mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #73439 from cceckman/object
Fix typo, and note BoundObjectRef isn't always checked
This commit is contained in:
commit
b9565bc98b
@ -135,7 +135,10 @@ type TokenRequestSpec struct {
|
|||||||
ExpirationSeconds int64
|
ExpirationSeconds int64
|
||||||
|
|
||||||
// BoundObjectRef is a reference to an object that the token will be bound to.
|
// BoundObjectRef is a reference to an object that the token will be bound to.
|
||||||
// The token will only be valid for as long as the bound objet exists.
|
// The token will only be valid for as long as the bound object exists.
|
||||||
|
// NOTE: The API server's TokenReview endpoint will validate the
|
||||||
|
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
|
||||||
|
// small if you want prompt revocation.
|
||||||
BoundObjectRef *BoundObjectReference
|
BoundObjectRef *BoundObjectReference
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -84,7 +84,10 @@ message TokenRequestSpec {
|
|||||||
optional int64 expirationSeconds = 4;
|
optional int64 expirationSeconds = 4;
|
||||||
|
|
||||||
// BoundObjectRef is a reference to an object that the token will be bound to.
|
// BoundObjectRef is a reference to an object that the token will be bound to.
|
||||||
// The token will only be valid for as long as the bound objet exists.
|
// The token will only be valid for as long as the bound object exists.
|
||||||
|
// NOTE: The API server's TokenReview endpoint will validate the
|
||||||
|
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
|
||||||
|
// small if you want prompt revocation.
|
||||||
// +optional
|
// +optional
|
||||||
optional BoundObjectReference boundObjectRef = 3;
|
optional BoundObjectReference boundObjectRef = 3;
|
||||||
}
|
}
|
||||||
|
@ -155,7 +155,10 @@ type TokenRequestSpec struct {
|
|||||||
ExpirationSeconds *int64 `json:"expirationSeconds" protobuf:"varint,4,opt,name=expirationSeconds"`
|
ExpirationSeconds *int64 `json:"expirationSeconds" protobuf:"varint,4,opt,name=expirationSeconds"`
|
||||||
|
|
||||||
// BoundObjectRef is a reference to an object that the token will be bound to.
|
// BoundObjectRef is a reference to an object that the token will be bound to.
|
||||||
// The token will only be valid for as long as the bound objet exists.
|
// The token will only be valid for as long as the bound object exists.
|
||||||
|
// NOTE: The API server's TokenReview endpoint will validate the
|
||||||
|
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
|
||||||
|
// small if you want prompt revocation.
|
||||||
// +optional
|
// +optional
|
||||||
BoundObjectRef *BoundObjectReference `json:"boundObjectRef" protobuf:"bytes,3,opt,name=boundObjectRef"`
|
BoundObjectRef *BoundObjectReference `json:"boundObjectRef" protobuf:"bytes,3,opt,name=boundObjectRef"`
|
||||||
}
|
}
|
||||||
|
@ -51,7 +51,7 @@ var map_TokenRequestSpec = map[string]string{
|
|||||||
"": "TokenRequestSpec contains client provided parameters of a token request.",
|
"": "TokenRequestSpec contains client provided parameters of a token request.",
|
||||||
"audiences": "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
|
"audiences": "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
|
||||||
"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.",
|
"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.",
|
||||||
"boundObjectRef": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound objet exists.",
|
"boundObjectRef": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.",
|
||||||
}
|
}
|
||||||
|
|
||||||
func (TokenRequestSpec) SwaggerDoc() map[string]string {
|
func (TokenRequestSpec) SwaggerDoc() map[string]string {
|
||||||
|
Loading…
Reference in New Issue
Block a user