k8s_openapi/v1_30/api/authentication/v1/
token_request_spec.rs

1// Generated from definition io.k8s.api.authentication.v1.TokenRequestSpec
2
3/// TokenRequestSpec contains client provided parameters of a token request.
4#[derive(Clone, Debug, Default, PartialEq)]
5pub struct TokenRequestSpec {
6    /// Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
7    pub audiences: Vec<String>,
8
9    /// BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.
10    pub bound_object_ref: Option<crate::api::authentication::v1::BoundObjectReference>,
11
12    /// ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.
13    pub expiration_seconds: Option<i64>,
14}
15
16impl crate::DeepMerge for TokenRequestSpec {
17    fn merge_from(&mut self, other: Self) {
18        crate::merge_strategies::list::atomic(&mut self.audiences, other.audiences);
19        crate::DeepMerge::merge_from(&mut self.bound_object_ref, other.bound_object_ref);
20        crate::DeepMerge::merge_from(&mut self.expiration_seconds, other.expiration_seconds);
21    }
22}
23
24impl<'de> crate::serde::Deserialize<'de> for TokenRequestSpec {
25    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
26        #[allow(non_camel_case_types)]
27        enum Field {
28            Key_audiences,
29            Key_bound_object_ref,
30            Key_expiration_seconds,
31            Other,
32        }
33
34        impl<'de> crate::serde::Deserialize<'de> for Field {
35            fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
36                struct Visitor;
37
38                impl<'de> crate::serde::de::Visitor<'de> for Visitor {
39                    type Value = Field;
40
41                    fn expecting(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
42                        f.write_str("field identifier")
43                    }
44
45                    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
46                        Ok(match v {
47                            "audiences" => Field::Key_audiences,
48                            "boundObjectRef" => Field::Key_bound_object_ref,
49                            "expirationSeconds" => Field::Key_expiration_seconds,
50                            _ => Field::Other,
51                        })
52                    }
53                }
54
55                deserializer.deserialize_identifier(Visitor)
56            }
57        }
58
59        struct Visitor;
60
61        impl<'de> crate::serde::de::Visitor<'de> for Visitor {
62            type Value = TokenRequestSpec;
63
64            fn expecting(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
65                f.write_str("TokenRequestSpec")
66            }
67
68            fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
69                let mut value_audiences: Option<Vec<String>> = None;
70                let mut value_bound_object_ref: Option<crate::api::authentication::v1::BoundObjectReference> = None;
71                let mut value_expiration_seconds: Option<i64> = None;
72
73                while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
74                    match key {
75                        Field::Key_audiences => value_audiences = crate::serde::de::MapAccess::next_value(&mut map)?,
76                        Field::Key_bound_object_ref => value_bound_object_ref = crate::serde::de::MapAccess::next_value(&mut map)?,
77                        Field::Key_expiration_seconds => value_expiration_seconds = crate::serde::de::MapAccess::next_value(&mut map)?,
78                        Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
79                    }
80                }
81
82                Ok(TokenRequestSpec {
83                    audiences: value_audiences.unwrap_or_default(),
84                    bound_object_ref: value_bound_object_ref,
85                    expiration_seconds: value_expiration_seconds,
86                })
87            }
88        }
89
90        deserializer.deserialize_struct(
91            "TokenRequestSpec",
92            &[
93                "audiences",
94                "boundObjectRef",
95                "expirationSeconds",
96            ],
97            Visitor,
98        )
99    }
100}
101
102impl crate::serde::Serialize for TokenRequestSpec {
103    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
104        let mut state = serializer.serialize_struct(
105            "TokenRequestSpec",
106            1 +
107            self.bound_object_ref.as_ref().map_or(0, |_| 1) +
108            self.expiration_seconds.as_ref().map_or(0, |_| 1),
109        )?;
110        crate::serde::ser::SerializeStruct::serialize_field(&mut state, "audiences", &self.audiences)?;
111        if let Some(value) = &self.bound_object_ref {
112            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "boundObjectRef", value)?;
113        }
114        if let Some(value) = &self.expiration_seconds {
115            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "expirationSeconds", value)?;
116        }
117        crate::serde::ser::SerializeStruct::end(state)
118    }
119}
120
121#[cfg(feature = "schemars")]
122impl crate::schemars::JsonSchema for TokenRequestSpec {
123    fn schema_name() -> String {
124        "io.k8s.api.authentication.v1.TokenRequestSpec".to_owned()
125    }
126
127    fn json_schema(__gen: &mut crate::schemars::gen::SchemaGenerator) -> crate::schemars::schema::Schema {
128        crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
129            metadata: Some(Box::new(crate::schemars::schema::Metadata {
130                description: Some("TokenRequestSpec contains client provided parameters of a token request.".to_owned()),
131                ..Default::default()
132            })),
133            instance_type: Some(crate::schemars::schema::SingleOrVec::Single(Box::new(crate::schemars::schema::InstanceType::Object))),
134            object: Some(Box::new(crate::schemars::schema::ObjectValidation {
135                properties: [
136                    (
137                        "audiences".to_owned(),
138                        crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
139                            metadata: Some(Box::new(crate::schemars::schema::Metadata {
140                                description: Some("Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.".to_owned()),
141                                ..Default::default()
142                            })),
143                            instance_type: Some(crate::schemars::schema::SingleOrVec::Single(Box::new(crate::schemars::schema::InstanceType::Array))),
144                            array: Some(Box::new(crate::schemars::schema::ArrayValidation {
145                                items: Some(crate::schemars::schema::SingleOrVec::Single(Box::new(
146                                    crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
147                                        instance_type: Some(crate::schemars::schema::SingleOrVec::Single(Box::new(crate::schemars::schema::InstanceType::String))),
148                                        ..Default::default()
149                                    })
150                                ))),
151                                ..Default::default()
152                            })),
153                            ..Default::default()
154                        }),
155                    ),
156                    (
157                        "boundObjectRef".to_owned(),
158                        {
159                            let mut schema_obj = __gen.subschema_for::<crate::api::authentication::v1::BoundObjectReference>().into_object();
160                            schema_obj.metadata = Some(Box::new(crate::schemars::schema::Metadata {
161                                description: Some("BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server's TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.".to_owned()),
162                                ..Default::default()
163                            }));
164                            crate::schemars::schema::Schema::Object(schema_obj)
165                        },
166                    ),
167                    (
168                        "expirationSeconds".to_owned(),
169                        crate::schemars::schema::Schema::Object(crate::schemars::schema::SchemaObject {
170                            metadata: Some(Box::new(crate::schemars::schema::Metadata {
171                                description: Some("ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the 'expiration' field in a response.".to_owned()),
172                                ..Default::default()
173                            })),
174                            instance_type: Some(crate::schemars::schema::SingleOrVec::Single(Box::new(crate::schemars::schema::InstanceType::Integer))),
175                            format: Some("int64".to_owned()),
176                            ..Default::default()
177                        }),
178                    ),
179                ].into(),
180                required: [
181                    "audiences".to_owned(),
182                ].into(),
183                ..Default::default()
184            })),
185            ..Default::default()
186        })
187    }
188}