diff options
Diffstat (limited to 'vendor/k8s.io/api/authentication/v1/generated.proto')
| -rw-r--r-- | vendor/k8s.io/api/authentication/v1/generated.proto | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/vendor/k8s.io/api/authentication/v1/generated.proto b/vendor/k8s.io/api/authentication/v1/generated.proto new file mode 100644 index 000000000..1fd432a70 --- /dev/null +++ b/vendor/k8s.io/api/authentication/v1/generated.proto @@ -0,0 +1,160 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = 'proto2'; + +package k8s.io.api.authentication.v1; + +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; +import "k8s.io/apimachinery/pkg/util/intstr/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "v1"; + +// BoundObjectReference is a reference to an object that a token is bound to. +message BoundObjectReference { + // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. + // +optional + optional string kind = 1; + + // API version of the referent. + // +optional + optional string aPIVersion = 2; + + // Name of the referent. + // +optional + optional string name = 3; + + // UID of the referent. + // +optional + optional string uID = 4; +} + +// ExtraValue masks the value so protobuf can generate +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +message ExtraValue { + // items, if empty, will result in an empty slice + + repeated string items = 1; +} + +// TokenRequest requests a token for a given service account. +message TokenRequest { + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + optional TokenRequestSpec spec = 2; + + // +optional + optional TokenRequestStatus status = 3; +} + +// TokenRequestSpec contains client provided parameters of a token request. +message TokenRequestSpec { + // Audiences are the intendend audiences of the token. A recipient of a + // token must identitfy themself with an identifier in the list of + // audiences of the token, and otherwise should reject the token. A + // token issued for multiple audiences may be used to authenticate + // against any of the audiences listed but implies a high degree of + // trust between the target audiences. + repeated string audiences = 1; + + // ExpirationSeconds is the requested duration of validity of the request. The + // token issuer may return a token with a different validity duration so a + // client needs to check the 'expiration' field in a response. + // +optional + optional int64 expirationSeconds = 4; + + // BoundObjectRef is a reference to an object that the token will be bound to. + // The token will only be valid for as long as the bound objet exists. + // +optional + optional BoundObjectReference boundObjectRef = 3; +} + +// TokenRequestStatus is the result of a token request. +message TokenRequestStatus { + // Token is the opaque bearer token. + optional string token = 1; + + // ExpirationTimestamp is the time of expiration of the returned token. + optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2; +} + +// TokenReview attempts to authenticate a token to a known user. +// Note: TokenReview requests may be cached by the webhook token authenticator +// plugin in the kube-apiserver. +message TokenReview { + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Spec holds information about the request being evaluated + optional TokenReviewSpec spec = 2; + + // Status is filled in by the server and indicates whether the request can be authenticated. + // +optional + optional TokenReviewStatus status = 3; +} + +// TokenReviewSpec is a description of the token authentication request. +message TokenReviewSpec { + // Token is the opaque bearer token. + // +optional + optional string token = 1; +} + +// TokenReviewStatus is the result of the token authentication request. +message TokenReviewStatus { + // Authenticated indicates that the token was associated with a known user. + // +optional + optional bool authenticated = 1; + + // User is the UserInfo associated with the provided token. + // +optional + optional UserInfo user = 2; + + // Error indicates that the token couldn't be checked + // +optional + optional string error = 3; +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +message UserInfo { + // The name that uniquely identifies this user among all active users. + // +optional + optional string username = 1; + + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + optional string uid = 2; + + // The names of groups this user is a part of. + // +optional + repeated string groups = 3; + + // Any additional information provided by the authenticator. + // +optional + map<string, ExtraValue> extra = 4; +} + |