Merge pull request #91688 from liggitt/csr-generate-method

v1beta1 CSR cleanups
This commit is contained in:
Kubernetes Prow Robot 2020-06-02 18:11:59 -07:00 committed by GitHub
commit 4d59db4f9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 10 deletions

View File

@ -68,11 +68,6 @@ API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta2,HorizontalP
API rule violation: list_type_missing,k8s.io/api/batch/v1,JobStatus,Conditions
API rule violation: list_type_missing,k8s.io/api/batch/v1beta1,CronJobStatus,Active
API rule violation: list_type_missing,k8s.io/api/batch/v2alpha1,CronJobStatus,Active
API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestSpec,Groups
API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestSpec,Request
API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestSpec,Usages
API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestStatus,Certificate
API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestStatus,Conditions
API rule violation: list_type_missing,k8s.io/api/core/v1,AvoidPods,PreferAvoidPods
API rule violation: list_type_missing,k8s.io/api/core/v1,Capabilities,Add
API rule violation: list_type_missing,k8s.io/api/core/v1,Capabilities,Drop

View File

@ -4427,12 +4427,14 @@
"items": {
"type": "string"
},
"type": "array"
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"request": {
"description": "Base64-encoded PKCS#10 CSR data",
"format": "byte",
"type": "string"
"type": "string",
"x-kubernetes-list-type": "atomic"
},
"signerName": {
"description": "Requested signer for the request. It is a qualified name in the form: `scope-hostname.io/name`. If empty, it will be defaulted:\n 1. If it's a kubelet client certificate, it is assigned\n \"kubernetes.io/kube-apiserver-client-kubelet\".\n 2. If it's a kubelet serving certificate, it is assigned\n \"kubernetes.io/kubelet-serving\".\n 3. Otherwise, it is assigned \"kubernetes.io/legacy-unknown\".\nDistribution of trust for signers happens out of band. You can select on this field using `spec.signerName`.",
@ -4447,7 +4449,8 @@
"items": {
"type": "string"
},
"type": "array"
"type": "array",
"x-kubernetes-list-type": "atomic"
},
"username": {
"description": "Information about the requesting user. See user.Info interface for details.",
@ -4464,14 +4467,19 @@
"certificate": {
"description": "If request was approved, the controller will place the issued certificate here.",
"format": "byte",
"type": "string"
"type": "string",
"x-kubernetes-list-type": "atomic"
},
"conditions": {
"description": "Conditions applied to the request, such as approval or denial.",
"items": {
"$ref": "#/definitions/io.k8s.api.certificates.v1beta1.CertificateSigningRequestCondition"
},
"type": "array"
"type": "array",
"x-kubernetes-list-map-keys": [
"type"
],
"x-kubernetes-list-type": "map"
}
},
"type": "object"

View File

@ -85,6 +85,7 @@ message CertificateSigningRequestList {
// Kubernetes and cannot be modified by users.
message CertificateSigningRequestSpec {
// Base64-encoded PKCS#10 CSR data
// +listType=atomic
optional bytes request = 1;
// Requested signer for the request. It is a qualified name in the form:
@ -104,6 +105,7 @@ message CertificateSigningRequestSpec {
// valid for.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
// +listType=atomic
repeated string usages = 5;
// Information about the requesting user.
@ -118,6 +120,7 @@ message CertificateSigningRequestSpec {
// Group information about the requesting user.
// See user.Info interface for details.
// +listType=atomic
// +optional
repeated string groups = 4;
@ -129,10 +132,13 @@ message CertificateSigningRequestSpec {
message CertificateSigningRequestStatus {
// Conditions applied to the request, such as approval or denial.
// +listType=map
// +listMapKey=type
// +optional
repeated CertificateSigningRequestCondition conditions = 1;
// If request was approved, the controller will place the issued certificate here.
// +listType=atomic
// +optional
optional bytes certificate = 2;
}

View File

@ -49,6 +49,7 @@ type CertificateSigningRequest struct {
// Kubernetes and cannot be modified by users.
type CertificateSigningRequestSpec struct {
// Base64-encoded PKCS#10 CSR data
// +listType=atomic
Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"`
// Requested signer for the request. It is a qualified name in the form:
@ -68,6 +69,7 @@ type CertificateSigningRequestSpec struct {
// valid for.
// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
// https://tools.ietf.org/html/rfc5280#section-4.2.1.12
// +listType=atomic
Usages []KeyUsage `json:"usages,omitempty" protobuf:"bytes,5,opt,name=usages"`
// Information about the requesting user.
@ -80,6 +82,7 @@ type CertificateSigningRequestSpec struct {
UID string `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
// Group information about the requesting user.
// See user.Info interface for details.
// +listType=atomic
// +optional
Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
// Extra information about the requesting user.
@ -121,10 +124,13 @@ func (t ExtraValue) String() string {
type CertificateSigningRequestStatus struct {
// Conditions applied to the request, such as approval or denial.
// +listType=map
// +listMapKey=type
// +optional
Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`
// If request was approved, the controller will place the issued certificate here.
// +listType=atomic
// +optional
Certificate []byte `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"`
}