Merge pull request #91688 from liggitt/csr-generate-method

v1beta1 CSR cleanups
2025-07-23 11:50:44 +00:00 · 2020-06-02 18:11:59 -07:00 · 2020-06-02 18:11:59 -07:00 · 4d59db4f9a
commit 4d59db4f9a
parent 9f9cb9d73e 1d1e2b31df
4 changed files with 25 additions and 10 deletions
--- a/api/api-rules/violation_exceptions.list
+++ b/api/api-rules/violation_exceptions.list
@ -68,11 +68,6 @@ API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta2,HorizontalP
 API rule violation: list_type_missing,k8s.io/api/batch/v1,JobStatus,Conditions
 API rule violation: list_type_missing,k8s.io/api/batch/v1beta1,CronJobStatus,Active
 API rule violation: list_type_missing,k8s.io/api/batch/v2alpha1,CronJobStatus,Active
-API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestSpec,Groups
-API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestSpec,Request
-API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestSpec,Usages
-API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestStatus,Certificate
-API rule violation: list_type_missing,k8s.io/api/certificates/v1beta1,CertificateSigningRequestStatus,Conditions
 API rule violation: list_type_missing,k8s.io/api/core/v1,AvoidPods,PreferAvoidPods
 API rule violation: list_type_missing,k8s.io/api/core/v1,Capabilities,Add
 API rule violation: list_type_missing,k8s.io/api/core/v1,Capabilities,Drop
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@ -4427,12 +4427,14 @@
          "items": {
            "type": "string"
          },
-          "type": "array"
+          "type": "array",
+          "x-kubernetes-list-type": "atomic"
        },
        "request": {
          "description": "Base64-encoded PKCS#10 CSR data",
          "format": "byte",
-          "type": "string"
+          "type": "string",
+          "x-kubernetes-list-type": "atomic"
        },
        "signerName": {
          "description": "Requested signer for the request. It is a qualified name in the form: `scope-hostname.io/name`. If empty, it will be defaulted:\n 1. If it's a kubelet client certificate, it is assigned\n    \"kubernetes.io/kube-apiserver-client-kubelet\".\n 2. If it's a kubelet serving certificate, it is assigned\n    \"kubernetes.io/kubelet-serving\".\n 3. Otherwise, it is assigned \"kubernetes.io/legacy-unknown\".\nDistribution of trust for signers happens out of band. You can select on this field using `spec.signerName`.",
@ -4447,7 +4449,8 @@
          "items": {
            "type": "string"
          },
-          "type": "array"
+          "type": "array",
+          "x-kubernetes-list-type": "atomic"
        },
        "username": {
          "description": "Information about the requesting user. See user.Info interface for details.",
@ -4464,14 +4467,19 @@
        "certificate": {
          "description": "If request was approved, the controller will place the issued certificate here.",
          "format": "byte",
-          "type": "string"
+          "type": "string",
+          "x-kubernetes-list-type": "atomic"
        },
        "conditions": {
          "description": "Conditions applied to the request, such as approval or denial.",
          "items": {
            "$ref": "#/definitions/io.k8s.api.certificates.v1beta1.CertificateSigningRequestCondition"
          },
-          "type": "array"
+          "type": "array",
+          "x-kubernetes-list-map-keys": [
+            "type"
+          ],
+          "x-kubernetes-list-type": "map"
        }
      },
      "type": "object"
--- a/staging/src/k8s.io/api/certificates/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/certificates/v1beta1/generated.proto
@ -85,6 +85,7 @@ message CertificateSigningRequestList {
 // Kubernetes and cannot be modified by users.
 message CertificateSigningRequestSpec {
  // Base64-encoded PKCS#10 CSR data
+  // +listType=atomic
  optional bytes request = 1;

  // Requested signer for the request. It is a qualified name in the form:
@ -104,6 +105,7 @@ message CertificateSigningRequestSpec {
  // valid for.
  // See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
  //      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
+  // +listType=atomic
  repeated string usages = 5;

  // Information about the requesting user.
@ -118,6 +120,7 @@ message CertificateSigningRequestSpec {

  // Group information about the requesting user.
  // See user.Info interface for details.
+  // +listType=atomic
  // +optional
  repeated string groups = 4;

@ -129,10 +132,13 @@ message CertificateSigningRequestSpec {

 message CertificateSigningRequestStatus {
  // Conditions applied to the request, such as approval or denial.
+  // +listType=map
+  // +listMapKey=type
  // +optional
  repeated CertificateSigningRequestCondition conditions = 1;

  // If request was approved, the controller will place the issued certificate here.
+  // +listType=atomic
  // +optional
  optional bytes certificate = 2;
 }
--- a/staging/src/k8s.io/api/certificates/v1beta1/types.go
+++ b/staging/src/k8s.io/api/certificates/v1beta1/types.go
@ -49,6 +49,7 @@ type CertificateSigningRequest struct {
 // Kubernetes and cannot be modified by users.
 type CertificateSigningRequestSpec struct {
 	// Base64-encoded PKCS#10 CSR data
+	// +listType=atomic
 	Request []byte `json:"request" protobuf:"bytes,1,opt,name=request"`

 	// Requested signer for the request. It is a qualified name in the form:
@ -68,6 +69,7 @@ type CertificateSigningRequestSpec struct {
 	// valid for.
 	// See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
 	//      https://tools.ietf.org/html/rfc5280#section-4.2.1.12
+	// +listType=atomic
 	Usages []KeyUsage `json:"usages,omitempty" protobuf:"bytes,5,opt,name=usages"`

 	// Information about the requesting user.
@ -80,6 +82,7 @@ type CertificateSigningRequestSpec struct {
 	UID string `json:"uid,omitempty" protobuf:"bytes,3,opt,name=uid"`
 	// Group information about the requesting user.
 	// See user.Info interface for details.
+	// +listType=atomic
 	// +optional
 	Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
 	// Extra information about the requesting user.
@ -121,10 +124,13 @@ func (t ExtraValue) String() string {

 type CertificateSigningRequestStatus struct {
 	// Conditions applied to the request, such as approval or denial.
+	// +listType=map
+	// +listMapKey=type
 	// +optional
 	Conditions []CertificateSigningRequestCondition `json:"conditions,omitempty" protobuf:"bytes,1,rep,name=conditions"`

 	// If request was approved, the controller will place the issued certificate here.
+	// +listType=atomic
 	// +optional
 	Certificate []byte `json:"certificate,omitempty" protobuf:"bytes,2,opt,name=certificate"`
 }