AccessGrant resource

Permission to redeem access tokens for links to the local site. A remote site can use a token containing the grant URL and secret code to obtain a certificate signed by the grant's certificate authority (CA), within a certain expiration window and for a limited number of redemptions.

The code, url, and ca properties of the resource status are used to generate access tokens from the grant.

Metadata properties

name

string

required

The name of the resource.

See also	Kubernetes object names

namespace

string

The namespace of the resource.

See also	Platform concept, Kubernetes namespaces, System namespaces

Spec properties

redemptionsAllowed

integer

The number of times an access token for this grant can be redeemed.

Default	1

expirationWindow

string (duration)

The period of time in which an access token for this grant can be redeemed.

Default	`15m`

code

string

advanced

The secret code to use to authenticate access tokens submitted for redemption.

If not set, a value is generated and placed in the code status property.

issuer

string

advanced

The name of a Kubernetes secret used to generate a certificate when redeeming a token for this grant.

If not set, defaultIssuer on the Site rsource is used.

See also	Router TLS, Kubernetes TLS secrets

settings

object

advanced

A map containing additional settings. Each map entry has a string name and a string value.

Note: In general, we recommend not changing settings from their default values.

See also	Resource settings

Status properties

status

string

The current state of the resource.

Pending: The resource is being processed.
Error: There was an error processing the resource. See message for more information.
Ready: The resource is ready to use.

See also	Resource status

message

string

A human-readable status message. Error messages are reported here.

See also	Resource status

redemptions

integer

The number of times a token for this grant has been redeemed.

expirationTime

string (date-time)

The point in time when the grant expires.

url

string

The URL of the token-redemption service for this grant.

ca

string

The trusted server certificate of the token-redemption service for this grant.

code

string

The secret code used to authenticate access tokens submitted for redemption.

Default	Generated

conditions

array

advanced

A set of named conditions describing the current state of the resource.

Processed: The controller has accepted the grant.
Resolved: The grant service is available to process tokens for this grant.
Ready: The grant is ready to use. All other conditions are true.

See also	Resource status, Kubernetes conditions