Apply suggestions from code review

nabokihms · enj · nabokihms · commit 10535160b1c2 · 2022-06-22T21:01:56.000+04:00
Co-authored-by: Mo Khan &lt;theenjeru@gmail.com&gt;
Signed-off-by: m.nabokikh &lt;maksim.nabokikh@flant.com&gt;
diff --git a/keps/prod-readiness/sig-auth/3225.yaml b/keps/prod-readiness/sig-auth/3225.yaml
@@ -1,3 +1,3 @@
 kep-number: 3225
 alpha:
-  approver: "@enj"
+  approver: "@deads2k"
diff --git a/keps/sig-auth/3325-self-subject-attributes-review-api/README.md b/keps/sig-auth/3325-self-subject-attributes-review-api/README.md
@@ -73,7 +73,7 @@ The motivation for this KEP is to reduce obscurity and help users with debugging
 
 ## Proposal
 
-Add a new API endpoint to the `authentication` group - `SelfSubjectAttributesReview`.
+Add a new API endpoint to the `authentication.k8s.io` group - `SelfSubjectAttributesReview`.
 The user will hit the endpoint after authentication happens, so all attributes will be available to return.
 
 ## Design Details
@@ -92,7 +92,7 @@ type SelfSubjectAttributesReview struct {
 	// +optional
 	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
 	// Status is filled in by the server with the user attributes.
-	Status SelfSubjectAttributesReview `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
+	Status SelfSubjectAttributesReviewStatus `json:"status,omitempty" protobuf:"bytes,2,opt,name=status"`
 }
 ```
 ```go
@@ -141,9 +141,9 @@ Response example:
 
 User attributes are known at the moment of accessing the rest API endpoint and can be extracted from the request context.
 
-NOTE: There are no audiences in requests and responses since the SelfSubjectAttributesReview API is implied to be simple.
-Unlike the TokenReview API works, kube-apiserver will not do additional internal requests.
-Instead, a user will see the exact result of the authentication, which will be extracted from the request context.
+NOTE: Unlike the TokenReview, there are no audiences in requests and responses since 
+the SelfSubjectAttributesReview API can only be accessed using valid credentials against the API server, 
+meaning that the audience must always be that of the API server. Thus learning this value is not practical.
 
 ### RBAC
 
@@ -186,12 +186,16 @@ Unit tests covering:
 2. Request returns some user attributes
 3. Request with a status returns overridden fields
 
-Integration test covering:
+Integration tests covering:
 
 1. Successful authentication through a simple authenticator, e.g., token or certificate authenticator
 2. Successful authentication through a complicated authenticator, e.g., webhook or authentication proxy authenticator
 3. Failed authentication
 
+Command line interface tests covering:
+1. How successful responses are rendered in the terminal with various output modes.
+2. How errors are rendered.
+
 ### Graduation Criteria
 
 `authentication.k8s.io/v1alpha1` and `authentication.k8s.io/v1beta1` apis will be reintroduced to go through the graduation cycle.
