WebhookAuthenticator .Status and validation improvements

apis/concierge/authentication/v1alpha1/types_webhookauthenticator.go.tmpl

@@ -1,10 +1,23 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package v1alpha1
 
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+type WebhookAuthenticatorPhase string
+
+const (
+	// WebhookAuthenticatorPhasePending is the default phase for newly-created WebhookAuthenticator resources.
+	WebhookAuthenticatorPhasePending WebhookAuthenticatorPhase = "Pending"
+
+	// WebhookAuthenticatorPhaseReady is the phase for an WebhookAuthenticator resource in a healthy state.
+	WebhookAuthenticatorPhaseReady WebhookAuthenticatorPhase = "Ready"
+
+	// WebhookAuthenticatorPhaseError is the phase for an WebhookAuthenticator in an unhealthy state.
+	WebhookAuthenticatorPhaseError WebhookAuthenticatorPhase = "Error"
+)
+
 // Status of a webhook authenticator.
 type WebhookAuthenticatorStatus struct {
 	// Represents the observations of the authenticator's current state.
@@ -13,6 +26,10 @@ type WebhookAuthenticatorStatus struct {
 	// +listType=map
 	// +listMapKey=type
 	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+	// Phase summarizes the overall status of the WebhookAuthenticator.
+	// +kubebuilder:default=Pending
+	// +kubebuilder:validation:Enum=Pending;Ready;Error
+	Phase WebhookAuthenticatorPhase `json:"phase,omitempty"`
 }
 
 // Spec for configuring a webhook authenticator.

cmd/pinniped/cmd/login_oidc_test.go

@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 	"testing"
 	"time"
 
@@ -22,6 +21,7 @@ import (
 	"go.pinniped.dev/internal/certauthority"
 	"go.pinniped.dev/internal/here"
 	"go.pinniped.dev/internal/plog"
+	"go.pinniped.dev/internal/testutil/stringutil"
 	"go.pinniped.dev/pkg/conciergeclient"
 	"go.pinniped.dev/pkg/oidcclient"
 	"go.pinniped.dev/pkg/oidcclient/oidctypes"
@@ -596,15 +596,7 @@ func TestLoginOIDCCommand(t *testing.T) {
 			require.Equal(t, tt.wantStderr, stderr.String(), "unexpected stderr")
 			require.Len(t, gotOptions, tt.wantOptionsCount)
 
-			require.Equal(t, tt.wantLogs, logLines(buf.String()))
+			require.Equal(t, tt.wantLogs, stringutil.SplitByNewline(buf.String()))
 		})
 	}
 }
-
-func logLines(logs string) []string {
-	if len(logs) == 0 {
-		return nil
-	}
-
-	return strings.Split(strings.TrimSpace(logs), "\n")
-}

cmd/pinniped/cmd/login_static_test.go

@@ -1,4 +1,4 @@
-// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -20,6 +20,7 @@ import (
 	"go.pinniped.dev/internal/certauthority"
 	"go.pinniped.dev/internal/here"
 	"go.pinniped.dev/internal/plog"
+	"go.pinniped.dev/internal/testutil/stringutil"
 	"go.pinniped.dev/pkg/conciergeclient"
 )
 
@@ -215,7 +216,7 @@ func TestLoginStaticCommand(t *testing.T) {
 			require.Equal(t, tt.wantStdout, stdout.String(), "unexpected stdout")
 			require.Equal(t, tt.wantStderr, stderr.String(), "unexpected stderr")
 
-			require.Equal(t, tt.wantLogs, logLines(buf.String()))
+			require.Equal(t, tt.wantLogs, stringutil.SplitByNewline(buf.String()))
 		})
 	}
 }

deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml

@@ -144,6 +144,14 @@ spec:
                 x-kubernetes-list-map-keys:
                 - type
                 x-kubernetes-list-type: map
+              phase:
+                default: Pending
+                description: Phase summarizes the overall status of the WebhookAuthenticator.
+                enum:
+                - Pending
+                - Ready
+                - Error
+                type: string
             type: object
         required:
         - spec