Commit 162699ca authored by Mike Danese's avatar Mike Danese

autogenerated

parent 04837fde
...@@ -80871,6 +80871,13 @@ ...@@ -80871,6 +80871,13 @@
"io.k8s.api.authentication.v1.TokenReviewSpec": { "io.k8s.api.authentication.v1.TokenReviewSpec": {
"description": "TokenReviewSpec is a description of the token authentication request.", "description": "TokenReviewSpec is a description of the token authentication request.",
"properties": { "properties": {
"audiences": {
"description": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
"type": "array",
"items": {
"type": "string"
}
},
"token": { "token": {
"description": "Token is the opaque bearer token.", "description": "Token is the opaque bearer token.",
"type": "string" "type": "string"
...@@ -80880,6 +80887,13 @@ ...@@ -80880,6 +80887,13 @@
"io.k8s.api.authentication.v1.TokenReviewStatus": { "io.k8s.api.authentication.v1.TokenReviewStatus": {
"description": "TokenReviewStatus is the result of the token authentication request.", "description": "TokenReviewStatus is the result of the token authentication request.",
"properties": { "properties": {
"audiences": {
"description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"type": "array",
"items": {
"type": "string"
}
},
"authenticated": { "authenticated": {
"description": "Authenticated indicates that the token was associated with a known user.", "description": "Authenticated indicates that the token was associated with a known user.",
"type": "boolean" "type": "boolean"
...@@ -80961,6 +80975,13 @@ ...@@ -80961,6 +80975,13 @@
"io.k8s.api.authentication.v1beta1.TokenReviewSpec": { "io.k8s.api.authentication.v1beta1.TokenReviewSpec": {
"description": "TokenReviewSpec is a description of the token authentication request.", "description": "TokenReviewSpec is a description of the token authentication request.",
"properties": { "properties": {
"audiences": {
"description": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
"type": "array",
"items": {
"type": "string"
}
},
"token": { "token": {
"description": "Token is the opaque bearer token.", "description": "Token is the opaque bearer token.",
"type": "string" "type": "string"
...@@ -80970,6 +80991,13 @@ ...@@ -80970,6 +80991,13 @@
"io.k8s.api.authentication.v1beta1.TokenReviewStatus": { "io.k8s.api.authentication.v1beta1.TokenReviewStatus": {
"description": "TokenReviewStatus is the result of the token authentication request.", "description": "TokenReviewStatus is the result of the token authentication request.",
"properties": { "properties": {
"audiences": {
"description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"type": "array",
"items": {
"type": "string"
}
},
"authenticated": { "authenticated": {
"description": "Authenticated indicates that the token was associated with a known user.", "description": "Authenticated indicates that the token was associated with a known user.",
"type": "boolean" "type": "boolean"
...@@ -395,6 +395,13 @@ ...@@ -395,6 +395,13 @@
"token": { "token": {
"type": "string", "type": "string",
"description": "Token is the opaque bearer token." "description": "Token is the opaque bearer token."
},
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver."
} }
} }
}, },
...@@ -410,6 +417,13 @@ ...@@ -410,6 +417,13 @@
"$ref": "v1.UserInfo", "$ref": "v1.UserInfo",
"description": "User is the UserInfo associated with the provided token." "description": "User is the UserInfo associated with the provided token."
}, },
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server."
},
"error": { "error": {
"type": "string", "type": "string",
"description": "Error indicates that the token couldn't be checked" "description": "Error indicates that the token couldn't be checked"
......
...@@ -395,6 +395,13 @@ ...@@ -395,6 +395,13 @@
"token": { "token": {
"type": "string", "type": "string",
"description": "Token is the opaque bearer token." "description": "Token is the opaque bearer token."
},
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver."
} }
} }
}, },
...@@ -410,6 +417,13 @@ ...@@ -410,6 +417,13 @@
"$ref": "v1beta1.UserInfo", "$ref": "v1beta1.UserInfo",
"description": "User is the UserInfo associated with the provided token." "description": "User is the UserInfo associated with the provided token."
}, },
"audiences": {
"type": "array",
"items": {
"type": "string"
},
"description": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server."
},
"error": { "error": {
"type": "string", "type": "string",
"description": "Error indicates that the token couldn't be checked" "description": "Error indicates that the token couldn't be checked"
......
...@@ -1053,6 +1053,13 @@ When an object is created, the system will populate this list with the current s ...@@ -1053,6 +1053,13 @@ When an object is created, the system will populate this list with the current s
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
</tr> </tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">audiences</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
</tbody> </tbody>
</table> </table>
...@@ -1095,6 +1102,13 @@ When an object is created, the system will populate this list with the current s ...@@ -1095,6 +1102,13 @@ When an object is created, the system will populate this list with the current s
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">audiences</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token&#8217;s audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">error</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">error</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Error indicates that the token couldn&#8217;t be checked</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Error indicates that the token couldn&#8217;t be checked</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
......
...@@ -567,6 +567,13 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; } ...@@ -567,6 +567,13 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
</tr> </tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">audiences</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
</tbody> </tbody>
</table> </table>
...@@ -1060,6 +1067,13 @@ When an object is created, the system will populate this list with the current s ...@@ -1060,6 +1067,13 @@ When an object is created, the system will populate this list with the current s
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">audiences</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token&#8217;s audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">error</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">error</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Error indicates that the token couldn&#8217;t be checked</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">Error indicates that the token couldn&#8217;t be checked</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
......
...@@ -263,6 +263,7 @@ func Convert_authentication_TokenReview_To_v1_TokenReview(in *authentication.Tok ...@@ -263,6 +263,7 @@ func Convert_authentication_TokenReview_To_v1_TokenReview(in *authentication.Tok
func autoConvert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error { func autoConvert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error {
out.Token = in.Token out.Token = in.Token
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
return nil return nil
} }
...@@ -273,6 +274,7 @@ func Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1.TokenRe ...@@ -273,6 +274,7 @@ func Convert_v1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1.TokenRe
func autoConvert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1.TokenReviewSpec, s conversion.Scope) error { func autoConvert_authentication_TokenReviewSpec_To_v1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1.TokenReviewSpec, s conversion.Scope) error {
out.Token = in.Token out.Token = in.Token
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
return nil return nil
} }
...@@ -286,6 +288,7 @@ func autoConvert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(in *v1 ...@@ -286,6 +288,7 @@ func autoConvert_v1_TokenReviewStatus_To_authentication_TokenReviewStatus(in *v1
if err := Convert_v1_UserInfo_To_authentication_UserInfo(&in.User, &out.User, s); err != nil { if err := Convert_v1_UserInfo_To_authentication_UserInfo(&in.User, &out.User, s); err != nil {
return err return err
} }
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
out.Error = in.Error out.Error = in.Error
return nil return nil
} }
...@@ -300,6 +303,7 @@ func autoConvert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(in *au ...@@ -300,6 +303,7 @@ func autoConvert_authentication_TokenReviewStatus_To_v1_TokenReviewStatus(in *au
if err := Convert_authentication_UserInfo_To_v1_UserInfo(&in.User, &out.User, s); err != nil { if err := Convert_authentication_UserInfo_To_v1_UserInfo(&in.User, &out.User, s); err != nil {
return err return err
} }
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
out.Error = in.Error out.Error = in.Error
return nil return nil
} }
......
...@@ -113,6 +113,7 @@ func Convert_authentication_TokenReview_To_v1beta1_TokenReview(in *authenticatio ...@@ -113,6 +113,7 @@ func Convert_authentication_TokenReview_To_v1beta1_TokenReview(in *authenticatio
func autoConvert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1beta1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error { func autoConvert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1beta1.TokenReviewSpec, out *authentication.TokenReviewSpec, s conversion.Scope) error {
out.Token = in.Token out.Token = in.Token
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
return nil return nil
} }
...@@ -123,6 +124,7 @@ func Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1bet ...@@ -123,6 +124,7 @@ func Convert_v1beta1_TokenReviewSpec_To_authentication_TokenReviewSpec(in *v1bet
func autoConvert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1beta1.TokenReviewSpec, s conversion.Scope) error { func autoConvert_authentication_TokenReviewSpec_To_v1beta1_TokenReviewSpec(in *authentication.TokenReviewSpec, out *v1beta1.TokenReviewSpec, s conversion.Scope) error {
out.Token = in.Token out.Token = in.Token
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
return nil return nil
} }
...@@ -136,6 +138,7 @@ func autoConvert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(i ...@@ -136,6 +138,7 @@ func autoConvert_v1beta1_TokenReviewStatus_To_authentication_TokenReviewStatus(i
if err := Convert_v1beta1_UserInfo_To_authentication_UserInfo(&in.User, &out.User, s); err != nil { if err := Convert_v1beta1_UserInfo_To_authentication_UserInfo(&in.User, &out.User, s); err != nil {
return err return err
} }
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
out.Error = in.Error out.Error = in.Error
return nil return nil
} }
...@@ -150,6 +153,7 @@ func autoConvert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(i ...@@ -150,6 +153,7 @@ func autoConvert_authentication_TokenReviewStatus_To_v1beta1_TokenReviewStatus(i
if err := Convert_authentication_UserInfo_To_v1beta1_UserInfo(&in.User, &out.User, s); err != nil { if err := Convert_authentication_UserInfo_To_v1beta1_UserInfo(&in.User, &out.User, s); err != nil {
return err return err
} }
out.Audiences = *(*[]string)(unsafe.Pointer(&in.Audiences))
out.Error = in.Error out.Error = in.Error
return nil return nil
} }
......
...@@ -136,7 +136,7 @@ func (in *TokenReview) DeepCopyInto(out *TokenReview) { ...@@ -136,7 +136,7 @@ func (in *TokenReview) DeepCopyInto(out *TokenReview) {
*out = *in *out = *in
out.TypeMeta = in.TypeMeta out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
out.Spec = in.Spec in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status) in.Status.DeepCopyInto(&out.Status)
return return
} }
...@@ -162,6 +162,11 @@ func (in *TokenReview) DeepCopyObject() runtime.Object { ...@@ -162,6 +162,11 @@ func (in *TokenReview) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) { func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) {
*out = *in *out = *in
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
...@@ -179,6 +184,11 @@ func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec { ...@@ -179,6 +184,11 @@ func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec {
func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) { func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) {
*out = *in *out = *in
in.User.DeepCopyInto(&out.User) in.User.DeepCopyInto(&out.User)
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
......
...@@ -118,6 +118,14 @@ message TokenReviewSpec { ...@@ -118,6 +118,14 @@ message TokenReviewSpec {
// Token is the opaque bearer token. // Token is the opaque bearer token.
// +optional // +optional
optional string token = 1; optional string token = 1;
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will
// verify that the token was intended for at least one of the audiences in
// this list. If no audiences are provided, the audience will default to the
// audience of the Kubernetes apiserver.
// +optional
repeated string audiences = 2;
} }
// TokenReviewStatus is the result of the token authentication request. // TokenReviewStatus is the result of the token authentication request.
...@@ -130,6 +138,18 @@ message TokenReviewStatus { ...@@ -130,6 +138,18 @@ message TokenReviewStatus {
// +optional // +optional
optional UserInfo user = 2; optional UserInfo user = 2;
// Audiences are audience identifiers chosen by the authenticator that are
// compatible with both the TokenReview and token. An identifier is any
// identifier in the intersection of the TokenReviewSpec audiences and the
// token's audiences. A client of the TokenReview API that sets the
// spec.audiences field should validate that a compatible audience identifier
// is returned in the status.audiences field to ensure that the TokenReview
// server is audience aware. If a TokenReview returns an empty
// status.audience field where status.authenticated is "true", the token is
// valid against the audience of the Kubernetes API server.
// +optional
repeated string audiences = 4;
// Error indicates that the token couldn't be checked // Error indicates that the token couldn't be checked
// +optional // +optional
optional string error = 3; optional string error = 3;
......
...@@ -79,8 +79,9 @@ func (TokenReview) SwaggerDoc() map[string]string { ...@@ -79,8 +79,9 @@ func (TokenReview) SwaggerDoc() map[string]string {
} }
var map_TokenReviewSpec = map[string]string{ var map_TokenReviewSpec = map[string]string{
"": "TokenReviewSpec is a description of the token authentication request.", "": "TokenReviewSpec is a description of the token authentication request.",
"token": "Token is the opaque bearer token.", "token": "Token is the opaque bearer token.",
"audiences": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
} }
func (TokenReviewSpec) SwaggerDoc() map[string]string { func (TokenReviewSpec) SwaggerDoc() map[string]string {
...@@ -91,6 +92,7 @@ var map_TokenReviewStatus = map[string]string{ ...@@ -91,6 +92,7 @@ var map_TokenReviewStatus = map[string]string{
"": "TokenReviewStatus is the result of the token authentication request.", "": "TokenReviewStatus is the result of the token authentication request.",
"authenticated": "Authenticated indicates that the token was associated with a known user.", "authenticated": "Authenticated indicates that the token was associated with a known user.",
"user": "User is the UserInfo associated with the provided token.", "user": "User is the UserInfo associated with the provided token.",
"audiences": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"error": "Error indicates that the token couldn't be checked", "error": "Error indicates that the token couldn't be checked",
} }
......
...@@ -141,7 +141,7 @@ func (in *TokenReview) DeepCopyInto(out *TokenReview) { ...@@ -141,7 +141,7 @@ func (in *TokenReview) DeepCopyInto(out *TokenReview) {
*out = *in *out = *in
out.TypeMeta = in.TypeMeta out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
out.Spec = in.Spec in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status) in.Status.DeepCopyInto(&out.Status)
return return
} }
...@@ -167,6 +167,11 @@ func (in *TokenReview) DeepCopyObject() runtime.Object { ...@@ -167,6 +167,11 @@ func (in *TokenReview) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) { func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) {
*out = *in *out = *in
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
...@@ -184,6 +189,11 @@ func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec { ...@@ -184,6 +189,11 @@ func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec {
func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) { func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) {
*out = *in *out = *in
in.User.DeepCopyInto(&out.User) in.User.DeepCopyInto(&out.User)
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
......
...@@ -57,6 +57,14 @@ message TokenReviewSpec { ...@@ -57,6 +57,14 @@ message TokenReviewSpec {
// Token is the opaque bearer token. // Token is the opaque bearer token.
// +optional // +optional
optional string token = 1; optional string token = 1;
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will
// verify that the token was intended for at least one of the audiences in
// this list. If no audiences are provided, the audience will default to the
// audience of the Kubernetes apiserver.
// +optional
repeated string audiences = 2;
} }
// TokenReviewStatus is the result of the token authentication request. // TokenReviewStatus is the result of the token authentication request.
...@@ -69,6 +77,18 @@ message TokenReviewStatus { ...@@ -69,6 +77,18 @@ message TokenReviewStatus {
// +optional // +optional
optional UserInfo user = 2; optional UserInfo user = 2;
// Audiences are audience identifiers chosen by the authenticator that are
// compatible with both the TokenReview and token. An identifier is any
// identifier in the intersection of the TokenReviewSpec audiences and the
// token's audiences. A client of the TokenReview API that sets the
// spec.audiences field should validate that a compatible audience identifier
// is returned in the status.audiences field to ensure that the TokenReview
// server is audience aware. If a TokenReview returns an empty
// status.audience field where status.authenticated is "true", the token is
// valid against the audience of the Kubernetes API server.
// +optional
repeated string audiences = 4;
// Error indicates that the token couldn't be checked // Error indicates that the token couldn't be checked
// +optional // +optional
optional string error = 3; optional string error = 3;
......
...@@ -38,8 +38,9 @@ func (TokenReview) SwaggerDoc() map[string]string { ...@@ -38,8 +38,9 @@ func (TokenReview) SwaggerDoc() map[string]string {
} }
var map_TokenReviewSpec = map[string]string{ var map_TokenReviewSpec = map[string]string{
"": "TokenReviewSpec is a description of the token authentication request.", "": "TokenReviewSpec is a description of the token authentication request.",
"token": "Token is the opaque bearer token.", "token": "Token is the opaque bearer token.",
"audiences": "Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.",
} }
func (TokenReviewSpec) SwaggerDoc() map[string]string { func (TokenReviewSpec) SwaggerDoc() map[string]string {
...@@ -50,6 +51,7 @@ var map_TokenReviewStatus = map[string]string{ ...@@ -50,6 +51,7 @@ var map_TokenReviewStatus = map[string]string{
"": "TokenReviewStatus is the result of the token authentication request.", "": "TokenReviewStatus is the result of the token authentication request.",
"authenticated": "Authenticated indicates that the token was associated with a known user.", "authenticated": "Authenticated indicates that the token was associated with a known user.",
"user": "User is the UserInfo associated with the provided token.", "user": "User is the UserInfo associated with the provided token.",
"audiences": "Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token's audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is \"true\", the token is valid against the audience of the Kubernetes API server.",
"error": "Error indicates that the token couldn't be checked", "error": "Error indicates that the token couldn't be checked",
} }
......
...@@ -49,7 +49,7 @@ func (in *TokenReview) DeepCopyInto(out *TokenReview) { ...@@ -49,7 +49,7 @@ func (in *TokenReview) DeepCopyInto(out *TokenReview) {
*out = *in *out = *in
out.TypeMeta = in.TypeMeta out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
out.Spec = in.Spec in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status) in.Status.DeepCopyInto(&out.Status)
return return
} }
...@@ -75,6 +75,11 @@ func (in *TokenReview) DeepCopyObject() runtime.Object { ...@@ -75,6 +75,11 @@ func (in *TokenReview) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) { func (in *TokenReviewSpec) DeepCopyInto(out *TokenReviewSpec) {
*out = *in *out = *in
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
...@@ -92,6 +97,11 @@ func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec { ...@@ -92,6 +97,11 @@ func (in *TokenReviewSpec) DeepCopy() *TokenReviewSpec {
func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) { func (in *TokenReviewStatus) DeepCopyInto(out *TokenReviewStatus) {
*out = *in *out = *in
in.User.DeepCopyInto(&out.User) in.User.DeepCopyInto(&out.User)
if in.Audiences != nil {
in, out := &in.Audiences, &out.Audiences
*out = make([]string, len(*in))
copy(*out, *in)
}
return return
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment