/* eslint-disable */ /** * This file was automatically generated by json-schema-to-typescript. * DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file, * and run json-schema-to-typescript to regenerate this file. */ /** * A CertificateRequest is used to request a signed certificate from one of the * configured issuers. * * All fields within the CertificateRequest's `spec` are immutable after creation. * A CertificateRequest will either succeed or fail, as denoted by its `Ready` status * condition and its `status.failureTime` field. * * A CertificateRequest is a one-shot resource, meaning it represents a single * point in time request for a certificate and cannot be re-used. */ export interface K8SCertificateRequestV1 { /** * APIVersion defines the versioned schema of this representation of an object. * Servers should convert recognized schemas to the latest internal value, and * may reject unrecognized values. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources */ apiVersion?: string; /** * Kind is a string value representing the REST resource this object represents. * Servers may infer this from the endpoint the client submits requests to. * Cannot be updated. * In CamelCase. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds */ kind?: string; metadata?: {}; /** * Specification of the desired state of the CertificateRequest resource. * https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */ spec?: { /** * Requested 'duration' (i.e. lifetime) of the Certificate. Note that the * issuer may choose to ignore the requested duration, just like any other * requested attribute. */ duration?: string; /** * Extra contains extra attributes of the user that created the CertificateRequest. * Populated by the cert-manager webhook on creation and immutable. */ extra?: { [k: string]: string[]; }; /** * Groups contains group membership of the user that created the CertificateRequest. * Populated by the cert-manager webhook on creation and immutable. */ groups?: string[]; /** * Requested basic constraints isCA value. Note that the issuer may choose * to ignore the requested isCA value, just like any other requested attribute. * * NOTE: If the CSR in the `Request` field has a BasicConstraints extension, * it must have the same isCA value as specified here. * * If true, this will automatically add the `cert sign` usage to the list * of requested `usages`. */ isCA?: boolean; /** * Reference to the issuer responsible for issuing the certificate. * If the issuer is namespace-scoped, it must be in the same namespace * as the Certificate. If the issuer is cluster-scoped, it can be used * from any namespace. * * The `name` field of the reference must always be specified. */ issuerRef: { /** * Group of the resource being referred to. */ group?: string; /** * Kind of the resource being referred to. */ kind?: string; /** * Name of the resource being referred to. */ name: string; }; /** * The PEM-encoded X.509 certificate signing request to be submitted to the * issuer for signing. * * If the CSR has a BasicConstraints extension, its isCA attribute must * match the `isCA` value of this CertificateRequest. * If the CSR has a KeyUsage extension, its key usages must match the * key usages in the `usages` field of this CertificateRequest. * If the CSR has a ExtKeyUsage extension, its extended key usages * must match the extended key usages in the `usages` field of this * CertificateRequest. */ request: string; /** * UID contains the uid of the user that created the CertificateRequest. * Populated by the cert-manager webhook on creation and immutable. */ uid?: string; /** * Requested key usages and extended key usages. * * NOTE: If the CSR in the `Request` field has uses the KeyUsage or * ExtKeyUsage extension, these extensions must have the same values * as specified here without any additional values. * * If unset, defaults to `digital signature` and `key encipherment`. */ usages?: ( | "signing" | "digital signature" | "content commitment" | "key encipherment" | "key agreement" | "data encipherment" | "cert sign" | "crl sign" | "encipher only" | "decipher only" | "any" | "server auth" | "client auth" | "code signing" | "email protection" | "s/mime" | "ipsec end system" | "ipsec tunnel" | "ipsec user" | "timestamping" | "ocsp signing" | "microsoft sgc" | "netscape sgc" )[]; /** * Username contains the name of the user that created the CertificateRequest. * Populated by the cert-manager webhook on creation and immutable. */ username?: string; }; /** * Status of the CertificateRequest. * This is set and managed automatically. * Read-only. * More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status */ status?: { /** * The PEM encoded X.509 certificate of the signer, also known as the CA * (Certificate Authority). * This is set on a best-effort basis by different issuers. * If not set, the CA is assumed to be unknown/not available. */ ca?: string; /** * The PEM encoded X.509 certificate resulting from the certificate * signing request. * If not set, the CertificateRequest has either not been completed or has * failed. More information on failure can be found by checking the * `conditions` field. */ certificate?: string; /** * List of status conditions to indicate the status of a CertificateRequest. * Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. */ conditions?: { /** * LastTransitionTime is the timestamp corresponding to the last status * change of this condition. */ lastTransitionTime?: string; /** * Message is a human readable description of the details of the last * transition, complementing reason. */ message?: string; /** * Reason is a brief machine readable explanation for the condition's last * transition. */ reason?: string; /** * Status of the condition, one of (`True`, `False`, `Unknown`). */ status: "True" | "False" | "Unknown"; /** * Type of the condition, known values are (`Ready`, `InvalidRequest`, * `Approved`, `Denied`). */ type: string; }[]; /** * FailureTime stores the time that this CertificateRequest failed. This is * used to influence garbage collection and back-off. */ failureTime?: string; }; }