github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #73439 from cceckman/object 

Fix typo, and note BoundObjectRef isn't always checked
pull/564/head
Kubernetes Prow Robot 2019-02-21 16:27:33 -08:00 committed by GitHub
parent f7a6b0a860 492348c84b
commit b9565bc98b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/apis/authentication/types.go
View File

@ -135,7 +135,10 @@ type TokenRequestSpec struct {
ExpirationSeconds int64
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound objet exists.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server's TokenReview endpoint will validate the
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
// small if you want prompt revocation.
BoundObjectRef *BoundObjectReference
}

5
staging/src/k8s.io/api/authentication/v1/generated.proto
View File

@ -84,7 +84,10 @@ message TokenRequestSpec {
optional int64 expirationSeconds = 4;
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound objet exists.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server's TokenReview endpoint will validate the
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
// small if you want prompt revocation.
// +optional
optional BoundObjectReference boundObjectRef = 3;
}

5
staging/src/k8s.io/api/authentication/v1/types.go
View File

@ -155,7 +155,10 @@ type TokenRequestSpec struct {
ExpirationSeconds *int64 `json:"expirationSeconds" protobuf:"varint,4,opt,name=expirationSeconds"`
// BoundObjectRef is a reference to an object that the token will be bound to.
// The token will only be valid for as long as the bound objet exists.
// The token will only be valid for as long as the bound object exists.
// NOTE: The API server's TokenReview endpoint will validate the
// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
// small if you want prompt revocation.
// +optional
BoundObjectRef *BoundObjectReference `json:"boundObjectRef" protobuf:"bytes,3,opt,name=boundObjectRef"`
}

2
staging/src/k8s.io/api/authentication/v1/types_swagger_doc_generated.go generated
View File

@ -51,7 +51,7 @@ var map_TokenRequestSpec = map[string]string{
"": "TokenRequestSpec contains client provided parameters of a token request.",
"audiences": "Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
"expirationSeconds": "ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.",
"boundObjectRef": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound objet exists.",
"boundObjectRef": "BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.",
}
func (TokenRequestSpec) SwaggerDoc() map[string]string {