github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-20 16:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
35b6d79d0564dc3ca9fe4e78ffff3bf2ca15b44f
open-cluster-management/vendor/github.com/openshift/api/oauth/v1/generated.proto
Ankit Kurmi cd8827572e feat: updated golang to v1.23.6 and related k8s.io packages (#870) 
Signed-off-by: Ankit152 <ankitkurmi152@gmail.com>
2025-04-09 07:46:27 +00:00

322 lines
14 KiB
Protocol Buffer
Generated
Raw Blame History

// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = "proto2";
package github.com.openshift.api.oauth.v1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "github.com/openshift/api/oauth/v1";
// ClusterRoleScopeRestriction describes restrictions on cluster role scopes
message ClusterRoleScopeRestriction {
// roleNames is the list of cluster roles that can referenced. * means anything
repeated string roleNames = 1;
// namespaces is the list of namespaces that can be referenced. * means any of them (including *)
repeated string namespaces = 2;
// allowEscalation indicates whether you can request roles and their escalating resources
optional bool allowEscalation = 3;
}
// OAuthAccessToken describes an OAuth access token.
// The name of a token must be prefixed with a `sha256~` string, must not contain "/" or "%" characters and must be at
// least 32 characters long.
//
// The name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded
// base64-encoding (as described in RFC4648) on the hashed result.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthAccessToken {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// clientName references the client that created this token.
optional string clientName = 2;
// expiresIn is the seconds from CreationTime before this token expires.
optional int64 expiresIn = 3;
// scopes is an array of the requested scopes.
repeated string scopes = 4;
// redirectURI is the redirection associated with the token.
optional string redirectURI = 5;
// userName is the user name associated with this token
optional string userName = 6;
// userUID is the unique UID associated with this token
optional string userUID = 7;
// authorizeToken contains the token that authorized this token
optional string authorizeToken = 8;
// refreshToken is the value by which this token can be renewed. Can be blank.
optional string refreshToken = 9;
// inactivityTimeoutSeconds is the value in seconds, from the
// CreationTimestamp, after which this token can no longer be used.
// The value is automatically incremented when the token is used.
optional int32 inactivityTimeoutSeconds = 10;
}
// OAuthAccessTokenList is a collection of OAuth access tokens
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthAccessTokenList {
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of OAuth access tokens
repeated OAuthAccessToken items = 2;
}
// OAuthAuthorizeToken describes an OAuth authorization token
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthAuthorizeToken {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// clientName references the client that created this token.
optional string clientName = 2;
// expiresIn is the seconds from CreationTime before this token expires.
optional int64 expiresIn = 3;
// scopes is an array of the requested scopes.
repeated string scopes = 4;
// redirectURI is the redirection associated with the token.
optional string redirectURI = 5;
// state data from request
optional string state = 6;
// userName is the user name associated with this token
optional string userName = 7;
// userUID is the unique UID associated with this token. UserUID and UserName must both match
// for this token to be valid.
optional string userUID = 8;
// codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636
optional string codeChallenge = 9;
// codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636
optional string codeChallengeMethod = 10;
}
// OAuthAuthorizeTokenList is a collection of OAuth authorization tokens
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthAuthorizeTokenList {
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of OAuth authorization tokens
repeated OAuthAuthorizeToken items = 2;
}
// OAuthClient describes an OAuth client
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthClient {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// secret is the unique secret associated with a client
optional string secret = 2;
// additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation
// and for service account token validation
repeated string additionalSecrets = 3;
// respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects
optional bool respondWithChallenges = 4;
// redirectURIs is the valid redirection URIs associated with a client
// +patchStrategy=merge
repeated string redirectURIs = 5;
// grantMethod is a required field which determines how to handle grants for this client.
// Valid grant handling methods are:
// - auto: always approves grant requests, useful for trusted clients
// - prompt: prompts the end user for approval of grant requests, useful for third-party clients
optional string grantMethod = 6;
// scopeRestrictions describes which scopes this client can request. Each requested scope
// is checked against each restriction. If any restriction matches, then the scope is allowed.
// If no restriction matches, then the scope is denied.
repeated ScopeRestriction scopeRestrictions = 7;
// accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client.
// 0 means no expiration.
optional int32 accessTokenMaxAgeSeconds = 8;
// accessTokenInactivityTimeoutSeconds overrides the default token
// inactivity timeout for tokens granted to this client.
// The value represents the maximum amount of time that can occur between
// consecutive uses of the token. Tokens become invalid if they are not
// used within this temporal window. The user will need to acquire a new
// token to regain access once a token times out.
// This value needs to be set only if the default set in configuration is
// not appropriate for this client. Valid values are:
// - 0: Tokens for this client never time out
// - X: Tokens time out if there is no activity for X seconds
// The current minimum allowed value for X is 300 (5 minutes)
//
// WARNING: existing tokens' timeout will not be affected (lowered) by changing this value
optional int32 accessTokenInactivityTimeoutSeconds = 9;
}
// OAuthClientAuthorization describes an authorization created by an OAuth client
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthClientAuthorization {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// clientName references the client that created this authorization
optional string clientName = 2;
// userName is the user name that authorized this client
optional string userName = 3;
// userUID is the unique UID associated with this authorization. UserUID and UserName
// must both match for this authorization to be valid.
optional string userUID = 4;
// scopes is an array of the granted scopes.
repeated string scopes = 5;
}
// OAuthClientAuthorizationList is a collection of OAuth client authorizations
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthClientAuthorizationList {
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of OAuth client authorizations
repeated OAuthClientAuthorization items = 2;
}
// OAuthClientList is a collection of OAuth clients
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthClientList {
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// items is the list of OAuth clients
repeated OAuthClient items = 2;
}
// OAuthRedirectReference is a reference to an OAuth redirect object.
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message OAuthRedirectReference {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// The reference to an redirect object in the current namespace.
optional RedirectReference reference = 2;
}
// RedirectReference specifies the target in the current namespace that resolves into redirect URIs. Only the 'Route' kind is currently allowed.
message RedirectReference {
// The group of the target that is being referred to.
optional string group = 1;
// The kind of the target that is being referred to. Currently, only 'Route' is allowed.
optional string kind = 2;
// The name of the target that is being referred to. e.g. name of the Route.
optional string name = 3;
}
// ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil.
message ScopeRestriction {
// ExactValues means the scope has to match a particular set of strings exactly
repeated string literals = 1;
// clusterRole describes a set of restrictions for cluster role scoping.
optional ClusterRoleScopeRestriction clusterRole = 2;
}
// UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to
// the user the access token was issued for
// +openshift:compatibility-gen:level=1
message UserOAuthAccessToken {
// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// clientName references the client that created this token.
optional string clientName = 2;
// expiresIn is the seconds from CreationTime before this token expires.
optional int64 expiresIn = 3;
// scopes is an array of the requested scopes.
repeated string scopes = 4;
// redirectURI is the redirection associated with the token.
optional string redirectURI = 5;
// userName is the user name associated with this token
optional string userName = 6;
// userUID is the unique UID associated with this token
optional string userUID = 7;
// authorizeToken contains the token that authorized this token
optional string authorizeToken = 8;
// refreshToken is the value by which this token can be renewed. Can be blank.
optional string refreshToken = 9;
// inactivityTimeoutSeconds is the value in seconds, from the
// CreationTimestamp, after which this token can no longer be used.
// The value is automatically incremented when the token is used.
optional int32 inactivityTimeoutSeconds = 10;
}
// UserOAuthAccessTokenList is a collection of access tokens issued on behalf of
// the requesting user
//
// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
// +openshift:compatibility-gen:level=1
message UserOAuthAccessTokenList {
// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated UserOAuthAccessToken items = 2;
}
Reference in New Issue View Git Blame Copy Permalink