AccessGrant resource¶
Permission to redeem access tokens for links to the local site. A remote site can use a token containing the grant URL and secret code to obtain a certificate signed by the grant's certificate authority (CA), within a certain expiration window and for a limited number of redemptions.
The code, url, and ca properties of the resource
status are used to generate access tokens from the grant.
Metadata properties¶
name
string
required
The name of the resource.
| See also | Kubernetes object names |
|---|
namespace
string
The namespace of the resource.
| See also | Platform concept, Kubernetes namespaces |
|---|
Spec properties¶
redemptionsAllowed
integer
The number of times an access token for this grant can
be redeemed.
| Default | 1 |
|---|
expirationWindow
string (duration)
The period of time in which an access token for this
grant can be redeemed.
| Default |
|
|---|
code
string
advanced
The secret code to use to authenticate access tokens submitted
for redemption.
If not set, a value is generated and placed in the `code`
status property.
issuer
string
advanced
The name of a Kubernetes secret used to generate a
certificate when redeeming a token for this grant.
If not set, `defaultIssuer` on the Site rsource is used.
| See also | Kubernetes TLS secrets |
|---|
settings
object
advanced
A map containing additional settings. Each map entry has a
string name and a string value.
**Note:** In general, we recommend not changing settings from
their default values.
Status properties¶
status
string
The current state of the resource.
- `Pending`: The resource is being processed.
- `Error`: There was an error processing the resource. See
`message` for more information.
- `Ready`: The resource is ready to use.
message
string
A human-readable status message. Error messages are reported
here.
redemptions
integer
The number of times a token for this grant has been
redeemed.
expirationTime
string (date-time)
The point in time when the grant expires.
url
string
The URL of the token-redemption service for this grant.
ca
string
The trusted server certificate of the token-redemption
service for this grant.
code
string
The secret code used to authenticate access tokens
submitted for redemption.
| Default | Generated |
|---|
conditions
array
advanced
A set of named conditions describing the current state of the
resource.
- `Processed`: The controller has accepted the grant.
- `Resolved`: The grant service is available to process tokens
for this grant.
- `Ready`: The grant is ready to use. All other
conditions are true.
| See also | Kubernetes conditions |
|---|