156 lines
5.8 KiB
Go
156 lines
5.8 KiB
Go
|
/*
|
||
|
Copyright 2016 The Kubernetes Authors.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package v1beta1
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
|
||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||
|
)
|
||
|
|
||
|
// +genclient
|
||
|
// +genclient:nonNamespaced
|
||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||
|
|
||
|
// Describes a certificate signing request
|
||
|
type CertificateSigningRequest struct {
|
||
|
metav1.TypeMeta `json:",inline"`
|
||
|
// +optional
|
||
|
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
|
||
|
|
||
|
// The certificate request itself and any additional information.
|
||
|
// +optional
|
||
|
Spec CertificateSigningRequestSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
|
||
|
|
||
|
// Derived information about the request.
|
||
|
// +optional
|
||
|
Status CertificateSigningRequestStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
|
||
|
}
|
||
|
|
||
|
// This information is immutable after the request is created. Only the Request
|
||
|
// and Usages fields can be set on creation, other fields are derived by
|
||
|
// Kubernetes and cannot be modified by users.
|
||
|
type CertificateSigningRequestSpec struct {
|
||
|
// Base64-encoded PKCS#10 CSR data
|
||
|
Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"`
|
||
|
|
||
|
// allowedUsages specifies a set of usage contexts the key will be
|
||
|
// valid for.
|
||
|
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
|
||
|
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||
|
Usages []KeyUsage `json:"usages,omitempty" protobuf:"bytes,5,opt,name=usages"`
|
||
|
|
||
|
// Information about the requesting user.
|
||
|
// See user.Info interface for details.
|
||
|
// +optional
|
||
|
Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
|
||
|
// UID information about the requesting user.
|
||
|
// See user.Info interface for details.
|
||
|
// +optional
|
||
|
UID string `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
|
||
|
// Group information about the requesting user.
|
||
|
// See user.Info interface for details.
|
||
|
// +optional
|
||
|
Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
|
||
|
// Extra information about the requesting user.
|
||
|
// See user.Info interface for details.
|
||
|
// +optional
|
||
|
Extra map[string]ExtraValue `json:"extra,omitempty" protobuf:"bytes,6,rep,name=extra"`
|
||
|
}
|
||
|
|
||
|
// ExtraValue masks the value so protobuf can generate
|
||
|
// +protobuf.nullable=true
|
||
|
// +protobuf.options.(gogoproto.goproto_stringer)=false
|
||
|
type ExtraValue []string
|
||
|
|
||
|
func (t ExtraValue) String() string {
|
||
|
return fmt.Sprintf("%v", []string(t))
|
||
|
}
|
||
|
|
||
|
type CertificateSigningRequestStatus struct {
|
||
|
// Conditions applied to the request, such as approval or denial.
|
||
|
// +optional
|
||
|
Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`
|
||
|
|
||
|
// If request was approved, the controller will place the issued certificate here.
|
||
|
// +optional
|
||
|
Certificate []byte `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"`
|
||
|
}
|
||
|
|
||
|
type RequestConditionType string
|
||
|
|
||
|
// These are the possible conditions for a certificate request.
|
||
|
const (
|
||
|
CertificateApproved RequestConditionType = "Approved"
|
||
|
CertificateDenied RequestConditionType = "Denied"
|
||
|
)
|
||
|
|
||
|
type CertificateSigningRequestCondition struct {
|
||
|
// request approval state, currently Approved or Denied.
|
||
|
Type RequestConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=RequestConditionType"`
|
||
|
// brief reason for the request state
|
||
|
// +optional
|
||
|
Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
|
||
|
// human readable message with details about the request state
|
||
|
// +optional
|
||
|
Message string `json:"message,omitempty" protobuf:"bytes,3,opt,name=message"`
|
||
|
// timestamp for the last update to this condition
|
||
|
// +optional
|
||
|
LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,4,opt,name=lastUpdateTime"`
|
||
|
}
|
||
|
|
||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||
|
|
||
|
type CertificateSigningRequestList struct {
|
||
|
metav1.TypeMeta `json:",inline"`
|
||
|
// +optional
|
||
|
metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
|
||
|
|
||
|
Items []CertificateSigningRequest `json:"items" protobuf:"bytes,2,rep,name=items"`
|
||
|
}
|
||
|
|
||
|
// KeyUsages specifies valid usage contexts for keys.
|
||
|
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
|
||
|
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
||
|
type KeyUsage string
|
||
|
|
||
|
const (
|
||
|
UsageSigning KeyUsage = "signing"
|
||
|
UsageDigitalSignature KeyUsage = "digital signature"
|
||
|
UsageContentCommittment KeyUsage = "content commitment"
|
||
|
UsageKeyEncipherment KeyUsage = "key encipherment"
|
||
|
UsageKeyAgreement KeyUsage = "key agreement"
|
||
|
UsageDataEncipherment KeyUsage = "data encipherment"
|
||
|
UsageCertSign KeyUsage = "cert sign"
|
||
|
UsageCRLSign KeyUsage = "crl sign"
|
||
|
UsageEncipherOnly KeyUsage = "encipher only"
|
||
|
UsageDecipherOnly KeyUsage = "decipher only"
|
||
|
UsageAny KeyUsage = "any"
|
||
|
UsageServerAuth KeyUsage = "server auth"
|
||
|
UsageClientAuth KeyUsage = "client auth"
|
||
|
UsageCodeSigning KeyUsage = "code signing"
|
||
|
UsageEmailProtection KeyUsage = "email protection"
|
||
|
UsageSMIME KeyUsage = "s/mime"
|
||
|
UsageIPsecEndSystem KeyUsage = "ipsec end system"
|
||
|
UsageIPsecTunnel KeyUsage = "ipsec tunnel"
|
||
|
UsageIPsecUser KeyUsage = "ipsec user"
|
||
|
UsageTimestamping KeyUsage = "timestamping"
|
||
|
UsageOCSPSigning KeyUsage = "ocsp signing"
|
||
|
UsageMicrosoftSGC KeyUsage = "microsoft sgc"
|
||
|
UsageNetscapSGC KeyUsage = "netscape sgc"
|
||
|
)
|