Change JSON var format, add some comments.

2017-01-11 11:10:33 -08:00 · 2017-01-11 11:10:33 -08:00 · 754f0e98a9
parent 6d0a1f5a2a
commit 754f0e98a9
3 changed files with 42 additions and 15 deletions
--- a/pkg/apis/kops/componentconfig.go
+++ b/pkg/apis/kops/componentconfig.go
@ -385,11 +385,20 @@ type KubeAPIServerConfig struct {

 	StorageBackend *string `json:"storageBackend,omitempty" flag:"storage-backend"`

-	OIDCUsernameClaim *string `json:"OIDCUsernameClaim,omitempty" flag:"oidc-username-claim"`
-	OIDCGroupsClaim   *string `json:"OIDCGroupsClaim,omitempty" flag:"oidc-groups-claim"`
-	OIDCIssuerURL     *string `json:"OIDCIssuerURL,omitempty" flag:"oidc-issuer-url"`
-	OIDCClientID      *string `json:"OIDCClientID,omitempty" flag:"oidc-client-id"`
-	OIDCCAFile        *string `json:"OIDCCAFile,omitempty" flag:"oidc-ca-file"`
+	// The OpenID claim to use as the user name.
+	// Note that claims other than the default ('sub') is not guaranteed to be unique and immutable.
+	OIDCUsernameClaim *string `json:"oidcUsernameClaim,omitempty" flag:"oidc-username-claim"`
+	// If provided, the name of a custom OpenID Connect claim for specifying user groups.
+	// The claim value is expected to be a string or array of strings.
+	OIDCGroupsClaim *string `json:"oidcGroupsClaim,omitempty" flag:"oidc-groups-claim"`
+	// The URL of the OpenID issuer, only HTTPS scheme will be accepted.
+	// If set, it will be used to verify the OIDC JSON Web Token (JWT).
+	OIDCIssuerURL *string `json:"oidcIssuerURL,omitempty" flag:"oidc-issuer-url"`
+	// The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
+	OIDCClientID *string `json:"oidcClientID,omitempty" flag:"oidc-client-id"`
+	// If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file
+	// otherwise the host's root CA set will be used.
+	OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"`
 }

 type KubeControllerManagerConfig struct {
--- a/pkg/apis/kops/v1alpha1/componentconfig.go
+++ b/pkg/apis/kops/v1alpha1/componentconfig.go
@ -382,11 +382,20 @@ type KubeAPIServerConfig struct {

 	StorageBackend *string `json:"storageBackend,omitempty" flag:"storage-backend"`

-	OIDCUsernameClaim *string `json:"OIDCUsernameClaim,omitempty" flag:"oidc-username-claim"`
-	OIDCGroupsClaim   *string `json:"OIDCGroupsClaim,omitempty" flag:"oidc-groups-claim"`
-	OIDCIssuerURL     *string `json:"OIDCIssuerURL,omitempty" flag:"oidc-issuer-url"`
-	OIDCClientID      *string `json:"OIDCClientID,omitempty" flag:"oidc-client-id"`
-	OIDCCAFile        *string `json:"OIDCCAFile,omitempty" flag:"oidc-ca-file"`
+	// The OpenID claim to use as the user name.
+	// Note that claims other than the default ('sub') is not guaranteed to be unique and immutable.
+	OIDCUsernameClaim *string `json:"oidcUsernameClaim,omitempty" flag:"oidc-username-claim"`
+	// If provided, the name of a custom OpenID Connect claim for specifying user groups.
+	// The claim value is expected to be a string or array of strings.
+	OIDCGroupsClaim *string `json:"oidcGroupsClaim,omitempty" flag:"oidc-groups-claim"`
+	// The URL of the OpenID issuer, only HTTPS scheme will be accepted.
+	// If set, it will be used to verify the OIDC JSON Web Token (JWT).
+	OIDCIssuerURL *string `json:"oidcIssuerURL,omitempty" flag:"oidc-issuer-url"`
+	// The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
+	OIDCClientID *string `json:"oidcClientID,omitempty" flag:"oidc-client-id"`
+	// If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file
+	// otherwise the host's root CA set will be used.
+	OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"`
 }

 type KubeControllerManagerConfig struct {
--- a/pkg/apis/kops/v1alpha2/componentconfig.go
+++ b/pkg/apis/kops/v1alpha2/componentconfig.go
@ -140,11 +140,20 @@ type KubeAPIServerConfig struct {

 	StorageBackend *string `json:"storageBackend,omitempty" flag:"storage-backend"`

-	OIDCUsernameClaim *string `json:"OIDCUsernameClaim,omitempty" flag:"oidc-username-claim"`
-	OIDCGroupsClaim   *string `json:"OIDCGroupsClaim,omitempty" flag:"oidc-groups-claim"`
-	OIDCIssuerURL     *string `json:"OIDCIssuerURL,omitempty" flag:"oidc-issuer-url"`
-	OIDCClientID      *string `json:"OIDCClientID,omitempty" flag:"oidc-client-id"`
-	OIDCCAFile        *string `json:"OIDCCAFile,omitempty" flag:"oidc-ca-file"`
+	// The OpenID claim to use as the user name.
+	// Note that claims other than the default ('sub') is not guaranteed to be unique and immutable.
+	OIDCUsernameClaim *string `json:"oidcUsernameClaim,omitempty" flag:"oidc-username-claim"`
+	// If provided, the name of a custom OpenID Connect claim for specifying user groups.
+	// The claim value is expected to be a string or array of strings.
+	OIDCGroupsClaim *string `json:"oidcGroupsClaim,omitempty" flag:"oidc-groups-claim"`
+	// The URL of the OpenID issuer, only HTTPS scheme will be accepted.
+	// If set, it will be used to verify the OIDC JSON Web Token (JWT).
+	OIDCIssuerURL *string `json:"oidcIssuerURL,omitempty" flag:"oidc-issuer-url"`
+	// The client ID for the OpenID Connect client, must be set if oidc-issuer-url is set.
+	OIDCClientID *string `json:"oidcClientID,omitempty" flag:"oidc-client-id"`
+	// If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file
+	// otherwise the host's root CA set will be used.
+	OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"`
 }

 type KubeControllerManagerConfig struct {