Merge pull request #73439 from cceckman/object

Fix typo, and note BoundObjectRef isn't always checked
2025-07-23 19:56:01 +00:00 · 2019-02-21 16:27:33 -08:00 · 2019-02-21 16:27:33 -08:00 · b9565bc98b
commit b9565bc98b
parent f7a6b0a860 492348c84b
4 changed files with 13 additions and 4 deletions
--- a/pkg/apis/authentication/types.go
+++ b/pkg/apis/authentication/types.go
@ -135,7 +135,10 @@ type TokenRequestSpec struct {
 	ExpirationSeconds int64
 	// BoundObjectRef is a reference to an object that the token will be bound to.
-	// The token will only be valid for as long as the bound objet exists.
+	// The token will only be valid for as long as the bound object exists.
 	// NOTE: The API server's TokenReview endpoint will validate the
 	// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
 	// small if you want prompt revocation.
 	BoundObjectRef *BoundObjectReference
 }
--- a/staging/src/k8s.io/api/authentication/v1/generated.proto
+++ b/staging/src/k8s.io/api/authentication/v1/generated.proto
@ -84,7 +84,10 @@ message TokenRequestSpec {
  optional int64 expirationSeconds = 4;
  // BoundObjectRef is a reference to an object that the token will be bound to.
-  // The token will only be valid for as long as the bound objet exists.
+  // The token will only be valid for as long as the bound object exists.
  // NOTE: The API server's TokenReview endpoint will validate the
  // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
  // small if you want prompt revocation.
  // +optional
  optional BoundObjectReference boundObjectRef = 3;
 }
--- a/staging/src/k8s.io/api/authentication/v1/types.go
+++ b/staging/src/k8s.io/api/authentication/v1/types.go
@ -155,7 +155,10 @@ type TokenRequestSpec struct {
 	ExpirationSeconds *int64 `json:"expirationSeconds" protobuf:"varint,4,opt,name=expirationSeconds"`
 	// BoundObjectRef is a reference to an object that the token will be bound to.
-	// The token will only be valid for as long as the bound objet exists.
+	// The token will only be valid for as long as the bound object exists.
 	// NOTE: The API server's TokenReview endpoint will validate the
 	// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
 	// small if you want prompt revocation.
 	// +optional
 	BoundObjectRef *BoundObjectReference `json:"boundObjectRef" protobuf:"bytes,3,opt,name=boundObjectRef"`
 }
--- a/staging/src/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/authentication/v1/types_swagger_doc_generated.go
@ -51,7 +51,7 @@ var map_TokenRequestSpec = map[string]string{
 	"":                  "TokenRequestSpec contains client provided parameters of a token request.",
 	"audiences":         "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
 	"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.",
-	"boundObjectRef":    "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound objet exists.",
+	"boundObjectRef":    "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.",
 }
 func (TokenRequestSpec) SwaggerDoc() map[string]string {