-
Notifications
You must be signed in to change notification settings - Fork 1k
Expand file tree
/
Copy pathschema_token_request.go
More file actions
77 lines (73 loc) · 2.42 KB
/
schema_token_request.go
File metadata and controls
77 lines (73 loc) · 2.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Copyright IBM Corp. 2017, 2025
// SPDX-License-Identifier: MPL-2.0
package kubernetes
import (
"errors"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
apiv1 "k8s.io/api/authentication/v1"
)
func tokenRequestV1SpecFields() map[string]*schema.Schema {
s := map[string]*schema.Schema{
"audiences": {
Type: schema.TypeList,
Computed: true,
Optional: true,
ForceNew: true,
Description: "Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.",
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"bound_object_ref": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Computed: true,
MaxItems: 1,
Description: apiv1.TokenRequest{}.Spec.SwaggerDoc()["boundObjectRef"],
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"api_version": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: "API version of the referent.",
},
"kind": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: "Kind of the referent. Valid kinds are 'Pod' and 'Secret'.",
},
"name": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: "Name of the referent.",
},
"uid": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: "UID of the referent.",
},
},
},
},
"expiration_seconds": {
Type: schema.TypeInt,
Computed: true,
ForceNew: true,
Optional: true,
Description: "expiration_seconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response. The expiration can't be less than 10 minutes.",
ValidateFunc: func(value interface{}, key string) ([]string, []error) {
v := value.(int)
if v < 600 {
return nil, []error{errors.New("must be greater than or equal to 600")}
}
return nil, nil
},
},
}
return s
}