updated vendor
This commit is contained in:
+35
-29
@@ -30,19 +30,19 @@ option go_package = "k8s.io/api/authentication/v1";
|
||||
|
||||
// BoundObjectReference is a reference to an object that a token is bound to.
|
||||
message BoundObjectReference {
|
||||
// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
|
||||
// kind of the referent. Valid kinds are 'Pod' and 'Secret'.
|
||||
// +optional
|
||||
optional string kind = 1;
|
||||
|
||||
// API version of the referent.
|
||||
// apiVersion is API version of the referent.
|
||||
// +optional
|
||||
optional string apiVersion = 2;
|
||||
|
||||
// Name of the referent.
|
||||
// name of the referent.
|
||||
// +optional
|
||||
optional string name = 3;
|
||||
|
||||
// UID of the referent.
|
||||
// uid of the referent.
|
||||
// +optional
|
||||
optional string uID = 4;
|
||||
}
|
||||
@@ -60,55 +60,58 @@ message ExtraValue {
|
||||
// When using impersonation, users will receive the user info of the user being impersonated. If impersonation or
|
||||
// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
|
||||
message SelfSubjectReview {
|
||||
// Standard object's metadata.
|
||||
// metadata is standard object's metadata.
|
||||
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
// +optional
|
||||
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
|
||||
|
||||
// Status is filled in by the server with the user attributes.
|
||||
// status is filled in by the server with the user attributes.
|
||||
// +optional
|
||||
optional SelfSubjectReviewStatus status = 2;
|
||||
}
|
||||
|
||||
// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
|
||||
message SelfSubjectReviewStatus {
|
||||
// User attributes of the user making this request.
|
||||
// userInfo is a set of attributes belonging to the user making this request.
|
||||
// +optional
|
||||
optional UserInfo userInfo = 1;
|
||||
}
|
||||
|
||||
// TokenRequest requests a token for a given service account.
|
||||
message TokenRequest {
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
// +optional
|
||||
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
|
||||
|
||||
// Spec holds information about the request being evaluated
|
||||
// spec holds information about the request being evaluated
|
||||
// +optional
|
||||
optional TokenRequestSpec spec = 2;
|
||||
|
||||
// Status is filled in by the server and indicates whether the token can be authenticated.
|
||||
// status is filled in by the server and indicates whether the token can be authenticated.
|
||||
// +optional
|
||||
optional TokenRequestStatus status = 3;
|
||||
}
|
||||
|
||||
// TokenRequestSpec contains client provided parameters of a token request.
|
||||
message TokenRequestSpec {
|
||||
// Audiences are the intendend audiences of the token. A recipient of a
|
||||
// audiences are the intendend audiences of the token. A recipient of a
|
||||
// token must identify themself with an identifier in the list of
|
||||
// audiences of the token, and otherwise should reject the token. A
|
||||
// token issued for multiple audiences may be used to authenticate
|
||||
// against any of the audiences listed but implies a high degree of
|
||||
// trust between the target audiences.
|
||||
// +optional
|
||||
// +listType=atomic
|
||||
repeated string audiences = 1;
|
||||
|
||||
// ExpirationSeconds is the requested duration of validity of the request. The
|
||||
// expirationSeconds is the requested duration of validity of the request. The
|
||||
// token issuer may return a token with a different validity duration so a
|
||||
// client needs to check the 'expiration' field in a response.
|
||||
// +optional
|
||||
optional int64 expirationSeconds = 4;
|
||||
|
||||
// BoundObjectRef is a reference to an object that the token will be bound to.
|
||||
// boundObjectRef is a reference to an object that the token will be bound to.
|
||||
// The token will only be valid for as long as the bound object exists.
|
||||
// NOTE: The API server's TokenReview endpoint will validate the
|
||||
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
|
||||
@@ -119,10 +122,12 @@ message TokenRequestSpec {
|
||||
|
||||
// TokenRequestStatus is the result of a token request.
|
||||
message TokenRequestStatus {
|
||||
// Token is the opaque bearer token.
|
||||
// token is the opaque bearer token.
|
||||
// +optional
|
||||
optional string token = 1;
|
||||
|
||||
// ExpirationTimestamp is the time of expiration of the returned token.
|
||||
// expirationTimestamp is the time of expiration of the returned token.
|
||||
// +optional
|
||||
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2;
|
||||
}
|
||||
|
||||
@@ -130,26 +135,27 @@ message TokenRequestStatus {
|
||||
// Note: TokenReview requests may be cached by the webhook token authenticator
|
||||
// plugin in the kube-apiserver.
|
||||
message TokenReview {
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
|
||||
// +optional
|
||||
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
|
||||
|
||||
// Spec holds information about the request being evaluated
|
||||
// spec holds information about the request being evaluated
|
||||
// +required
|
||||
optional TokenReviewSpec spec = 2;
|
||||
|
||||
// Status is filled in by the server and indicates whether the request can be authenticated.
|
||||
// status is filled in by the server and indicates whether the request can be authenticated.
|
||||
// +optional
|
||||
optional TokenReviewStatus status = 3;
|
||||
}
|
||||
|
||||
// TokenReviewSpec is a description of the token authentication request.
|
||||
message TokenReviewSpec {
|
||||
// Token is the opaque bearer token.
|
||||
// +optional
|
||||
// token is the opaque bearer token.
|
||||
// +required
|
||||
optional string token = 1;
|
||||
|
||||
// Audiences is a list of the identifiers that the resource server presented
|
||||
// audiences is a list of the identifiers that the resource server presented
|
||||
// with the token identifies as. Audience-aware token authenticators will
|
||||
// verify that the token was intended for at least one of the audiences in
|
||||
// this list. If no audiences are provided, the audience will default to the
|
||||
@@ -161,15 +167,15 @@ message TokenReviewSpec {
|
||||
|
||||
// TokenReviewStatus is the result of the token authentication request.
|
||||
message TokenReviewStatus {
|
||||
// Authenticated indicates that the token was associated with a known user.
|
||||
// authenticated indicates that the token was associated with a known user.
|
||||
// +optional
|
||||
optional bool authenticated = 1;
|
||||
|
||||
// User is the UserInfo associated with the provided token.
|
||||
// user is the UserInfo associated with the provided token.
|
||||
// +optional
|
||||
optional UserInfo user = 2;
|
||||
|
||||
// Audiences are audience identifiers chosen by the authenticator that are
|
||||
// audiences are audience identifiers chosen by the authenticator that are
|
||||
// compatible with both the TokenReview and token. An identifier is any
|
||||
// identifier in the intersection of the TokenReviewSpec audiences and the
|
||||
// token's audiences. A client of the TokenReview API that sets the
|
||||
@@ -182,7 +188,7 @@ message TokenReviewStatus {
|
||||
// +listType=atomic
|
||||
repeated string audiences = 4;
|
||||
|
||||
// Error indicates that the token couldn't be checked
|
||||
// error indicates that the token couldn't be checked
|
||||
// +optional
|
||||
optional string error = 3;
|
||||
}
|
||||
@@ -190,22 +196,22 @@ message TokenReviewStatus {
|
||||
// UserInfo holds the information about the user needed to implement the
|
||||
// user.Info interface.
|
||||
message UserInfo {
|
||||
// The name that uniquely identifies this user among all active users.
|
||||
// username is the name that uniquely identifies this user among all active users.
|
||||
// +optional
|
||||
optional string username = 1;
|
||||
|
||||
// A unique value that identifies this user across time. If this user is
|
||||
// uid is a unique value that identifies this user across time. If this user is
|
||||
// deleted and another user by the same name is added, they will have
|
||||
// different UIDs.
|
||||
// +optional
|
||||
optional string uid = 2;
|
||||
|
||||
// The names of groups this user is a part of.
|
||||
// groups is the names of groups this user is a part of.
|
||||
// +optional
|
||||
// +listType=atomic
|
||||
repeated string groups = 3;
|
||||
|
||||
// Any additional information provided by the authenticator.
|
||||
// extra is any additional information provided by the authenticator.
|
||||
// +optional
|
||||
map<string, ExtraValue> extra = 4;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user