github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-31 15:25:57 +00:00
Code Issues Projects Releases Wiki Activity

Fix typo, and note when BoundObjectRef isn't checked

Browse Source 
- s/objet/object/
- A relying party (validating a token) may not have access to the
  resource named in the `BoundObjectRef`; only the API server can be asserted to
  have access.
  Note this in the field's documentation.
This commit is contained in:
Charles Eckman 2019-01-28 15:27:02 -08:00
parent 8e05f0904b
commit 48f7f6fb67
No known key found for this signature in database
GPG Key ID: 3949B487F3C98967
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/apis/authentication/types.go
View File

@ -135,7 +135,9 @@ type TokenRequestSpec struct {
ExpirationSeconds int64
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound objet exists.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server will validate the BoundObjectRef, but other audiences
// may not. Keep ExpirationSeconds small if you want prompt revocation.
BoundObjectRef *BoundObjectReference
}