rancher/norman
1
0
Fork 0
mirror of https://github.com/rancher/norman.git synced 2025-09-20 10:41:04 +00:00
Code Issues Releases Wiki Activity

Switch to go modules

Browse Source
This commit is contained in:
Darren Shepherd
2019-08-19 10:03:03 -07:00
parent 07c964e242
commit 40212fa263
5606 changed files with 263147 additions and 766229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
vendor/k8s.io/api/authentication/v1/generated.proto generated vendored
View File

@@ -84,7 +84,10 @@ message TokenRequestSpec {
optional int64 expirationSeconds = 4;
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound objet exists.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server's TokenReview endpoint will validate the
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
// small if you want prompt revocation.
// +optional
optional BoundObjectReference boundObjectRef = 3;
}
@@ -118,6 +121,14 @@ message TokenReviewSpec {
// Token is the opaque bearer token.
// +optional
optional string token = 1;
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will
// verify that the token was intended for at least one of the audiences in
// this list. If no audiences are provided, the audience will default to the
// audience of the Kubernetes apiserver.
// +optional
repeated string audiences = 2;
}
// TokenReviewStatus is the result of the token authentication request.
@@ -130,6 +141,18 @@ message TokenReviewStatus {
// +optional
optional UserInfo user = 2;
// Audiences are audience identifiers chosen by the authenticator that are
// compatible with both the TokenReview and token. An identifier is any
// identifier in the intersection of the TokenReviewSpec audiences and the
// token's audiences. A client of the TokenReview API that sets the
// spec.audiences field should validate that a compatible audience identifier
// is returned in the status.audiences field to ensure that the TokenReview
// server is audience aware. If a TokenReview returns an empty
// status.audience field where status.authenticated is "true", the token is
// valid against the audience of the Kubernetes API server.
// +optional
repeated string audiences = 4;
// Error indicates that the token couldn't be checked
// +optional
optional string error = 3;