[VOL-3678] First implementation of the BBSim-sadis-server

Change-Id: I5077a8f861f4cc6af9759f31a4a415042c05eba3
diff --git a/vendor/k8s.io/api/certificates/v1/generated.proto b/vendor/k8s.io/api/certificates/v1/generated.proto
new file mode 100644
index 0000000..8427424
--- /dev/null
+++ b/vendor/k8s.io/api/certificates/v1/generated.proto
@@ -0,0 +1,226 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+
+// This file was autogenerated by go-to-protobuf. Do not edit it manually!
+
+syntax = 'proto2';
+
+package k8s.io.api.certificates.v1;
+
+import "k8s.io/api/core/v1/generated.proto";
+import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
+import "k8s.io/apimachinery/pkg/runtime/generated.proto";
+import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
+
+// Package-wide variables from generator "generated".
+option go_package = "v1";
+
+// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates
+// by submitting a certificate signing request, and having it asynchronously approved and issued.
+//
+// Kubelets use this API to obtain:
+//  1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
+//  2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
+//
+// This API can be used to request client certificates to authenticate to kube-apiserver
+// (with the "kubernetes.io/kube-apiserver-client" signerName),
+// or to obtain certificates from custom non-Kubernetes signers.
+message CertificateSigningRequest {
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
+
+  // spec contains the certificate request, and is immutable after creation.
+  // Only the request, signerName, and usages fields can be set on creation.
+  // Other fields are derived by Kubernetes and cannot be modified by users.
+  optional CertificateSigningRequestSpec spec = 2;
+
+  // status contains information about whether the request is approved or denied,
+  // and the certificate issued by the signer, or the failure condition indicating signer failure.
+  // +optional
+  optional CertificateSigningRequestStatus status = 3;
+}
+
+// CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object
+message CertificateSigningRequestCondition {
+  // type of the condition. Known conditions are "Approved", "Denied", and "Failed".
+  //
+  // An "Approved" condition is added via the /approval subresource,
+  // indicating the request was approved and should be issued by the signer.
+  //
+  // A "Denied" condition is added via the /approval subresource,
+  // indicating the request was denied and should not be issued by the signer.
+  //
+  // A "Failed" condition is added via the /status subresource,
+  // indicating the signer failed to issue the certificate.
+  //
+  // Approved and Denied conditions are mutually exclusive.
+  // Approved, Denied, and Failed conditions cannot be removed once added.
+  //
+  // Only one condition of a given type is allowed.
+  optional string type = 1;
+
+  // status of the condition, one of True, False, Unknown.
+  // Approved, Denied, and Failed conditions may not be "False" or "Unknown".
+  optional string status = 6;
+
+  // reason indicates a brief reason for the request state
+  // +optional
+  optional string reason = 2;
+
+  // message contains a human readable message with details about the request state
+  // +optional
+  optional string message = 3;
+
+  // lastUpdateTime is the time of the last update to this condition
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 4;
+
+  // lastTransitionTime is the time the condition last transitioned from one status to another.
+  // If unset, when a new condition type is added or an existing condition's status is changed,
+  // the server defaults this to the current time.
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 5;
+}
+
+// CertificateSigningRequestList is a collection of CertificateSigningRequest objects
+message CertificateSigningRequestList {
+  // +optional
+  optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
+
+  // items is a collection of CertificateSigningRequest objects
+  repeated CertificateSigningRequest items = 2;
+}
+
+// CertificateSigningRequestSpec contains the certificate request.
+message CertificateSigningRequestSpec {
+  // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
+  // When serialized as JSON or YAML, the data is additionally base64-encoded.
+  // +listType=atomic
+  optional bytes request = 1;
+
+  // signerName indicates the requested signer, and is a qualified name.
+  //
+  // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
+  //
+  // Well-known Kubernetes signers are:
+  //  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
+  //   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
+  //  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
+  //   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
+  //  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
+  //   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
+  //
+  // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
+  //
+  // Custom signerNames can also be specified. The signer defines:
+  //  1. Trust distribution: how trust (CA bundles) are distributed.
+  //  2. Permitted subjects: and behavior when a disallowed subject is requested.
+  //  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
+  //  4. Required, permitted, or forbidden key usages / extended key usages.
+  //  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
+  //  6. Whether or not requests for CA certificates are allowed.
+  optional string signerName = 7;
+
+  // usages specifies a set of key usages requested in the issued certificate.
+  //
+  // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
+  //
+  // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
+  //
+  // Valid values are:
+  //  "signing", "digital signature", "content commitment",
+  //  "key encipherment", "key agreement", "data encipherment",
+  //  "cert sign", "crl sign", "encipher only", "decipher only", "any",
+  //  "server auth", "client auth",
+  //  "code signing", "email protection", "s/mime",
+  //  "ipsec end system", "ipsec tunnel", "ipsec user",
+  //  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
+  // +listType=atomic
+  repeated string usages = 5;
+
+  // username contains the name of the user that created the CertificateSigningRequest.
+  // Populated by the API server on creation and immutable.
+  // +optional
+  optional string username = 2;
+
+  // uid contains the uid of the user that created the CertificateSigningRequest.
+  // Populated by the API server on creation and immutable.
+  // +optional
+  optional string uid = 3;
+
+  // groups contains group membership of the user that created the CertificateSigningRequest.
+  // Populated by the API server on creation and immutable.
+  // +listType=atomic
+  // +optional
+  repeated string groups = 4;
+
+  // extra contains extra attributes of the user that created the CertificateSigningRequest.
+  // Populated by the API server on creation and immutable.
+  // +optional
+  map<string, ExtraValue> extra = 6;
+}
+
+// CertificateSigningRequestStatus contains conditions used to indicate
+// approved/denied/failed status of the request, and the issued certificate.
+message CertificateSigningRequestStatus {
+  // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
+  // +listType=map
+  // +listMapKey=type
+  // +optional
+  repeated CertificateSigningRequestCondition conditions = 1;
+
+  // certificate is populated with an issued certificate by the signer after an Approved condition is present.
+  // This field is set via the /status subresource. Once populated, this field is immutable.
+  //
+  // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty.
+  // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
+  //
+  // Validation requirements:
+  //  1. certificate must contain one or more PEM blocks.
+  //  2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data
+  //   must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280.
+  //  3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
+  //   to allow for explanatory text as described in section 5.2 of RFC7468.
+  //
+  // If more than one PEM block is present, and the definition of the requested spec.signerName
+  // does not indicate otherwise, the first block is the issued certificate,
+  // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
+  //
+  // The certificate is encoded in PEM format.
+  //
+  // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of:
+  //
+  //     base64(
+  //     -----BEGIN CERTIFICATE-----
+  //     ...
+  //     -----END CERTIFICATE-----
+  //     )
+  //
+  // +listType=atomic
+  // +optional
+  optional bytes certificate = 2;
+}
+
+// ExtraValue masks the value so protobuf can generate
+// +protobuf.nullable=true
+// +protobuf.options.(gogoproto.goproto_stringer)=false
+message ExtraValue {
+  // items, if empty, will result in an empty slice
+
+  repeated string items = 1;
+}
+