Matteo Scandolo | a428586 | 2020-12-01 18:10:10 -0800 | [diff] [blame] | 1 | /* |
| 2 | Copyright The Kubernetes Authors. |
| 3 | |
| 4 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | you may not use this file except in compliance with the License. |
| 6 | You may obtain a copy of the License at |
| 7 | |
| 8 | http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | |
| 10 | Unless required by applicable law or agreed to in writing, software |
| 11 | distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | See the License for the specific language governing permissions and |
| 14 | limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | |
| 18 | // This file was autogenerated by go-to-protobuf. Do not edit it manually! |
| 19 | |
| 20 | syntax = 'proto2'; |
| 21 | |
| 22 | package k8s.io.api.certificates.v1beta1; |
| 23 | |
| 24 | import "k8s.io/api/core/v1/generated.proto"; |
| 25 | import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; |
| 26 | import "k8s.io/apimachinery/pkg/runtime/generated.proto"; |
| 27 | import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; |
| 28 | |
| 29 | // Package-wide variables from generator "generated". |
| 30 | option go_package = "v1beta1"; |
| 31 | |
| 32 | // Describes a certificate signing request |
| 33 | message CertificateSigningRequest { |
| 34 | // +optional |
| 35 | optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; |
| 36 | |
| 37 | // The certificate request itself and any additional information. |
| 38 | // +optional |
| 39 | optional CertificateSigningRequestSpec spec = 2; |
| 40 | |
| 41 | // Derived information about the request. |
| 42 | // +optional |
| 43 | optional CertificateSigningRequestStatus status = 3; |
| 44 | } |
| 45 | |
| 46 | message CertificateSigningRequestCondition { |
| 47 | // type of the condition. Known conditions include "Approved", "Denied", and "Failed". |
| 48 | optional string type = 1; |
| 49 | |
| 50 | // Status of the condition, one of True, False, Unknown. |
| 51 | // Approved, Denied, and Failed conditions may not be "False" or "Unknown". |
| 52 | // Defaults to "True". |
| 53 | // If unset, should be treated as "True". |
| 54 | // +optional |
| 55 | optional string status = 6; |
| 56 | |
| 57 | // brief reason for the request state |
| 58 | // +optional |
| 59 | optional string reason = 2; |
| 60 | |
| 61 | // human readable message with details about the request state |
| 62 | // +optional |
| 63 | optional string message = 3; |
| 64 | |
| 65 | // timestamp for the last update to this condition |
| 66 | // +optional |
| 67 | optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 4; |
| 68 | |
| 69 | // lastTransitionTime is the time the condition last transitioned from one status to another. |
| 70 | // If unset, when a new condition type is added or an existing condition's status is changed, |
| 71 | // the server defaults this to the current time. |
| 72 | // +optional |
| 73 | optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 5; |
| 74 | } |
| 75 | |
| 76 | message CertificateSigningRequestList { |
| 77 | // +optional |
| 78 | optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; |
| 79 | |
| 80 | repeated CertificateSigningRequest items = 2; |
| 81 | } |
| 82 | |
| 83 | // This information is immutable after the request is created. Only the Request |
| 84 | // and Usages fields can be set on creation, other fields are derived by |
| 85 | // Kubernetes and cannot be modified by users. |
| 86 | message CertificateSigningRequestSpec { |
| 87 | // Base64-encoded PKCS#10 CSR data |
| 88 | // +listType=atomic |
| 89 | optional bytes request = 1; |
| 90 | |
| 91 | // Requested signer for the request. It is a qualified name in the form: |
| 92 | // `scope-hostname.io/name`. |
| 93 | // If empty, it will be defaulted: |
| 94 | // 1. If it's a kubelet client certificate, it is assigned |
| 95 | // "kubernetes.io/kube-apiserver-client-kubelet". |
| 96 | // 2. If it's a kubelet serving certificate, it is assigned |
| 97 | // "kubernetes.io/kubelet-serving". |
| 98 | // 3. Otherwise, it is assigned "kubernetes.io/legacy-unknown". |
| 99 | // Distribution of trust for signers happens out of band. |
| 100 | // You can select on this field using `spec.signerName`. |
| 101 | // +optional |
| 102 | optional string signerName = 7; |
| 103 | |
| 104 | // allowedUsages specifies a set of usage contexts the key will be |
| 105 | // valid for. |
| 106 | // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 |
| 107 | // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 |
| 108 | // Valid values are: |
| 109 | // "signing", |
| 110 | // "digital signature", |
| 111 | // "content commitment", |
| 112 | // "key encipherment", |
| 113 | // "key agreement", |
| 114 | // "data encipherment", |
| 115 | // "cert sign", |
| 116 | // "crl sign", |
| 117 | // "encipher only", |
| 118 | // "decipher only", |
| 119 | // "any", |
| 120 | // "server auth", |
| 121 | // "client auth", |
| 122 | // "code signing", |
| 123 | // "email protection", |
| 124 | // "s/mime", |
| 125 | // "ipsec end system", |
| 126 | // "ipsec tunnel", |
| 127 | // "ipsec user", |
| 128 | // "timestamping", |
| 129 | // "ocsp signing", |
| 130 | // "microsoft sgc", |
| 131 | // "netscape sgc" |
| 132 | // +listType=atomic |
| 133 | repeated string usages = 5; |
| 134 | |
| 135 | // Information about the requesting user. |
| 136 | // See user.Info interface for details. |
| 137 | // +optional |
| 138 | optional string username = 2; |
| 139 | |
| 140 | // UID information about the requesting user. |
| 141 | // See user.Info interface for details. |
| 142 | // +optional |
| 143 | optional string uid = 3; |
| 144 | |
| 145 | // Group information about the requesting user. |
| 146 | // See user.Info interface for details. |
| 147 | // +listType=atomic |
| 148 | // +optional |
| 149 | repeated string groups = 4; |
| 150 | |
| 151 | // Extra information about the requesting user. |
| 152 | // See user.Info interface for details. |
| 153 | // +optional |
| 154 | map<string, ExtraValue> extra = 6; |
| 155 | } |
| 156 | |
| 157 | message CertificateSigningRequestStatus { |
| 158 | // Conditions applied to the request, such as approval or denial. |
| 159 | // +listType=map |
| 160 | // +listMapKey=type |
| 161 | // +optional |
| 162 | repeated CertificateSigningRequestCondition conditions = 1; |
| 163 | |
| 164 | // If request was approved, the controller will place the issued certificate here. |
| 165 | // +listType=atomic |
| 166 | // +optional |
| 167 | optional bytes certificate = 2; |
| 168 | } |
| 169 | |
| 170 | // ExtraValue masks the value so protobuf can generate |
| 171 | // +protobuf.nullable=true |
| 172 | // +protobuf.options.(gogoproto.goproto_stringer)=false |
| 173 | message ExtraValue { |
| 174 | // items, if empty, will result in an empty slice |
| 175 | |
| 176 | repeated string items = 1; |
| 177 | } |
| 178 | |