k8s.io/client-go@v0.22.2/pkg/apis/clientauthentication/v1alpha1/types.go

k8s.io/client-go@v0.22.2/pkg/apis/clientauthentication/v1alpha1/types.go (about)

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package v1alpha1
    18  
    19  import (
    20  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    21  )
    22  
    23  // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
    24  
    25  // ExecCredential is used by exec-based plugins to communicate credentials to
    26  // HTTP transports.
    27  type ExecCredential struct {
    28  	metav1.TypeMeta `json:",inline"`
    29  
    30  	// Spec holds information passed to the plugin by the transport. This contains
    31  	// request and runtime specific information, such as if the session is interactive.
    32  	Spec ExecCredentialSpec `json:"spec,omitempty"`
    33  
    34  	// Status is filled in by the plugin and holds the credentials that the transport
    35  	// should use to contact the API.
    36  	// +optional
    37  	Status *ExecCredentialStatus `json:"status,omitempty"`
    38  }
    39  
    40  // ExecCredentialSpec holds request and runtime specific information provided by
    41  // the transport.
    42  type ExecCredentialSpec struct {
    43  	// Response is populated when the transport encounters HTTP status codes, such as 401,
    44  	// suggesting previous credentials were invalid.
    45  	// +optional
    46  	Response *Response `json:"response,omitempty"`
    47  
    48  	// Interactive is true when the transport detects the command is being called from an
    49  	// interactive prompt.
    50  	// +optional
    51  	Interactive bool `json:"interactive,omitempty"`
    52  }
    53  
    54  // ExecCredentialStatus holds credentials for the transport to use.
    55  //
    56  // Token and ClientKeyData are sensitive fields. This data should only be
    57  // transmitted in-memory between client and exec plugin process. Exec plugin
    58  // itself should at least be protected via file permissions.
    59  type ExecCredentialStatus struct {
    60  	// ExpirationTimestamp indicates a time when the provided credentials expire.
    61  	// +optional
    62  	ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"`
    63  	// Token is a bearer token used by the client for request authentication.
    64  	Token string `json:"token,omitempty" datapolicy:"token"`
    65  	// PEM-encoded client TLS certificates (including intermediates, if any).
    66  	ClientCertificateData string `json:"clientCertificateData,omitempty"`
    67  	// PEM-encoded private key for the above certificate.
    68  	ClientKeyData string `json:"clientKeyData,omitempty" datapolicy:"security-key"`
    69  }
    70  
    71  // Response defines metadata about a failed request, including HTTP status code and
    72  // response headers.
    73  type Response struct {
    74  	// Header holds HTTP headers returned by the server.
    75  	Header map[string][]string `json:"header,omitempty"`
    76  	// Code is the HTTP status code returned by the server.
    77  	Code int32 `json:"code,omitempty"`
    78  }