k8s_pb/api/authentication/v1/
mod.rs

1// This file is @generated by prost-build.
2/// BoundObjectReference is a reference to an object that a token is bound to.
3#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
4pub struct BoundObjectReference {
5    /// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
6    /// +optional
7    #[prost(string, optional, tag = "1")]
8    pub kind: ::core::option::Option<::prost::alloc::string::String>,
9    /// API version of the referent.
10    /// +optional
11    #[prost(string, optional, tag = "2")]
12    pub api_version: ::core::option::Option<::prost::alloc::string::String>,
13    /// Name of the referent.
14    /// +optional
15    #[prost(string, optional, tag = "3")]
16    pub name: ::core::option::Option<::prost::alloc::string::String>,
17    /// UID of the referent.
18    /// +optional
19    #[prost(string, optional, tag = "4")]
20    pub u_id: ::core::option::Option<::prost::alloc::string::String>,
21}
22/// ExtraValue masks the value so protobuf can generate
23/// +protobuf.nullable=true
24/// +protobuf.options.(gogoproto.goproto_stringer)=false
25///
26/// items, if empty, will result in an empty slice
27#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
28pub struct ExtraValue {
29    #[prost(string, repeated, tag = "1")]
30    pub items: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
31}
32/// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
33/// When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
34/// request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
35#[derive(Clone, PartialEq, ::prost::Message)]
36pub struct SelfSubjectReview {
37    /// Standard object's metadata.
38    /// More info: <https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata>
39    /// +optional
40    #[prost(message, optional, tag = "1")]
41    pub metadata: ::core::option::Option<super::super::super::apimachinery::pkg::apis::meta::v1::ObjectMeta>,
42    /// Status is filled in by the server with the user attributes.
43    #[prost(message, optional, tag = "2")]
44    pub status: ::core::option::Option<SelfSubjectReviewStatus>,
45}
46/// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
47#[derive(Clone, PartialEq, ::prost::Message)]
48pub struct SelfSubjectReviewStatus {
49    /// User attributes of the user making this request.
50    /// +optional
51    #[prost(message, optional, tag = "1")]
52    pub user_info: ::core::option::Option<UserInfo>,
53}
54/// TokenRequest requests a token for a given service account.
55#[derive(Clone, PartialEq, ::prost::Message)]
56pub struct TokenRequest {
57    /// Standard object's metadata.
58    /// More info: <https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata>
59    /// +optional
60    #[prost(message, optional, tag = "1")]
61    pub metadata: ::core::option::Option<super::super::super::apimachinery::pkg::apis::meta::v1::ObjectMeta>,
62    /// Spec holds information about the request being evaluated
63    #[prost(message, optional, tag = "2")]
64    pub spec: ::core::option::Option<TokenRequestSpec>,
65    /// Status is filled in by the server and indicates whether the token can be authenticated.
66    /// +optional
67    #[prost(message, optional, tag = "3")]
68    pub status: ::core::option::Option<TokenRequestStatus>,
69}
70/// TokenRequestSpec contains client provided parameters of a token request.
71#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
72pub struct TokenRequestSpec {
73    /// Audiences are the intendend audiences of the token. A recipient of a
74    /// token must identify themself with an identifier in the list of
75    /// audiences of the token, and otherwise should reject the token. A
76    /// token issued for multiple audiences may be used to authenticate
77    /// against any of the audiences listed but implies a high degree of
78    /// trust between the target audiences.
79    /// +listType=atomic
80    #[prost(string, repeated, tag = "1")]
81    pub audiences: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
82    /// ExpirationSeconds is the requested duration of validity of the request. The
83    /// token issuer may return a token with a different validity duration so a
84    /// client needs to check the 'expiration' field in a response.
85    /// +optional
86    #[prost(int64, optional, tag = "4")]
87    pub expiration_seconds: ::core::option::Option<i64>,
88    /// BoundObjectRef is a reference to an object that the token will be bound to.
89    /// The token will only be valid for as long as the bound object exists.
90    /// NOTE: The API server's TokenReview endpoint will validate the
91    /// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
92    /// small if you want prompt revocation.
93    /// +optional
94    #[prost(message, optional, tag = "3")]
95    pub bound_object_ref: ::core::option::Option<BoundObjectReference>,
96}
97/// TokenRequestStatus is the result of a token request.
98#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
99pub struct TokenRequestStatus {
100    /// Token is the opaque bearer token.
101    #[prost(string, optional, tag = "1")]
102    pub token: ::core::option::Option<::prost::alloc::string::String>,
103    /// ExpirationTimestamp is the time of expiration of the returned token.
104    #[prost(message, optional, tag = "2")]
105    pub expiration_timestamp:
106        ::core::option::Option<super::super::super::apimachinery::pkg::apis::meta::v1::Time>,
107}
108/// TokenReview attempts to authenticate a token to a known user.
109/// Note: TokenReview requests may be cached by the webhook token authenticator
110/// plugin in the kube-apiserver.
111#[derive(Clone, PartialEq, ::prost::Message)]
112pub struct TokenReview {
113    /// Standard object's metadata.
114    /// More info: <https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata>
115    /// +optional
116    #[prost(message, optional, tag = "1")]
117    pub metadata: ::core::option::Option<super::super::super::apimachinery::pkg::apis::meta::v1::ObjectMeta>,
118    /// Spec holds information about the request being evaluated
119    #[prost(message, optional, tag = "2")]
120    pub spec: ::core::option::Option<TokenReviewSpec>,
121    /// Status is filled in by the server and indicates whether the request can be authenticated.
122    /// +optional
123    #[prost(message, optional, tag = "3")]
124    pub status: ::core::option::Option<TokenReviewStatus>,
125}
126/// TokenReviewSpec is a description of the token authentication request.
127#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
128pub struct TokenReviewSpec {
129    /// Token is the opaque bearer token.
130    /// +optional
131    #[prost(string, optional, tag = "1")]
132    pub token: ::core::option::Option<::prost::alloc::string::String>,
133    /// Audiences is a list of the identifiers that the resource server presented
134    /// with the token identifies as. Audience-aware token authenticators will
135    /// verify that the token was intended for at least one of the audiences in
136    /// this list. If no audiences are provided, the audience will default to the
137    /// audience of the Kubernetes apiserver.
138    /// +optional
139    /// +listType=atomic
140    #[prost(string, repeated, tag = "2")]
141    pub audiences: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
142}
143/// TokenReviewStatus is the result of the token authentication request.
144#[derive(Clone, PartialEq, ::prost::Message)]
145pub struct TokenReviewStatus {
146    /// Authenticated indicates that the token was associated with a known user.
147    /// +optional
148    #[prost(bool, optional, tag = "1")]
149    pub authenticated: ::core::option::Option<bool>,
150    /// User is the UserInfo associated with the provided token.
151    /// +optional
152    #[prost(message, optional, tag = "2")]
153    pub user: ::core::option::Option<UserInfo>,
154    /// Audiences are audience identifiers chosen by the authenticator that are
155    /// compatible with both the TokenReview and token. An identifier is any
156    /// identifier in the intersection of the TokenReviewSpec audiences and the
157    /// token's audiences. A client of the TokenReview API that sets the
158    /// spec.audiences field should validate that a compatible audience identifier
159    /// is returned in the status.audiences field to ensure that the TokenReview
160    /// server is audience aware. If a TokenReview returns an empty
161    /// status.audience field where status.authenticated is "true", the token is
162    /// valid against the audience of the Kubernetes API server.
163    /// +optional
164    /// +listType=atomic
165    #[prost(string, repeated, tag = "4")]
166    pub audiences: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
167    /// Error indicates that the token couldn't be checked
168    /// +optional
169    #[prost(string, optional, tag = "3")]
170    pub error: ::core::option::Option<::prost::alloc::string::String>,
171}
172/// UserInfo holds the information about the user needed to implement the
173/// user.Info interface.
174#[derive(Clone, PartialEq, ::prost::Message)]
175pub struct UserInfo {
176    /// The name that uniquely identifies this user among all active users.
177    /// +optional
178    #[prost(string, optional, tag = "1")]
179    pub username: ::core::option::Option<::prost::alloc::string::String>,
180    /// A unique value that identifies this user across time. If this user is
181    /// deleted and another user by the same name is added, they will have
182    /// different UIDs.
183    /// +optional
184    #[prost(string, optional, tag = "2")]
185    pub uid: ::core::option::Option<::prost::alloc::string::String>,
186    /// The names of groups this user is a part of.
187    /// +optional
188    /// +listType=atomic
189    #[prost(string, repeated, tag = "3")]
190    pub groups: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
191    /// Any additional information provided by the authenticator.
192    /// +optional
193    #[prost(btree_map = "string, message", tag = "4")]
194    pub extra: ::prost::alloc::collections::BTreeMap<::prost::alloc::string::String, ExtraValue>,
195}
196
197impl crate::Resource for SelfSubjectReview {
198    const API_VERSION: &'static str = "authentication.k8s.io/v1";
199    const GROUP: &'static str = "authentication.k8s.io";
200    const VERSION: &'static str = "v1";
201    const KIND: &'static str = "SelfSubjectReview";
202    const URL_PATH_SEGMENT: &'static str = "selfsubjectreviews";
203    type Scope = crate::ClusterResourceScope;
204}
205impl crate::Metadata for SelfSubjectReview {
206    type Ty = crate::apimachinery::pkg::apis::meta::v1::ObjectMeta;
207    fn metadata(&self) -> Option<&<Self as crate::Metadata>::Ty> {
208        self.metadata.as_ref()
209    }
210    fn metadata_mut(&mut self) -> Option<&mut <Self as crate::Metadata>::Ty> {
211        self.metadata.as_mut()
212    }
213}
214impl crate::HasStatus for SelfSubjectReview {
215    type Status = crate::api::authentication::v1::SelfSubjectReviewStatus;
216    fn status(&self) -> Option<&<Self as crate::HasStatus>::Status> {
217        self.status.as_ref()
218    }
219    fn status_mut(&mut self) -> Option<&mut <Self as crate::HasStatus>::Status> {
220        self.status.as_mut()
221    }
222}
223
224impl crate::Resource for TokenReview {
225    const API_VERSION: &'static str = "authentication.k8s.io/v1";
226    const GROUP: &'static str = "authentication.k8s.io";
227    const VERSION: &'static str = "v1";
228    const KIND: &'static str = "TokenReview";
229    const URL_PATH_SEGMENT: &'static str = "tokenreviews";
230    type Scope = crate::ClusterResourceScope;
231}
232impl crate::Metadata for TokenReview {
233    type Ty = crate::apimachinery::pkg::apis::meta::v1::ObjectMeta;
234    fn metadata(&self) -> Option<&<Self as crate::Metadata>::Ty> {
235        self.metadata.as_ref()
236    }
237    fn metadata_mut(&mut self) -> Option<&mut <Self as crate::Metadata>::Ty> {
238        self.metadata.as_mut()
239    }
240}
241impl crate::HasSpec for TokenReview {
242    type Spec = crate::api::authentication::v1::TokenReviewSpec;
243    fn spec(&self) -> Option<&<Self as crate::HasSpec>::Spec> {
244        self.spec.as_ref()
245    }
246    fn spec_mut(&mut self) -> Option<&mut <Self as crate::HasSpec>::Spec> {
247        self.spec.as_mut()
248    }
249}
250impl crate::HasStatus for TokenReview {
251    type Status = crate::api::authentication::v1::TokenReviewStatus;
252    fn status(&self) -> Option<&<Self as crate::HasStatus>::Status> {
253        self.status.as_ref()
254    }
255    fn status_mut(&mut self) -> Option<&mut <Self as crate::HasStatus>::Status> {
256        self.status.as_mut()
257    }
258}