Merge pull request #41755 from liggitt/cert-user-extra

Automatic merge from submit-queue

Include all user.Info data in CSR object

In order to use authorization checks to auto-approve CSRs in the future, we need all the info from the user.Info interface.

This mirrors the API fields in the TokenReview API used to return user info, and in the SubjectAccessReview API we use to check authorization.

```release-note
The CertificateSigningRequest API added the `extra` field to persist all information about the requesting user. This mirrors the fields in the SubjectAccessReview API used to check authorization.
```

api/openapi-spec/swagger.json

@@ -41280,12 +41280,23 @@
     ]
    },
    "io.k8s.kubernetes.pkg.apis.certificates.v1beta1.CertificateSigningRequestSpec": {
-    "description": "This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
+    "description": "This information is immutable after the request is created. Only the Request and Usages fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
     "required": [
      "request"
     ],
     "properties": {
+     "extra": {
+      "description": "Extra information about the requesting user. See user.Info interface for details.",
+      "type": "object",
+      "additionalProperties": {
+       "type": "array",
+       "items": {
+        "type": "string"
+       }
+      }
+     },
      "groups": {
+      "description": "Group information about the requesting user. See user.Info interface for details.",
       "type": "array",
       "items": {
        "type": "string"
@@ -41297,6 +41308,7 @@
       "format": "byte"
      },
      "uid": {
+      "description": "UID information about the requesting user. See user.Info interface for details.",
       "type": "string"
      },
      "usages": {
@@ -41307,7 +41319,7 @@
       }
      },
      "username": {
-      "description": "Information about the requesting user (if relevant) See user.Info interface for details",
+      "description": "Information about the requesting user. See user.Info interface for details.",
       "type": "string"
      }
     }

api/swagger-spec/certificates.k8s.io_v1beta1.json

@@ -886,7 +886,7 @@
    },
    "v1beta1.CertificateSigningRequestSpec": {
     "id": "v1beta1.CertificateSigningRequestSpec",
-    "description": "This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
+    "description": "This information is immutable after the request is created. Only the Request and Usages fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
     "required": [
      "request"
     ],
@@ -904,16 +904,22 @@
      },
      "username": {
       "type": "string",
-      "description": "Information about the requesting user (if relevant) See user.Info interface for details"
+      "description": "Information about the requesting user. See user.Info interface for details."
      },
      "uid": {
-      "type": "string"
+      "type": "string",
+      "description": "UID information about the requesting user. See user.Info interface for details."
      },
      "groups": {
       "type": "array",
       "items": {
        "type": "string"
-      }
+      },
+      "description": "Group information about the requesting user. See user.Info interface for details."
+     },
+     "extra": {
+      "type": "object",
+      "description": "Extra information about the requesting user. See user.Info interface for details."
      }
     }
    },