deleted file mode 100644

@@ -1,3 +0,0 @@

-Build configurations define a build process for new Docker images. There are three types of builds possible - a Docker build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run arbitrary Docker images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the Docker registry specified in the "output" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be created.

-

-Each build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have "output" set can be used to test code or run a verification build.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-CinderVolumeSource represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet.

\ No newline at end of file

deleted file mode 100644

@@ -1,3 +0,0 @@

-Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.

-

-A deployment is "triggered" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The "strategy"determines how the deployment is carried out and may be changed at any time.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-A deployment log is a virtual resource used by the OpenShift client tool for retrieving the logs for a deployment.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-DownwardAPIVolumeFile represents a single file containing information from the downward API

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-DownwardAPIVolumeSource represents a volume containing downward API info

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-FSGroupStrategyOptions is the strategy that will dictate what fs group is used by the SecurityContext.

deleted file mode 100644

@@ -1 +0,0 @@

-IDRange provides a min/max of an allowed range of IDs.

deleted file mode 100644

@@ -1,8 +0,0 @@

-ImageSource is used to describe build source that will be extracted from an image. A reference of

-type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified

-to pull the image from an external registry or override the default service account secret if pulling

-from the internal registry. A list of paths to copy from the image and their respective destination

-within the build directory must be specified in the paths array.

-

-EXPERIMENTAL.  This will be changing to an array of images in the near future and no migration/compatibility 

-will be provided.  Use at your own risk.

\ No newline at end of file

deleted file mode 100644

@@ -1,3 +0,0 @@

-ImageSourcePath specifies the absolute path of a file or directory within a source image

-to be copied to a relative directory of the build home. If a source directory is specified, all 

-files and directories under that directory are copied from the image.

deleted file mode 100644

@@ -1,4 +0,0 @@

-The image stream import resource provides an easy way for a user to find and import Docker images from other Docker registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.

-

-This API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.

-

deleted file mode 100644

@@ -1 +0,0 @@

-Local Resource Access Reviews are objects that allow you to determine which users and groups can perform a given action in a given namespace.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-Local Subject Access Reviews are objects that allow you to determine whether a given user or group can perform a particular action in a given namespace.  Leaving `user` and `groups` empty allows you determine whether the identity making the request can perform the action.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-NetNamespace represents a segregated network namespace for an entire cluster. When a group of pods, or a project, or a group of projects get a NetNamespace assigned then the openshift-sdn's multitenant plugin ensures network layer isolation of traffic from other NetNamespaces.

deleted file mode 100644

@@ -1 +0,0 @@

-NetNamespaceList represents a list of NetNamespace objects. NetNamespace catpures information about a segregated network namespace for an entire cluster. When a group of pods, or a project, or a group of projects get a NetNamespace assigned then the openshift-sdn's multitenant plugin ensures network layer isolation of traffic from other NetNamespaces.

deleted file mode 100644

@@ -1 +0,0 @@

-Nodes represent the machines that run the pods and containers in the cluster. A node resource is typically created and modified by the software running on the node - reporting information about capacity and the current health of the node. The labels of the node can be used by pods to specify a subset of the cluster to be scheduled on. The scheduler will only assign pods to nodes that have the `schedulable` condition set and also `ready`.

\ No newline at end of file

deleted file mode 100644

@@ -1,3 +0,0 @@

-A Persistent Volume (PV) is a storage device that is made available for use by applications by an administrator. When a user requests persistent storage be allocated for a pod, they create a persistent volume claim with the size and type of storage they need. The system will look for persistent volumes that match that claim and, if one is available, it will assign that persistent volume to the claim. Information about the volume (type, location, secrets necessary to use it) will be available to the claim and the claim may then be used from a pod as a volume source.

-

-Deleting a persistent volume removes the cluster's record of the volume, and may result in automated processes destroying the underlying network store.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-Persistent Volume Claims (PVC) represent a request to use a persistent volume (PV) with a pod. When creating a pod  definition (or replication controller or deployment config) a developer may specify the amount of storage they need via a persistent volume reference. If an administrator has enabled and configured persistent volumes for use, they will be allocated on demand to pods that have similar requirements. Since volumes are created lazily, some pods  may be scheduled to a node before their volume is assigned. The node will detect this situation and wait to start the pod until the volume is bound. Events will be generated (visible by using the `describe` command on the pod) that indicate the pod is waiting for volumes.

\ No newline at end of file

deleted file mode 100644

@@ -1,3 +0,0 @@

-A pod corresponds to a group of containers running together on the same machine. All containers in a pod share an IP address, and may have access to shared volumes and local fileystem. Like individual application containers, pods are considered to be relatively ephemeral rather than durable entities. Pods are scheduled to nodes and remain there until termination (according to restart policy) or deletion. When a node dies, the pods scheduled to that node are deleted. Specific pods are never rescheduled to new nodes; instead, they must be replaced by a component like the replication controller.

-

-See link:https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/pods.md[the Kubernetes pod documentation] for more information.

deleted file mode 100644

@@ -1 +0,0 @@

-Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.

\ No newline at end of file

deleted file mode 100644

@@ -1 +0,0 @@

-SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting.

deleted file mode 100644

@@ -1 +0,0 @@

-A SecretSpec specifies a secret and its corresponding mount point for a custom builder. The specified secret must be assigned to the service account that will run the build.

deleted file mode 100644

@@ -1,7 +0,0 @@

-A Service is an abstraction which defines a logical set of Pods and a policy by which to access them - sometimes called a micro-service. The set of Pods targeted by a Service is (usually) determined by a Label selector. Services broadly fall into two types - those that load balance a set of Pods and hide which Pod a client talks to (clusterIP set to an IP address), and those where clients want to talk to the individual member pods directly (clusterIP set to 'None', also known as 'headless'services). The cluster IP of a service is exposed as an environment variable in each pod in the same namespace.

-

-Services may be exposed only inside the cluster (type ClusterIP), inside the cluster and on a high port on each node (type NodePort), or exposed to a load balancer via the hosting cloud infrastructure (type LoadBalancer). Services with a ClusterIP may choose to map the ports available on the ClusterIP to different ports on the pods. Each service has a DNS entry of the form `<name>.<namespace>.svc.cluster.local` that will be valid from other pods in the cluster.

-

-If the selector for pods is not specified, the service endpoints may be managed by the client directly. Update the endpoint resource to program the service - this can be used to inject external network services into a namsepace.

-

-See link:https://github.com/kubernetes/kubernetes/blob/master/docs/user-guide/services.md[the Kubernetes service documentation] for more information.

deleted file mode 100644

@@ -1 +0,0 @@

-SupplementalGroupsStrategyOptions is the strategy that will dictate what supplemental groups are used by the SecurityContext.

deleted file mode 100644

@@ -1 +0,0 @@

-Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it.

\ No newline at end of file

deleted file mode 100644

@@ -1,7 +0,0 @@

-Scale is a subresource representing the current "scale" of certain objects, such as

-ReplicationControllers and DeploymentConfigs.  It may be checked to determine the current

-replica count of these objects, or updated to set the replica count of these objects.

-

-In the case of ReplicationControllers, this directly reflects the scale the ReplicationController.

-For DeploymentConfigs, it reflects the scale of the deployment(s), or, if none are present, the

-scale of the DeploymentConfig's template.

deleted file mode 120000

@@ -1 +0,0 @@

-../../definitions/v1.persistentvolumeclaim/description.adoc

\ No newline at end of file

@@ -65,7 +65,9 @@ message Build {

   optional BuildStatus status = 3;

 }

-// BuildConfig is a template which can be used to create new builds.

+// Build configurations define a build process for new Docker images. There are three types of builds possible - a Docker build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary Docker images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the Docker registry specified in the "output" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.

+// 

+// Each build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have "output" set can be used to test code or run a verification build.

 message BuildConfig {

   // metadata for BuildConfig.

   optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;

@@ -642,7 +644,11 @@ message ImageChangeTrigger {

   optional k8s.io.kubernetes.pkg.api.v1.ObjectReference from = 2;

 }

-// ImageSource describes an image that is used as source for the build

+// ImageSource is used to describe build source that will be extracted from an image. A reference of

+// type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified

+// to pull the image from an external registry or override the default service account secret if pulling

+// from the internal registry. A list of paths to copy from the image and their respective destination

+// within the build directory must be specified in the paths array.

 message ImageSource {

   // from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to

   // copy source from.

@@ -42,7 +42,7 @@ func (Build) SwaggerDoc() map[string]string {

 }

 var map_BuildConfig = map[string]string{

-	"":         "BuildConfig is a template which can be used to create new builds.",

+	"":         "Build configurations define a build process for new Docker images. There are three types of builds possible - a Docker build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary Docker images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the Docker registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.",

 	"metadata": "metadata for BuildConfig.",

 	"spec":     "spec holds all the input necessary to produce a new build, and the conditions when to trigger them.",

 	"status":   "status holds any relevant information about a build config",

@@ -362,7 +362,7 @@ func (ImageChangeTrigger) SwaggerDoc() map[string]string {

 }

 var map_ImageSource = map[string]string{

-	"":           "ImageSource describes an image that is used as source for the build",

+	"":           "ImageSource is used to describe build source that will be extracted from an image. A reference of type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified to pull the image from an external registry or override the default service account secret if pulling from the internal registry. A list of paths to copy from the image and their respective destination within the build directory must be specified in the paths array.",

 	"from":       "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.",

 	"paths":      "paths is a list of source and destination paths to copy from the image.",

 	"pullSecret": "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.",

@@ -255,7 +255,11 @@ type BuildSource struct {

 	Secrets []SecretBuildSource `json:"secrets,omitempty" protobuf:"bytes,8,rep,name=secrets"`

 }

-// ImageSource describes an image that is used as source for the build

+// ImageSource is used to describe build source that will be extracted from an image. A reference of

+// type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified

+// to pull the image from an external registry or override the default service account secret if pulling

+// from the internal registry. A list of paths to copy from the image and their respective destination

+// within the build directory must be specified in the paths array.

 type ImageSource struct {

 	// from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to

 	// copy source from.

@@ -611,7 +615,9 @@ type BuildOutput struct {

 	PushSecret *kapi.LocalObjectReference `json:"pushSecret,omitempty" protobuf:"bytes,2,opt,name=pushSecret"`

 }

-// BuildConfig is a template which can be used to create new builds.

+// Build configurations define a build process for new Docker images. There are three types of builds possible - a Docker build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary Docker images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the Docker registry specified in the "output" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.

+//

+// Each build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have "output" set can be used to test code or run a verification build.

 type BuildConfig struct {

 	unversioned.TypeMeta `json:",inline"`

 	// metadata for BuildConfig.

@@ -43,10 +43,15 @@ message DeploymentCauseImageTrigger {

   optional k8s.io.kubernetes.pkg.api.v1.ObjectReference from = 1;

 }

-// DeploymentConfig represents a configuration for a single deployment (represented as a

-// ReplicationController). It also contains details about changes which resulted in the current

-// state of the DeploymentConfig. Each change to the DeploymentConfig which should result in

-// a new deployment results in an increment of LatestVersion.

+// Deployment Configs define the template for a pod and manages deploying new images or configuration changes.

+// A single deployment configuration is usually analogous to a single micro-service. Can support many different

+// deployment patterns, including full restart, customizable rolling updates, and  fully custom behaviors, as

+// well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.

+// 

+// A deployment is "triggered" when its configuration is changed or a tag in an Image Stream is changed.

+// Triggers can be disabled to allow manual control over a deployment. The "strategy" determines how the deployment

+// is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment

+// is triggered by any means.

 message DeploymentConfig {

   // Standard object's metadata.

   optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;

@@ -36,7 +36,7 @@ func (DeploymentCauseImageTrigger) SwaggerDoc() map[string]string {

 }

 var map_DeploymentConfig = map[string]string{

-	"":         "DeploymentConfig represents a configuration for a single deployment (represented as a ReplicationController). It also contains details about changes which resulted in the current state of the DeploymentConfig. Each change to the DeploymentConfig which should result in a new deployment results in an increment of LatestVersion.",

+	"":         "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and  fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.",

 	"metadata": "Standard object's metadata.",

 	"spec":     "Spec represents a desired deployment state and how to deploy to it.",

 	"status":   "Status represents the current deployment state.",

@@ -238,10 +238,15 @@ const (

 // +genclient=true

-// DeploymentConfig represents a configuration for a single deployment (represented as a

-// ReplicationController). It also contains details about changes which resulted in the current

-// state of the DeploymentConfig. Each change to the DeploymentConfig which should result in

-// a new deployment results in an increment of LatestVersion.

+// Deployment Configs define the template for a pod and manages deploying new images or configuration changes.

+// A single deployment configuration is usually analogous to a single micro-service. Can support many different

+// deployment patterns, including full restart, customizable rolling updates, and  fully custom behaviors, as

+// well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.

+//

+// A deployment is "triggered" when its configuration is changed or a tag in an Image Stream is changed.

+// Triggers can be disabled to allow manual control over a deployment. The "strategy" determines how the deployment

+// is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment

+// is triggered by any means.

 type DeploymentConfig struct {

 	unversioned.TypeMeta `json:",inline"`

 	// Standard object's metadata.

@@ -172,7 +172,14 @@ message ImageStreamImage {

   optional Image image = 2;

 }

-// ImageStreamImport imports an image from remote repositories into OpenShift.

+// The image stream import resource provides an easy way for a user to find and import Docker images

+// from other Docker registries into the server. Individual images or an entire image repository may

+// be imported, and users may choose to see the results of the import prior to tagging the resulting

+// images into the specified image stream.

+// 

+// This API is intended for end-user tools that need to see the metadata of the image prior to import

+// (for instance, to generate an application from it). Clients that know the desired image can continue

+// to create spec.tags directly into their image streams.

 message ImageStreamImport {

   // Standard object's metadata.

   optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;

@@ -119,7 +119,7 @@ func (ImageStreamImage) SwaggerDoc() map[string]string {

 }

 var map_ImageStreamImport = map[string]string{

-	"":         "ImageStreamImport imports an image from remote repositories into OpenShift.",

+	"":         "The image stream import resource provides an easy way for a user to find and import Docker images from other Docker registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.",

 	"metadata": "Standard object's metadata.",

 	"spec":     "Spec is a description of the images that the user wishes to import",

 	"status":   "Status is the the result of importing the image",

@@ -314,7 +314,14 @@ type DockerImageReference struct {

 	ID string `protobuf:"bytes,5,opt,name=iD"`

 }

-// ImageStreamImport imports an image from remote repositories into OpenShift.

+// The image stream import resource provides an easy way for a user to find and import Docker images

+// from other Docker registries into the server. Individual images or an entire image repository may

+// be imported, and users may choose to see the results of the import prior to tagging the resulting

+// images into the specified image stream.

+//

+// This API is intended for end-user tools that need to see the metadata of the image prior to import

+// (for instance, to generate an application from it). Clients that know the desired image can continue

+// to create spec.tags directly into their image streams.

 type ImageStreamImport struct {

 	unversioned.TypeMeta `json:",inline"`

 	// Standard object's metadata.

@@ -13,7 +13,18 @@ import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";

 // Package-wide variables from generator "generated".

 option go_package = "v1";

-// Project is a logical top-level container for a set of origin resources

+// Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members,

+// a quota on the resources that the project may consume, and the security controls on the resources in

+// the project. Within a project, members may have different roles - project administrators can set

+// membership, editors can create and manage the resources, and viewers can see but not access running

+// containers. In a normal cluster project administrators are not able to alter their quotas - that is

+// restricted to cluster administrators.

+// 

+// Listing or watching projects will return only projects the user has the reader role on.

+// 

+// An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed

+// as editable to end users while namespaces are not. Direct creation of a project is typically restricted

+// to administrators, while end users should use the requestproject resource.

 message Project {

   // Standard object's metadata.

   optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;

@@ -6,7 +6,7 @@ package v1

 // ==== DO NOT EDIT THIS FILE MANUALLY ====

 var map_Project = map[string]string{

-	"":         "Project is a logical top-level container for a set of origin resources",

+	"":         "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.",

 	"metadata": "Standard object's metadata.",

 	"spec":     "Spec defines the behavior of the Namespace.",

 	"status":   "Status describes the current status of a Namespace",

@@ -33,7 +33,18 @@ type ProjectStatus struct {

 // +genclient=true

-// Project is a logical top-level container for a set of origin resources

+// Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members,

+// a quota on the resources that the project may consume, and the security controls on the resources in

+// the project. Within a project, members may have different roles - project administrators can set

+// membership, editors can create and manage the resources, and viewers can see but not access running

+// containers. In a normal cluster project administrators are not able to alter their quotas - that is

+// restricted to cluster administrators.

+//

+// Listing or watching projects will return only projects the user has the reader role on.

+//

+// An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed

+// as editable to end users while namespaces are not. Direct creation of a project is typically restricted

+// to administrators, while end users should use the requestproject resource.

 type Project struct {

 	unversioned.TypeMeta `json:",inline"`

 	// Standard object's metadata.

@@ -13,19 +13,35 @@ import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";

 // Package-wide variables from generator "generated".

 option go_package = "v1";

-// Route encapsulates the inputs needed to connect an alias to endpoints.

+// A route allows developers to expose services through an HTTP(S) aware load balancing and proxy

+// layer via a public DNS entry. The route may further specify TLS options and a certificate, or

+// specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An

+// administrator typically configures their router to be visible outside the cluster firewall, and

+// may also add additional security, caching, or traffic controls on the service content. Routers

+// usually talk directly to the service endpoints.

+// 

+// Once a route is created, the `host` field may not be changed. Generally, routers use the oldest

+// route with a given host when resolving conflicts.

+// 

+// Routers are subject to additional customization and may support additional controls via the

+// annotations field.

+// 

+// Because administrators may configure multiple routers, the route status field is used to

+// return information to clients about the names and states of the route under each router.

+// If a client chooses a duplicate name, for instance, the route status conditions are used

+// to indicate the route cannot be chosen.

 message Route {

-  // Standard object's metadata.

+  // Standard object metadata.

   optional k8s.io.kubernetes.pkg.api.v1.ObjectMeta metadata = 1;

-  // Spec is the desired state of the route

+  // spec is the desired state of the route

   optional RouteSpec spec = 2;

-  // Status is the current state of the route

+  // status is the current state of the route

   optional RouteStatus status = 3;

 }

-// RouteIngress holds information about the places where a route is exposed

+// RouteIngress holds information about the places where a route is exposed.

 message RouteIngress {

   // Host is the host string under which the route is exposed; this value is required

   optional string host = 1;

@@ -37,8 +53,8 @@ message RouteIngress {

   repeated RouteIngressCondition conditions = 3;

 }

-// RouteIngressCondition contains details for the current condition of this pod.

-// TODO: add LastTransitionTime, Reason, Message to match NodeCondition api.

+// RouteIngressCondition contains details for the current condition of this route on a particular

+// router.

 message RouteIngressCondition {

   // Type is the type of the condition.

   // Currently only Ready.

@@ -61,10 +77,10 @@ message RouteIngressCondition {

 // RouteList is a collection of Routes.

 message RouteList {

-  // Standard object's metadata.

+  // Standard object metadata.

   optional k8s.io.kubernetes.pkg.api.unversioned.ListMeta metadata = 1;

-  // Items is a list of routes

+  // items is a list of routes

   repeated Route items = 2;

 }

@@ -76,22 +92,34 @@ message RoutePort {

   optional k8s.io.kubernetes.pkg.util.intstr.IntOrString targetPort = 1;

 }

-// RouteSpec describes the route the user wishes to exist.

+// RouteSpec describes the hostname or path the route exposes, any security information,

+// and one or more backends the route points to. Weights on each backend can define

+// the balance of traffic sent to each backend - if all weights are zero the route will

+// be considered to have no backends and return a standard 503 response.

+// 

+// The `tls` field is optional and allows specific certificates or behavior for the

+// route. Routers typically configure a default certificate on a wildcard domain to

+// terminate routes without explicit certificates, but custom hostnames usually must

+// choose passthrough (send traffic directly to the backend via the TLS Server-Name-

+// Indication field) or provide a certificate.

 message RouteSpec {

-  // Host is an alias/DNS that points to the service. Optional

+  // host is an alias/DNS that points to the service. Optional.

+  // If not specified a route name will typically be automatically

+  // chosen.

   // Must follow DNS952 subdomain conventions.

   optional string host = 1;

   // Path that the router watches for, to route traffic for to the service. Optional

   optional string path = 2;

-  // To is an object the route points to. Only the Service kind is allowed, and it will

-  // be defaulted to Service.

+  // to is an object the route should use as the primary backend. Only the Service kind

+  // is allowed, and it will be defaulted to Service. If the weight field is set to zero,

+  // no traffic will be sent to this service.

   optional RouteTargetReference to = 3;

-  // AlternateBackends is an extension of the 'to' field. If more than one service needs to be

+  // alternateBackends is an extension of the 'to' field. If more than one service needs to be

   // pointed to, then use this field. Use the weight field in RouteTargetReference object

-  // to specify relative preference

+  // to specify relative preference. If the weight field is zero, the backend is ignored.

   repeated RouteTargetReference alternateBackends = 4;

   // If specified, the port to be used by the router. Most routers will use all

@@ -99,14 +127,14 @@ message RouteSpec {

   // which port to use.

   optional RoutePort port = 5;

-  // TLS provides the ability to configure certificates and termination for the route

+  // The tls field provides the ability to configure certificates and termination for the route.

   optional TLSConfig tls = 6;

 }

 // RouteStatus provides relevant info about the status of a route, including which routers

 // acknowledge it.

 message RouteStatus {

-  // Ingress describes the places where the route may be exposed. The list of

+  // ingress describes the places where the route may be exposed. The list of

   // ingress points may contain duplicate Host or RouterName values. Routes

   // are considered live once they are `Ready`

   repeated RouteIngress ingress = 1;

@@ -118,10 +146,10 @@ message RouteTargetReference {

   // The kind of target that the route is referring to. Currently, only 'Service' is allowed

   optional string kind = 1;

-  // Name of the service/target that is being referred to. e.g. name of the service

+  // name of the service/target that is being referred to. e.g. name of the service

   optional string name = 2;

-  // Weight as an integer between 1 and 256 that specifies the target's relative weight

+  // weight as an integer between 1 and 256 that specifies the target's relative weight

   // against other target reference objects

   optional int32 weight = 3;

 }

@@ -132,35 +160,38 @@ message RouteTargetReference {

 // Caveat: This is WIP and will likely undergo modifications when sharding

 //         support is added.

 message RouterShard {

-  // ShardName uniquely identifies a router shard in the "set" of

+  // shardName uniquely identifies a router shard in the "set" of

   // routers used for routing traffic to the services.

   optional string shardName = 1;

-  // DNSSuffix for the shard ala: shard-1.v3.openshift.com

+  // dnsSuffix for the shard ala: shard-1.v3.openshift.com

   optional string dnsSuffix = 2;

 }

 // TLSConfig defines config used to secure a route and provide termination

 message TLSConfig {

-  // Termination indicates termination type.

+  // termination indicates termination type.

   optional string termination = 1;

-  // Certificate provides certificate contents

+  // certificate provides certificate contents

   optional string certificate = 2;

-  // Key provides key file contents

+  // key provides key file contents

   optional string key = 3;

-  // CACertificate provides the cert authority certificate contents

+  // caCertificate provides the cert authority certificate contents

   optional string caCertificate = 4;

-  // DestinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt

+  // destinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt

   // termination this file should be provided in order to have routers use it for health checks on the secure connection

   optional string destinationCACertificate = 5;

-  // InsecureEdgeTerminationPolicy indicates the desired behavior for

-  // insecure connections to an edge-terminated route:

-  //   disable, allow or redirect

+  // insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While

+  // each router may make its own decisions on which ports to expose, this is normally port 80.

+  // 

+  // * Allow - traffic is sent to the server on the insecure port (default)

+  // * Disable - no traffic is allowed on the insecure port.

+  // * Redirect - clients are redirected to the secure port.

   optional string insecureEdgeTerminationPolicy = 6;

 }

@@ -6,10 +6,10 @@ package v1

 // ==== DO NOT EDIT THIS FILE MANUALLY ====

 var map_Route = map[string]string{

-	"":         "Route encapsulates the inputs needed to connect an alias to endpoints.",

-	"metadata": "Standard object's metadata.",

-	"spec":     "Spec is the desired state of the route",

-	"status":   "Status is the current state of the route",

+	"":         "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.",

+	"metadata": "Standard object metadata.",

+	"spec":     "spec is the desired state of the route",

+	"status":   "status is the current state of the route",

 }

 func (Route) SwaggerDoc() map[string]string {

@@ -17,7 +17,7 @@ func (Route) SwaggerDoc() map[string]string {

 }

 var map_RouteIngress = map[string]string{

-	"":           "RouteIngress holds information about the places where a route is exposed",

+	"":           "RouteIngress holds information about the places where a route is exposed.",

 	"host":       "Host is the host string under which the route is exposed; this value is required",

 	"routerName": "Name is a name chosen by the router to identify itself; this value is required",

 	"conditions": "Conditions is the state of the route, may be empty.",

@@ -28,7 +28,7 @@ func (RouteIngress) SwaggerDoc() map[string]string {

 }

 var map_RouteIngressCondition = map[string]string{

-	"":                   "RouteIngressCondition contains details for the current condition of this pod.",

+	"":                   "RouteIngressCondition contains details for the current condition of this route on a particular router.",

 	"type":               "Type is the type of the condition. Currently only Ready.",

 	"status":             "Status is the status of the condition. Can be True, False, Unknown.",

 	"reason":             "(brief) reason for the condition's last transition, and is usually a machine and human readable constant",

@@ -42,8 +42,8 @@ func (RouteIngressCondition) SwaggerDoc() map[string]string {

 var map_RouteList = map[string]string{

 	"":         "RouteList is a collection of Routes.",

-	"metadata": "Standard object's metadata.",

-	"items":    "Items is a list of routes",

+	"metadata": "Standard object metadata.",

+	"items":    "items is a list of routes",

 }

 func (RouteList) SwaggerDoc() map[string]string {

@@ -60,13 +60,13 @@ func (RoutePort) SwaggerDoc() map[string]string {

 }

 var map_RouteSpec = map[string]string{

-	"":                  "RouteSpec describes the route the user wishes to exist.",

-	"host":              "Host is an alias/DNS that points to the service. Optional Must follow DNS952 subdomain conventions.",

+	"":                  "RouteSpec describes the hostname or path the route exposes, any security information, and one or more backends the route points to. Weights on each backend can define the balance of traffic sent to each backend - if all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.",

+	"host":              "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.",

 	"path":              "Path that the router watches for, to route traffic for to the service. Optional",

-	"to":                "To is an object the route points to. Only the Service kind is allowed, and it will be defaulted to Service.",

-	"alternateBackends": "AlternateBackends is an extension of the 'to' field. If more than one service needs to be pointed to, then use this field. Use the weight field in RouteTargetReference object to specify relative preference",

+	"to":                "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field is set to zero, no traffic will be sent to this service.",

+	"alternateBackends": "alternateBackends is an extension of the 'to' field. If more than one service needs to be pointed to, then use this field. Use the weight field in RouteTargetReference object to specify relative preference. If the weight field is zero, the backend is ignored.",

 	"port":              "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.",

-	"tls":               "TLS provides the ability to configure certificates and termination for the route",

+	"tls":               "The tls field provides the ability to configure certificates and termination for the route.",

 }

 func (RouteSpec) SwaggerDoc() map[string]string {

@@ -75,7 +75,7 @@ func (RouteSpec) SwaggerDoc() map[string]string {

 var map_RouteStatus = map[string]string{

 	"":        "RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.",

-	"ingress": "Ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`",

+	"ingress": "ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`",

 }

 func (RouteStatus) SwaggerDoc() map[string]string {

@@ -85,8 +85,8 @@ func (RouteStatus) SwaggerDoc() map[string]string {

 var map_RouteTargetReference = map[string]string{

 	"":       "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.",

 	"kind":   "The kind of target that the route is referring to. Currently, only 'Service' is allowed",

-	"name":   "Name of the service/target that is being referred to. e.g. name of the service",

-	"weight": "Weight as an integer between 1 and 256 that specifies the target's relative weight against other target reference objects",

+	"name":   "name of the service/target that is being referred to. e.g. name of the service",

+	"weight": "weight as an integer between 1 and 256 that specifies the target's relative weight against other target reference objects",

 }

 func (RouteTargetReference) SwaggerDoc() map[string]string {

@@ -95,8 +95,8 @@ func (RouteTargetReference) SwaggerDoc() map[string]string {

 var map_RouterShard = map[string]string{

 	"":          "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding\n        support is added.",

-	"shardName": "ShardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.",

-	"dnsSuffix": "DNSSuffix for the shard ala: shard-1.v3.openshift.com",

+	"shardName": "shardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.",

+	"dnsSuffix": "dnsSuffix for the shard ala: shard-1.v3.openshift.com",

 }

 func (RouterShard) SwaggerDoc() map[string]string {

@@ -105,12 +105,12 @@ func (RouterShard) SwaggerDoc() map[string]string {

 var map_TLSConfig = map[string]string{

 	"":                              "TLSConfig defines config used to secure a route and provide termination",

-	"termination":                   "Termination indicates termination type.",

-	"certificate":                   "Certificate provides certificate contents",

-	"key":                           "Key provides key file contents",

-	"caCertificate":                 "CACertificate provides the cert authority certificate contents",

-	"destinationCACertificate":      "DestinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection",

-	"insecureEdgeTerminationPolicy": "InsecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to an edge-terminated route:\n  disable, allow or redirect",

+	"termination":                   "termination indicates termination type.",

+	"certificate":                   "certificate provides certificate contents",

+	"key":                           "key provides key file contents",

+	"caCertificate":                 "caCertificate provides the cert authority certificate contents",

+	"destinationCACertificate":      "destinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection",

+	"insecureEdgeTerminationPolicy": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\n* Allow - traffic is sent to the server on the insecure port (default) * Disable - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.",

 }

 func (TLSConfig) SwaggerDoc() map[string]string {

@@ -8,46 +8,71 @@ import (

 // +genclient=true

-// Route encapsulates the inputs needed to connect an alias to endpoints.

+// A route allows developers to expose services through an HTTP(S) aware load balancing and proxy

+// layer via a public DNS entry. The route may further specify TLS options and a certificate, or

+// specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An

+// administrator typically configures their router to be visible outside the cluster firewall, and

+// may also add additional security, caching, or traffic controls on the service content. Routers

+// usually talk directly to the service endpoints.

+//

+// Once a route is created, the `host` field may not be changed. Generally, routers use the oldest

+// route with a given host when resolving conflicts.

+//

+// Routers are subject to additional customization and may support additional controls via the

+// annotations field.

+//

+// Because administrators may configure multiple routers, the route status field is used to

+// return information to clients about the names and states of the route under each router.

+// If a client chooses a duplicate name, for instance, the route status conditions are used

+// to indicate the route cannot be chosen.

 type Route struct {

 	unversioned.TypeMeta `json:",inline"`

-	// Standard object's metadata.

+	// Standard object metadata.

 	kapi.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

-	// Spec is the desired state of the route

+	// spec is the desired state of the route

 	Spec RouteSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`

-	// Status is the current state of the route

+	// status is the current state of the route

 	Status RouteStatus `json:"status" protobuf:"bytes,3,opt,name=status"`

 }

 // RouteList is a collection of Routes.

 type RouteList struct {

 	unversioned.TypeMeta `json:",inline"`

-	// Standard object's metadata.

+	// Standard object metadata.

 	unversioned.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

-	// Items is a list of routes

+	// items is a list of routes

 	Items []Route `json:"items" protobuf:"bytes,2,rep,name=items"`

 }

-// RouteSpec describes the route the user wishes to exist.

+// RouteSpec describes the hostname or path the route exposes, any security information,

+// and one or more backends the route points to. Weights on each backend can define

+// the balance of traffic sent to each backend - if all weights are zero the route will

+// be considered to have no backends and return a standard 503 response.

+//

+// The `tls` field is optional and allows specific certificates or behavior for the

+// route. Routers typically configure a default certificate on a wildcard domain to

+// terminate routes without explicit certificates, but custom hostnames usually must

+// choose passthrough (send traffic directly to the backend via the TLS Server-Name-

+// Indication field) or provide a certificate.

 type RouteSpec struct {

-	// Ports are the ports that the user wishes to expose.

-	//Ports []RoutePort `json:"ports,omitempty"`

-

-	// Host is an alias/DNS that points to the service. Optional

+	// host is an alias/DNS that points to the service. Optional.

+	// If not specified a route name will typically be automatically

+	// chosen.

 	// Must follow DNS952 subdomain conventions.

 	Host string `json:"host" protobuf:"bytes,1,opt,name=host"`

 	// Path that the router watches for, to route traffic for to the service. Optional

 	Path string `json:"path,omitempty" protobuf:"bytes,2,opt,name=path"`

-	// To is an object the route points to. Only the Service kind is allowed, and it will

-	// be defaulted to Service.

+	// to is an object the route should use as the primary backend. Only the Service kind

+	// is allowed, and it will be defaulted to Service. If the weight field is set to zero,

+	// no traffic will be sent to this service.

 	To RouteTargetReference `json:"to" protobuf:"bytes,3,opt,name=to"`

-	// AlternateBackends is an extension of the 'to' field. If more than one service needs to be

+	// alternateBackends is an extension of the 'to' field. If more than one service needs to be

 	// pointed to, then use this field. Use the weight field in RouteTargetReference object

-	// to specify relative preference

+	// to specify relative preference. If the weight field is zero, the backend is ignored.

 	AlternateBackends []RouteTargetReference `json:"alternateBackends,omitempty" protobuf:"bytes,4,rep,name=alternateBackends"`

 	// If specified, the port to be used by the router. Most routers will use all

@@ -55,7 +80,7 @@ type RouteSpec struct {

 	// which port to use.

 	Port *RoutePort `json:"port,omitempty" protobuf:"bytes,5,opt,name=port"`

-	// TLS provides the ability to configure certificates and termination for the route

+	// The tls field provides the ability to configure certificates and termination for the route.

 	TLS *TLSConfig `json:"tls,omitempty" protobuf:"bytes,6,opt,name=tls"`

 }

@@ -65,10 +90,10 @@ type RouteTargetReference struct {

 	// The kind of target that the route is referring to. Currently, only 'Service' is allowed

 	Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"`

-	// Name of the service/target that is being referred to. e.g. name of the service

+	// name of the service/target that is being referred to. e.g. name of the service

 	Name string `json:"name" protobuf:"bytes,2,opt,name=name"`

-	// Weight as an integer between 1 and 256 that specifies the target's relative weight

+	// weight as an integer between 1 and 256 that specifies the target's relative weight

 	// against other target reference objects

 	Weight *int32 `json:"weight" protobuf:"varint,3,opt,name=weight"`

 }

@@ -84,13 +109,13 @@ type RoutePort struct {

 // RouteStatus provides relevant info about the status of a route, including which routers

 // acknowledge it.

 type RouteStatus struct {

-	// Ingress describes the places where the route may be exposed. The list of

+	// ingress describes the places where the route may be exposed. The list of

 	// ingress points may contain duplicate Host or RouterName values. Routes

 	// are considered live once they are `Ready`

 	Ingress []RouteIngress `json:"ingress" protobuf:"bytes,1,rep,name=ingress"`

 }

-// RouteIngress holds information about the places where a route is exposed

+// RouteIngress holds information about the places where a route is exposed.

 type RouteIngress struct {

 	// Host is the host string under which the route is exposed; this value is required

 	Host string `json:"host,omitempty" protobuf:"bytes,1,opt,name=host"`

@@ -110,8 +135,8 @@ const (

 	// TODO: add other route condition types

 )

-// RouteIngressCondition contains details for the current condition of this pod.

-// TODO: add LastTransitionTime, Reason, Message to match NodeCondition api.

+// RouteIngressCondition contains details for the current condition of this route on a particular

+// router.

 type RouteIngressCondition struct {

 	// Type is the type of the condition.

 	// Currently only Ready.

@@ -134,35 +159,38 @@ type RouteIngressCondition struct {

 // Caveat: This is WIP and will likely undergo modifications when sharding

 //         support is added.

 type RouterShard struct {

-	// ShardName uniquely identifies a router shard in the "set" of

+	// shardName uniquely identifies a router shard in the "set" of

 	// routers used for routing traffic to the services.

 	ShardName string `json:"shardName" protobuf:"bytes,1,opt,name=shardName"`

-	// DNSSuffix for the shard ala: shard-1.v3.openshift.com

+	// dnsSuffix for the shard ala: shard-1.v3.openshift.com

 	DNSSuffix string `json:"dnsSuffix" protobuf:"bytes,2,opt,name=dnsSuffix"`

 }

 // TLSConfig defines config used to secure a route and provide termination

 type TLSConfig struct {

-	// Termination indicates termination type.

+	// termination indicates termination type.

 	Termination TLSTerminationType `json:"termination" protobuf:"bytes,1,opt,name=termination,casttype=TLSTerminationType"`

-	// Certificate provides certificate contents

+	// certificate provides certificate contents

 	Certificate string `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"`

-	// Key provides key file contents

+	// key provides key file contents

 	Key string `json:"key,omitempty" protobuf:"bytes,3,opt,name=key"`

-	// CACertificate provides the cert authority certificate contents

+	// caCertificate provides the cert authority certificate contents

 	CACertificate string `json:"caCertificate,omitempty" protobuf:"bytes,4,opt,name=caCertificate"`

-	// DestinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt

+	// destinationCACertificate provides the contents of the ca certificate of the final destination.  When using reencrypt

 	// termination this file should be provided in order to have routers use it for health checks on the secure connection

 	DestinationCACertificate string `json:"destinationCACertificate,omitempty" protobuf:"bytes,5,opt,name=destinationCACertificate"`

-	// InsecureEdgeTerminationPolicy indicates the desired behavior for

-	// insecure connections to an edge-terminated route:

-	//   disable, allow or redirect

+	// insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While

+	// each router may make its own decisions on which ports to expose, this is normally port 80.

+	//

+	// * Allow - traffic is sent to the server on the insecure port (default)

+	// * Disable - no traffic is allowed on the insecure port.

+	// * Redirect - clients are redirected to the secure port.

 	InsecureEdgeTerminationPolicy InsecureEdgeTerminationPolicyType `json:"insecureEdgeTerminationPolicy,omitempty" protobuf:"bytes,6,opt,name=insecureEdgeTerminationPolicy,casttype=InsecureEdgeTerminationPolicyType"`

 }

@@ -31,7 +31,11 @@ message GroupList {

   repeated Group items = 2;

 }

-// Identity records a successful authentication of a user with an identity provider