2019-01-18 01:50:10 +00:00
|
|
|
/*
|
|
|
|
Copyright The Kubernetes Authors.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
|
|
|
|
|
2021-05-15 10:08:31 +00:00
|
|
|
syntax = "proto2";
|
2019-01-18 01:50:10 +00:00
|
|
|
|
|
|
|
package k8s.io.api.certificates.v1beta1;
|
|
|
|
|
2021-05-15 10:08:31 +00:00
|
|
|
import "k8s.io/api/core/v1/generated.proto";
|
2019-01-18 01:50:10 +00:00
|
|
|
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
|
|
|
|
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
|
|
|
|
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
|
|
|
|
|
|
|
|
// Package-wide variables from generator "generated".
|
|
|
|
option go_package = "v1beta1";
|
|
|
|
|
|
|
|
// Describes a certificate signing request
|
|
|
|
message CertificateSigningRequest {
|
|
|
|
// +optional
|
|
|
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
|
|
|
|
|
|
|
|
// The certificate request itself and any additional information.
|
|
|
|
// +optional
|
|
|
|
optional CertificateSigningRequestSpec spec = 2;
|
|
|
|
|
|
|
|
// Derived information about the request.
|
|
|
|
// +optional
|
|
|
|
optional CertificateSigningRequestStatus status = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
message CertificateSigningRequestCondition {
|
2021-05-15 10:08:31 +00:00
|
|
|
// type of the condition. Known conditions include "Approved", "Denied", and "Failed".
|
2019-01-18 01:50:10 +00:00
|
|
|
optional string type = 1;
|
|
|
|
|
2021-05-15 10:08:31 +00:00
|
|
|
// Status of the condition, one of True, False, Unknown.
|
|
|
|
// Approved, Denied, and Failed conditions may not be "False" or "Unknown".
|
|
|
|
// Defaults to "True".
|
|
|
|
// If unset, should be treated as "True".
|
|
|
|
// +optional
|
|
|
|
optional string status = 6;
|
|
|
|
|
2019-01-18 01:50:10 +00:00
|
|
|
// brief reason for the request state
|
|
|
|
// +optional
|
|
|
|
optional string reason = 2;
|
|
|
|
|
|
|
|
// human readable message with details about the request state
|
|
|
|
// +optional
|
|
|
|
optional string message = 3;
|
|
|
|
|
|
|
|
// timestamp for the last update to this condition
|
|
|
|
// +optional
|
|
|
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 4;
|
2021-05-15 10:08:31 +00:00
|
|
|
|
|
|
|
// lastTransitionTime is the time the condition last transitioned from one status to another.
|
|
|
|
// If unset, when a new condition type is added or an existing condition's status is changed,
|
|
|
|
// the server defaults this to the current time.
|
|
|
|
// +optional
|
|
|
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 5;
|
2019-01-18 01:50:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
message CertificateSigningRequestList {
|
|
|
|
// +optional
|
|
|
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
|
|
|
|
|
|
|
|
repeated CertificateSigningRequest items = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// This information is immutable after the request is created. Only the Request
|
|
|
|
// and Usages fields can be set on creation, other fields are derived by
|
|
|
|
// Kubernetes and cannot be modified by users.
|
|
|
|
message CertificateSigningRequestSpec {
|
|
|
|
// Base64-encoded PKCS#10 CSR data
|
2021-05-15 10:08:31 +00:00
|
|
|
// +listType=atomic
|
2019-01-18 01:50:10 +00:00
|
|
|
optional bytes request = 1;
|
|
|
|
|
2021-05-15 10:08:31 +00:00
|
|
|
// Requested signer for the request. It is a qualified name in the form:
|
|
|
|
// `scope-hostname.io/name`.
|
|
|
|
// If empty, it will be defaulted:
|
|
|
|
// 1. If it's a kubelet client certificate, it is assigned
|
|
|
|
// "kubernetes.io/kube-apiserver-client-kubelet".
|
|
|
|
// 2. If it's a kubelet serving certificate, it is assigned
|
|
|
|
// "kubernetes.io/kubelet-serving".
|
|
|
|
// 3. Otherwise, it is assigned "kubernetes.io/legacy-unknown".
|
|
|
|
// Distribution of trust for signers happens out of band.
|
|
|
|
// You can select on this field using `spec.signerName`.
|
|
|
|
// +optional
|
|
|
|
optional string signerName = 7;
|
|
|
|
|
2019-01-18 01:50:10 +00:00
|
|
|
// allowedUsages specifies a set of usage contexts the key will be
|
|
|
|
// valid for.
|
|
|
|
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
|
|
|
|
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
|
2021-05-15 10:08:31 +00:00
|
|
|
// Valid values are:
|
|
|
|
// "signing",
|
|
|
|
// "digital signature",
|
|
|
|
// "content commitment",
|
|
|
|
// "key encipherment",
|
|
|
|
// "key agreement",
|
|
|
|
// "data encipherment",
|
|
|
|
// "cert sign",
|
|
|
|
// "crl sign",
|
|
|
|
// "encipher only",
|
|
|
|
// "decipher only",
|
|
|
|
// "any",
|
|
|
|
// "server auth",
|
|
|
|
// "client auth",
|
|
|
|
// "code signing",
|
|
|
|
// "email protection",
|
|
|
|
// "s/mime",
|
|
|
|
// "ipsec end system",
|
|
|
|
// "ipsec tunnel",
|
|
|
|
// "ipsec user",
|
|
|
|
// "timestamping",
|
|
|
|
// "ocsp signing",
|
|
|
|
// "microsoft sgc",
|
|
|
|
// "netscape sgc"
|
|
|
|
// +listType=atomic
|
2019-01-18 01:50:10 +00:00
|
|
|
repeated string usages = 5;
|
|
|
|
|
|
|
|
// Information about the requesting user.
|
|
|
|
// See user.Info interface for details.
|
|
|
|
// +optional
|
|
|
|
optional string username = 2;
|
|
|
|
|
|
|
|
// UID information about the requesting user.
|
|
|
|
// See user.Info interface for details.
|
|
|
|
// +optional
|
|
|
|
optional string uid = 3;
|
|
|
|
|
|
|
|
// Group information about the requesting user.
|
|
|
|
// See user.Info interface for details.
|
2021-05-15 10:08:31 +00:00
|
|
|
// +listType=atomic
|
2019-01-18 01:50:10 +00:00
|
|
|
// +optional
|
|
|
|
repeated string groups = 4;
|
|
|
|
|
|
|
|
// Extra information about the requesting user.
|
|
|
|
// See user.Info interface for details.
|
|
|
|
// +optional
|
|
|
|
map<string, ExtraValue> extra = 6;
|
|
|
|
}
|
|
|
|
|
|
|
|
message CertificateSigningRequestStatus {
|
|
|
|
// Conditions applied to the request, such as approval or denial.
|
2021-05-15 10:08:31 +00:00
|
|
|
// +listType=map
|
|
|
|
// +listMapKey=type
|
2019-01-18 01:50:10 +00:00
|
|
|
// +optional
|
|
|
|
repeated CertificateSigningRequestCondition conditions = 1;
|
|
|
|
|
|
|
|
// If request was approved, the controller will place the issued certificate here.
|
2021-05-15 10:08:31 +00:00
|
|
|
// +listType=atomic
|
2019-01-18 01:50:10 +00:00
|
|
|
// +optional
|
|
|
|
optional bytes certificate = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// ExtraValue masks the value so protobuf can generate
|
|
|
|
// +protobuf.nullable=true
|
|
|
|
// +protobuf.options.(gogoproto.goproto_stringer)=false
|
|
|
|
message ExtraValue {
|
|
|
|
// items, if empty, will result in an empty slice
|
|
|
|
|
|
|
|
repeated string items = 1;
|
|
|
|
}
|
|
|
|
|