blob: d20887f8244ad89b086eacd88b28f90d8827af99 [file] [log] [blame]
Matthias Andreas Benkard832a54e2019-01-29 09:27:38 +01001/*
2Copyright The Kubernetes Authors.
3
4Licensed under the Apache License, Version 2.0 (the "License");
5you may not use this file except in compliance with the License.
6You may obtain a copy of the License at
7
8 http://www.apache.org/licenses/LICENSE-2.0
9
10Unless required by applicable law or agreed to in writing, software
11distributed under the License is distributed on an "AS IS" BASIS,
12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13See the License for the specific language governing permissions and
14limitations under the License.
15*/
16
17
18// This file was autogenerated by go-to-protobuf. Do not edit it manually!
19
20syntax = 'proto2';
21
22package k8s.io.api.authentication.v1;
23
24import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
25import "k8s.io/apimachinery/pkg/runtime/generated.proto";
26import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
27import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
28
29// Package-wide variables from generator "generated".
30option go_package = "v1";
31
32// BoundObjectReference is a reference to an object that a token is bound to.
33message BoundObjectReference {
34 // Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
35 // +optional
36 optional string kind = 1;
37
38 // API version of the referent.
39 // +optional
40 optional string aPIVersion = 2;
41
42 // Name of the referent.
43 // +optional
44 optional string name = 3;
45
46 // UID of the referent.
47 // +optional
48 optional string uID = 4;
49}
50
51// ExtraValue masks the value so protobuf can generate
52// +protobuf.nullable=true
53// +protobuf.options.(gogoproto.goproto_stringer)=false
54message ExtraValue {
55 // items, if empty, will result in an empty slice
56
57 repeated string items = 1;
58}
59
60// TokenRequest requests a token for a given service account.
61message TokenRequest {
62 // +optional
63 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
64
65 optional TokenRequestSpec spec = 2;
66
67 // +optional
68 optional TokenRequestStatus status = 3;
69}
70
71// TokenRequestSpec contains client provided parameters of a token request.
72message TokenRequestSpec {
73 // Audiences are the intendend audiences of the token. A recipient of a
74 // token must identitfy themself with an identifier in the list of
75 // audiences of the token, and otherwise should reject the token. A
76 // token issued for multiple audiences may be used to authenticate
77 // against any of the audiences listed but implies a high degree of
78 // trust between the target audiences.
79 repeated string audiences = 1;
80
81 // ExpirationSeconds is the requested duration of validity of the request. The
82 // token issuer may return a token with a different validity duration so a
83 // client needs to check the 'expiration' field in a response.
84 // +optional
85 optional int64 expirationSeconds = 4;
86
87 // BoundObjectRef is a reference to an object that the token will be bound to.
88 // The token will only be valid for as long as the bound objet exists.
89 // +optional
90 optional BoundObjectReference boundObjectRef = 3;
91}
92
93// TokenRequestStatus is the result of a token request.
94message TokenRequestStatus {
95 // Token is the opaque bearer token.
96 optional string token = 1;
97
98 // ExpirationTimestamp is the time of expiration of the returned token.
99 optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2;
100}
101
102// TokenReview attempts to authenticate a token to a known user.
103// Note: TokenReview requests may be cached by the webhook token authenticator
104// plugin in the kube-apiserver.
105message TokenReview {
106 // +optional
107 optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
108
109 // Spec holds information about the request being evaluated
110 optional TokenReviewSpec spec = 2;
111
112 // Status is filled in by the server and indicates whether the request can be authenticated.
113 // +optional
114 optional TokenReviewStatus status = 3;
115}
116
117// TokenReviewSpec is a description of the token authentication request.
118message TokenReviewSpec {
119 // Token is the opaque bearer token.
120 // +optional
121 optional string token = 1;
122}
123
124// TokenReviewStatus is the result of the token authentication request.
125message TokenReviewStatus {
126 // Authenticated indicates that the token was associated with a known user.
127 // +optional
128 optional bool authenticated = 1;
129
130 // User is the UserInfo associated with the provided token.
131 // +optional
132 optional UserInfo user = 2;
133
134 // Error indicates that the token couldn't be checked
135 // +optional
136 optional string error = 3;
137}
138
139// UserInfo holds the information about the user needed to implement the
140// user.Info interface.
141message UserInfo {
142 // The name that uniquely identifies this user among all active users.
143 // +optional
144 optional string username = 1;
145
146 // A unique value that identifies this user across time. If this user is
147 // deleted and another user by the same name is added, they will have
148 // different UIDs.
149 // +optional
150 optional string uid = 2;
151
152 // The names of groups this user is a part of.
153 // +optional
154 repeated string groups = 3;
155
156 // Any additional information provided by the authenticator.
157 // +optional
158 map<string, ExtraValue> extra = 4;
159}
160