client +// available. func (c *Client) GetNatsCredential(features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { id, err := c.GetIdentity() if err != nil { return nil, err } + return c.GetNatsCredentialForCluster(id.Status.UID, features, license) +} + +// GetNatsCredentialForCluster posts the supplied license to the appscode +// Register endpoint (api/v1/register) and returns the issued NATS +// subject/server/credential. It does not touch c.kc, so it is safe to call +// on a Client constructed without one. +func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { if features == "" { features = info.ProductName } opts := natsRegisterOptions{ - ClusterUID: id.Status.UID, + ClusterUID: clusterUID, Features: features, CACert: []byte(info.LicenseCA), License: license, From a56702940ea5799304a6eff4fae56727fe6f07c3 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:35:44 +0600 Subject: [PATCH 3/8] GetNatsCredential: skip the GetIdentity wrapper Only the UID is needed; reading clustermeta.ClusterMetadata directly avoids building (and discarding) the ClusterIdentity object. Signed-off-by: Tamal Saha --- pkg/identity/b3.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index 4feff1412b..98cf7d686b 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -211,16 +211,16 @@ type natsRegisterOptions struct { License []byte `json:"license"` } -// GetNatsCredential resolves the cluster identity via c.kc and then calls +// GetNatsCredential resolves the cluster UID via c.kc and then calls // GetNatsCredentialForCluster. Use GetNatsCredentialForCluster directly when // the cluster UID is already known and there is no controller-runtime client // available. func (c *Client) GetNatsCredential(features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { - id, err := c.GetIdentity() + md, err := clustermeta.ClusterMetadata(c.kc) if err != nil { return nil, err } - return c.GetNatsCredentialForCluster(id.Status.UID, features, license) + return c.GetNatsCredentialForCluster(md.UID, features, license) } // GetNatsCredentialForCluster posts the supplied license to the appscode From bbe18c5468705844f26fb3d86294885f22951027 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:38:43 +0600 Subject: [PATCH 4/8] Make GetNatsCredentialForCluster a package-level function It no longer needed any of *Client's state once the caller supplies the cluster UID. Pulling baseURL, token, and *http.Client into the signature keeps callers like ui-server able to customise the hub endpoint without forcing audit (and similar one-shot callers) to construct a Client. Signed-off-by: Tamal Saha --- pkg/identity/b3.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index 98cf7d686b..f745449473 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -220,14 +220,18 @@ func (c *Client) GetNatsCredential(features string, license []byte) (*identityap if err != nil { return nil, err } - return c.GetNatsCredentialForCluster(md.UID, features, license) + return GetNatsCredentialForCluster(c.client, c.baseURL, c.token, md.UID, features, license) } // GetNatsCredentialForCluster posts the supplied license to the appscode // Register endpoint (api/v1/register) and returns the issued NATS -// subject/server/credential. It does not touch c.kc, so it is safe to call -// on a Client constructed without one. -func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { +// subject/server/credential. httpClient may be nil (http.DefaultClient is +// used). baseURL "" selects the production default; token "" omits the +// Authorization header. +func GetNatsCredentialForCluster(httpClient *http.Client, baseURL, token, clusterUID, features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { + if httpClient == nil { + httpClient = http.DefaultClient + } if features == "" { features = info.ProductName } @@ -243,7 +247,7 @@ func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, licens return nil, err } - endpoint, err := info.RegistrationAPIEndpoint(c.baseURL) + endpoint, err := info.RegistrationAPIEndpoint(baseURL) if err != nil { return nil, err } @@ -253,15 +257,15 @@ func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, licens return nil, err } req.Header.Set("Content-Type", "application/json") - if c.token != "" { - req.Header.Add("Authorization", "Bearer "+c.token) + if token != "" { + req.Header.Add("Authorization", "Bearer "+token) } if klog.V(8).Enabled() { command, _ := http2curl.GetCurlCommand(req) klog.V(8).Infoln(command.String()) } - resp, err := c.client.Do(req) + resp, err := httpClient.Do(req) if err != nil { var ce *tls.CertificateVerificationError if errors.As(err, &ce) { From 056d17e3c436bb4709b7f12ba56fafdc6fcb9df2 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:39:59 +0600 Subject: [PATCH 5/8] Revert "Make GetNatsCredentialForCluster a package-level function" This reverts commit 6cc95ebd23ca348af5592ab387bdb182362f205d. Signed-off-by: Tamal Saha --- pkg/identity/b3.go | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index f745449473..98cf7d686b 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -220,18 +220,14 @@ func (c *Client) GetNatsCredential(features string, license []byte) (*identityap if err != nil { return nil, err } - return GetNatsCredentialForCluster(c.client, c.baseURL, c.token, md.UID, features, license) + return c.GetNatsCredentialForCluster(md.UID, features, license) } // GetNatsCredentialForCluster posts the supplied license to the appscode // Register endpoint (api/v1/register) and returns the issued NATS -// subject/server/credential. httpClient may be nil (http.DefaultClient is -// used). baseURL "" selects the production default; token "" omits the -// Authorization header. -func GetNatsCredentialForCluster(httpClient *http.Client, baseURL, token, clusterUID, features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { - if httpClient == nil { - httpClient = http.DefaultClient - } +// subject/server/credential. It does not touch c.kc, so it is safe to call +// on a Client constructed without one. +func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { if features == "" { features = info.ProductName } @@ -247,7 +243,7 @@ func GetNatsCredentialForCluster(httpClient *http.Client, baseURL, token, cluste return nil, err } - endpoint, err := info.RegistrationAPIEndpoint(baseURL) + endpoint, err := info.RegistrationAPIEndpoint(c.baseURL) if err != nil { return nil, err } @@ -257,15 +253,15 @@ func GetNatsCredentialForCluster(httpClient *http.Client, baseURL, token, cluste return nil, err } req.Header.Set("Content-Type", "application/json") - if token != "" { - req.Header.Add("Authorization", "Bearer "+token) + if c.token != "" { + req.Header.Add("Authorization", "Bearer "+c.token) } if klog.V(8).Enabled() { command, _ := http2curl.GetCurlCommand(req) klog.V(8).Infoln(command.String()) } - resp, err := httpClient.Do(req) + resp, err := c.client.Do(req) if err != nil { var ce *tls.CertificateVerificationError if errors.As(err, &ce) { From e981b57a4fd6fa0f0f2fae86855a1439db9b0114 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:42:30 +0600 Subject: [PATCH 6/8] Add NewDefaultClient helper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A zero-arg constructor for the common case of "talk to the production appscode.com endpoint, no auth, no kc" — used by audit's registerWithAppsCode now that the explicit nil/empty args were getting noisy. Signed-off-by: Tamal Saha --- pkg/identity/b3.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index 98cf7d686b..27b31d565e 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -52,6 +52,17 @@ type Client struct { kc client.Reader } +// NewDefaultClient returns a Client wired to the production appscode.com +// endpoint with no token and no controller-runtime client. It is intended +// for one-shot callers (e.g. audit) that only need to hit the public +// register endpoint and supply the cluster UID themselves; methods that +// touch c.kc will panic on a Client created this way. +func NewDefaultClient() *Client { + return &Client{ + client: http.DefaultClient, + } +} + func NewClient(baseURL, token string, caCert []byte, kc client.Reader) (*Client, error) { c := &Client{ baseURL: baseURL, From 505ea46cdf166fa04bb686d622e68938e9842e05 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 10:58:59 +0600 Subject: [PATCH 7/8] Rename NatsCredentialRequest -> AuditTokenRequest Renames the extended-API kind, the typed clientset, the fake client, the b3 helper methods (GetAuditToken / GetAuditTokenForCluster) and the internal register payload struct. JSON tags on the response (natsSubject, natsServer, credential) are unchanged because the appscode.com wire format hasn't moved. Signed-off-by: Tamal Saha --- ...st_types.go => audittokenrequest_types.go} | 20 +++--- apis/identity/v1alpha1/openapi_generated.go | 18 +++--- .../v1alpha1/zz_generated.deepcopy.go | 30 ++++----- .../identity/v1alpha1/audittokenrequest.go | 64 +++++++++++++++++++ ...alrequest.go => fake_audittokenrequest.go} | 16 ++--- .../v1alpha1/fake/fake_identity_client.go | 4 +- .../identity/v1alpha1/generated_expansion.go | 2 +- .../identity/v1alpha1/identity_client.go | 6 +- .../v1alpha1/natscredentialrequest.go | 64 ------------------- pkg/identity/b3.go | 22 +++---- 10 files changed, 123 insertions(+), 123 deletions(-) rename apis/identity/v1alpha1/{natscredentialrequest_types.go => audittokenrequest_types.go} (69%) create mode 100644 client/clientset/versioned/typed/identity/v1alpha1/audittokenrequest.go rename client/clientset/versioned/typed/identity/v1alpha1/fake/{fake_natscredentialrequest.go => fake_audittokenrequest.go} (50%) delete mode 100644 client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go diff --git a/apis/identity/v1alpha1/natscredentialrequest_types.go b/apis/identity/v1alpha1/audittokenrequest_types.go similarity index 69% rename from apis/identity/v1alpha1/natscredentialrequest_types.go rename to apis/identity/v1alpha1/audittokenrequest_types.go index be218b3e88..e42e9527c4 100644 --- a/apis/identity/v1alpha1/natscredentialrequest_types.go +++ b/apis/identity/v1alpha1/audittokenrequest_types.go @@ -21,9 +21,9 @@ import ( ) const ( - ResourceKindNatsCredentialRequest = "NatsCredentialRequest" - ResourceNatsCredentialRequest = "natscredentialrequest" - ResourceNatsCredentialRequests = "natscredentialrequests" + ResourceKindAuditTokenRequest = "AuditTokenRequest" + ResourceAuditTokenRequest = "audittokenrequest" + ResourceAuditTokenRequests = "audittokenrequests" ) // +genclient @@ -31,23 +31,23 @@ const ( // +genclient:onlyVerbs=create // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true -// +kubebuilder:resource:path=natscredentialrequests,singular=natscredentialrequest,scope=Cluster -type NatsCredentialRequest struct { +// +kubebuilder:resource:path=audittokenrequests,singular=audittokenrequest,scope=Cluster +type AuditTokenRequest struct { metav1.TypeMeta `json:",inline"` // Request describes the attributes for the nats credential request. // +optional - Request *NatsCredentialRequestRequest `json:"request,omitempty"` + Request *AuditTokenRequestRequest `json:"request,omitempty"` // Response describes the attributes for the nats credential response. // +optional - Response *NatsCredentialRequestResponse `json:"response,omitempty"` + Response *AuditTokenRequestResponse `json:"response,omitempty"` } -type NatsCredentialRequestRequest struct { +type AuditTokenRequestRequest struct { Features string `json:"features,omitempty"` License []byte `json:"license,omitempty"` } -type NatsCredentialRequestResponse struct { +type AuditTokenRequestResponse struct { NatsConfig `json:",inline"` Credential []byte `json:"credential,omitempty"` } @@ -58,5 +58,5 @@ type NatsConfig struct { } func init() { - SchemeBuilder.Register(&NatsCredentialRequest{}) + SchemeBuilder.Register(&AuditTokenRequest{}) } diff --git a/apis/identity/v1alpha1/openapi_generated.go b/apis/identity/v1alpha1/openapi_generated.go index f27a4a0dcd..1b3bdb8be5 100644 --- a/apis/identity/v1alpha1/openapi_generated.go +++ b/apis/identity/v1alpha1/openapi_generated.go @@ -380,9 +380,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.InboxTokenRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_InboxTokenRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.KubernetesInfo": schema_resource_metadata_apis_identity_v1alpha1_KubernetesInfo(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsConfig": schema_resource_metadata_apis_identity_v1alpha1_NatsConfig(ref), - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequest": schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequest(ref), - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestRequest": schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestRequest(ref), - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestResponse(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequest": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequest(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestRequest(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NodeInfo": schema_resource_metadata_apis_identity_v1alpha1_NodeInfo(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NodeStats": schema_resource_metadata_apis_identity_v1alpha1_NodeStats(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.ProductInfo": schema_resource_metadata_apis_identity_v1alpha1_ProductInfo(ref), @@ -20022,7 +20022,7 @@ func schema_resource_metadata_apis_identity_v1alpha1_NatsConfig(ref common.Refer } } -func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -20045,24 +20045,24 @@ func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequest(ref c "request": { SchemaProps: spec.SchemaProps{ Description: "Request describes the attributes for the nats credential request.", - Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestRequest"), + Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest"), }, }, "response": { SchemaProps: spec.SchemaProps{ Description: "Response describes the attributes for the nats credential response.", - Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestResponse"), + Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse"), }, }, }, }, }, Dependencies: []string{ - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestRequest", "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsCredentialRequestResponse"}, + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest", "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse"}, } } -func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -20086,7 +20086,7 @@ func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestReques } } -func schema_resource_metadata_apis_identity_v1alpha1_NatsCredentialRequestResponse(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestResponse(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ diff --git a/apis/identity/v1alpha1/zz_generated.deepcopy.go b/apis/identity/v1alpha1/zz_generated.deepcopy.go index db776ffc70..2d05a9dec5 100644 --- a/apis/identity/v1alpha1/zz_generated.deepcopy.go +++ b/apis/identity/v1alpha1/zz_generated.deepcopy.go @@ -259,34 +259,34 @@ func (in *NatsConfig) DeepCopy() *NatsConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NatsCredentialRequest) DeepCopyInto(out *NatsCredentialRequest) { +func (in *AuditTokenRequest) DeepCopyInto(out *AuditTokenRequest) { *out = *in out.TypeMeta = in.TypeMeta if in.Request != nil { in, out := &in.Request, &out.Request - *out = new(NatsCredentialRequestRequest) + *out = new(AuditTokenRequestRequest) (*in).DeepCopyInto(*out) } if in.Response != nil { in, out := &in.Response, &out.Response - *out = new(NatsCredentialRequestResponse) + *out = new(AuditTokenRequestResponse) (*in).DeepCopyInto(*out) } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsCredentialRequest. -func (in *NatsCredentialRequest) DeepCopy() *NatsCredentialRequest { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequest. +func (in *AuditTokenRequest) DeepCopy() *AuditTokenRequest { if in == nil { return nil } - out := new(NatsCredentialRequest) + out := new(AuditTokenRequest) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NatsCredentialRequest) DeepCopyObject() runtime.Object { +func (in *AuditTokenRequest) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -294,7 +294,7 @@ func (in *NatsCredentialRequest) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NatsCredentialRequestRequest) DeepCopyInto(out *NatsCredentialRequestRequest) { +func (in *AuditTokenRequestRequest) DeepCopyInto(out *AuditTokenRequestRequest) { *out = *in if in.License != nil { in, out := &in.License, &out.License @@ -304,18 +304,18 @@ func (in *NatsCredentialRequestRequest) DeepCopyInto(out *NatsCredentialRequestR return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsCredentialRequestRequest. -func (in *NatsCredentialRequestRequest) DeepCopy() *NatsCredentialRequestRequest { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequestRequest. +func (in *AuditTokenRequestRequest) DeepCopy() *AuditTokenRequestRequest { if in == nil { return nil } - out := new(NatsCredentialRequestRequest) + out := new(AuditTokenRequestRequest) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NatsCredentialRequestResponse) DeepCopyInto(out *NatsCredentialRequestResponse) { +func (in *AuditTokenRequestResponse) DeepCopyInto(out *AuditTokenRequestResponse) { *out = *in out.NatsConfig = in.NatsConfig if in.Credential != nil { @@ -326,12 +326,12 @@ func (in *NatsCredentialRequestResponse) DeepCopyInto(out *NatsCredentialRequest return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NatsCredentialRequestResponse. -func (in *NatsCredentialRequestResponse) DeepCopy() *NatsCredentialRequestResponse { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequestResponse. +func (in *AuditTokenRequestResponse) DeepCopy() *AuditTokenRequestResponse { if in == nil { return nil } - out := new(NatsCredentialRequestResponse) + out := new(AuditTokenRequestResponse) in.DeepCopyInto(out) return out } diff --git a/client/clientset/versioned/typed/identity/v1alpha1/audittokenrequest.go b/client/clientset/versioned/typed/identity/v1alpha1/audittokenrequest.go new file mode 100644 index 0000000000..69614801ef --- /dev/null +++ b/client/clientset/versioned/typed/identity/v1alpha1/audittokenrequest.go @@ -0,0 +1,64 @@ +/* +Copyright AppsCode Inc. and Contributors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + rest "k8s.io/client-go/rest" + v1alpha1 "kmodules.xyz/resource-metadata/apis/identity/v1alpha1" + scheme "kmodules.xyz/resource-metadata/client/clientset/versioned/scheme" +) + +// AuditTokenRequestsGetter has a method to return a AuditTokenRequestInterface. +// A group's client should implement this interface. +type AuditTokenRequestsGetter interface { + AuditTokenRequests() AuditTokenRequestInterface +} + +// AuditTokenRequestInterface has methods to work with AuditTokenRequest resources. +type AuditTokenRequestInterface interface { + Create(ctx context.Context, auditTokenRequest *v1alpha1.AuditTokenRequest, opts v1.CreateOptions) (*v1alpha1.AuditTokenRequest, error) + AuditTokenRequestExpansion +} + +// auditTokenRequests implements AuditTokenRequestInterface +type auditTokenRequests struct { + client rest.Interface +} + +// newAuditTokenRequests returns a AuditTokenRequests +func newAuditTokenRequests(c *IdentityV1alpha1Client) *auditTokenRequests { + return &auditTokenRequests{ + client: c.RESTClient(), + } +} + +// Create takes the representation of a auditTokenRequest and creates it. Returns the server's representation of the auditTokenRequest, and an error, if there is any. +func (c *auditTokenRequests) Create(ctx context.Context, auditTokenRequest *v1alpha1.AuditTokenRequest, opts v1.CreateOptions) (result *v1alpha1.AuditTokenRequest, err error) { + result = &v1alpha1.AuditTokenRequest{} + err = c.client.Post(). + Resource("audittokenrequests"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(auditTokenRequest). + Do(ctx). + Into(result) + return +} diff --git a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_audittokenrequest.go similarity index 50% rename from client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go rename to client/clientset/versioned/typed/identity/v1alpha1/fake/fake_audittokenrequest.go index 65fbba8ca4..ac674cfb08 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_natscredentialrequest.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_audittokenrequest.go @@ -26,21 +26,21 @@ import ( v1alpha1 "kmodules.xyz/resource-metadata/apis/identity/v1alpha1" ) -// FakeNatsCredentialRequests implements NatsCredentialRequestInterface -type FakeNatsCredentialRequests struct { +// FakeAuditTokenRequests implements AuditTokenRequestInterface +type FakeAuditTokenRequests struct { Fake *FakeIdentityV1alpha1 } -var natscredentialrequestsResource = v1alpha1.SchemeGroupVersion.WithResource("natscredentialrequests") +var audittokenrequestsResource = v1alpha1.SchemeGroupVersion.WithResource("audittokenrequests") -var natscredentialrequestsKind = v1alpha1.SchemeGroupVersion.WithKind("NatsCredentialRequest") +var audittokenrequestsKind = v1alpha1.SchemeGroupVersion.WithKind("AuditTokenRequest") -// Create takes the representation of a natsCredentialRequest and creates it. Returns the server's representation of the natsCredentialRequest, and an error, if there is any. -func (c *FakeNatsCredentialRequests) Create(ctx context.Context, natsCredentialRequest *v1alpha1.NatsCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.NatsCredentialRequest, err error) { +// Create takes the representation of a auditTokenRequest and creates it. Returns the server's representation of the auditTokenRequest, and an error, if there is any. +func (c *FakeAuditTokenRequests) Create(ctx context.Context, auditTokenRequest *v1alpha1.AuditTokenRequest, opts v1.CreateOptions) (result *v1alpha1.AuditTokenRequest, err error) { obj, err := c.Fake. - Invokes(testing.NewRootCreateAction(natscredentialrequestsResource, natsCredentialRequest), &v1alpha1.NatsCredentialRequest{}) + Invokes(testing.NewRootCreateAction(audittokenrequestsResource, auditTokenRequest), &v1alpha1.AuditTokenRequest{}) if obj == nil { return nil, err } - return obj.(*v1alpha1.NatsCredentialRequest), err + return obj.(*v1alpha1.AuditTokenRequest), err } diff --git a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go index bf7daa541b..ca74ed83b8 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -36,8 +36,8 @@ func (c *FakeIdentityV1alpha1) InboxTokenRequests() v1alpha1.InboxTokenRequestIn return &FakeInboxTokenRequests{c} } -func (c *FakeIdentityV1alpha1) NatsCredentialRequests() v1alpha1.NatsCredentialRequestInterface { - return &FakeNatsCredentialRequests{c} +func (c *FakeIdentityV1alpha1) AuditTokenRequests() v1alpha1.AuditTokenRequestInterface { + return &FakeAuditTokenRequests{c} } func (c *FakeIdentityV1alpha1) SelfSubjectNamespaceAccessReviews() v1alpha1.SelfSubjectNamespaceAccessReviewInterface { diff --git a/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go index 32a0f481b4..a8c01cbec6 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -22,6 +22,6 @@ type ClusterIdentityExpansion interface{} type InboxTokenRequestExpansion interface{} -type NatsCredentialRequestExpansion interface{} +type AuditTokenRequestExpansion interface{} type SelfSubjectNamespaceAccessReviewExpansion interface{} diff --git a/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go index b1b58f528a..ad782efe12 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -30,7 +30,7 @@ type IdentityV1alpha1Interface interface { RESTClient() rest.Interface ClusterIdentitiesGetter InboxTokenRequestsGetter - NatsCredentialRequestsGetter + AuditTokenRequestsGetter SelfSubjectNamespaceAccessReviewsGetter } @@ -47,8 +47,8 @@ func (c *IdentityV1alpha1Client) InboxTokenRequests() InboxTokenRequestInterface return newInboxTokenRequests(c) } -func (c *IdentityV1alpha1Client) NatsCredentialRequests() NatsCredentialRequestInterface { - return newNatsCredentialRequests(c) +func (c *IdentityV1alpha1Client) AuditTokenRequests() AuditTokenRequestInterface { + return newAuditTokenRequests(c) } func (c *IdentityV1alpha1Client) SelfSubjectNamespaceAccessReviews() SelfSubjectNamespaceAccessReviewInterface { diff --git a/client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go b/client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go deleted file mode 100644 index cb4ddf88a3..0000000000 --- a/client/clientset/versioned/typed/identity/v1alpha1/natscredentialrequest.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright AppsCode Inc. and Contributors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "context" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - rest "k8s.io/client-go/rest" - v1alpha1 "kmodules.xyz/resource-metadata/apis/identity/v1alpha1" - scheme "kmodules.xyz/resource-metadata/client/clientset/versioned/scheme" -) - -// NatsCredentialRequestsGetter has a method to return a NatsCredentialRequestInterface. -// A group's client should implement this interface. -type NatsCredentialRequestsGetter interface { - NatsCredentialRequests() NatsCredentialRequestInterface -} - -// NatsCredentialRequestInterface has methods to work with NatsCredentialRequest resources. -type NatsCredentialRequestInterface interface { - Create(ctx context.Context, natsCredentialRequest *v1alpha1.NatsCredentialRequest, opts v1.CreateOptions) (*v1alpha1.NatsCredentialRequest, error) - NatsCredentialRequestExpansion -} - -// natsCredentialRequests implements NatsCredentialRequestInterface -type natsCredentialRequests struct { - client rest.Interface -} - -// newNatsCredentialRequests returns a NatsCredentialRequests -func newNatsCredentialRequests(c *IdentityV1alpha1Client) *natsCredentialRequests { - return &natsCredentialRequests{ - client: c.RESTClient(), - } -} - -// Create takes the representation of a natsCredentialRequest and creates it. Returns the server's representation of the natsCredentialRequest, and an error, if there is any. -func (c *natsCredentialRequests) Create(ctx context.Context, natsCredentialRequest *v1alpha1.NatsCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.NatsCredentialRequest, err error) { - result = &v1alpha1.NatsCredentialRequest{} - err = c.client.Post(). - Resource("natscredentialrequests"). - VersionedParams(&opts, scheme.ParameterCodec). - Body(natsCredentialRequest). - Do(ctx). - Into(result) - return -} diff --git a/pkg/identity/b3.go b/pkg/identity/b3.go index 27b31d565e..18e3c685e4 100644 --- a/pkg/identity/b3.go +++ b/pkg/identity/b3.go @@ -212,38 +212,38 @@ func (c *Client) GetToken() (*identityapi.InboxTokenRequestResponse, error) { return tokenResponse, nil } -// natsRegisterOptions mirrors the payload accepted by the appscode register +// auditRegisterOptions mirrors the payload accepted by the appscode register // endpoint (api/v1/register). It is duplicated here so that resource-metadata // does not need to vendor the full license-verifier package. -type natsRegisterOptions struct { +type auditRegisterOptions struct { ClusterUID string `json:"clusterUID"` Features string `json:"features"` CACert []byte `json:"caCert,omitempty"` License []byte `json:"license"` } -// GetNatsCredential resolves the cluster UID via c.kc and then calls -// GetNatsCredentialForCluster. Use GetNatsCredentialForCluster directly when +// GetAuditToken resolves the cluster UID via c.kc and then calls +// GetAuditTokenForCluster. Use GetAuditTokenForCluster directly when // the cluster UID is already known and there is no controller-runtime client // available. -func (c *Client) GetNatsCredential(features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { +func (c *Client) GetAuditToken(features string, license []byte) (*identityapi.AuditTokenRequestResponse, error) { md, err := clustermeta.ClusterMetadata(c.kc) if err != nil { return nil, err } - return c.GetNatsCredentialForCluster(md.UID, features, license) + return c.GetAuditTokenForCluster(md.UID, features, license) } -// GetNatsCredentialForCluster posts the supplied license to the appscode +// GetAuditTokenForCluster posts the supplied license to the appscode // Register endpoint (api/v1/register) and returns the issued NATS // subject/server/credential. It does not touch c.kc, so it is safe to call // on a Client constructed without one. -func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, license []byte) (*identityapi.NatsCredentialRequestResponse, error) { +func (c *Client) GetAuditTokenForCluster(clusterUID, features string, license []byte) (*identityapi.AuditTokenRequestResponse, error) { if features == "" { features = info.ProductName } - opts := natsRegisterOptions{ + opts := auditRegisterOptions{ ClusterUID: clusterUID, Features: features, CACert: []byte(info.LicenseCA), @@ -293,7 +293,7 @@ func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, licens return nil, apierrors.NewGenericServerResponse( resp.StatusCode, http.MethodPost, - schema.GroupResource{Group: identityapi.GroupName, Resource: identityapi.ResourceNatsCredentialRequests}, + schema.GroupResource{Group: identityapi.GroupName, Resource: identityapi.ResourceAuditTokenRequests}, "", string(body), 0, @@ -301,7 +301,7 @@ func (c *Client) GetNatsCredentialForCluster(clusterUID, features string, licens ) } - out := &identityapi.NatsCredentialRequestResponse{} + out := &identityapi.AuditTokenRequestResponse{} if err = json.Unmarshal(body, out); err != nil { return nil, err } From 675eb62d9b1a8d418ce6904b9dd97d81c7622af6 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 4 Jun 2026 11:35:23 +0600 Subject: [PATCH 8/8] make gen fmt Signed-off-by: Tamal Saha --- apis/identity/v1alpha1/openapi_generated.go | 200 +++++++++--------- .../v1alpha1/zz_generated.deepcopy.go | 156 +++++++------- .../v1alpha1/fake/fake_identity_client.go | 8 +- .../identity/v1alpha1/generated_expansion.go | 4 +- .../identity/v1alpha1/identity_client.go | 10 +- 5 files changed, 189 insertions(+), 189 deletions(-) diff --git a/apis/identity/v1alpha1/openapi_generated.go b/apis/identity/v1alpha1/openapi_generated.go index 1b3bdb8be5..42e1423306 100644 --- a/apis/identity/v1alpha1/openapi_generated.go +++ b/apis/identity/v1alpha1/openapi_generated.go @@ -372,6 +372,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kmodules.xyz/offshoot-api/api/v1.ServiceTemplateSpec": schema_kmodulesxyz_offshoot_api_api_v1_ServiceTemplateSpec(ref), "kmodules.xyz/offshoot-api/api/v1.Volume": schema_kmodulesxyz_offshoot_api_api_v1_Volume(ref), "kmodules.xyz/offshoot-api/api/v1.VolumeSource": schema_kmodulesxyz_offshoot_api_api_v1_VolumeSource(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequest": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequest(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestRequest(ref), + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.ClusterIdentity": schema_resource_metadata_apis_identity_v1alpha1_ClusterIdentity(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.ClusterIdentityList": schema_resource_metadata_apis_identity_v1alpha1_ClusterIdentityList(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.ControlPlaneInfo": schema_resource_metadata_apis_identity_v1alpha1_ControlPlaneInfo(ref), @@ -380,9 +383,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.InboxTokenRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_InboxTokenRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.KubernetesInfo": schema_resource_metadata_apis_identity_v1alpha1_KubernetesInfo(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NatsConfig": schema_resource_metadata_apis_identity_v1alpha1_NatsConfig(ref), - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequest": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequest(ref), - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestRequest(ref), - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse": schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestResponse(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NodeInfo": schema_resource_metadata_apis_identity_v1alpha1_NodeInfo(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.NodeStats": schema_resource_metadata_apis_identity_v1alpha1_NodeStats(ref), "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.ProductInfo": schema_resource_metadata_apis_identity_v1alpha1_ProductInfo(ref), @@ -19667,6 +19667,103 @@ func schema_kmodulesxyz_offshoot_api_api_v1_VolumeSource(ref common.ReferenceCal } } +func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "request": { + SchemaProps: spec.SchemaProps{ + Description: "Request describes the attributes for the nats credential request.", + Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest"), + }, + }, + "response": { + SchemaProps: spec.SchemaProps{ + Description: "Response describes the attributes for the nats credential response.", + Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest", "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse"}, + } +} + +func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "features": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "license": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, + }, + }, + } +} + +func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestResponse(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "natsSubject": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "natsServer": { + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "credential": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, + Required: []string{"natsSubject", "natsServer"}, + }, + }, + } +} + func schema_resource_metadata_apis_identity_v1alpha1_ClusterIdentity(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -20022,103 +20119,6 @@ func schema_resource_metadata_apis_identity_v1alpha1_NatsConfig(ref common.Refer } } -func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "request": { - SchemaProps: spec.SchemaProps{ - Description: "Request describes the attributes for the nats credential request.", - Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest"), - }, - }, - "response": { - SchemaProps: spec.SchemaProps{ - Description: "Response describes the attributes for the nats credential response.", - Ref: ref("kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse"), - }, - }, - }, - }, - }, - Dependencies: []string{ - "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestRequest", "kmodules.xyz/resource-metadata/apis/identity/v1alpha1.AuditTokenRequestResponse"}, - } -} - -func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestRequest(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "features": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", - }, - }, - "license": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "byte", - }, - }, - }, - }, - }, - } -} - -func schema_resource_metadata_apis_identity_v1alpha1_AuditTokenRequestResponse(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "natsSubject": { - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "natsServer": { - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "credential": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "byte", - }, - }, - }, - Required: []string{"natsSubject", "natsServer"}, - }, - }, - } -} - func schema_resource_metadata_apis_identity_v1alpha1_NodeInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/apis/identity/v1alpha1/zz_generated.deepcopy.go b/apis/identity/v1alpha1/zz_generated.deepcopy.go index 2d05a9dec5..087f86b365 100644 --- a/apis/identity/v1alpha1/zz_generated.deepcopy.go +++ b/apis/identity/v1alpha1/zz_generated.deepcopy.go @@ -30,6 +30,84 @@ import ( version "k8s.io/apimachinery/pkg/version" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditTokenRequest) DeepCopyInto(out *AuditTokenRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = new(AuditTokenRequestRequest) + (*in).DeepCopyInto(*out) + } + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = new(AuditTokenRequestResponse) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequest. +func (in *AuditTokenRequest) DeepCopy() *AuditTokenRequest { + if in == nil { + return nil + } + out := new(AuditTokenRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AuditTokenRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditTokenRequestRequest) DeepCopyInto(out *AuditTokenRequestRequest) { + *out = *in + if in.License != nil { + in, out := &in.License, &out.License + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequestRequest. +func (in *AuditTokenRequestRequest) DeepCopy() *AuditTokenRequestRequest { + if in == nil { + return nil + } + out := new(AuditTokenRequestRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditTokenRequestResponse) DeepCopyInto(out *AuditTokenRequestResponse) { + *out = *in + out.NatsConfig = in.NatsConfig + if in.Credential != nil { + in, out := &in.Credential, &out.Credential + *out = make([]byte, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequestResponse. +func (in *AuditTokenRequestResponse) DeepCopy() *AuditTokenRequestResponse { + if in == nil { + return nil + } + out := new(AuditTokenRequestResponse) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterIdentity) DeepCopyInto(out *ClusterIdentity) { *out = *in @@ -258,84 +336,6 @@ func (in *NatsConfig) DeepCopy() *NatsConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuditTokenRequest) DeepCopyInto(out *AuditTokenRequest) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(AuditTokenRequestRequest) - (*in).DeepCopyInto(*out) - } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(AuditTokenRequestResponse) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequest. -func (in *AuditTokenRequest) DeepCopy() *AuditTokenRequest { - if in == nil { - return nil - } - out := new(AuditTokenRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AuditTokenRequest) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuditTokenRequestRequest) DeepCopyInto(out *AuditTokenRequestRequest) { - *out = *in - if in.License != nil { - in, out := &in.License, &out.License - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequestRequest. -func (in *AuditTokenRequestRequest) DeepCopy() *AuditTokenRequestRequest { - if in == nil { - return nil - } - out := new(AuditTokenRequestRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuditTokenRequestResponse) DeepCopyInto(out *AuditTokenRequestResponse) { - *out = *in - out.NatsConfig = in.NatsConfig - if in.Credential != nil { - in, out := &in.Credential, &out.Credential - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditTokenRequestResponse. -func (in *AuditTokenRequestResponse) DeepCopy() *AuditTokenRequestResponse { - if in == nil { - return nil - } - out := new(AuditTokenRequestResponse) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeInfo) DeepCopyInto(out *NodeInfo) { *out = *in diff --git a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go index ca74ed83b8..e730fcca84 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/fake/fake_identity_client.go @@ -28,6 +28,10 @@ type FakeIdentityV1alpha1 struct { *testing.Fake } +func (c *FakeIdentityV1alpha1) AuditTokenRequests() v1alpha1.AuditTokenRequestInterface { + return &FakeAuditTokenRequests{c} +} + func (c *FakeIdentityV1alpha1) ClusterIdentities(namespace string) v1alpha1.ClusterIdentityInterface { return &FakeClusterIdentities{c, namespace} } @@ -36,10 +40,6 @@ func (c *FakeIdentityV1alpha1) InboxTokenRequests() v1alpha1.InboxTokenRequestIn return &FakeInboxTokenRequests{c} } -func (c *FakeIdentityV1alpha1) AuditTokenRequests() v1alpha1.AuditTokenRequestInterface { - return &FakeAuditTokenRequests{c} -} - func (c *FakeIdentityV1alpha1) SelfSubjectNamespaceAccessReviews() v1alpha1.SelfSubjectNamespaceAccessReviewInterface { return &FakeSelfSubjectNamespaceAccessReviews{c} } diff --git a/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go b/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go index a8c01cbec6..9c3fed547c 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/generated_expansion.go @@ -18,10 +18,10 @@ limitations under the License. package v1alpha1 +type AuditTokenRequestExpansion interface{} + type ClusterIdentityExpansion interface{} type InboxTokenRequestExpansion interface{} -type AuditTokenRequestExpansion interface{} - type SelfSubjectNamespaceAccessReviewExpansion interface{} diff --git a/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go b/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go index ad782efe12..d83e8bb659 100644 --- a/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go +++ b/client/clientset/versioned/typed/identity/v1alpha1/identity_client.go @@ -28,9 +28,9 @@ import ( type IdentityV1alpha1Interface interface { RESTClient() rest.Interface + AuditTokenRequestsGetter ClusterIdentitiesGetter InboxTokenRequestsGetter - AuditTokenRequestsGetter SelfSubjectNamespaceAccessReviewsGetter } @@ -39,6 +39,10 @@ type IdentityV1alpha1Client struct { restClient rest.Interface } +func (c *IdentityV1alpha1Client) AuditTokenRequests() AuditTokenRequestInterface { + return newAuditTokenRequests(c) +} + func (c *IdentityV1alpha1Client) ClusterIdentities(namespace string) ClusterIdentityInterface { return newClusterIdentities(c, namespace) } @@ -47,10 +51,6 @@ func (c *IdentityV1alpha1Client) InboxTokenRequests() InboxTokenRequestInterface return newInboxTokenRequests(c) } -func (c *IdentityV1alpha1Client) AuditTokenRequests() AuditTokenRequestInterface { - return newAuditTokenRequests(c) -} - func (c *IdentityV1alpha1Client) SelfSubjectNamespaceAccessReviews() SelfSubjectNamespaceAccessReviewInterface { return newSelfSubjectNamespaceAccessReviews(c) }