Documentation
¶
Index ¶
Constants ¶
View Source
const GroupName = "authentication.k8s.io"
GroupName is the group name use in this package
Variables ¶
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type BoundObjectReference ¶
type BoundObjectReference struct {
// API version of the referent.
APIVersion string `json:"apiVersion,omitempty"`
// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
Kind string `json:"kind,omitempty"`
// Name of the referent.
Name string `json:"name,omitempty"`
// UID of the referent.
UID string `json:"uid,omitempty"`
}
BoundObjectReference BoundObjectReference is a reference to an object that a token is bound to.
swagger:model BoundObjectReference
type TokenRequest ¶
type TokenRequest struct {
// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
APIVersion string `json:"apiVersion,omitempty"`
// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Kind string `json:"kind,omitempty"`
// Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Metadata *apimachinery_pkg_apis_meta_v1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds information about the request being evaluated
// Required: true
Spec *TokenRequestSpec `json:"spec"`
// Status is filled in by the server and indicates whether the token can be authenticated.
Status *TokenRequestStatus `json:"status,omitempty"`
}
TokenRequest TokenRequest requests a token for a given service account.
swagger:model TokenRequest
func (*TokenRequest) GroupVersionKind ¶
func (v *TokenRequest) GroupVersionKind() schema.GroupVersionKind
type TokenRequestSpec ¶
type TokenRequestSpec struct {
// Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
// Required: true
Audiences []string `json:"audiences"`
// BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.
BoundObjectRef *BoundObjectReference `json:"boundObjectRef,omitempty"`
// ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
ExpirationSeconds int64 `json:"expirationSeconds,omitempty"`
}
TokenRequestSpec TokenRequestSpec contains client provided parameters of a token request.
swagger:model TokenRequestSpec
type TokenRequestStatus ¶
type TokenRequestStatus struct {
// ExpirationTimestamp is the time of expiration of the returned token.
// Required: true
ExpirationTimestamp *apimachinery_pkg_apis_meta_v1.Time `json:"expirationTimestamp"`
// Token is the opaque bearer token.
// Required: true
Token *string `json:"token"`
}
TokenRequestStatus TokenRequestStatus is the result of a token request.
swagger:model TokenRequestStatus
type TokenReview ¶
type TokenReview struct {
// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
APIVersion string `json:"apiVersion,omitempty"`
// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Kind string `json:"kind,omitempty"`
// Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
Metadata *apimachinery_pkg_apis_meta_v1.ObjectMeta `json:"metadata,omitempty"`
// Spec holds information about the request being evaluated
// Required: true
Spec *TokenReviewSpec `json:"spec"`
// Status is filled in by the server and indicates whether the request can be authenticated.
Status *TokenReviewStatus `json:"status,omitempty"`
}
TokenReview TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.
swagger:model TokenReview
func (*TokenReview) GroupVersionKind ¶
func (v *TokenReview) GroupVersionKind() schema.GroupVersionKind
type TokenReviewSpec ¶
type TokenReviewSpec struct {
// Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.
Audiences []string `json:"audiences,omitempty"`
// Token is the opaque bearer token.
Token string `json:"token,omitempty"`
}
TokenReviewSpec TokenReviewSpec is a description of the token authentication request.
swagger:model TokenReviewSpec
type TokenReviewStatus ¶
type TokenReviewStatus struct {
// Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.
Audiences []string `json:"audiences,omitempty"`
// Authenticated indicates that the token was associated with a known user.
Authenticated bool `json:"authenticated,omitempty"`
// Error indicates that the token couldn't be checked
Error string `json:"error,omitempty"`
// User is the UserInfo associated with the provided token.
User *UserInfo `json:"user,omitempty"`
}
TokenReviewStatus TokenReviewStatus is the result of the token authentication request.
swagger:model TokenReviewStatus
type UserInfo ¶
type UserInfo struct {
// Any additional information provided by the authenticator.
Extra map[string][]string `json:"extra,omitempty"`
// The names of groups this user is a part of.
Groups []string `json:"groups,omitempty"`
// A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.
UID string `json:"uid,omitempty"`
// The name that uniquely identifies this user among all active users.
Username string `json:"username,omitempty"`
}
UserInfo UserInfo holds the information about the user needed to implement the user.Info interface.
swagger:model UserInfo
Source Files
Click to show internal directories.
Click to hide internal directories.